Understanding Error Control Coding [1st ed.] 978-3-030-05839-5;978-3-030-05840-1

Table of contents :
Front Matter ....Pages i-xix
Fundamental Concepts (Emilio Sanvicente)....Pages 1-44
A First Look at Block Coders (Emilio Sanvicente)....Pages 45-95
RS and Binary BCH Codes (Emilio Sanvicente)....Pages 97-134
Decoding RS and BCH Codes (Part 1) (Emilio Sanvicente)....Pages 135-196
Decoding RS and BCH Codes (Part 2) (Emilio Sanvicente)....Pages 197-253
Polynomial and Cyclic Codes (Emilio Sanvicente)....Pages 255-304
Back Matter ....Pages 305-311

Citation preview

Emilio Sanvicente

Understanding Error Control Coding

Understanding Error Control Coding

Emilio Sanvicente

Understanding Error Control Coding

Emilio Sanvicente Former Professor of Electrical Engineering School of Telecommunication Engineering Polytechnic University of Catalonia Barcelona, Spain

ISBN 978-3-030-05839-5 ISBN 978-3-030-05840-1 https://doi.org/10.1007/978-3-030-05840-1

(eBook)

Library of Congress Control Number: 2019931384 © Springer Nature Switzerland AG 2019 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, express or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

To those readers whose first contact with error control coding is through this book, wishing them an enjoyable learning. Also, to everybody who tread this path before and found it too abstract or unrewarding, hoping that the excursion through these pages may change their appreciation of the subject.

Preface

The widespread use of Digital Communication and Storage is one of the most salient aspects of our world, and error control coding (ECC) is a very important part of that technology. The subject of ECC has grown tremendously from its modest inception at the beginning of the second half of the twentieth century to the level of sophistication and performance we enjoy today. Without all this work, the voyage to the “digital land” promised by Claude Shannon wouldn’t have been possible. A detailed coverage of all the different aspects of the field would require a volume similar to the Webster’s Encyclopedic Unabridged Dictionary, a work that would be more suitable for reference than for study. This book is not meant to be an encyclopedia of ECC. Rather it aims at providing a sound foundation for the basic concepts of ECC to newcomers to the field, selecting a few topics that I consider fundamental for a first contact with the subject from an engineering point of view. There are many books already written on this matter. Is another book really necessary? The same question could be addressed to books in any other branch of knowledge. Therefore, I do not think this is the appropriate question to ask, but rather: will this new book on ECC be a useful addition to the market? My answer to the question is, in all honesty, in the affirmative. I would have never bothered writing a book if I didn’t think it had a touch of originality and usefulness. But the question remains: for whom could it be useful, and for what reasons? Let me begin with the audience. To gain proficiency and expertise in this enormous area of knowledge requires effort and time, and the sooner anybody starts, the better. Therefore, even though this material is usually taught to first year graduate students, I claim it can be made accessible to freshman or sophomore students in Electrical Engineering and Computer Science if properly presented. In fact, the mathematics used in the book does not go beyond the knowledge acquired by competent high school seniors: polynomial multiplication and division, the concept of greatest common divisor, and a few facts from Linear Algebra (rank of a matrix, orthogonality, linear dependence, etc.). Nevertheless, a few sections of the book (and some of the seven appendixes) may require a little extra effort, but that should not be vii

viii

Preface

a deterrent for an enthusiastic reader. Due to the modicum of mathematics required to read the book, it is also appropriate for those practicing engineers who, not having either the time or the inclination to plunge into unnecessary math, want to familiarize themselves with ECC. Now, let’s continue with the reasons for the usefulness of the book to the audiences mentioned before and, perhaps, to others. First, I will outline a few general remarks. More details will be given when I describe the content of the six chapters. Contrary to the approach followed in all the books written to this day, this book is unique in the sense that all the concepts, methods, techniques, and algorithms are introduced by way of examples. Thus, the book is almost a workbook and, therefore, very suitable for self-study. The reader is supposed to take an active part as he/she reads each chapter, doing all (or at least most of) the calculations as the chapter progresses. This active approach makes the material covered in the book easy to understand and difficult to forget. After all, this is what the old Chinese proverb says: “If I only hear, I forget. But I remember if I see, and I understand if I do.” Moreover, to reinforce the learning process, many of the topics introduced in the book (Galois fields, extended Hamming codes, Reed-Solomon codes, interleaving, erasure correction, etc.) are presented in different ways or contexts. When used in class, the book can be covered in one semester. The first four chapters are mandatory: no excuses! To include the last two chapters may require a faster pace, but the effort is well rewarded since both chapters are very interesting. A description of the content of the six chapters follows. They should be read at least twice: one time before reading the corresponding chapter and another time after having read it. Starting from a lowly 16QAM modem, Chapter 1 introduces step-by-step the building blocks of an ECC system. Block and continuous coders are described, together with the concepts of hard and soft decoding. Also, a “light” version of soft decoding known as “erasure” decoding is presented. By way of examples, it is shown how coders can combine efforts using the techniques of code concatenation and interleaving. Incomplete decoding is illustrated using binary coders. One of them, the “fan” coder, will appear again in Chapter 2 as the (8, 4) extended Hamming code. The chapter ends with two appendices that can be left for a second reading. Appendix A shows in a simple case the conditions on the transmitted signal to avoid intersymbol interference. This is done to somewhat justify the model of the channel chosen to study coding/decoding: a channel whose only impairment is noise. Appendix B presents a widely used method to decode continuous codes known as the Viterbi algorithm. After this foray into continuous coders, the rest of the book deals only with block coders. Each of the signals sent by the 16QAM modem carries four bits. If, due to noise, the receiver incorrectly detects the signal, one or more bits will be in error. Coding can help to mitigate this fact by grouping hexas (bytes, symbols) into messages and appending redundancy to generate codewords. Although the idea is explored in Chapter 1, no clue is given as to how to do it. Clearly, some kind of structure must be imposed on the set of codewords; otherwise it would be impossible to list them even for a modest number of hexas per message. Moreover, we need to store the mapping

Preface

ix

that assigns codewords to messages. Chapter 2 addresses the two issues (the structure and the mapping) in two separate steps. First, the set of codewords (the code) is chosen as a subspace of the sets of words using a matrix called parity-check matrix. The correction/detection capability of the code depends on the linear independence of sets of columns of such a matrix, a fact that will play an important role in the following chapters and that is carefully presented. Also, due to the importance of the notion of rank of a matrix, there is a quick review of this concept in Appendix D. This appendix should be read along with the chapter. It has only been located as an appendix not to lose continuity in the text. With respect to the second step (the mapping between messages and codewords), in principle, any injective (one-to-one) mapping would be acceptable. But again, to avoid the impossible task of storing an arbitrary mapping, a linear mapping is chosen using a matrix called the generator matrix, and it is shown how to obtain it from the parity-check matrix. To perform all these operations, the finite set of symbols must have an algebraic structure known as Galois (or finite) field. At the beginning of the chapter, three introductory examples of Galois fields of two, three, and four elements are constructed in a manner similar (and simpler!) to the way we solve a Sudoku puzzle. We observe that the tables with two and three elements are obtained adding and multiplying modulo 2 and 3, respectively, and that this is a general property whenever the cardinality of the set is a prime number. As an additional example, the field with 11 elements is used later in the chapter to decode erasures, and this is applied to the recovery of lost packets in data networks at the destination end (without resorting to retransmission) using a protocol called coded UDP (User Datagram Protocol). The chapter finishes presenting the family of Hamming codes and explaining how to derive new codes from a given code, extending or shortening it. The “fan” coder of Chapter 1 appears here as an extended Hamming code. It is also pointed out that shortening a code has (at least) the same correction/detection capability of the original code. The rudimentary construction of the field of eight elements is in Appendix C, since this field is needed at the beginning of Chapter 3 before the systematic approach to the construction of Galois fields is explained. The invention of Hamming codes and the restriction to linear coders brought some hopes for the practical usage of channel coding. But the search for generator (or parity-check) matrices to implement linear codes able to correct more than one error proved elusive for many years. The breakthrough occurred with the birth of the Reed-Solomon (RS) and Bose-Chaudhuri-Hocquenghem (BCH) codes. Chapter 3 begins presenting the original approach to RS codes exhibiting the generator matrix of the code. This is followed by an equivalent construction that focuses on “screening” the words to select the codewords of the code. All the algebra is done in finite fields. A few examples of Galois fields were constructed in Chapter 2 by rudimentary methods, but that elementary approach does not shed any light on how to proceed in general. Using the more familiar ideas of addition and multiplication of complex numbers, the systematic construction of Galois fields is presented in Chapter 3. The construction requires the existence of irreducible polynomials. Although irreducible polynomials of any degree always exist, from a practical point of view, only a subfamily of the irreducible polynomials is employed: the so-called primitive

x

Preface

polynomials. One can tell whether a polynomial is irreducible or primitive by computing its period, a concept the chapter explains. (The concept of period will appear again in Chapter 6 in a more general setting.) After presenting the polynomial approach to coding, the chapter shows how selecting primitive polynomials for the construction of the finite fields, coding can be mechanized by linear-feedback shift registers (LFSR) of the Galois type (the chapter also introduces the other structure of LFSR used in channel coding: the Fibonacci structure, although Fibonacci registers won’t play any role until Chapter 4). The set of binary codewords of several t errorcorrecting RS codes is then analyzed and shown to be a subspace of the binary words of length n (the length of the RS codewords) of dimension greater than n mt (m is the number of bits per RS symbol). These codes are, in fact, the binary BCH codes, and this presentation of the binary BCH codes paves the way to understanding a similar situation explained in Chapter 5 in relation to Goppa codes and their binary “offspring.” Chapter 3 ends showing the exact value of the redundancy of BCH codes and, then, the appropriate LFSR to implement coding. Efficient decoding of RS and BCH codes is not an easy task. In fact, in the presentation of their ideas, neither the inventors of the RS codes nor the inventors of the BCH codes offered any algorithm to decode their codes. That work was started by Peterson and improved by Gorenstein and Ziegler (PGZ), and it is covered in Chapter 4. The first problem encountered in decoding is the lack of knowledge about the number of errors. Thus, this is the first question Chapter 4 addresses. The “raw data” is the received word, and from that, a set of syndromes (or symptoms) is obtained as “processed information” on which to work. Section 4.2 explains how, assuming the correction capability of the code has not been exceeded, the number of errors in the received word can be determined using the syndromes. Hence, a section of the chapter is dedicated to the question of the efficient computation of the syndromes. But the problem is far from being solved: the locations and values of the errors must be obtained. This requires the resolution of a system of nonlinear equations, but at least, at this stage, we already know the number of unknowns! It is shown in the chapter that the problem of finding the error values can be decoupled from the problem of computing the location of errors. In fact, knowing the locations, the error values can be obtained solving a set of linear equations, similarly to what was done in Chapter 2 to find the value of the erasures. Thus, the nonlinearity of the problem lies only in the location of the errors. Imagine we have a polynomial whose roots “point” to the erroneous positions. This polynomial is called the error locator polynomial, and its task mimics what (say) the demodulator does when it flags the likely erroneous symbols. Then, it is shown that the coefficients of the locator polynomial can be obtained solving another set of linear equations. On the other hand, the roots of the locator polynomial are found by a sequential search known as the Chien search (the name of its inventor). In summary, in the first six sections of Chapter 4, we learn how to decode following five steps: compute the syndromes, determine the number of errors, find the coefficients of the locator polynomial (solving a linear system), find its roots (Chien sequential search), and finally find the error values (solving another set of linear equations). The chapter also shows how to proceed when not only errors but a mix of errors and erasures (called errata)

Preface

xi

are present in the word. This topic is revisited in Chapter 5 from a different and more illuminating perspective. There are also three sections to explain how to iteratively find the locator polynomial without the need to solve a system of linear equation: the Massey algorithm. The proof for the more ambitious and enthusiastic readers is in Appendix F to the chapter. Finally, Appendix E presents a fast way to compute determinants. It can be “made to work in most instances,” as shown in the appendix. Decoding continues in Chapter 5. The chapter begins by presenting a new equation, called the “key equation,” due to Berlekamp. There are several benefits emerging from this equation. First, it provides a different derivation of the equations to obtain the error locator polynomial. Second, a new polynomial comes into existence that allows computing the values of the errata by means of a formula (Forney formula) without the need to solve a system of linear equations. This polynomial is called the error evaluation polynomial and can be implemented very efficiently. Thus, thanks to Massey algorithm (covered in Chapter 4) and the Forney formula, decoding can be done without the chore of solving systems of linear equations. Third, errors and erasures are treated together in a more compelling way than the method explained in Section 4.10. Fourth, the formula leads very naturally to a different method of decoding based on the Euclidean algorithm that does not require the previous calculation of the locator polynomial. This algorithm is presented in Section 5.4, and it is used to decode RS codes. The algorithm was invented by Sugiyama to decode Goppa codes. These codes, together with their “offspring,” the binary Goppa codes, are covered in Appendix G. The binary Goppa codes are obtained from “their non-binary parents” following the same path (explained in Chapter 3) that leads to binary BCH codes from RS codes. Selecting some codewords of a code does not reduce the minimum weight of the code, but it can increase it. This is what, very spectacularly, happens with binary Goppa codes, as shown in the appendix. The last decoding method offered in Chapter 5 is based on the discrete Fourier transform (DFT). No doubt this has some intrinsic interest for electrical engineers, since DFT originated in the field of digital signal processing to compute the spectrum of signals. Chapter 5 introduces the DFT equations to go from the “time” domain to the “frequency” domain (and vice versa) in a very natural way without resorting to any previous knowledge on behalf of the reader. The method is then applied to decode not only errors but also errata. The RS and BCH codes presented in Chapter 3 were shown to be polynomial codes, a very important family of the linear codes. The “natural” error indicator for polynomial codes is the syndrome polynomial, σ(D).This polynomial is extensively used in Chapter 6; therefore, there is a section dedicated to mechanizing the computation of σ(D) with a LFSR. The circuit is a copy, with a minor modification, of the circuit utilized in Chapter 3 to find the redundancy of RS and BCH codes. Even though RS and BCH codes are polynomial codes, in this book, they were “born” differently. Thus, the syndrome S (of Chapter 4) and σ(D) must be “the two sides of the same coin,” the error pattern. The “flipping” (going from σ(D) to S and vice versa) is achieved by means of the Lagrange interpolation formula and the Chinese remainder theorem (CRT). The CRT will play an important role when Fire codes are introduced later in the chapter. Fire codes are burst error-correcting codes,

xii

Preface

and to understand their working requires more than a cursory presentation. In fact, the coding of Fire codes is done using the generator polynomial of the code, but decoding uses two syndrome polynomials corresponding to the two factors of the generator polynomial. This apparently strange approach to decoding is not only efficient but also very compelling, since all the conditions the parameters of the code must satisfy appear in a way that make clear the idea behind the codes. Fire codes are cyclic codes, a very important subfamily of the polynomial codes. Therefore, earlier in the chapter, cyclic codes are introduced, and it is shown that if a given error pattern can be detected/corrected, its cyclic shifts are also detectable/correctable patterns. An important property of cyclic codes relates the length of the code to the period of the generator polynomial. Chapter 3 analyzed the period of irreducible polynomials, the only thing needed at that moment to present the polynomial construction of Galois fields. But, in practice, the generator polynomials of cyclic codes are never irreducible. An example of this is given when, as a “mise-enbouche,” the detecting capability of cyclic codes is explored previously to presenting Fire codes. Thus, a section of the chapter is dedicated to the computation of the period of binary polynomials given their factorization as product of powers of irreducible polynomials. Originally I had planned to also cover Golay and Reed-Muller codes and to write two more appendices: an introduction to trellis-coded modulation (TCM) and the soft-output Viterbi algorithm (SOVA), which is the first step in the decoding of Turbo codes. But, interesting as those topics are, I left them in the inkwell due to space limitations. I may have the opportunity to include them in the future. Who knows! I have been very careful in the writing of this book, as all authors are, and I hope there are no mistakes of any kind. Take these words from Stendhal’s The Red and the Black as an apology in case any inaccuracy slipped my mind: Everything I say here, I have seen. And if I might have misled myself seeing it, in all honesty, I am not deceiving you by telling it to you. This is my own translation. Of course, in Stendhal’s words, it sounds much better. Here is the proof: Car tout ce que je raconte, je l’ai vu; et si j’ai pu me tromper en le voyant, bien certainement je ne vous trompe point en vous le disant. Enjoy the journey! Barcelona, Spain

Emilio Sanvicente

Acknowledgment

I wish to express my gratitude to my friend, Prof. Luis Muñoz of Cantabria University (Santander, Spain), for reviewing this book and for the many suggestions he made to improve it.

xiii

Contents

1

2

Fundamental Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 Transmission of Information . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 The Modem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 A Closer Look at the Modulation/Demodulation Process . . . . . . 1.4 Channel Coder and Decoder . . . . . . . . . . . . . . . . . . . . . . . . . . 1.5 Soft Decision and Erasures . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.6 Types of Coders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.7 Block Coders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.8 Continuous Coders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.9 Interleaving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.10 Concatenation of Coders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appendix A: Conditions on the Transmitted Signal to Avoid Interference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appendix B: The Viterbi Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . .

1 1 2 7 11 11 13 16 22 27 29

. .

34 39

A First Look at Block Coders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.1 Messages, Codewords, Codes, and Coders . . . . . . . . . . . . . . . . . 2.2 A Few Examples of Galois Fields . . . . . . . . . . . . . . . . . . . . . . . 2.3 The Code and the Parity-Check Matrix . . . . . . . . . . . . . . . . . . . . 2.4 Syndromes and the Singleton Bound . . . . . . . . . . . . . . . . . . . . . 2.5 Linear Coders and the Generator Matrix . . . . . . . . . . . . . . . . . . . 2.6 An Example in F11 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.7 The Hamming Bound . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.8 The Binary Hamming Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.9 Shortening a Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.10 Correction of Erasures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2.11 An Application of Erasure Correction . . . . . . . . . . . . . . . . . . . . . Appendix C: Constructing the Field F8 . . . . . . . . . . . . . . . . . . . . . . . . Appendix D: The Rank of a Matrix . . . . . . . . . . . . . . . . . . . . . . . . . . .

45 45 47 50 53 56 61 65 65 68 72 74 82 93

xv

xvi

Contents

3

RS and Binary BCH Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 The Original Approach to RS Codes . . . . . . . . . . . . . . . . . . . . 3.3 The Construction of F2m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 An Alternative Approach to RS Codes . . . . . . . . . . . . . . . . . . . 3.5 Decoding to Code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.6 The Period of Binary Irreducible Polynomials . . . . . . . . . . . . . . 3.7 The Polynomial Approach to Coding . . . . . . . . . . . . . . . . . . . . 3.8 More About Coding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.9 BCH Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.10 Encoding Using a Shift Register . . . . . . . . . . . . . . . . . . . . . . . 3.11 Analyzing BCH Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.12 BCH Coders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . .

97 97 97 102 108 110 112 117 119 123 124 128 133

4

Decoding RS and BCH Codes (Part 1) . . . . . . . . . . . . . . . . . . . . . . 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 The Number of Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.1 One Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.2 Two Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.3 Three Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Computation of Partial Syndromes . . . . . . . . . . . . . . . . . . . . . . 4.4 The Error Locator Polynomial . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 The Chien Search . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6 Evaluation of Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.7 The Massey Algorithm: A Presentation . . . . . . . . . . . . . . . . . . 4.8 The Massey Algorithm at Work: (15, 9) RS Code . . . . . . . . . . . 4.9 The Massey Algorithm at Work: (15, 3) RS Code . . . . . . . . . . . 4.10 Decoding When Errors and Erasures Are Present . . . . . . . . . . . Appendix E: The “Condensation” Method for Evaluating Determinants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Appendix F: The Massey Algorithm . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . .

135 135 135 136 138 139 144 147 150 151 158 159 163 174

Decoding RS and BCH Codes (Part 2) . . . . . . . . . . . . . . . . . . . . . . 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2 Berlekamp Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.1 Case 1: Only Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.2.2 Case 2: Errata (Errors and Erasures) . . . . . . . . . . . . . . . 5.3 Forney Formula . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.4 The Euclidean Decoding Algorithm . . . . . . . . . . . . . . . . . . . . . . 5.5 Decoding Using the Discrete Fourier Transform (DFT) . . . . . . . . 5.5.1 Obtaining e from E . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5.2 How to Compute E . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.5.3 Decoding with Erasures . . . . . . . . . . . . . . . . . . . . . . . . Appendix G: The Goppa Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Multiplicative Inverse of a Polynomial . . . . . . . . . . . . . . . .

. . . . . . . . . . . . .

5

. 179 . 185 197 197 197 198 204 211 214 222 224 227 231 235 235

Contents

xvii

The Reed–Solomon Code Revisited . . . . . . . . . . . . . . . . . . . . . The Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Structure of the Parity-Check Matrix . . . . . . . . . . . . . . . . . Restriction to Binary Codewords . . . . . . . . . . . . . . . . . . . . . . . 6

. . . .

. . . .

239 242 245 248

Polynomial and Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 Polynomial Codes and the Syndrome Polynomial . . . . . . . . . . . . 6.2 Computation of the Syndrome Polynomial . . . . . . . . . . . . . . . . . 6.3 Cyclic Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.4 Two Interesting Property of Cyclic Codes . . . . . . . . . . . . . . . . . 6.5 Relation Between S and σ(D) . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.6 The Case of BCH Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.7 The Chinese Remainder Theorem (CRT) . . . . . . . . . . . . . . . . . . 6.8 The CRT for Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.9 How to Compute the Period of a Polynomial . . . . . . . . . . . . . . . 6.10 Detecting Random and Burst Errors with Cyclic Codes . . . . . . . . 6.10.1 Bursts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.10.2 Odd Number of Errors . . . . . . . . . . . . . . . . . . . . . . . . . 6.10.3 Double Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.11 Correcting Burst Errors: A First Look at Fire Codes . . . . . . . . . . 6.12 Additional Details About Fire Codes . . . . . . . . . . . . . . . . . . . . .

255 255 257 259 262 266 269 270 274 280 283 284 284 285 288 292

Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

About the Author

Emilio Sanvicente After obtaining a Master’s Degree from New York University in 1971 and a Ph.D. from Brown University in 1974, both in Electrical Engineering, he was appointed as an assistant professor at the School of Telecommunication Engineering of the Polytechnic University of Catalonia (Barcelona, Spain). Ensuing a period of 10 years of “toil and sweat,” he became a full professor in 1984 and remained there until his retirement in 2011. During those years, he taught courses in a variety of subjects, from the Mathematics of Electrical Engineering to Communication Networks, Information Theory and Coding, Digital Transmission, and Cryptography. He also conducted research in those areas and carried out more than 20 projects for both private and government institutions. When not following his children all over the world, he happily spends his days between Spain and the USA.

xix

Chapter 1

Fundamental Concepts

1.1

Transmission of Information

Information (voice, images, etc.) is transmitted digitally. This means that information is first converted into bits and then the bit stream is transmitted to the receiver instead of the original signal generated by the information source. The conversion (or mapping) from source signals to bits should be done efficiently, that is: as accurately as possible and using the minimum number of bits. This is the task of the source-encoder. The pair {Information-source, source-encoder} is called the digital-source (see Fig. 1.1). However, the sequence of bits produced by the source-encoder cannot be transmitted as such; it must be converted to a signal. This is done by the modulator. Since the signal sent by the modulator carries digital information, it is called digital signal. Therefore, digital doesn’t mean that the signal takes a discrete set of values. In fact, the signal amplitude can have a continuous set of values within a range. Also notice that the digital signal is totally different from the signal coming from the information source. At the receiving end, once the signal has passed through the physical channel (satellite, fiber, whatever) it is processed by the counterparts of the modulator and the source-encoder, namely: the demodulator and the source-decoder. The demodulator task is to recover the bits carried by the received signal, which is a corrupted version of the transmitted signal. The mission of the source-decoder is to reconstruct the signal that originated at the information source using those bits, and to deliver the signal to the final user (person or machine): the sink. The pair {modulator, demodulator} is known as the modem, and the pair {source-coder, source-decoder} as the source-codec. Modulator, physical channel, and demodulator constitute the digital channel (see Fig. 1.2).

© Springer Nature Switzerland AG 2019 E. Sanvicente, Understanding Error Control Coding, https://doi.org/10.1007/978-3-030-05840-1_1

1

2

1 Fundamental Concepts

Fig. 1.1 Digital source

Fig. 1.2 Digital source, physical channel, digital channel, and sink

Since this is not a book on source coding, I won’t say anything about the sourcecodec. However, to fully understand error control coding, at least from an engineering point of view, a few words about modems are mandatory. This is the purpose of the next section.

1.2

The Modem

Modems can be binary or multilevel. A binary modem generates a signal for each bit coming from the digital source. Multilevel modems decompose the bit stream into batches, called bytes (sets of binary terms), and send out a signal for each byte. In this section, I will focus on multilevel modems, describing how the modulator builds up the digital signal and how the demodulator recovers the information that the signal carries. The type of modem I have chosen is the well-known quadrature

1.2 The Modem

3

Fig. 1.3 Modem symbols and signal generator

amplitude modulation (QAM for short) modem, and the size of the byte I will consider is 4. In other words, the modem is fed by hexadecimal numbers. Since there are 16 possible hexas, the modem must be able to produce 16 different signals, one for each hexa. Therefore, we are dealing with a 16QAM modem. The 16 signals are generated as a linear combination of two orthogonal (in quadrature, and hence the Q in QAM) signals φp ð:Þ, φq ð:Þ The subindexes p and q stand for phase (one of the two signals) and quadrature (the other signal). The signal s(.) corresponding to any hexa is sð:Þ ¼ sp φp ð:Þ þ sq φq ð:Þ The pair of coordinates (sp sq) is referred to as a modem symbol, s (see Fig. 1.3a). The modem symbol s ¼ (sp sq) depends on the hexa x. This mapping from hexas to modem symbols, together with the generation of s(.), is illustrated in Fig. 1.3b. That the signals φp(.) and φq(.) are orthogonal means that their scalar product is zero. Let Ts be their duration. The orthogonality condition is

4

1 Fundamental Concepts

Fig. 1.4 The detector

ðTs

φp ðt Þφq ðt Þdt ¼ 0

0

For convenience, I will also assume that φp(.) and φq(.) are normalized to unit energy. Mathematically ðTs 0

φ2p ðt Þdt ¼ 1

ðTs 0

φ2q ðt Þdt ¼ 1

All these facts are expressed saying that the signals φp(.) and φq(.) constitute an orthonormal basis for “the space of signals” generated by the modulator. To recover (sp sq) from s(.) is, in principle, easy due to the orthonormality of the basis {φp(.), φq(.)}. Here is how. ðTs 0

ðTs

 sp φp ðt Þ þ sq φq ðt Þ φp ðt Þdt ðTs ð0T s sp φ2p ðt Þ þ sq φq ðt Þφp ðt Þdt ¼ 0ð 0 ðTs Ts 2 φp ðt Þdt þ sq φp ðt Þφq ðt Þdt ¼ sp 0 0 ¼ sp

sðt Þφp ðt Þdt ¼



and analogously for sq. In Fig. 1.4, I have represented graphically the recovery of modem symbols. This structure is called the detector. Fed by the bit stream, the modulator keeps transmitting signals of duration Ts, one for each hexa. Let T be the time between hexas. If T < Ts, the transmitted signals will overlap (see Fig. 1.5).

1.2 The Modem

5

Fig. 1.5 Time between symbols and signal duration

This overlapping will cause interference at the detector unless the signals are meticulously crafted to avoid it. To utilize bandwidth efficiently, this is what is done in practice using techniques studied in digital communication courses. In Appendix A to this chapter, by means of a simple communication system, I illustrate the conditions the transmitted signal must satisfy to avoid this self-interference. However, the problems with interference don’t disappear easily. I previously said that the signal at the output of the channel, r(.), is a corrupted version of the signal at its input, s(.). This is due mainly for two reasons. Firstly, the signal is “stretched out” by the channel, and secondly the channel adds noise. This stretching may cause neighboring signals to overlap at the receiving end, even if they didn’t when transmitted (see Fig. 1.6). Obviously, this stretching also destroys the shape of the signals designed to avoid interference at the detector when Ts > T. Thus, interference between neighboring signals is unavoidable, and this phenomenon produces an annoying disturbance known as intersymbol interference. The technique to minimize this effect is called adaptive equalization. In this book, I assume that this interference has been eliminated one way or another and that, consequently, the only source of trouble is noise. Therefore, the signals output by the modulator (s0(.) s1(.) s2(.). . .) and the corresponding signals at the output of the physical channel (r0 (.) r1(.) r2(.)...) can be treated as if each pair (si(.) ri(.)) was the only one transmitted. Keep in mind, though, that, due to noise, ri(.) 6¼ si(.). This implies that the output at the detector in Fig. 1.4 will not be the modem symbol si ¼ (spi sqi), but rather an arbitrary pair of real numbers ri ¼ (rpi rqi). Therefore, a decision must be taken as to what modem symbol was transmitted to proceed with the demapping into hexas (see Fig. 1.7).

6

Fig. 1.6 Transmitted and received signals

Fig. 1.7 Decision element and demapper

1 Fundamental Concepts

1.3 A Closer Look at the Modulation/Demodulation Process

1.3

7

A Closer Look at the Modulation/Demodulation Process

In Fig. 1.8, I have represented the mapping corresponding to a standardized 16QAM modem. This mapping was chosen very carefully by its designers to fulfill some technical requirements, but those details are not relevant here. The two signals that constitute the basis are sinusoidal functions of duration Ts and period Tc. The duration is a multiple of the period, Ts ¼ 3Tc in Fig. 1.9. The easiest way to compute the amplitude of a sinusoidal signal of one-joule energy and duration Ts is to remember that one-ohm resistor dissipates V2 watts

Fig. 1.8 Mapping of a 16 QAM modem

Fig. 1.9 A sinusoidal signal

8

1 Fundamental Concepts

when connected to a V volt source, whereas a sinusoidal signal of maximum voltage Vmax releases only V 2max =2. Therefore, the signal a sin

  2π t Tc

discharges (a2/2)Ts joules during Ts seconds. Equating (a2/2)Ts to 1, we obtain a¼

rffiffiffiffiffi 2 Ts

Moreover, we have Tðs

Tðs       2π 2π 1 4π sin t cos t dt ¼ sin t dt ¼ 0 Tc Tc 2 Tc

0

0

Consequently, the two following signals rffiffiffiffiffi   2 2π φ p ðt Þ ¼ sin t Ts Tc and φq ð t Þ ¼

rffiffiffiffiffi   2 2π cos t Ts Tc

constitute a sinusoidal orthonormal basis. From all the above, to transmit, say, the hexa E ¼ (1 1 1 0) (see Fig. 1.8), the modem generates the signal rffiffiffiffiffi  rffiffiffiffiffi    2 2π 2 2π sðt Þ ¼ φp ðt Þ þ 3φq ðt Þ ¼ sin cos t þ3 t Ts Tc Ts Tc Let φ be an angle such that 3 1 sin φ ¼ pffiffiffiffiffi , cos φ ¼ pffiffiffiffiffi 10 10 Then,

1.3 A Closer Look at the Modulation/Demodulation Process

9

rffiffiffiffiffi  rffiffiffiffiffi    pffiffiffiffiffi 2 2 2π 2π t cos φ þ 10 t sin φ sin cos Ts Tc s rTffiffiffiffiffi T c  pffiffiffiffiffi 2 2π ¼ 10 tþφ sin Ts Tc

pffiffiffiffiffi sðt Þ ¼ 10

Therefore, not only the signal amplitude changes with the transmitted symbol (the AM in QAM), but also the phase. This is quite apparent from Fig. 1.8. Suppose now that the hexas to be sent are 91C78 According to Fig. 1.8, the sequence of modem symbols is ð1 3Þ ð3  1Þ ð1 1Þ ð3  3Þ ð1 1Þ Due to noise, we won’t see a replica of this sequence at the output of the detector. Instead, we’ll have something like the following five pairs of numbers ð0:5 3:25Þ ð2:75  2:13Þ ð1:5 0:5Þ ð2:5  3:25Þ ð0:5 0:12Þ The demodulator must decide which sequence of hexas was sent by the transmitter. What the demodulator does is to assign to the each received pair the modem symbol closest to it. This minimum distance decision rule divides the plane into 16 nonoverlapping 2-by-2 squares, each of them corresponding to a symbol (see Fig. 1.10). In this figure, I have represented with arrows the effect the channel has on the five transmitted symbols (moving them to arbitrary points on the plane) and the action of the decision element (assigning each received pair to the closest modem symbol). The demodulator thus decides that the modem transmitted the symbols ð1 3Þ ð3  3Þ ð1 1Þ ð3  3Þ ð1 1Þ The corresponding hexadecimal numbers are E3C78 The first two are erroneous. This causes the delivery of 4 erroneous bits to the source decoder (3 in the first hexa and 1 in the second). Figure 1.11 summarizes all that.

10 Fig. 1.10 Decision regions for the 16QAM modem

Fig. 1.11 An example showing decision errors

1 Fundamental Concepts

1.5 Soft Decision and Erasures

11

Fig. 1.12 Channel coder and decoder

1.4

Channel Coder and Decoder

When the error rate is large, the original information from the source (voice, images. . .) will be reproduced poorly. To mitigate that problem, engineers imitate the correction capabilities of natural languages, in which not all combination of letters constitute words. Guided by that example they advocated from the very beginning of error control coding for the introduction of redundancy in one form or another in the symbol stream. Of course, this is easier said than done, and it has taken a lot of work from many people to reach the level of performance we have today. The redundancy is introduced by the channel coder. Its counterpart is the channel decoder, which is responsible for “cleaning up” the demodulator output before the information is handed to the source decoder. In Fig. 1.12, we have these two new blocks. The coder changes the sequence (x0 x1 x2 . . .) into another sequence (y0 y1 y2 . . .) that has some structure. How can this be done? I will explain in Section 1.6 the two types of coders that do this job, but for the time being it is enough to say that the knowledge of this structure allows the channel decoder to spot errors in the unstructured sequence output by the demodulator.

1.5

Soft Decision and Erasures

Let us go back to the 16QAM example of Section 1.3 to present two important concepts: soft decisions and erasures. In the example of Section 1.3, the output of the demodulator is E3C78 (see Fig. 1.11). However, the demodulator knows much more than that; it knows the exact values given by the detector. Why doesn’t it output those values to the

12

1 Fundamental Concepts

decoder instead of taking a decision? Realize that by proceeding this way the demodulator is throwing away information that could help the decoder in the process of cleaning up the errors caused by the channel. That course of action is, by no means, optimum and the modem should “tell all the truth” without hiding details, as demanded in Courts. When the modem follows this more “truthful” line of action, we say that the modem is taking soft decisions and that the channel decoder implements soft decoding. Of course, not all decoders are equally well suited to perform soft decoding. There is, however, a “light version” of soft decoding that can be easily incorporated into the decoding algorithm of many decoders. The key idea here is that the demodulator does indeed take decisions, but passes along with them some indication of reliability, flagging the symbols that could be erroneous. These marked symbols are “potential errors” whose positions are known. They are called erasures. When the detector output is “close” to a modem symbol, the demodulator decides that this was, in fact, the symbol transmitted. At times, this won’t be the case and an error will be delivered to the channel decoder. However, when the detector output is in the “proximities” of the border of a decision region, the symbol is flagged as questionable, and an erasure is delivered to the decoder. In Fig. 1.13, I have highlighted those critical zones, usually called null zones. In a sense, even though

Fig. 1.13 Null zones

1.6 Types of Coders

13

Fig. 1.14 Channel decoder and erasures

a decision is made, those zones could be considered “no man’s land.” For illustration purposes, I have chosen as 1.5 the length of the sides of the “clear cut” decision regions, as opposed to a length of 2 of the whole region. Applying these ideas to the example, the demodulator will flag hexas ^x 1 ¼ 3 and ^x 4 ¼ 8 as unreliable. The information passed onto the channel decoder will, therefore, be E3*C7 8* where I have marked with an asterisk the questionable hexas. Observe that, although 8 has been flagged, it is correct. The task of the decoder is to find the positions of the erroneous hexas as well as the correct values to place in those positions. Note that for erasures the task is “half done,” since the positions are already known. The two modes of operation of the channel decoder are shown in Figs. 1.14 and 1.15. In Fig. 1.14, I illustrate the case of a decoder working with the unstructured sequence of hexas (z0 z1 z2 . . .) accompanied by reliability indicators. Of course, these flags are not the “whole truth,” but this is better than nothing. In Fig. 1.15, the decoder works directly with the detector output. The demodulator doesn’t take any decision at all; instead, it handles the “raw sequence” (r0 r1 r2 . . .) to the decoder.

1.6

Types of Coders

There are two different types of coders: block coders and continuous coders. In this section, I will show how these two types of coders introduce redundancy into the stream output by the digital source. The most salient difference between continuous and block coders can be easily guessed from their names. Continuous coders introduce redundancy continuously,

14

1 Fundamental Concepts

Fig. 1.15 Soft decoding

that is: they execute the coding algorithm for every new bit in the stream, sometimes for every two or three bits, but always a small number. Block coders, on the other hand, don’t do anything until they have a large number of bits at their disposal, a big block running in the hundreds of bits. How is redundancy actually introduced? I will start the explanation with continuous coders. Call k0 the number of bits required by the coder to operate. As I said, k0 is small; 1 many times. When the coder executes the coding algorithm, it generates n0 > k0 bits, also a small number very close to k0. Graphically, we can express this fact saying that the coder sees the stream of bits as a flow of bytes of size k0 and delivers bytes of size n0. Each output byte depends not only on the corresponding input byte but also (and this is the key feature) on M preceding bytes. M is called the memory of the coder. Due to this memory, every input byte participates in K ¼ M + 1 executions of the coding algorithm and, therefore, is “somehow present” in K output bytes. This “length” is known as the constraint length. Also, if the number of input bytes is l, the number of output bytes is L ¼ l + M. Block coders operate very differently. They split the bit stream into blocks of, say, k symbols (bits, hexas, octets...) called messages, and for each message they produce a block of n > k symbols of the same type, called codeword, that depends exclusively on the message. The set of codewords is the code. The difference n  k is the redundancy, r, and the code is referred to as an (n, k) code. In Fig. 1.16, I have graphically represented these differences; a block coder is in Fig. 1.16a, and a continuous coder of memory 3, in Fig. 1.16b. Observe the “entanglement” between input bytes in the continuous coder. The figure for the block coder is neat, but this is not the case for the continuous coder; the figure is more intricate, more convoluted, an English word that comes from the Latin word “convolvere” which means to intertwine.

1.6 Types of Coders

15

Fig. 1.16 Block and continuous coders

In Mathematics and Engineering, the word convolution has a very specific meaning as a way of linearly “intertwining” the elements of a sequence (or the values of a function). By linearly “intertwining” the elements of a sequence, I mean that sequence elements can be added together following some specified rule, but they cannot be multiplied. More details on that in Section 1.8 and in Appendix A to this chapter. When the continuous coder combines the input bytes linearly as indicated before (that is, using only additions), we say the coder is convolutional. The example of continuous coder I present in Section 1.8 belongs to this kind. The concept of continuous coders was introduced in the fifties by Peter Elias, an American pioneer in the field of error control coding. The coders Elias considered were convolutional. There are, however, many nonlinear continuous coders used in digital communication. The first appeared in the eighties, under the name of trellis coders. I will explain the reason for this name in Section 1.8. Besides all the differences outlined before, there is also another important difference between these two types of coding approaches. Continuous decoders are very well suited to perform soft decoding, as depicted in Fig. 1.15. On the other hand, block coders, like the ones I will consider in this book (Reed–Solomon and Bose– Chaudhuri–Hocquenghem), are not. They can, however, deal with erasures rather easily. In many communication systems, both types of coders work together to

16

1 Fundamental Concepts

improve the reliability of the digital channel. I will present the main ideas of this collaboration in the section on concatenation, a technique that originated with David Forney, an American engineer.

1.7

Block Coders

In this section, I present two examples of block coders that I will also utilize later when I introduce the techniques of concatenation and interleaving. In the first example, I work with hexas, in the second with bits. Let’s suppose we are faced with the problem of protecting 8 information hexas using 4 extra hexas, and that we want to correct up to t ¼ 2 errors no matter where they occur in the transmitted codeword. Can this be done? In other words: Is there a (12, 8) code that achieves this goal? And if so, how can the decoder recover the original information? Moreover, can erasures be corrected as well? In Chapter 3, I will explain how to construct this code, and in Chapters 4 and 5 how to correct errors and erasures. For the time being I only need to mention that errors and erasures can both be corrected using this code if they satisfy the condition 1 e þ d  t ð ¼ 2Þ 2 where e is the number of errors present in the received word and d is the number of erasures. Since erasures are seen, d is known, but e is clearly unknown. I will justify this formula later in the book. Of course, if errors and erasures don’t satisfy the above condition, the correction capability of the code is exceeded and the decoding algorithm won’t operate properly. To illustrate the above facts, let’s go back to the example in Section 1.5. Remember that 91C78 was sent but E3*C78* was received. Without the help of a coder/decoder pair, the reliability flags provided by the demodulator would be useless, totalizing this way 2 erroneous hexas (the last hexa, although marked, is correct). Imagine now that 91C78 forms part of, say, the following message: 91C78ABC. For the decoder to correct t ¼ 2 errors (or any of the other mixes of errors and erasures I just mentioned) the coder appends 3938. Therefore, the transmitted codeword is 91C78ABC3938. Observe that information antecedes redundancy. In practice, block coders always operate this way, and the codes are called systematic. Many times, the output of the demodulator is not the transmitted codeword but a corrupted version of it called word. When this occurs, the decoder can help. Suppose, for instance, that the output of the demodulator is E3*C78*ABC3938 (one error, two erasures). As said before, the decoder is able to correct the erroneous word and delivers the correct codeword to the source, a nice example of cooperation between the demodulator and the decoder.

1.7 Block Coders

17

Before I leave this example, I want to make a comment. Suppose that the demodulator output is E3C78*ABC3938. Now there are two errors and one erasure. Since 1 1 eþ d ¼2þ >2¼t 2 2 the decoder cannot correct the word. However, when the number of erasures is odd, the decoder can add one more erasure without harming the decoding. In fact, if e þ 12 d  t with d odd, we also have e þ 12 ðd þ 1Þ  t. Therefore, making the number of erasures even does not have any negative impact on decoding, just the opposite since there is a chance, however small, of turning an error into an erasure which could make decoding successful. This indeed would be the case if E3C78*ABC3938 is changed to E*3C78*ABC3938 or to E3*C78*ABC3938, hitting an error by sheer chance! There is no way to figure out that 3938 is the appropriate redundancy to append to the message. I deal with this topic in Chapter 3. However, in the example I’m going to present now I’ll be able to compute, using an elementary approach, the redundant bits we need to attach to achieve the desired correction capability. In this second example, I want to protect a 4-bit message using 4 redundant bits. Can I design a code to correct one error? Stated in another way: Is there a binary (8, 4) code able to correct single errors? The answer is in the affirmative and, in fact, I have depicted the coder in Fig. 1.17a. The 4 information bits are arranged in a circle and the 4 check bits are calculated adding adjacent information bits as indicated in the figure. The addition of bits is done modulo 2, namely 0 þ 0 ¼ 0,

0 þ 1 ¼ 1 þ 0 ¼ 1, 1 þ 1 ¼ 0

In digital electronics, this is known as the XOR gate. For future references, due to the figure produced when the redundant bits are calculated, I’ll call this coder the square-coder. To prove that this coder does the job, due to the symmetry of the arrangement, we only need to analyze the case when x1 or p1 are erroneous. When the error is in x1, the parity equations for p1 and p4 fail, “pointing” to x1. When the error is in p1, only that equation fails. In Fig. 1.17b, I have marked with a “star” the equations that fail when x1 or p1 are erroneous. For errors in x2 or p2, the failure patterns are the same as for x1 and p1,  respectively, but rotated 90 . So, if the error is in one of the information bits, the pattern has two contiguous stars and only one star if the error affects a parity bit. Observe that, if we use the code to correct one error, two errors cannot always be detected. For that to be possible, the failure patterns produced by two errors would have to be different from the patterns generated by only one error. Clearly this is not always true since, for instance, errors in p1 and p4 produce the same pattern as a single error in x1.

18

1 Fundamental Concepts

Fig. 1.17 A single error correction coder. (a) Parity equations (b) Some failure patterns

1.7 Block Coders

19

However, some double errors are detectable. In fact, all double errors that produce patterns with three or four stars, or two diagonally opposed stars, are detectable. The pairs (x1, p2), (x1, x3), and (x1, x2) are some examples (see Fig. 1.17b again). To summarize: All parity equations correct One parity equation fails Two contiguous parity equations fail

No error Error in the parity check Parity equations point to the erroneous bit

Can we do better? There are two possible alternatives for improvement. 1. Find a single error correcting code that requires fewer check bits. A (7, 4) code, perhaps? 2. Find a code with the same number of parity bits but enhanced error control capability. For instance, a single error correcting code able also to detect ALL double errors? Why do we want error detection? Is it useful? Let us elaborate on that. Up to now I have dealt only with the corrections of errors and erasures, and everything was done locally, at the receiver. For this reason, this method of error control could be called “one shot error control,” but it is commonly known as Forward Error Correction or FEC for short. Sometimes, though, there is an alternative to this approach, but the alternative requires the existence of a return channel. Clearly, this is not always possible, think of digital TV for instance. When the return channel is available, the receiver can use it to ask for the retransmission of those words detected as erroneous. This method of error control is called Automatic Retransmission Query (or Request), abbreviated as ARQ. We could as well call it backward error correction or BEC, but this name is seldom used. In this book, I mainly consider FEC. However, to motivate Fire codes in Chapter 6, I first present a method of error detection widely implemented in the routers of data networks. For the moment, though, I will leave this matter aside. From all the above, I can conclude that error detection is very useful indeed. There is another reason why detection is an interesting option and, amazingly enough, it is related to FEC! I postpone the discussion until Section 1.10. After this digression, let’s go back to the two alternatives for improvement presented before. I will begin by the second one: To find a way to correct one error and detect two using 4 redundant bits. To be able to correct one error and detect two, the check bits must be computed using more information bits since, as we have seen in the case of the square-coder, only two bits is not enough. Let’s try with three. I have drawn what appears to be a good candidate in Fig. 1.18. The redundant bits are computed as follows:

20

1 Fundamental Concepts

Fig. 1.18 A single error correcting/double error detecting coder

p1 ¼ x 1 þ x 2 þ x 4

ð1:1Þ

p2 ¼ x 1 þ x 2 þ x 3

ð1:2Þ

p3 ¼ x 2 þ x 3 þ x 4

ð1:3Þ

p4 ¼ x 1 þ x 3 þ x 4

ð1:4Þ

As in the square-coder, addition is done modulo 2. For future references, in view of the geometry depicted in Fig. 1.18, I’ll call this coder the fan-coder. As before, due to the symmetry of the fan-coder, only a few cases need to be analyzed to make sure the method works. Here they are: 1. x1 is erroneous. Equations (1.1), (1.2) and (1.4) fail. The error is in the bit “across” the only correct equation. 2. p1 is erroneous. Equation (1.1) fails. The information bits are correct. 3. x1 and p1 are erroneous. Equations (1.2) and (1.4) fail. 4. x1 and p2 are erroneous. Equations (1.1) and (1.4) fail. 5. x1 and p3 are erroneous. The four equations fail. 6. x1 and x2 are erroneous. Equations (1.3) and (1.4) fail. 7. x1 and x3 are erroneous. Equations (1.1) and (1.3) fail. 8. p1 and p2 are erroneous. Equations (1.1) and (1.2) fail. 9. p1 and p3 are erroneous. Equations (1.1) and (1.3) fail.

1.7 Block Coders

21

In summary: All parity equations correct One equation fails An even number of equations fail Three equations fail

No errors Error in the parity bit Two errors detected One error corrected

Observe how for the fan-coder, contrary to what happened with the square-coder, the patterns produced by two errors are all different from the patterns caused by one single error. This allows for the correction of one error and the detection of two errors. No misinterpretations are possible! Although two errors can be detected, they cannot be corrected because when, for instance, Eqs. (1.2) and (1.4) fail this could have been clearly caused by errors in p2 and p4, but also by three other erroneous pairs, namely: (x1, p1), (x2, x4), (x3, p3). Obviously, the decoder cannot know which one of those cases occurred. What happens when there are more errors, for instance three or four? It all depends on the failure pattern generated by the error. If the pattern has two or four stars, the error will be detected. If the pattern has one or three stars, the decoder will assume one error and the word will be decoded erroneously. Finally, if all the parity checks are correct, the error will go unnoticed. Two examples follow. Say that the codeword 10010110 is transmitted but the received word is 11001110. Observe that three errors (in red) are present. The four parity bits computed by the receiver are p1 ¼ 0, p2 ¼ 0, p3 ¼ 1, p4 ¼ 1. Equation (1.3) is the only one correct and, according to the decision rule I mentioned before, the receiver decides to correct x1. In other words: it decides erroneously that the transmitted codeword was 01001110. Therefore, it introduces an additional error (underlined) and delivers a message with four errors instead of the only three errors caused by the channel! To avoid erroneous decoding, as in this example, some error control coding schemes are implemented as detection-only systems. Clearly, by proceeding this way, the probability of error detection increases. More on this in Chapter 2. To continue, suppose now that the same codeword was sent and that the received word is 01001110. Since all of the parity equations are satisfied, the word is accepted as a legitimate codeword. Nothing can be done in this case: the error goes undetected. Here is a summary of all the cases that can possibly occur: – – – – –

No error. Error corrected. Error detected. Decoding error. Undetectable error.

Figure 1.19 is a pictorial representation of these facts. Observe that Figs. 1.13 and 1.19, although they refer to two different devices of the receiver (the demodulator and the decoder), are very similar conceptually.

22

1 Fundamental Concepts

Fig. 1.19 Correction and detection

With respect to the first alternative for improvement I mentioned before, it can be easily seen that eliminating one of the “blades” of the fan-coder (that is: using only three of the four redundant bits) we have a (7, 4) single error correcting code.

1.8

Continuous Coders

I said in Section 1.6 that continuous coders can work very well with the detector output. In this section, I want to justify this fact. The parameters of the continuous coder I’m going to analyze are the following: (n0, k0) ¼ (2, 1), M ¼ 2. As I explained before, this means that the output is a 2-bit byte that depends on the present input bit and on two preceding bits. The coder is in Fig. 1.20. The little squares are unit delays, and the big square is the connection matrix. When an output line contains several connection points, this means that the corresponding bits are to be XORed. Let’s call xt the bit entering the coder at time t and yt the corresponding output byte. From Fig. 1.20, we have

1.8 Continuous Coders

Fig. 1.20 A continuous coder

23

24

1 Fundamental Concepts

  ð1Þ ð2Þ yt ¼ yt yt ð1Þ

ð2Þ

where yt ¼ xt þ xt2 and yt ¼ xt þ xt1 Only additions are used to compute the output. The continuous coder is, therefore, linear. The output yt cannot be computed from the sole knowledge of xt; the pair st ¼ (xt  1 xt  2) must also be given. st is called the state of the coder at time t. To obtain yt + 1, we proceed similarly, using now xt + 1 and the new state st + 1 ¼ (xt xt  1). The connection matrix is described by giving the two connection vectors, namely: (1 0 1) and (1 1 0). Ingeneral, for a continuous linear coder of memory M, a typical  ðiÞ ðiÞ ðiÞ connection vector is h0 h1 . . . hM , i  n0. The corresponding output is ðiÞ

ðiÞ

ðiÞ

ðiÞ

yt ¼ h0 xt þ h1 xt1 þ    þ hM xtM ¼

j¼M X

ðiÞ

h j xtj

j¼0

The above expression is called the   convolution of the input sequence with the ðiÞ ðiÞ ðiÞ connection vector h0 h1 . . . hM , and, hence, the name convolutional given to these linear coders. ðiÞ The yt could depend nonlinearly on inputs xt, xt  1, . . . , xt  M ðiÞ

yt ¼ f ðiÞ ðxt ; xt1 , . . . , xtM Þ For instance, the above function could include products (implemented as AND gates) of some of the inputs. In those cases, the continuous coder cannot be called convolutional. This would be the case if, for instance, the new output ð3Þ

yt

¼ xt ∗ xt2

is added to the coder in Fig. 1.20. Clearly, the extra output is not a convolution of the inputs. After this digression, let’s return to the example. In Fig. 1.21, I have represented the mapping. ðInput; StateÞ ! ðOutput; New StateÞ Figure 1.21 looks like a trellis. Mappings like this can be constructed for any continuous coder, linear or nonlinear, but the name trellis coder is usually reserved for nonlinear coders.

1.8 Continuous Coders

25

Fig. 1.21 The trellis

Using the trellis, coding is done very easily: just go back and forth in the trellis. For instance, the input sequence (1 1 0 1) is coded into the sequence (11 10 11 01 01 10). To continue with the example, I’m going to use the 4QAM modem illustrated in Fig. 1.22 to transmit the above sequence. The sequence of modem symbols corresponding to the bit sequence is ð11 1  1 11  11  11 1  1Þ Observe that the length (in bytes), L, of the output sequence is 6 ¼ 4 + 2, where 4 is the length in bits, l, of the input sequence and 2 is the memory of the coder, M. Suppose now that the decoder receives from the detector the following sequence of points

ð0:125 0:875Þ ð1:125 0:125Þ ð0:875 0:875Þ

ð1:250 1:125Þ ð0:125  0:125Þ ð0:125  0:875Þ See Fig. 1.22 again. Can continuous (linear, as in this example, or not) decoders easily decode sequences of pairs of real numbers? The answer is in the affirmative. In other

26

1 Fundamental Concepts

Fig. 1.22 4 QAM modem and 6 received points

words: continuous decoders are well suited for soft decoding as I mentioned in Section 1.6. But, how can the decoding be done? Observe that deciding pair by pair, choosing the modem symbol closest to the received pair, fails. In fact, using that approach, we would obtain ð11 11 11

 11

11

 1  1Þ

which corresponds to the “coded sequence.” ð01 11 11

01

10

00Þ

This sequence, however, could have never been generated by the encoder since the first byte has to be either 00 or 11. I can express this fact a little differently saying that the sequence cannot be inverted (demapped) to produce 4 information bits. This idea of deciding by “closeness” is, nonetheless, very intuitive and compelling, but the “winner” has to be chosen among one of the 16 contestant sequences like, for instance, the sequence ð00 00 00 00 00 00Þ which corresponds to (0 0 0 0). Written as modem symbols, the above sequence is ð1  1  1  1  1  1  1  1  1  1  1  1Þ

1.9 Interleaving

27

How can I measure the closeness between this sequence and the sequence sent out by the demodulator? Let’s begin by looking at the first modem symbol (1 –1) and the first pair (0.125 0.875) output by the demodulator. The squared distance between those two points is h i d 2 ¼ ð1 þ 0:125Þ2 þ ð1  0:875Þ2  4:28 Now, let’s do the same with the other 5 points. Here are the results we obtain: 5.78, 7.03, 4.58, 2.03, and 0.78. The metric for closeness is now the sum of all the above, namely 4:28 þ 5:78 þ 7:03 þ 4:58 þ 2:03 þ 0:78 ¼ 24:48 Perform an analogous computation for the other 15 sequences, and decide that the transmitted sequence is the one with the minimum metric (the “closest”). This sequence turns out to be ð11 10 11 01 01 10Þ which coincides with the sequence generated by the coder! There are several algorithms to efficiently decode continuous codes, instead of using the “brute force” approach of computing all the metrics. In Appendix B to this chapter, I briefly introduce the most widely used of them: the Viterbi algorithm, named after Andrew Viterbi, an Italian American engineer and entrepreneur. As I mentioned before, I won’t consider continuous codes in the rest of this book, but I wanted to present in this section the most basic ideas related to decoding continuous codes and to show how these decoders can work directly with the detector output.

1.9

Interleaving

A time-honored proverb advises not to put all the eggs in the same basket. This is a wise general principle with different interpretations depending on the case. For instance, the pilot and copilot of commercial airlines never eat the same food while on board; when people invest, they always diversify their portfolios. In error control coding, this “diversification” is called interleaving. Briefly stated, interleaving is spreading out for transmission the symbols belonging to the same codeword. Of course, the receiver has to do the inverse operation: reconstructing the codewords by putting together all their symbols. According to this, the interleaver and the deinterleaver must be placed in the positions indicated in Fig. 1.23. In Fig. 1.24, I have illustrated the interleaving of 3 codewords of length 4. The 3 codewords are stored by rows and transmitted by columns. At the receiver, the symbols are entered by columns, and the codewords appear ordered by rows again.

28

Fig. 1.23 Channel coder and interleaver

Fig. 1.24 Interleaving and deinterleaving

1 Fundamental Concepts

1.10

Concatenation of Coders

29

Fig. 1.25 Interleaving as shuffling

This simple “rectangular” interleaver will suffice for what I want to say here, and I’ll stick to it in the rest of this chapter. In real practice, though, there are also other interleavers called convolutional interleavers that use more intricate, more convoluted permutations (but no convolutions!) than the one I described before. The process of interleaving can be thought of as a permutation (performed prior to transmission) on the stream of symbols output by the coder. Figure 1.25 illustrates this fact. To understand how interleaving can help to achieve reliability, I’m going to use as an example the binary (8, 4) block coder I introduced in Section 1.7. In Fig. 1.26a, we have a few codewords and a burst of noise affecting 24 bits. It is apparent from the figure that 4 words will be decoded erroneously. Now pile 24 codewords on top of each other, as indicated in Fig. 1.26b. This number is called the interleaver depth. The noise burst causes only one bit erroneous per codeword and, therefore, the 24 corresponding messages will be delivered error free. What would happen if the noise affects 32 bits instead of 24? (see Fig. 1.26c). In this case 8 codewords would have 2 errors. Since the decoder can detect 2 errors, it flags the corresponding 4-bit messages as erroneous and lets “some other element” in the receiver take care of the problem. This “other element” is another decoder that treats those 8 4-bit messages as erasures, as I explain in the next section.

1.10

Concatenation of Coders

To profit from the reliability information provided by the demodulator, we needed a channel decoder. With the binary decoder flagging out messages, we are now in a similar situation, and to take advantage of the erasures produced by this decoder we

30

1 Fundamental Concepts

Fig. 1.26 Error burst caused by noise. (a) Burst of noise (b) Noise affects 24 bits (c) Noise affects 32 bits

need another decoder able to treat those 4-bit messages as symbols. To that end, I’ll use the (12, 8) code that I presented in Section 1.7. This coder works with hexas and up to 2 errors or 4 erasures can be corrected. Thus, the channel coder is built putting two coders in series. This technique is called code concatenation. The idea originated with David Forney, already mentioned before. The first coder (the one whose

1.10

Concatenation of Coders

31

Fig. 1.27 Code concatenation

Fig. 1.28 Error correction using interleaving for transmission and code concatenation

symbols are hexas) is the one closer to the digital source, and it’s called the outer coder. The second coder (the binary coder) is the inner coder, closer to the digital channel (see Fig. 1.27). This design is a good example of the “divide and conquer” principle; the problem is decomposed into two manageable stages rather than trying to obtain the same performance with only one, more complex, coder/decoder. Let’s put everything together to see how it works (see Fig. 1.28).

32

1 Fundamental Concepts

Fig. 1.29 The outer interleaver

I begin with the outer coder, coding 2 messages of 8 hexas each. This operation produces 2 codewords of 12 hexas. Those 24 hexas are delivered to the inner coder, which generates 24 8-bit codewords that are interleaved for transmission. A 32-bit error burst causes 16 of the binary codewords to have one error and 8 to have 2. The binary decoder detects those 8 double-error words and flags as unreliable the corresponding 4-bit messages. These messages are treated as erasures by the (12, 8) decoder. The first word has 2 erasures and the second, 6. Since the outer decoder only corrects up to 4 erasures, the 8 hexas resulting from decoding the second word will be erroneous. To make sure erasures are spread out evenly, another interleaver, named outer interleaver is placed between both decoders. The transmission interleaver, the only one I have considered up to now, is called the inner interleaver (see Fig. 1.29). With the incorporation in the decoding chain of the outer interleaver, the 32-bit error burst depicted in Fig. 1.26 is corrected (see Fig. 1.30). Clearly, the decoder can also correct any 32-bit error burst no matter where it begins. A final observation before we finish this section. The two coders in the concatenation scheme just explained are block coders. This same concatenation technique, using two block coders, is utilized in some commercial applications. Error correction for DVDs and CDs is an example. The concatenation of a continuous coder (as the inner coder) and a block coder (as the outer coder) is also widely used since continuous coders are very well suited to work with soft decoding. Finally, in the so-called Turbo codes, a French invention that came into existence in the nineties, two continuous coders work together to clean the errors introduced by the communication channel. In this case, the continuous coders must produce “soft outputs,” as the detector in Fig. 1.15. There are several methods to do this. The easiest is an “enhanced” Viterbi algorithm known as SOVA, for soft output Viterbi algorithm. But I will not pursue this topic in the book.

Concatenation of Coders

Fig. 1.30 Error correction using two interleavers and code concatenation

1.10 33

34

1 Fundamental Concepts

Appendix A: Conditions on the Transmitted Signal to Avoid Interference In this appendix, I will use a simple communication system to explain the conditions under which interference can be avoided when Ts > T. I will assume a binary source and that the modem transmits a signal g(t) of duration Ts when the binary symbol is 1 and g(t) when it is 0. In other words, the modem symbols s0, s1, s2 . . . sN, corresponding to the binary source symbols x0, x1, x2 . . . xN, belong to the set {1, +1}. I will also suppose that g(t) is of unit energy, that is: Tðs

g2 ðt Þdt ¼ 1 0

Contrary to the QAM modem used in the chapter, this is a one-dimensional modulation technique called PAM (pulse amplitude modulation). The aim of this appendix is to analyze what conditions on g(t) guarantee the avoidance of interference. The signal sent by the modem is sðt Þ ¼

N X

s j gðt  jT Þ

j¼0

Since I only want to justify that, by an appropriate choice of g(.), interference can be avoided, I will assume that s(.) is also the signal received by the demodulator, that is: the channel is ideal (no spreading, no noise). The detector is basically a filter whose output is sampled, first at Ts (to obtain s0), and afterwards at intervals of T seconds to obtain the other symbols (see Fig. 1.31).

Fig. 1.31 The communication system

Appendix A: Conditions on the Transmitted Signal to Avoid Interference

35

Even though the channel is ideal, the demapper will not reproduce the bits sent by the source (due to the overlapping of signals) unless g(.) is chosen as indicated later. The detector is characterized by a function h(.), called its impulse response, such that h(t) ¼ 0 when t  0. The detector output r(t), is given by ðt r ðt Þ ¼ sðτÞhðt  τÞdτ 0

In words: the output r(.) is the convolution of the input s(.) and the impulse response h(.). To obtain a basic condition on h(t), I will suppose that only the first symbol is transmitted. We have, Tðs

r ðT s Þ ¼

s0 gðτÞhðT s  τÞdτ 0

We want r ðT s Þ ¼ s0 This imposes the condition Tðs

gðτÞhðT s  τÞ ¼ 1 0

The above is satisfied if we set hðT s  τÞ ¼ gðτÞ

ð1:5Þ

Then, at the sampling instant, the filter provides all the energy contained in the transmitted signal g(.). Equation (1.5) can be written as hð τ Þ ¼ gð T s  τ Þ In Fig. 1.32, I have illustrated how to obtain the impulse response from the transmitted signal: First the signal is reflected (folded) on the ordinate axis, and then translated Ts (4T in the example) to the right. The impulse response of the detector filter is, thus, directly obtained from the transmitted pulse. Very graphically, we say that the impulse response is “matched”

36

1 Fundamental Concepts

Fig. 1.32 How to obtain h(t) from g(t)

to the transmitted pulse. This fact justifies the name matched filter given to this filter. Moreover, the filter is also optimum for noise discrimination, something that I won’t elaborate here. The matched filter was first introduced by Dwight North, an American engineer. Going back to the general case, we are now ready to obtain the conditions on g(t). We have ðt r ðt Þ ¼ sðτÞhðt  τÞdτ ¼ 0

¼

N X j¼0

ðt (X N 0

) s j gðτ  jT Þ hðt  τÞdτ

j¼0

ðt s j gðτ  jT Þhðt  τÞdτ 0

The sample at iT + Ts is

r i ¼ r ðiT þ T s Þ ¼

N X j¼0

minfi:jðgTþT s

gðτ  jT ÞhðiT þ T s  τÞdτ

sj maxfi; jgT

I have changed the limits of integration because, since g(.) and h(.) are zero outside the interval (0, Ts), the integrand is zero outside the indicated limits. From (1.5) hðT s  ½τ  iT Þ ¼ gðτ  iT Þ

Appendix A: Conditions on the Transmitted Signal to Avoid Interference

37

And we can write

ri ¼

N X

minfi;ðjgTþT s

gðτ  jT Þgðτ  iT Þdτ

sj

j¼0

maxfi; jgT

Let us call minfi;ðjgTþT s

gðτ  iT Þgðτ  jT Þdτ ¼ gij maxfi; jgT

Clearly gij ¼ g ji and g00 ¼ 1 Then we have ri ¼

N X

s j gij

j¼0

In Fig. 1.33, I have shown the signals transmitted for a few bits using the pulse of Fig. 1.32. In order to simplify the figure, all the bits are supposed to be 1 (otherwise,

Fig. 1.33 A few transmitted pulses

38

1 Fundamental Concepts

Fig. 1.34 The function gk when Ts ¼ 4T

Fig. 1.35 A conceptual model of the communication system (Ts ¼ 4T, i ¼ 13)

some of the pulses should be inverted). In the figure, I indicate how to calculate the values of g01 and g13 14. We can clearly see that g13 14 has the same value as g0 1. In other words, gi j depends only on k ¼ i  j and not of j and i separately. Thus, gij ¼ gji implies gk ¼ gk (the function gk is symmetric). Since, in the example, Ts ¼ 4T, s9 and all the symbols preceding s9 do not interfere in the detection of s13, neither do s17 and future symbols. Therefore, we have gk ¼ 0 for k  4. See Fig. 1.34 (some gk may be negative). In general, for Ts ¼ nT, we can write ri ¼

iþX ðn1Þ j¼iðn1Þ

s j gij ¼ si þ

iþX ðn1Þ

s j gij

j ¼ i  ð n  1Þ j 6¼ i

Observe that the output at any instant is expressed, again, as a convolution. For n ¼ 4 and i ¼ 13, the preceding equation can be represented as pictured in Fig. 1.35. The design challenge is to find signals such that gk ¼ 0 for all k 6¼ 0. Then

Appendix B: The Viterbi Algorithm

39

ri ¼ si That is, the detector output is free of intersymbol interference even though Ts > T. This problem is studied in digital communication courses.

Appendix B: The Viterbi Algorithm To explain the Viterbi algorithm, I will begin by reconsidering, using a diagram, the brute force approach to decoding I introduced before. The diagram, represented in Fig. 1.36, is the concatenation of 6 (In general, L ¼ l + m ¼ 4 + 2) trellises as the one drawn in Fig. 1.21 of this chapter. Using this diagram, coding can be thought of as following a path through the trellises: For the two branches emanating from each node, we move upwards when the digital source emits 0 and downwards when the bit is 1. Since we start at node A0 and must end at node A6, the path corresponding to the input (1 1 0 1) is A0 C1 D2 B3 C4 B5 A6. The coded sequence is (11 10 11 01 01 10), as indicated in Section 1.8 of this chapter. In Fig. 1.37, I have drawn the received sequence used in Section 1.8, together with the path corresponding to (0 0 0 0) and the 6 metrics calculated there. These metrics are called branch metrics. The metric that measures the closeness of this path to the received sequence is the sum of the metrics of the 6 branches (namely: 24.48) and is called the path metric. Similarly, to compute the metric of any other path we must calculate the metrics of its branches and add them together. Observe that, since all paths begin at A0 and end at A6, some of the metrics are not needed. For instance: the metrics of the branches Bo A1 or D5 B6 are unnecessary.

Fig. 1.36 Concatenation of trellises

40

1 Fundamental Concepts

Fig. 1.37 Branch metrics

In Fig. 1.37, all branches needed to calculate path metrics are labeled with their corresponding metric. The rest of the branches are left unlabeled. We can now easily compute the 16 path metrics. For instance, the path metric corresponding to input (1 1 1 1) is 1:28 þ 1:28 þ 7:03 þ 4:58 þ 2:03 þ 1:28 ¼ 17:48 In Table 1.1, I have collected the metrics of the 16 paths corresponding to the 16 different inputs. I have ended the inputs by 00, since those two extra bits are required to reach A6. The minimum is 6.48. Therefore, the closest path to the received sequence is A0 C1 D2 B3 C4 B5 A6 and the estimated input sequence is (1101). Notice that, in this example, the estimated input sequence coincides with the transmitted input sequence. Unfortunately, this does not always happen. The computation and addition of branch metrics can be done as the symbols are received from the demodulator. In node A1 we store 0 as input information and 4.28 as path metric. Similarly, the information in node C1 is (1, 1.28). Continuing this way, the content stored in nodes A2, B2, C2, and D2 is (00, 10.06), (10, 6.56), (01, 5.06), and (11, 2.56), respectively. As the reception of symbols progresses, the amount of data stored in each node grows larger and larger to the point that in node A6 we have to store Table 1.1. The tables shown in Fig. 1.38 for a few selected nodes, namely: C1, B2, B3, D4, B5, and A6, illustrate this growth.

Appendix B: The Viterbi Algorithm Table 1.1 Inputs and path metrics in A6

Input 000000 000100 001000 001100 010000 010100 011000 011100 100000 100100 101000 101100 110000 110100 111000 111100

41 Path metric 24.48 25.98 12.48 22.98 20.98 12.48 15.98 16.48 17.48 18.98 12.48 22.98 14.98 6.48 16.98 17.48

The growth is exponential and, therefore, this brute force method cannot be used in practice. The solution is based on a simple modification, known as the Viterbi algorithm that I will explain now. In Fig. 1.39, I have highlighted the paths from B3 to A6. On the other hand, B3 can be reached from A0 following two paths: A0 A1 C2 B3 and A0 C1 D2 B3. Altogether, we have four paths that arrive at A6 passing through B3. Of course, we don’t know if any of these four paths will be the closest path to the received sequence. However, we for sure know that “the winner” cannot be either A0 A1 C2 B3 A4 A5 A6 or A0 A1 C2 B3 C4 B5 A6. In fact (see node B3 in Fig. 1.38), we have: MetricðA0 A1 C2 B3 A4 A5 A6 Þ ¼ MetricðA0 A1 C2 B3 Þ þ MetricðB3 A4 A5 A6 Þ ¼ 8:59 þ MetricðB3 A4 A5 A6 Þ > 2:59 þ MetricðB3 A4 A5 A6 Þ ¼ MetricðA0 C1 D2 B3 Þ þ MetricðB3 A4 A5 A6 Þ ¼ Metric ðA0 C1 D2 B3 A4 A5 A6 Þ The same applies to the path A0 A1 C2 B3 C4 B5 A6. Therefore, although we had two paths reaching B3, only A0 C1 D2 B3 “survives,” and A0 A1 C2 B3 can be eliminated from further consideration. This implies that the first row in the table stored in B3 is not needed. In Fig. 1.39 this is represented graphically cutting out the branch C2 B3. We can use the same procedure at nodes A3 and D3, which results in the elimination of branches A2 A3 and D2 D3 (see Fig. 1.40). A little problem occurs at node C3 because the two paths that arrive at this node, namely: (A0 A1 A2 C3) and (A0 C1 B2 C3), have the same metric (10.09). If the closest path does not go through C3, this “local” tie has no consequences. If,

42

1 Fundamental Concepts

Fig. 1.38 Tables in a few selected nodes

however, C3 belongs to the path closest to the received sequence, the decision as to which branch to cut matters. In fact, if we decide that A0 A1 A2 C3 survives, the first three bits of the decoded sequence will be 0 0 1, whereas, if we eliminate A0 A1 A2 C3, those three bits will be 1 0 1. The computed metric provides no clue as to which

Appendix B: The Viterbi Algorithm

43

Fig. 1.39 Only one of the paths arriving at B3 survives

Fig. 1.40 Branch cutting at the nodes

one of those two paths we should choose. Moreover, since the digital source is supposed to generate zeros and ones independently and with equal probability, we don’t have any reason to prefer 0 0 1 to 1 0 1 or vice versa. Therefore, when local ties occur, the surviving branch is chosen randomly. In our example, I decided to eliminate the branch A2 C3.

44

1 Fundamental Concepts

The important feature of the Viterbi algorithm is that, due to the “pruning of branches,” there is only one path from A0 to any node. Therefore, the only row any node must store is the row of the surviving path avoiding this way the impossible task depicted in Fig. 1.38. The procedure can now be continued as more symbols are received from the demodulator. Here are the details for node D4. This node can be reached from C3 and from D3. The metric of the best path from A0 to C3 is 10.09, and from A0 to B3 is 8.59 (see Fig. 1.40). Since 10:09 þ 9:58 > 8:59 þ 4:58 we cut the branch C3 D4, or equivalently, in the node D4 we only store the third row of the table depicted in Fig. 1.38. A similar method can be applied to the remaining nodes. Decoding can now be performed graphically by going back in the trellises from the terminating node, A6. The path closest to the received sequence is highlighted in Fig. 1.40.

Chapter 2

A First Look at Block Coders

2.1

Messages, Codewords, Codes, and Coders

In Chapter 1, we learned that block coders split the stream of bytes (bits, octets, etc.) from the source into chunks, say of size k, called messages. The coding algorithm is then applied to each message to produce a string of n bytes, with n > k. This string of bytes is the codeword corresponding to the message (see Fig. 2.1). Since n > k, there are more n-tuples than messages. The n-tuples that are not codewords are called words. Now, two questions arise: • How do we select codewords among the set of all words? • How do we assign codewords to messages? The set of codewords is called the code or, if we want to be more specific, the(n, k) code. The function that assigns codewords to messages is called the coder. Once the code is given, there are many possible choices for the coder, but all coders must satisfy a necessary condition: the coder must be an injective (one-to-one) application; otherwise, messages couldn’t be uniquely recovered from codewords, even in the ideal case of no errors (see Fig. 2.2). Now, I am going to introduce the notation that I’ll use in this chapter. Messages will be denoted by x ¼ (x1 x2 . . . xk), codewords by y ¼ (y1 y2 . . . yn), and words by z ¼ (z1 z2 . . . zn). In view of this notation, it is tempting to treat x, y, and z as vectors. To structure the sets of messages and words as vector spaces, we must define two basic operations: the sum of two vectors and the product of a vector by a scalar (a byte). I will define those operations in the usual way, that is: component-wise addition and scalar multiplication. Thus, I need to define addition and multiplication for bytes. With bytes manipulated by additions and multiplications at the coder, it is apparent that at the other end, to recover the message from the received word, the decoder will need to use also the inverse operations: subtraction and division. © Springer Nature Switzerland AG 2019 E. Sanvicente, Understanding Error Control Coding, https://doi.org/10.1007/978-3-030-05840-1_2

45

46

2 A First Look at Block Coders

Fig. 2.1 Messages and codewords

Fig. 2.2 The code and the coder

Therefore, the set of bytes should be endowed with the four basic operations of arithmetic together with its traditional rules, namely: the commutative, distributive, and associative laws, as well as the existence of identity elements for addition and multiplication, called 0 and 1, respectively. A finite set of elements structured with the four operations and rules of our elementary arithmetic is called a Galois field in honor of Evariste Galois, a French mathematician of the first third of the nineteenth century. In the next section, I will show how finite fields can be constructed in a few simple cases.

2.2 A Few Examples of Galois Fields

2.2

47

A Few Examples of Galois Fields

To be able to define in a finite set the four arithmetic operations we learned in Elementary School, the number of elements in the set cannot be arbitrary; it must be the power of a prime. Figure 2.3 shows a few of those numbers. The notation for a field with q elements is Fq where q ¼ pm with p a prime number and m any whole number {1, 2, 3 . . .}. For instance: F2 has two elements; call them 0, 1 F3 has three elements; call them 0, 1, 2 F4 has four elements; call them 0, 1, 2, 3 Notice that 0 and 1 belong to all of them. In Electrical Engineering and Computer Science, we usually work with bunches of bits. Consequently, fields of 2m elements are all we need. However, in other more mundane cases, like bar codes, credit cards, identity cards, etc., finite fields with a number of elements different from 2m are also used. Therefore, to introduce the basic ideas about Galois fields, in this section I explain how to construct not only F2 and F4 but also F3. The approach will be very elementary, “filling the blanks” in the addition and multiplication tables similarly to what we do when we solve Sudoku puzzles.

Fig. 2.3 Number of elements of Galois fields

48

2 A First Look at Block Coders

+ 0 1 0 0 1 1 1 0

Fig. 2.4 Addition and multiplication tables in F2

Fig. 2.5 Addition and multiplication tables in F3 (a) Partially filled addition table (b) Addition table (c) Multiplication table

* 0 1 0 0 0 1 0 1

a

+ 0 1 2

0 0 1 2

1 1 ? ? + 0 1 2

2 2 ? ? 0 0 1 2

c

* 0 1 2 1 1 2 0

0 0 0 0

b 1 0 1 2

2 0 2 1

2 2 0 1

In Fig. 2.4, we have the addition and multiplication tables in F2. I don’t need to comment anything about the multiplication table: for any number, its product by 0 is 0, and its product by 1 doesn’t change the number. This completes the multiplication table. What about the addition table? Again, adding 0 to a number doesn’t modify it. But how should we define 1 + 1? Remember that 1 must have an additive inverse, a number that added to 1 produces 0. In other words, 0 must appear in the row corresponding to 1. Therefore, 1 + 1 ¼ 0. This completes the addition table In digital electronics, the circuits that implement the addition and multiplication tables shown above are known as XOR and AND gates. Let’s turn to F3. Figure 2.5a, b displays the obvious results. Again, 2 ∗ 2 has to be 1 because 2 must have a multiplicative inverse. To complete the addition table, I will use the fact that all the elements in any row (and in any column, since addition is commutative) must be different. This can be justified easily for any field. Call a, b, c, d . . . the different elements in the field and assume, for instance, that a + b ¼ a + c. Now, adding (a) to both sides and using the associative law we have: ðaÞ þ ða þ bÞ ¼ ðaÞ þ ða þ cÞ ½ðaÞ þ a þ b ¼ ½ðaÞ þ a þ c 0þb¼0þc b¼c This contradicts that b 6¼ c. A similar reasoning can be used to show that, except for the 0 row and column, all the elements in the rows and columns of the multiplication table must also be different. The multiplication table given above satisfies this condition. Let’s return to the addition table to complete it. For 1 + 1 we have two choices: 0 or 2. If we set 1 + 1 ¼ 0, then 1 + 2 must be 2, which is impossible since, then, 2 would appear twice in the third column. So, 1 + 1 must be 2. This completes the table as it appears in Fig. 2.5c.

2.2 A Few Examples of Galois Fields

49

Fig. 2.6 Addition and multiplication tables in F4 (a) Partially filled addition table (b) Addition table (c) Multiplication table

a + 0 1 2 3

0 0 1 2 3

1 1 a b c

b 2 2 b ? ?

3 3 c ? ?

+ 0 1 2 3

0 0 1 2 3

c 1 1 0 3 2

* 0 1 2 3 2 2 3 0 1

0 0 0 0 0

1 0 1 2 3

2 0 2 3 1

3 0 3 1 2

3 3 2 1 0

Observe that the tables for F3 are modulo-3 addition and multiplication. Notice also that something similar happened with the addition and multiplication tables I constructed for F2: the arithmetic is modulo-2. This is an interesting result that is valid for all fields with a prime number, p, of elements: the arithmetic is modulo-p. I’ll come back to this fact later in the chapter when I consider a code in F11. The construction of the field F4 is rather interesting. To begin with, we must abandon the idea of using modulo-4 arithmetic. The reason is apparent: 2 * 2 would be 0 which is forbidden. There must be another way. The multiplication table is easy to obtain. It is in Fig. 2.6b. Let’s try to fill up the addition table (see Fig. 2.6a). Either a, b, or c must be 0, but only one of them. Say b ¼ 1 + 2 ¼ 0. Multiplying by 3, we have 3ð1 þ 2Þ ¼ 0 And, using the multiplication table 3ð 1 þ 2Þ ¼ 3 þ 1 ¼ c Then, c ¼ 0, which is imposible. Similarly, if we start with 1 + 3 ¼ 0, we have 1 + 2 ¼ 0. Therefore, a ¼ 1 + 1 must be 0. And thus 2ð 1 þ 1Þ ¼ 2 þ 2 ¼ 0

3ð 1 þ 1Þ ¼ 3 þ 3 ¼ 0

Finally, the addition table is in Fig. 2.6c. All this implies that (1) ¼ 1, (2) ¼ 2, and (3) ¼ 3. In other words, subtraction is the same as addition. This is a general fact for all finite fields of 2m elements. Let’s now represent 0, 1, 2, and 3 in binary

50

2 A First Look at Block Coders

Fig. 2.7 Another look at the addition table in F4

+ (0 0) (0 1) (1 0) (1 1)

(0 0) (0 0) (0 1) (1 0) (1 1)

(0 0)=0

0 ¼ ð0 0Þ 1 ¼ ð0 1Þ 2 ¼ ð1 0Þ

(0 1) (0 1) (0 0) (1 1) (1 0)

(1 0) (1 0) (1 1) (0 0) (0 1)

(1 1) (1 1) (1 0) (0 1) (0 0)

(0 1)=1 (1 0)=2 (1 1)=3

1 ¼ ð 1 1Þ

Using this notation, Fig. 2.6c appears as shown in Fig. 2.7. Notice that addition is done bitwise. Writing the four elements of F4 as pairs of bits is like representing complex numbers as pairs of real numbers. Also, the addition in F4 mimics what we do with complex numbers when, to add them, we separately add their real and imaginary parts. If we use this binary representation for the elements of F4, how can we interpret multiplication? Clearly, it is not done bitwise (1 ∗ 2 would be 0). This is not surprising, since we do not multiply complex numbers this way either. However, to come up with a rule that “imitates” complex number multiplication does not seem to be an easy task. In Chapter 3, I will elaborate on the subject presenting a systematic way to construct multiplication tables for Galois fields. The method may appear a little tricky at first, but it is conceptually identical to the rule we follow to multiply complex numbers. Later, in Chapters 4 and 5, we’ll have other opportunities to exploit more operational similarities between complex numbers and finite fields. For the time being, and to gain more familiarity with finite fields, in Appendix C I construct several multiplication tables for the field F8 using the same ideas presented before to construct F4. All those tables are equally valid from a mathematical point of view. To choose one or another depends solely on the ease with which algebraic operations can be implemented.

2.3

The Code and the Parity-Check Matrix

The code is a subset of the set of words. However, to work easily with codewords, this subset should have some structure. Say, for instance, the length of the messages is 50 hexas (or 25 octets). Then, the number of codewords is 1650  1060 (compare to atoms on Earth  1050). One does not trifle with exponential growth! Since the set of words is a vector space, it seems reasonable to structure the set of codewords as a subspace. How can we define a subspace? To elucidate this point, it may be helpful to consider an example in R3. In Fig. 2.8, I have drawn two subspaces: a plane and a straight line, both passing through the origin.

2.3 The Code and the Parity-Check Matrix

51

Fig. 2.8 Subspaces

The plane is defined by giving a vector, h, perpendicular to it. Similarly, the straight line, as the intersection of two planes, is determined by two vectors, h1 and h2, perpendicular to two planes that contain the line (there are many choices!) Thus, instead of saying that the vector y belongs to the plane, we can equivalently say that the scalar product (the dot product) of y and h is 0. Mathematically, < y,h >¼ 0 In components y 1 h1 þ y 2 h2 þ y 3 h3 ¼ 0 Analogously, for the straight line we can write < y,h1 >¼ 0

< y,h2 >

¼0

In components y1 h11 þ y2 h12 þ y3 h13 ¼ 0 y1 h21 þ y2 h22 þ y3 h23 ¼ 0 Let H be the matrix


h11 h21

h12 h22

h13 h23



52

2 A First Look at Block Coders

Fig. 2.9 Selection of codewords

The straight line, as a subspace, is then the set of those vectors orthogonal to the rows of H. Therefore, selecting the subspace of codewords is equivalent to selecting a matrix H. Such a matrix is called a parity-check matrix, and obviously all its rows must be linearly independent (LI). Rows that are linearly dependent (LD) of others already in the matrix don’t do any additional “screening” and are, therefore, superfluous. What are the dimensions of such a matrix? To begin with, the number of columns must be n. But what about the number of LI rows? Denote by ρ this number. If ρ is small, many words will qualify as bona fide codewords. If ρ is large, few words will be “upgraded” to codewords. Remember, though, that the number of codewords must be just right; it must be the number of messages, which is qk. In Fig. 2.9, I have represented graphically the selection of codewords from the set of words. How can we make sure that the number of words that pass the test is exactly qk? To answer that question, I will use a basic concept from elementary matrix theory: the concept of rank. Let’s recall that concept here. Say that we have a 5 * 7 matrix but that the matrix has only 3 LI rows. This is called the row rank. What is the maximum number of LI columns? This is called the column rank. Since the columns have 5 components, it can’t be more than 5. But can it be 5 or 4? The answer is no. It must be 3. Both numbers, row rank and column rank, always coincide and this number is called the matrix rank. This does not mean that any three columns are LI; it only

2.4 Syndromes and the Singleton Bound

53

means that one such set exists. For completeness, I elaborate on this important fact in Appendix D to this chapter. I now apply the concept of rank to the parity-check matrix. Say the matrix has ρ LI rows. Therefore, there is a set (at least one!) of ρ LI columns. This implies that the corresponding components of y can be determined once the other n  ρ components are known. In other words: we only have qn  ρcodewords. We conclude that n  ρ ¼ k, or ρ ¼ n  k. Therefore, the number of LI rows of H is the redundancy, r, of the code.

2.4

Syndromes and the Singleton Bound

The dot product of a codeword by the r LI rows of H produces r zeros. However, when we do the same with a word that is not a codeword we get r numbers S ¼ ð S1 S2 . . . Sr Þ and clearly S is now different from 0. The vector S is called the syndrome of the word, a term borrowed from the medical parlance which means “a set of symptoms.” The “symptoms” (the components of S) are known as the “partial syndromes.” The syndrome, thus, indicates if a word is or is not a codeword; if, so to speak, the word has an “illness” or is a “healthy” codeword. To use syndromes only as an indication of errors is error detection. To be able to correct (to cure!), we must have a diagnosis that is more precise: the syndromes for the errors we want to correct must be different. The transmitter only sends codewords, but the channel changes some of the components, delivering words to the receiver. If y ¼ (y1 y2 . . . yn) was sent but z ¼ (z1 z2 . . . zn) was delivered, the channel introduced the error e ¼ z  y ¼ z + y (recall that in F2m , x ¼ x). Therefore, the digital channel of Fig. 1.14 can be represented as depicted in Fig. 2.10. Now, observe that Si ¼ ¼< y þ e, hi > ¼< y, hi > þ < e, hi > ¼ 0þ < e, hi >¼< e, hi >

Fig. 2.10 Equivalent digital channel

54

2 A First Look at Block Coders

Fig. 2.11 Codeword estimator

That is, the syndrome depends only on the error. This observation plays an important role in the rest of the book. The first step for the decoder is the computation of the syndrome. With that information, the decoder estimates the error. If the estimated error is ^e , the decoder decides that the transmitted codeword was ^y ¼ z  ^e (see Fig. 2.11). Unfortunately, e^ and e do not always coincide and the problem of code design is to guarantee that e¼^e in a bunch of selected cases. For instance, say that we want to choose the parity-check matrix in such a way that if t or fewer components of the codeword are changed in transit this won’t go unnoticed. In other words, we want to detect t or fewer errors. This condition requires that any linear combination of up to t columns of H be different from the zero column (Recall that Si ¼ < e, hi>). In other words: any set of up to t columns is LI. Thus, the column rank must be at least t and, therefore, also the row rank. Consequently, the number of LI rows cannot be less than t, that is: r  t. Realize, though, that a matrix with t LI rows only guarantees that there is a set of t LI columns, not that any set of t columns is LI independent. As an example, suppose we are working with bits and consider the following matrix.

2.4 Syndromes and the Singleton Bound

0

0 B1 B @1 0

0 1 1 1

1 1 1 1

55

0 0 1 0

1 1 0 1

1 0 0 0

0 1 0 0

0 0 1 0

1 0 0C C 0A 1

The four rows are clearly LI but there are sets of four columns that are linearly dependent (for instance columns 2, 7, 8, and 9, counting from the left). Therefore, if this matrix is chosen as parity-check matrix for a code, the code it generates doesn’t detect four errors. In fact, it doesn’t even detect two, since a double error in the fourth and the eighth bits (again, counting from the left) produces a zero syndrome. Thus, not surprisingly, to detect t errors most codes need a number of check digits greater than t. The above fact can be expressed in a slightly different way using the concept of weight of a codeword, defined as the number of its nonzero elements. If any set of up to t columns is LI, no word can have weight t because that would imply the existence of t linearly dependent columns. Therefore, the minimum weight, wmin, of the codewords must be at least t + 1, that is: wmin  t + 1. As another design option, consider the correction of t errors. Then, any linear combination of t columns must be different from any other combination of t columns. Thus, any set of 2t columns must be LI and, reasoning as before, we can conclude that r must be at least 2t. The inequality r  2t is known as the Singleton bound, named after Richard Singleton, an American applied mathematician. In the next chapter I will present a very important family of codes that satisfy the Singleton bound with equality: the Reed–Solomon codes. Now, similarly to what I said previously, to correct t errors the minimum weight of the words must satisfy the inequality wmin  2t + 1. Finally, to be able to correct t errors and detect τ  t errors, r must be at least t + τ and wmin  t + τ + 1. All the facts I have mentioned about the parity-check matrix of an (n, k) code are summarized here: • The number of columns is n. • The number of LI rows is n  k • The columns of H can be permuted without changing the error correction (or detection) capability of the code, although the code itself is obviously changed. The question now suggests itself: is there an ordering of columns that we should prefer? I will answer the question in Chapter 3. Once we have a parity-check matrix, the following three operations do not change the code it generates. • Interchanging two rows. • Multiplying a row by a nonzero constant. • Adding two rows.

56

2 A First Look at Block Coders

Fig. 2.12 The two steps of decoding

These operations are called elementary row operations, and I will make use of them when needed. Once the transmitted codeword has been estimated, there is still a final step the decoder must take, namely: the computation of x^ from ^y (see Fig. 2.12). I will address this question in the next section.

2.5

Linear Coders and the Generator Matrix

The coder is a bijective mapping from the set of messages onto the set of codewords. Strictly speaking there are not any other requirements that this application must meet. However, to take advantage of the subspace structure of the code, block coders used in practice satisfy an additional condition: that of linearity. Here is the condition: If y1 is the codeword corresponding to x1, and y2 is the codeword corresponding to x2, the codeword c1y1 + c2y2 (remember, it is a codeword!) corresponds to the message c1x1 + c2x1. Consequently, to define a linear coder we only must specify the codewords g1 ¼ ðg11 g12 . . . g1n Þ g2 ¼ ðg21 g22 . . . g2n Þ ... ... ... ... ... gk ¼ ðgk1 gk2 . . . gkn Þ that correspond, respectively, to the messages ð1 0 . . . . . . 0Þ ð0 1 . . . . . . 0Þ ... ... ... ð0 0 . . . . . . 1Þ In fact, we can write the message x ¼ (x1x2 . . . xk) as follows

2.5 Linear Coders and the Generator Matrix

57

Fig. 2.13 The linear coder

x ¼ x 1 ð 1 0 . . . 0Þ þ x 2 ð 0 1 . . . 0Þ þ    þ x k ð 0 0 . . . 1Þ By linearity we have y ¼ x 1 g1 þ x 2 g2 þ    þ x k gk Or y ¼ xG where G is the matrix 0

g11

B B g21 B B B B B @ gk1

g12

. . . g1n

1

...

C . . . g2n C C C ... C C C ... A

gk2

...

g22 ...

gkn

This matrix is known as the generator matrix of the code (see Fig. 2.13). The generator matrix must satisfy an obvious condition, namely: its rows must be LI. If this were not the case, the mapping between messages and codewords would not be injective (one-to-one). In fact, if the rows were not LI, there would exist vectors

58

2 A First Look at Block Coders

c ¼ ðc1 c2 . . . ck Þ 6¼ 0 such that c1 g1 þ c2 g2 þ   ck gk ¼ 0 Then, the codewords corresponding to x and x + c 6¼ x would be the same, in violation of the one-to-one requirement. The next condition on the matrix G is not mandatory, only convenient. In systematic codes, the message appears at the beginning of the codeword as I mentioned in Chapter 1. This makes Step-2 in Fig. 2.12 unnecessary but imposes a condition on the structure of G . Say, for instance, we have a systematic (7, 3) code. The generator matrix of such code must be 0

1 0

B @0 1 0 0

0

p11

p12

p13

0 1

p21 p31

p22 p32

p23 p33

p14

1

C p24 A p34

Clearly, the three rows are LI and y1 ¼ x1, y2 ¼ x2, y3 ¼ x3 For systematic generator matrices, it is easy to find a parity-check matrix of the code. In fact, for the above matrix the other components of the codeword are y4 ¼ x1 p11 þ x2 p21 þ x3 p31 y5 ¼ x1 p12 þ x2 p22 þ x3 p32 y6 ¼ x1 p13 þ x2 p23 þ x3 p33 y7 ¼ x1 p14 þ x2 p24 þ x3 p34 Or  p11 y1  p21 y2  p31 y3 þ y4 ¼ 0 p12 y1  p22 y2  p32 y3 þ y5 ¼ 0  p13 y1  p23 y2  p33 y3 þ y6 ¼ 0 p14 y1  p24 y2  p34 y3 þ y7 ¼ 0 Although in this book I mostly work in fields of 2m elements (and, therefore, x ¼ x), in this derivation I keep the minus signs to apply these ideas to an example in Section 2.6, where I work in F11. In view of the definition of parity-check matrix, one such matrix is the following

2.5 Linear Coders and the Generator Matrix

0

59

p11 B p B 12 B @ p13

p21 p22

p31 p32

1 0 0 1

0 0

p23

p33

0 0

1

1 0 0C C C 0A

p14

p24

p34

0 0

0

1

Many times, we proceed inversely, that is • Start from a given matrix, H. • Using elementary row operations and column permutations, eliminate redundant rows and write H in the form H ¼ ðP I r Þ where Ir is the r ∗ r identity matrix • From H ¼ (P Ir) obtain the generator matrix of the systematic code G ¼ ðI k  P t Þ where Pt is the transpose of P and Ik is the k ∗ k identity matrix. Here is an example. We want to find the systematic generator matrix corresponding to the following parity-check matrix 0

0

B B1 B B1 B B @0 0

0 1

1

0

1

1 1

1 0 0 1

1 1

0 0

1 1

0 0 0 1

1 1 1 0

0 1

0 1

0 0

0 1 0 0

0

1

C 0C C 1C C C 1A 0

Is the code generated by this matrix a (9, 4) code or are some of the rows redundant? For instance, if one row were superfluous, the code would be a (9, 5) code. To answer the question, we use elementary raw operations. To begin with the procedure, see if the first element of the first row is zero. If that’s the case, permute the row with any row that has 1 as its leading term, for instance: the first row going down the pile of rows. In our example, the second row. This is the matrix with the first and second rows permuted 0

1

B B0 B B1 B B @0 0

1 0

1

0

1

0 0

0 1 0 1

1 1

0 0

1 1

1 1 0 1

1 1

0

0

0

0 1

1 0

1

1

0

0 0

0

1

C 0C C 1C C C 1A 0

60

2 A First Look at Block Coders

Now, subtract (add) the first row to any row that has 1 as its first element. In this case, only the third row 0

1 B B0 B B0 B B @0

1 0 0 1

1 1

0 0

1 1

0 0 1 1

1 1 1 1

0 0

0 0

0 0

0 1 0 1

0

1 0

1

1

0

0 0

1 0 C 0C C 1C C C 1A 0

Proceed iteratively, choosing as the second row one that has 1 as its second element. This requires permuting rows 2 and 3. The matrix is then 0

1

B B0 B B0 B B @0 0

1 0

1

0

1

0 0

1 1

0

0

0

0 1

0 1 1 1

1 0

0 0

1 0

1 1 0 1

1 0

1

1

0

0 0

0

1

C 1C C 0C C C 1A 0

Add now the second row to the fourth and fifth rows, we have 0

1

B B0 B B0 B B @0 0

1 0

1

0

1

0 0

1 1

0

0

0

0 1

0 1 0 0

1 0

0 0

1 0

1 1 0 0

0 1

1

1

0

0 1

0

1

C 1C C 0C C C 0A 1

The fourth row is the all-zero row and can be discarded 0

1

B0 B B @0 0

1 0

1

0

1

0 0

1 1

0

0

0

0 1

0 1 0 1

1 1

0 1

1 0

1 1 0 1

0

1

1C C C 0A 1

Finally, add the third row to the fourth, to obtain the matrix in echelon form

2.6 An Example in F11

61

The four rows are LI and we have a (9, 5) code. However, the code is rather useless. Observe that the third and the eighth columns are equal, and thus the code does not even detect two errors (or corrects single errors). Nevertheless, we continue to find the systematic generator matrix. The four columns (highlighted) corresponding to the leading elements of the four rows are clearly LI. Write them as the last columns of the matrix, as indicated below

Now proceed eliminating the nonzero entries above the diagonal of this 4 * 4 sub-matrix. Use the same method as before but working upwards from the last row. Briefly, here is how: add the third row to the second and, in the resulting matrix, add the second row to the 1st. The matrix we finally obtain is 0

0 B1 B H¼B @1

0 1

1 0 1 0

1 1

1 0

0 0 1 0

1

1 1

0

0

0 1

1 0 0C C C 0A

0

1

1 0

1

0

0 0

1

The corresponding generator matrix for the (9, 5) code is the following 0

1

B B0 B G¼B B0 B @0 0

2.6

0 0

0

0

0 1

1

1 0 0 1

0 0

0 0

0 1 1 1

1 1

0 0

1

0

0 0

1

0 0

0

1

1 1

0

0

1

C 1C C 1C C C 0A 1

An Example in F11

In this section, we don’t work in the binary field, but in a different field. The field I have chosen is F11 since we know how to operate in Galois fields with a prime number of elements. The set of numbers in this field is f0; 1; 2; 3; 4; 5; 6; 7; 8; 9; X g

62

2 A First Look at Block Coders

The Roman numeral X represents the decimal 10. The ideas I introduce in this section will be very valuable in Sections 2.10 and 2.11, and also in the next chapter when I consider Reed–Solomon codes. Before I continue, I want to recall the Vandermonde determinant studied in Linear Algebra courses. An example of a Vandermonde determinant is the following  1  a   2 a   a3

1

1

b b2

c c2

b3

c3

 1  d   d2  d3 

with a 6¼ b 6¼ c 6¼ d. Change the last column as indicated  1  a   2 a   a3

1

1

b b2

c c2

b3

c3

 1  x   x2  x3 

This determinant is a polynomial of degree 3 that has a, b, and c as roots. Therefore, the determinant is K ð x  aÞ ð x  bÞ ð x  c Þ where the constant K is the coefficient of x3, that is  1   a   a2

1 b b2

 1   c  c2 

Therefore  1  a   2 a   a3

1 b

1 c

b2 b3

c2 c3

    1     2  ¼  a d   2 a d3  1 d

Using the same reasoning

1 b b2

 1   c ðd  aÞðd  bÞðd  cÞ  c2 

2.6 An Example in F11

63

 1   a   a2

 1   1  c  ¼ ðc  aÞðc  bÞ  a c2 

1 b b2

 1  b

And therefore, the value of the Vandermonde determinant is ðb  aÞðc  aÞðc  bÞðd  aÞðd  bÞðd  cÞ Since that value is different from zero, the four columns (and rows) are LI. Now consider the following matrix with elements in F11 0

1 BX B B 2 @X

1 9

1 8

1 7

1 6

1 5

1 4

1 3

1 2

92

82

72

62

52

42

32

22

1 1 1C C C 1A

X3

93

83

73

63

53

43

33

23

1

The determinant of any four of those columns is a Vandermonde determinant; therefore, any four of those columns are LI. Thus, the code produced by this matrix can correct double errors. Since the Singleton bound, r  2t, is satisfied with equality, the number of check digits is the minimum possible. The code could also be used to detect four errors. Moreover, if there is an indication of where the potential errors occurred, we could employ the code to correct four erasures. I will use this in Section 2.10 to correct erasures. To obtain the systematic generator matrix we could proceed as in the previous section. As an alternative method, let us write the rows of the systematic parity-check matrix as linear combinations of the rows of the given matrix. Here are the details for the first row 0

1 BX B ða b c d ÞB 2 @X

1 1 1C C C 1A

1 9

1 8

1 7

1 6

1 5

1 4

1 3

1 2

92

82

72

62

52

42

32

22

X 3 93 ¼ ð∗

83

73

63

53

43 33 23 1 1 0 0 0Þ

∗

∗

∗

∗

∗

The asterisks are unknown yet. The system of equations to be solved is 0

ða

b

1 B4 B c d ÞB 2 @4 43

The solution is

1 3

1 2

32 33

22 23

1 1 1C C C ¼ ð1 0 1A 1

0

0Þ

64

2 A First Look at Block Coders

a¼X

b¼0

c¼X

d¼2

To obtain the first row of the parity-check matrix in systematic form, multiply (X 0 X 2) by the given matrix 0 ðX

0

X

1

BX B 2 ÞB 2 @X

1

1

1

1

1

1

1

1

9 92

8 82

7 72

6 62

5 52

4 42

3 32

2 22

1

1

1C C C 1A

X 3 93 83 73 63 53 43 33 23 1 ¼ ð7 1 2 9 X 4 1 0 0 0Þ Proceeding similarly with the other rows, we end up with the following matrix 0

7

B4 B H¼B @2 X

1

2

9

X

4

1

0

3

4

X

2

5

0

1

X 9

4 2

3 1

4 7

4 X

0 0

0 0

0 0

1

0 0C C C 1 0A 0 1

The generator matrix of the corresponding systematic code is 0

1 B0 B B B0 G¼B B0 B B @0 0

0 1

0 0 0 0

0 0

0 0

7 1

4 3

2 X

0

1 0

0

0

2

4

4

0 0

0 1 0 0

0 1

0 0

9 X

X 2

3 4

1 X 9 C C C 2 C C 1 C C C 7 A

0

0 0

0

1

4

5

4

X

Or 0

1 0

0

0

0

0

4

7

9

1 0

0 1

0 0

0 0

0 X 0 9

8 7

1 7

0

0

1

0

0

2

1

8

0 0 0

0 0

0 0

1 0

0 1

1 7

9 6

7 7

B0 B B B0 G¼B B0 B B @0

1

1

2C C C 9C C XC C C 4A 1

As a coding example, the codeword corresponding to the message (1 2 3 4 5 6) is (1 2 3 4 5 6 7 8 9 X)!

2.8 The Binary Hamming Codes

2.7

65

The Hamming Bound

Syndromes have r components and, therefore, there are qr different syndromes. One of them is the zero vector, which is the syndrome corresponding to codewords. To correct a given set of error patterns, they all must have different syndromes. Therefore, we need to have at least as many different syndromes as different error patterns we want to correct. Let us count the number of different error configurations with t or fewer errors. There are (q  1)n
different configurations of 1 error  2 n There are ðq  1Þ different configurations of 2 errors 2     There are ðq  1Þt


 n different configurations of t errors t

Therefore:

 n t n þ    þ ð q  1Þ q  1 þ ðq  1Þn þ ðq  1Þ 2 t r

2

In the above, 1 corresponds to the no-error pattern. In Section 2.4, I presented an important bound on r, the Singleton bound. The inequality above is another bound on r. It is called the Hamming bound, in honor of R. Hamming, an American mathematician and a pioneer in the field of error control coding. The codes that satisfy the above expression with equality are called perfect codes, but that doesn’t happen often. In fact, except for the Hamming codes that I consider in the next section, none of the codes in this book are perfect. The extra syndromes, although not needed for correction, can be used to detect other error patterns beyond the correction capability of the code. I will present an example in Section 2.9.

2.8

The Binary Hamming Codes

The binary Hamming codes are a family of single error correcting codes that satisfy the Hamming bound with equality. The Hamming bound for q ¼ 2 and t ¼ 1, reads as 2r  1 þ n or

66

2 A First Look at Block Coders

n  2r  1 Therefore, the length of the Hamming codes is n ¼ 2r  1. In the following table, we have the parameters of the first five binary Hamming codes r 2 3 4 5 6

n

k

3 7 15 31 63

1 4 11 26 57

Observe that, except for r ¼ 2, Hamming codes do not satisfy the Singleton bound with equality. What are the H matrices for these codes? Since the codes are single error correcting codes, all the columns in the parity matrices must be different and nonzero. As an example, the systematic parity-check and generator matrices for the first two Hamming codes follow. For r ¼ 2, the parity matrix is
H¼

1 1

1 0

0 1



and the generator matrix is G ¼ ð 1 1 1Þ This is a repetition code, not too interesting as a coding method (The code is usually not included in the family of Hamming codes). For r ¼ 3, the parity matrix is 0

1

B H ¼ @1 1

1 1

0

1

1 0 0 1

1 1

0 0

0 0

1

C 1 0A 0 1

and the generator matrix is 0

1 0 B0 1 B G¼B @0 0

0 0

0 0

1 1 1 1

1

0

1 0

1 1 0C C C 1A

0 0

0

1

0 1

1

2.8 The Binary Hamming Codes

67

Since the columns of H can be permuted at will, the order of the four leftmost columns of H could be different. The code would be different, but it would still be a single error correcting code. Coming back to a question I brought up before, is there a preferable ordering for those four columns? For instance, this one 0

1

0

1

1 1 1 0

1 1

0 0

C 1 0 A? 0 1

1 B H2 ¼ @ 1

0 1 1 1

1 0

1 0

0

1 1

1

0

1 0 0 C 1 0 A? 0 1

B H1 ¼ @ 0 1

0 0

1

1 1

or this one 0

It turns out that, using either H1 or H2, coding can be mechanized very easily. I postpone all this to Chapter 3. The (7, 4) code introduced in Section 1.7 is also a Hamming code. Out of the four parity checks of the (8, 4) “fan” code, take only three. For instance: p1, p2, and p3. p1 ¼ x 1 þ x 2 þ x 4 p2 ¼ x 1 þ x 2 þ x 3 p3 ¼ x 2 þ x 3 þ x 4 The corresponding parity matrix is 0

1 B H3 ¼ @ 1

1 1

0 1 1 0

1 0

0 1

1 0 C 0A

0

1

1 1

0

0

1

The ordering of the four leftmost columns is again different, but the code is a single error correcting code. What about the (8, 4) “fan” code? Its parity matrix is 0

1

B1 B H4 ¼ B @0 1

0 0

1

1

0 1

1

0

1 1

1 0 1 1

0 0

1 0

0 0C C C 1 0A

0

1 1

0

0

0 1

This code can correct one error and detect two. Let us see why. For the decoder, it is a simple task to know whether one error or two errors occurred.

68

2 A First Look at Block Coders

If one error occurs, the syndrome has an odd number of 1’s: three 1’s for an error in the information bits and only one 1 if the error is in any of the check bits. Correction is trivial: the syndrome is one of the columns and this indicates the position of the error. For instance, if the syndrome is (0 1 1 1), y3 is erroneous. If two errors occur, the syndrome has an even number of 1’s. Double errors cannot be corrected, however. In fact, errors in four different pairs, namely: (y1, y2), (y3, y6), (y4, y5), or (y7, y8), produce the same syndrome (0 0 1 1). We already are familiar with these facts from Section 1.7. Since the columns of H4 have an odd number of 1’s, their sum is ð 1 1 1 1 1 1 1 1Þ Thus, the dot product of any codeword by the above vector is 0, and another parity-check matrix for the same code is 0

1

B1 B H5 ¼ B @0 1

0 0

1

1

0 1

1

0

1 1

1 0 1 1

0 0

1 0

0 0C C C 1 0A

1

1 1

1

1

1 1

Observe that the fourth check forces all codewords to have even weights. Therefore, the set of codewords for the (8, 4) code can be obtained from the set of codewords for the (7, 4) Hamming code produced by H3: just append an extra check bit equal to the sum of all information and parity bits of the (7, 4) Hamming code. This code is called the Extended Hamming code. The sixteen messages are in Fig. 2.14a. The codewords of the (7, 4) and (8, 4) codes, together with their weights, are in Fig. 2.14b, c, respectively. The minimum weight of the (7, 4) code is 3 as it should, since the (7, 4) code corrects single errors. For the (8, 4) code, the minimum weight is 4, which is what is needed to correct one error and detect two. Remark If we use for decoding the syndrome (S1 S2 S3 S4) computed using H5, and the channel introduces 1 or 2 errors, s4 indicates which of the two cases has occurred: S4 ¼ 0 : Two errors

2.9

S4 ¼ 1 : One error

Shortening a Code

Extending a code is a way of obtaining a code from a given code. A different method of deriving a new code from an old one is by shortening the original code. I’ll explain this technique using, again, the (7, 4) Hamming code. Look at the first four messages and codewords in Fig. 2.14a, b. They appear in Fig. 2.15.

2.9 Shortening a Code Fig. 2.14 The (7, 4) Hamming code and its (8, 4) extension (a) Messages (b) Codewords and weights of the (7, 4) Hamming code (c) Codewords and weights of the (8, 4) extended Hamming code

69

0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1

0 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1

0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 a

0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1

0 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1

0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1

0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 b

0 1 0 1 1 0 1 0 1 0 1 0 0 1 0 1

0 1 0 1 1 0 1 0 1 0 1 0 0 1 0 1

0 0 1 1 1 1 0 0 1 1 0 0 0 0 1 1

0 1 1 0 1 0 0 1 0 1 1 0 1 0 0 1

0 1 1 0 0 1 1 0 1 0 0 1 1 0 0 1

0 0 1 1 1 1 0 0 1 1 0 0 0 0 1 1

0 1 1 0 1 0 0 1 0 1 1 0 1 0 0 1

0 3 3 4 4 3 3 4 3 4 4 3 3 4 4 7

c

0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 Fig. 2.15 A subspace of the (7, 4) Hamming code

0 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1

0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1

0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

a Messages

0 0 0 0

0 0 0 0

0 0 1 1

0 1 0 1

0 4 4 4 4 4 4 4 4 4 4 4 4 4 4 8 b Codewords

0 0 0 0

0 0 0 0

0 0 1 1

0 1 0 1

0 1 0 1

0 0 1 1

0 1 1 0

70

2 A First Look at Block Coders

000 001 010 011 100 101 110 111

Fig. 2.16 Words classified by syndrome

00000 00001 00010 00011 00100 00101 00110 00111

01101 01100 01111 01110 01001 01000 01011 01010

10011 10010 10001 10000 10111 10110 10101 10100

11110 11111 11100 11101 11010 11011 11000 11001

If we restrict ourselves to only those messages, it does not make sense to transmit the first two bits. They are the same for the four messages. Therefore, they do not carry any information and should not be transmitted. If they are needed at the receiving end, they can be attached to the received codeword there. Thus, the code can be shortened from (7, 4) to (5, 2). Clearly, the generator matrix is
G¼

1 0

0 1

0 1

1 1 0 1



and, accordingly, the parity-check matrix is 0

0 1 H ¼ @1 0 1 1

1 0 0

0 1 0

1 0 0A 1

Shortening a code doesn’t decrease the minimum weight. Therefore, the capabilities of the code are not reduced by shortening. However, since 5 < 23  1, the code is no longer perfect. Consequently, some (but not all) two error patterns can be either corrected or detected. To analyze this point let’s classify all the 25 words according to their syndromes (see Fig. 2.16). The first row contains all the codewords; their syndrome is (0 0 0). There are 7 other syndromes. Which are the words associated with each of them? Say the syndrome is (S1S2S3). Due to the systematic structure of H, the word (0 0 S1S2S3) has that syndrome. Now, add any codeword to the word (0 0 S1S2S3). The syndrome of this new word is the same. Figure 2.16 illustrates the resulting arrangement. Suppose now that we receive the word (10110). This is not a codeword, and we must decide which codeword was transmitted, or, equivalently, which error was introduced by the channel. Realize, though, that the decision cannot be arbitrary: the error must have the same syndrome as the received word, that is: must be in the same row. Since we are using the code to correct single errors, we assume that the error is (0 1 0 0 0) and, therefore, we decide that the transmitter sent the codeword (1 1 1 1 0) (see Fig. 2.16). Something similar happens with the syndrome (0 1 1). When the received word has this syndrome, we assume that the channel introduced the error (1 0 0 0 0 ).

2.9 Shortening a Code Fig. 2.17 Correctable patterns as coset leaders

71

000 001 010 011 100 101 110 111

00000 00001 00010 10000 00100 01000 00110 00111

01101 01100 01111 11101 01001 00101 01011 01010

10011 10010 10001 00011 10111 11011 10101 10100

11110 11111 11100 01110 11010 10110 11000 11001

Figure 2.17 is the same as Fig. 2.16, but this time the first words of rows 2 to 6 are the error patterns we want to correct. The other entries in each of these rows are obtained as before: adding the first word to the other codewords. When the syndrome is (1 1 0) or (1 1 1), we only detect that an error occurred. No decoding is done; rows 7 and 8 remain as in Fig. 2.16. Using that arrangement, decoding is implemented by going up from the received word to the codeword in the same column. For example, (1 0 1 1 0) is decoded as (1 1 1 1 0). The 32 words are arranged in 8 rows, called cosets, and the first word of each row is called the coset leader. Coset leaders are the correctable error patterns of the code. The 32 possible error patterns the channel can introduce can be classified according to the effect they produce at the decoder, as follows: No error Undetectable error Error detected Error corrected Erroneous decoding

1 pattern (00000) 3 patterns (the nonzero codewords) 8 patterns 5 patterns (the cosets leaders) 15 patterns

It may be helpful at this time to have another look at Fig. 1.19. For the three undetectable error patterns, only the first step of the decoding is carried out (the syndrome calculation), and the word (in fact, a codeword) is erroneously accepted as the transmitted codeword. The code detects 40% of the double and 40% of the triple errors. Erroneous decoding occurs in 60% of double errors, 40% of triple errors, 80% of quadruple errors, and 100% of quintuple errors. Instead of utilizing the code in a hybrid correction/detection mode, we can use it only for detection. In that case, detection failure occurs only when the error introduced by the channel is a codeword. We could as well use the code for pure correction, and in that case two extra patterns (to be chosen among the eight in rows 7 and 8) would be corrected. Usually, in situations like this, the extra patterns chosen are words of the minimum weight (weight two, in the example) In Fig. 2.18, I have represented the differences between these three options.

72

2 A First Look at Block Coders

Fig. 2.18 The three decoding options

2.10

Correction of Erasures

In this section, I present two examples of erasure correction. For the first example, I use the (7, 4) Hamming code of Fig. 2.14b; for the second, the double error correcting code I introduced in Section 2.6. I begin with the Hamming code. Suppose, for instance, that the codeword (1101100) was transmitted but the word (0111100) was received. The channel introduced two errors, which surpasses the correction ability of the code. In fact, once the decoder computes the syndrome s ¼ (1 0 1), the decoder knows something went wrong in transmission. Since the decoder is programmed to correct one bit, it erroneously “corrects” the fourth bit and, introducing an extra error in the word, delivers (0110100) to the user (three errors instead of only two!). The situation is different if the two bits are flagged by, say, the demodulator. In this case, the decoder receives (0*11*1100). Remember, though, that flagging a symbol as unreliable does not mean the symbol is erroneous. Therefore, before the first and third bits are changed, the decoder must know if both are erroneous or only one of them. The answer is simple: both bits are erroneous because if only one bit were wrong, the syndrome would be (110) or (011). Let’s consider the second example. Suppose the received word is

2.10

Correction of Erasures

73

ð 1 2 2∗ 0∗ 5 3∗ 7 8 9∗ X Þ The word shows four erasures and, if no other symbol is in error, the four erasures can be corrected. First, we find the syndrome computing the scalar product of the received word with each of the rows of H. Say we chose 0

1

1

1

BX B B 2 @X

1

1

1

1

1

1

1

1

9 92

8 82

7 72

6 62

5 52

4 42

3 32

2 22

1C C C 1A

X3

93

83

73

63

53

43

33

23

1

as the parity matrix to compute syndromes. The syndrome is s ¼ (3 4 6 7). We also know that the channel added the word ð 0 0 d 1 d 2 0 d 3 0 0 d 4 0Þ to the transmitted codeword, with d1, d2, d3, and d4 to be determined. Since the syndrome of the codeword is zero, (3 4 6 7) is the syndrome of (0 0 d1 d20 d30 0 d40). Now, we only must solve the following set of linear equations 0 1 1 0 1 0 1 0 1 1 1 1 1 3 B4C B8C B7C B5C B2C B C B C B C B C B C B 2 Cd 1 þ B 2 Cd 2 þ B 2 Cd 3 þ B 2 Cd 4 ¼ B C @6A @8 A @7 A @5 A @2 A 0

83

73

53

23

7

Or 0 1 0 1 0 1 0 1 0 1 1 1 1 1 3 B8C B7C B5C B2C B4C B C B C B C B C B C B Cd 1 þ B Cd 2 þ B Cd 3 þ B Cd 4 ¼ B C @9A @5A @3A @4A @6A 6

2

4

8

7

The solution is: d1 ¼ X, d2 ¼ 7, d3 ¼ 8, d4 ¼ 0. Therefore, the transmitted codeword is ð 1 2 2 0 5 3 7 8 9 X Þ  ð 0 0 X 7 0 8 0 0 0 0Þ ¼ ð 1 2 3 4 5 6 7 8 9 X Þ which is the codeword we obtained in Section 2.6.

74

2 A First Look at Block Coders

2.11

An Application of Erasure Correction

In packet networks, when packets arrive at their destination they arrive error free thanks to the ARQ error control mechanism implemented in the network routers. At times, however, packets are lost because, among other reasons, routers discard packets when they sense congestion. In the Internet, the Transmission Control Protocol (TCP) is responsible for handling packet losses, requesting the retransmission of lost packets when the event is detected. This makes the recovery of packets at the transport layer ARQ-like. These transmissions cause additional delivery delays. If lost packets could be reconstructed at the destination end, that back and forth “threading” performed by TCP would be unnecessary. Then, the transport layer could use the more agile User Datagram Protocol (UDP) instead of TCP, and the extra re-transmission delays would be eliminated. To make this possible, the sending end must take a more proactive role including redundant packets in the transmission using some form of FEC in conjunction with the datagram service. This approach is called coded UDP, and it is an interesting alternative to TCP. To explain the essence of this procedure, I present three examples. Example 1 Suppose the channel loses a maximum of two out of seven packets and that, by appropriate coding, we want to recover lost packets at the receiving end. How many of the seven transmitted packets must be redundant packets? Let us try to solve the problem with only two redundant packets. Say we are dealing with 12-bit packets, and that the five information packets are ð 0 1 1 0 1 1 0 0 1 0 0 1Þ ð 1 0 1 1 0 1 0 1 0 0 0 0Þ ð 0 0 0 1 1 0 1 1 1 0 0 0Þ ð 0 1 1 1 0 0 1 1 0 0 0 0Þ ð 1 1 0 1 1 1 1 0 0 0 0 1Þ Call ðp1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 Þ and  0 0 0 0 0 0 0 0 0 0 0 0  p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 the two redundant packets. Recall now the technique of interleaving presented in Section 1.9. The rectangular interleaver for this example is illustrated in the following matrix:

2.11

An Application of Erasure Correction

75

packets are written as the columns of the matrix (transmission is done by columns) and the rows are the codewords. 0

0

1

0 1

0

0

1

p1

0

0

1

1

p2

1

0

1

0

p3

1

1

1

1

p4

0

1

0

1

p5

1

0

0

1

p6

0

1

1

1

p7

1

1

1

0

p8

0

1

0

0

p9

0

0

0

0 p10

0

0

0

0 p11

0 C p2 C C 0 C p3 C C 0 p4 C C C 0 C p5 C C 0 p6 C C 0 C p7 C C 0 C p8 C C 0 C p9 C C 0 C p10 C C 0 C p11 A

1 0

0

0

1 p12

p12

B B1 B B B1 B B0 B B B1 B B B1 B B B0 B B B0 B B B1 B B B0 B B @0

p1

0

However, coding is not done row by row. Instead, rows are bunched together in sets of three and the 3-tuples interpreted as elements of F23 . For instance 0 1 0 1 0 1 p4 0 p1 @ 1 A ¼ 3 @ p2 A ¼ P 1 @ p5 A ¼ P 2 1 p3 p6 and so on. See the matrices below.

ð2:1Þ

Coding in F23 is done using the following parity-check matrix

76

2 A First Look at Block Coders

Fig. 2.19 Addition and multiplication tables in F8. (a) Addition table (b) Multiplication table

+ 0 1 2 3 4 5 6 7

0 0 1 2 3 4 5 6 7

1 1 0 3 2 5 4 7 6

2 2 3 0 1 6 7 4 5

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

5 5 4 7 6 1 0 3 2

6 6 7 4 5 2 3 0 1

7 7 6 5 4 3 2 1 0

0 1 2 3 4 5 6 7

H¼

1 7

1 0 1 2 3 4 5 6 7

2 0 2 4 6 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3

b

a


0 0 0 0 0 0 0 0 0

1 1 6 5

1 4

1 3

1 1 2 1



To compute its systematic version, we’ll follow the same procedures presented in Section 2.6, but we need the addition and multiplication tables in F23 . We know from Section 2.2 that addition is done bitwise. Therefore, the addition table is easy to construct. It appears in Fig. 2.19a. The multiplication table is more difficult to obtain. This is done in Appendix C to this chapter using the same “Sudoku type” approach employed in Section 2.2. For convenience, the multiplication table is reproduced here in Fig. 2.19b. The systematic version of H is
H sys ¼

2 4

5

3

7 1

0

3 5

4

2

6 0

1



The corresponding generator matrix is 0

1 0

B B0 1 B G¼B B0 0 B @0 0 0 0

0

0

0 2

0 1

0 0

0 4 0 5

0

1

0 3

0

0

1 7

3

1

C 5C C 4C C C 2A 6

The message (3 5 0 3 6) is coded as 0

1

B B0 B ð 3 5 0 3 6Þ B B0 B @0 0 Similarly, messages

0

0 0

0

2

1 0

0 0 1 0

0 0

4 5

0

0 1

0

3

0

0 0

1

7

3

1

C 5C C 4C C ¼ ð 3 5 0 3 6 5 6Þ C 2A 6

2.11

An Application of Erasure Correction

77

ð 3 5 6 4 7Þ ð 1 2 7 6 4Þ ð 1 0 0 0 1Þ are coded, respectively, as ð 3 5 6 4 7 3 0Þ ð 1 2 7 6 4 4 1Þ ð 1 0 0 0 1 5 5Þ The interleaving matrix (2.1) is

Suppose now that the second and the sixth packet are lost. This is what the receiver has

The blanks can be filled (computed) as we did in Section 2.6, but this time working in F8 instead of in F11. Say, for instance, we want to recover the missing symbols of the first row. Call them d1 and d2. Multiply (3 d1 0 3 6 d2 6) by the two rows of Hsys and equate the dot product to 0. We have 3∗2 þ 4∗d1 þ 3∗3 þ 6∗7 þ d2 ¼ 0 3∗3 þ 5∗d1 þ 3∗2 þ 6∗6 þ 6 ¼ 0 Or 4 ∗ d1 þ d2 5∗d1

¼7 ¼7

Solving the above, we obtain d1 ¼ 5

d2 ¼ 5

As required. The seven packets the sender transmits are in the following interleaving matrix: the coding was done by rows (although not working in the binary field) and transmission is by columns (packets).

78

2 A First Look at Block Coders

0

0 B1 B B B1 B B0 B B B1 B B1 B B B0 B B0 B B B1 B B0 B B @0

1 0

0 0

0 1

1 1

1

0

1

0

1 0

1 1

1 0

1 1

1 0

0 1

0 1

1 1

1

1

1

0

0 0

1 0

0 0

0 0

0 1 0

0 0

0 0

0 1

1 1 1 0 1C C C 1 0C C 0 0C C C 1 0C C 1 0C C C 1 0C C 0 0C C C 0 1C C 1 1C C C 0 0A 1 1

Let’s generalize these ideas. Even though communication networks loose packets at random, in this analysis I’ll suppose that our network is somewhat more predictable and looses r or fewer packets out of n ¼ 2m  1 transmitted packets. The packet length is l bits, or L ¼ l=m bytes of width m (Use some padding if needed). Suppose the file to be transmitted can be accommodated in k ¼ n  r packets. Despite packet losses, the file can be reconstructed at destination without asking for retransmissions from the sender if the sender transmits r redundant packets (therefore, a total of n packets). The ith symbols (1  i  L ) of the redundant packets are the check symbols obtained coding the ith symbols of the data packets using the (n, k) parity-check matrix 0

1

B an1 B B 2 B an1 B B : B B @ : ar1 n2

an2

: :

: : : :

1 a1

a2n2 :

: :

: : : :

a21 :

:

:

: :

:

:

:

: :

ar1 1

1

1 1 1C C C 1C C :C C C :A 1

where 1, a1, a2 . . . an1 are the n nonzero elements of F2m . Example 2 In this example, r ¼ 5 and ¼3 (n ¼ 23  1 ¼ 7). The number of data packets is k ¼ n  r ¼ 7  5 ¼ 2. This example reverses what we did before: 2 data packets and 5 redundant packets instead of 5 data packets and 2 redundant packets. The parity-check matrix is

2.11

An Application of Erasure Correction

0

1 B B7 B 2 B7 B B 3 @7 74

79

1 6

1 5

1 4

1 3

1 2

62

52

42

32

22

3

3

5 54

3

4 44

3

23 24

1 6

1 5

1 4

1 3

2

7

6

5

7 4

6 3

5 2

4 7

6 64

3 34

1 1 C 1C C 1C C C 1A 1

Or 0

1 B B7 B B3 B B @2 5

1 1 1 C 2 1C C 4 1C C C 3 1A 6 1

From here, everything continues as before, but this time only the first two columns of the interleaving matrix are data packets; the other five are redundant. Example 3 Suppose now that out of 9 transmitted packets the network loses a maximum of 5 packets, instead of the 5 out 7 of Example 2. Can we protect the transport of 4 data packets using 5 redundant packets? For that, we need to come up with a parity-check matrix with 5 rows and 9 columns such that any 5 columns are LI. Let us try to build the matrix attaching two more columns to what we already have. Something like this 0

1

1

1

1

1

1

1

A1

B B7 B 2 B7 B B 3 @7

6

5

4

3

2

1

B1

62 63

52 53

42 43

32 33

22 23

1 1

C1 D1

74

64

54

44

34

24

1

E1

A2

1

C B2 C C C2 C C C D2 A E2

What can we put in the last two columns? The following matrix is the solution 0

1

1

1

1

1

1

1 1

B B7 B 2 B7 B B 3 @7

6

5

4

3

2

1 0

62 63

52 53

42 43

32 33

22 23

1 0 1 0

74

64

54

44

34

24

1 0

To convince ourselves we must see that

0

1

C 0C C 0C C C 0A 1

80

2 A First Look at Block Coders

• Any 5 ∗ 5 matrix built using four of the seven leftmost columns and one of the two rightmost columns is nonsingular. • Any 5 ∗ 5 matrix built using three of the seven leftmost columns and the two rightmost columns is nonsingular. Here is one example corresponding to the first case 0

1 B B7 B 2 B7 B B 3 @7 74

1 5

1 3

1 2

52 53

32 33

22 23

54

34

24

1 1 C 0C C 0C C C 0A 0

The determinant of the above matrix is different from 0. In fact, we have  1  7   2 7  3 7   4 7

1 5

1 3

1 2

52 53

32 33

22 23

54

34

24

 1   7 0   2  7 0 ¼  3  7 0   4 7  0

5

3

52

32

53 54

33 34

 2  22   6¼ 0 23  24 

In the second case, we could have something like this 0

1 B B6 B 2 B6 B B 3 @6

1 4

1 2

1 0

42 43

22 23

0 0

64

44

24

0

1 0 C 0C C 0C C C 0A 1

Compute its determinant using the last two columns  1  6   2 6  3 6   4 6

1

1

1

4

2

0

42 43

22 23

0 0

44

24

0

 0   1 0    6 0 ¼  2  6 0   3 6  1

1

1

4 62

2 22

63

23

 1   6 0   2  ¼ 6 0   3 6 0

4 42 43

 2   22  6¼ 0  23 

Again, different from 0. A final question before I finish this section: Are there other matrices that produce erasure resilient codes with the minimum number of redundant packets? The answer is affirmative: Cauchy matrices.

2.11

An Application of Erasure Correction

81

Cauchy matrices can be defined in any field but here I will consider fields with 2m elements. Chose two sets of different numbers R ¼ fx 1 . . . x i . . . x r g and   C ¼ y1 . . . y j . . . yn For our purposes, suppose n  r. The element cij of the Cauchy matrix is Here is an example with r ¼ n ¼ 2 0

1 B x1 þ y 1 B @ 1 x2 þ y1

1 xi þy j .

1 1 x1 þ y2 C C 1 A x2 þ y2

Its determinant can be computed in a few steps.  1 1   1 1 1   þ      x1 þ y1 x1 þ y2   x1 þ y1 x1 þ y2 x1 þ y1  ¼    1 1   1 1 1   þ     x2 þ y1 x2 þ y2 x2 þ y1 x2 þ y2 x2 þ y1   1 y1 þ y2      x1 þ y1 ðx1 þ y2 Þðx1 þ y1 Þ  y1 þ y2 ¼  ¼  1 y1 þ y2  ð x1 þ y1 Þ ð x2 þ y1 Þ    x2 þ y1 ðx2 þ y2 Þðx2 þ y1 Þ y1 þ y2 x1 þ x2 ¼ ðx1 þ y1 Þðx2 þ y1 Þ ðx2 þ y2 Þðx1 þ y2 Þ

  1    1 

1   x1 þ y2   1   x2 þ y2

which, clearly, is different from zero. The same happens with square matrices of higher dimensions: they are non-singular. This implies that any r columns of an r ∗ n Cauchy matrix is LI. Here is an example of a 3 ∗ 5 matrix in F8. Take, for instance, R ¼ {0, 1, 2}, C ¼ {3, 4, 5, 6, 7}. The Cauchy matrix is 0

1 B3 B B1 B B2 @1 1

1 4 1 5 1 6

1 5 1 4 1 7

1 6 1 7 1 4

Any three of its columns are LI.

1 1 0 7C 6 C 1C @ C¼ 5 6C 1 1A 5

7 2 3

2 3 7 4 4 7

1 4 3A 2

82

2 A First Look at Block Coders

The matrix can be lengthened as we did with the Vandermonde matrix in the previous remark. However, for the above Cauchy matrix we can attach 3 additional columns (r, in general) namely 0 1 0 1 0 1 1 0 0 @0A @1A @0A 0 0 1 Doing this, we obtain the following 3 ∗ 8 parity-check matrix 0

6 @5 1

7 2 2 7 3 4

3 4 7

4 3 7

1 0 0 1 0 0

1 0 0A 1

which is already in systematic form. Using the code constructed with this parity-check matrix, we can recover three lost packets in a bunch of eight. That is, attaching three redundant packets to a “file” of five data packets, the file can be reconstructed at destination despite packet losses without asking for retransmissions from the sender. Although Cauchy matrices are well suited to construct erasure resilient codes, they are not easily amenable to correcting errors in contrast to Vandermonde matrices. Therefore, in the rest of the book, I will only consider matrices of the Vandermonde type.

Appendix C: Constructing the Field F8 In this appendix, I construct the addition and multiplication tables for the eight elements in the set {0, 1, 2, 3, 4, 5, 6, 7}. As usual, 0 and 1 represent the additive and multiplicative identities, respectively. As said in Section 2.6, the addition table is constructed writing the elements in binary form and adding them bitwise. For instance 3 þ 5 ¼ ð 0 1 1Þ þ ð 1 0 1Þ ¼ ð 1 1 0Þ ¼ 6 The other sums are computed likewise. The results appear in Table 2.1. The construction of a multiplication table is not simple. I begin by filling the 0 and 1 rows (and columns) in Table 2.2. To complete the table, I need to find the values of 21 ( ¼ 6 + (36  6)/2) additional elements. For instance, what could the value of 2 ∗ 2 be? Clearly, since all the elements in any row (and column) must be different, 2 ∗ 2 6¼ 0 and 2 ∗ 2 6¼ 2. Moreover, because for fields with 2m elements x + x ¼ 0, the entries on the diagonal must also be different. Take two different elements, x and y. We have x + y 6¼ 0, and therefore (x + y)2 6¼ 0. But,

Appendix C: Constructing the Field F8 Table 2.1 Addition in F8

Table 2.2 Some entries of the multiplication table

+ 0 1 2 3 4 5 6 7

* 0 1 2 3 4 5 6 7

83

0 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 1 0 3 2 5 4 7 6

1 0 1 2 3 4 5 6 7

2 2 3 0 1 6 7 4 5

2 0 2 a a+2

3 3 2 1 0 7 6 5 4

4 4 5 6 7 0 1 2 3

3 0 3 a+2 a+1

5 5 4 7 6 1 0 3 2

4 0 4

6 6 7 4 5 2 3 0 1

5 0 5

6 0 6

ðx þ yÞ2 ¼ x2 þ xy þ yx þ y2 ¼ x2 þ y2 6¼ 0 Thus, we can conclude that x2 6¼ y2, as claimed. This implies that 2 ∗ 2 6¼ 1. Let’s call a the product 2 ∗ 2. Using the distributive law, we have 2∗3 ¼ 2ð1 þ 2Þ ¼ 2 þ a 3∗3 ¼ ð1 þ 2Þð1 þ 2Þ ¼ 12 þ 22 ¼ 1 þ a These entries are also displayed in Table 2.2. To continue, call 2 ∗ 4 ¼ b. Then, 2∗5 ¼ 2ð1 þ 4Þ ¼ 2 þ b 3∗4 ¼ ð1 þ 2Þ4 ¼ 4 þ b 3∗5 ¼ 3ð1 þ 4Þ ¼ 3 þ 4 þ b ¼ 7 þ b Also

7 7 6 5 4 3 2 1 0

7 0 7

84

2 A First Look at Block Coders

Table 2.3 More entries of the multiplication table * 0 1 2

0 0 0 0

1 0 1 2

2 0 2 a

3 0 3 a+2

3

0

3

a+2

a+1

4 5 6

0 0 0

4 5 6

7

0

7

4 0 4

5 0 5

6 0 6

7 0 7

2∗6 ¼ 2ð2 þ 4Þ ¼ a þ b 2∗7 ¼ 2ð1 þ 6Þ ¼ 2 þ a þ b 3∗6 ¼ ð1 þ 2Þ6 ¼ 6 þ a þ b 3∗7 ¼ 3ð1 þ 6Þ ¼ 3 þ 6 þ a þ b ¼ 5 þ a þ b I have entered all these new elements in Table 2.3. Finally, call 4 ∗ 4 ¼ c. Using again the distributive law, we have the multiplication table in Table 2.4. Since a, b, and c are not known, this table is only a “blueprint.” To construct the table from the “blueprint,” the only remaining task is to choose the values for a, b, and c. There are some conditions a, b, and c must satisfy: 1. The three numbers must be different (a and c are in the diagonal, a and b are in the same row, and b and c in the same column). 2. a 6¼ 0, a 6¼ 1, a 6¼ 2 (as said before), 3. b 6¼ 0, b 6¼ 2, b 6¼ 4, b 6¼ 7, 4. c 6¼ 0, c 6¼ 1, c 6¼ 4. Hence, the only cases we need to explore are

Appendix C: Constructing the Field F8

85

Table 2.4 A “blueprint” of the multiplication table * 0 1 2

0 0 0 0

1 0 1 2

2 0 2 a

3 0 3 a+2

3

0

3

a+2

a+1

4

0

4

5

0

5

6

0

6

7

0

7

a E f3; 4; 5; 6; 7g

4 0 4

5 0 5

6 0 6

7 0 7

b E f1; 3; 5; 6g c E f2; 3; 5; 6; 7g b 6¼ a, c¼ 6 a, c 6¼ b

Let’s try a ¼ 3. See what values we can find for b. We have 2 ∗ 3 ¼ a + 2 ¼ 3 + 2 ¼ 1. Since b is in the same row as 2 ∗ 3 , b cannot be 1. Therefore, the only possible values for b are 5 and 6. If we choose b ¼ 5, then 2 ∗ 6 ¼ a + b ¼ 3 + 5 ¼ 6, which is forbidden (6 would appear twice in column 6). If we choose b ¼ 6, then 2 ∗ 7 ¼ 2 + a + b ¼ 2 + 3 + 6 ¼ 7 and 7 would appear twice in column 7. Thus, a ¼ 3 must be discarded. Continue with a ¼ 4. Proceeding by trial and error as before, two choices are now possible for b, namely: b ¼ 3 and b ¼ 5. For a ¼ 4, b ¼ 3, only c ¼ 6 works. Analogously, for a ¼ 4, b ¼ 5, the only valid choice for c is 7. Using these values, and the “blueprint” given in Table 2.4, we can construct two multiplication tables Table 2.5a (a ¼ 4, b ¼ 3, c ¼ 6)

86

2 A First Look at Block Coders

Table 2.5a Multiplication table when a ¼ 4, b ¼ 3, c ¼ 6

Table 2.5b Multiplication table when a ¼ 4, b ¼ 5, c ¼ 7

∗ 0 1 2

0 0 0 0

1 0 1 2

3 4

0 0

3 4

6 3

5 7

5 6 7

0 0 0

5 6 7

1 7 5

4 1 2

∗ 0 1 2

0 0 0 0

1 0 1 2

2 0 2

3 0 3 6

3 4

0 0

3 4

6 5

5 1

5 6 7

0 0 0

5 6 7

7 1 3

2 7 4

2 0 2

4

4

3 0 3 6

4 0 4

5 0 5 1

6 0 6 7

7 0 7 5

4 2

1 5

2 1

2 5 1

7 3 6

3 2 4

6 4 3

4 0 4

5 0 5 7

6 0 6 1

7 0 7 3

2 3

7 2

4 6

6 4 1

4 3 5

1 5 2

3 7

6

5 1

7 3 2 6

and Table 2.5b (a ¼ 4, b ¼ 5, c ¼ 7) In view of all the above, we have already obtained two different “versions” of ð1Þ ð2Þ the field F8 (and more to come!). Call F8 and F8 , respectively, the versions corresponding to Tables 2.5a and 2.5b. The coding and decoding methods presented in this book require only algebraic operations. Thus, if I find a bijective applicað1Þ ð2Þ tion between F8 and F8 that preserves additions and multiplications, all the ð1Þ ð2Þ computations in F8 can be “mimicked” in F8 and vice versa. We say that an 0 application preserves additions and multiplications when, denoting by x, x two ð1Þ ð 2 Þ elements in F8 and y, y0 their respective images in F8 , we have x þ x0 ! y þ y0

and

xx0 ! yy0

In this case, the choice of the version we utilize is immaterial unless the calculations performed with one of them are easier to implement. See later in this appendix. Let’s now find an application that preserves the field structure.

Appendix C: Constructing the Field F8

87

Clearly the above conditions imply that 0 ! 0 and 1 ! 1. But what about the ð1Þ ð2Þ other elements? To answer that question, observe that any element in F8 and F8 , different from 0 and 1, generates by successive powers all the others. This is due to the fact that the number of nonzero elements (7) is prime. In other words, all elements of the field, different from 0 and 1, are generators. This is not a general property of finite fields. However, any Galois field has generators. ð1Þ ð2Þ Let’s check, for instance, that 2 is a generator in both F8 and F8 . Powers of 2 using Table 2.5a 21 ¼ 2 22 ¼ 4 23 ¼ 3 24 ¼ 6 25 ¼ 7 26 ¼ 5 27 ¼ 1

Powers of 2 using Table 2.5b 21 ¼ 2 22 ¼ 4 23 ¼ 5 24 ¼ 7 25 ¼ 3 26 ¼ 6 27 ¼ 1

Thus, the application is completely defined by giving the image of 2. In fact, 2 ! y implies 2i ! yi (to preserve multiplication) Recall, though, that addition has also to be preserved. To begin with, we should have 1 þ 2i ! 1 þ y i For i ¼ 7, the above is clearly true. Let’s see what happens for the other values of ð1Þ ð1Þ i. For i  6, 1 + 2i and 1 + yi are nonzero elements of F8 and F8 , respectively. Hence, we can write 1 þ 2i ¼ 2pðiÞ and 1 þ yi ¼ yqðiÞ The functions p() and q() are, in general, different. Suppose, though, that for some y we had p() ¼ q(). Then

88

2 A First Look at Block Coders

Table 2.6a The function p()

Table 2.6b q(), computed in ð2Þ F8 for all the generators

i p(i)

1 3

i q2(i) q3(i) q4(i) q5(i)

2 6

3 1

4 5

5 4

6 2

1 5

2 3

3 2

4 6

5 1

6 4

3

6

1

5

4

2

5

3

2

6

1

4

3

6

1

5

4

2

q6(i)

3

6

1

5

4

2

q7(i)

5

7

3

6

1

4



2i þ 2j ¼ 2i 1 þ 2ji ¼ 2iþpðjiÞ , j > i 2iþpðjiÞ ! yiþpðjiÞ yiþpðjiÞ ¼ yiþqðjiÞ ¼ yi ð1 þ y ji Þ ¼ yi þ y j And the application would also preserve addition. ð1Þ Operating in F8 , we have 1 þ 2 ¼ 3 ¼ 23

1 þ 22 ¼ 1 þ 4 ¼ 5 ¼ 26

1 þ 23 ¼ 1 þ 3 ¼ 2

1 þ 24 ¼ 1 þ 6 ¼ 7 ¼ 25

1 þ 25 ¼ 1 þ 7 ¼ 6 ¼ 24

1 þ 26 ¼ 1 þ 5 ¼ 4 ¼ 22

Thus, the function p() is the one given in Table 2.6a ð1Þ Denote by qk() , with 2  k  7, the function q() using k as a generator in F8 . Table 2.6b shows the results of the computations. Therefore, the only values of y that make the application 2i ! yi addition preserving are 3, 5, and 6. An application between two fields that preserves the field structure is called ð1Þ ð1Þ isomorphism and the two fields are said to be isomorphic. So, F8 and F8 are isomorphic. More isomorphic fields can be obtained using other values for a, b, and c. Proceeding as before, the only legitimate multiplication tables correspond to the following choices for (a b c) ð 5 1 6Þ ð 5 6 7Þ

ð 6 5 2Þ

ð 6 1 3Þ

ð 7 6 3Þ

ð 7 3 2Þ

The resulting multiplication tables are Tables 2.7a, 2.7b, 2.7c, 2.7d, 2.7e, and 2.7f. Constructing multiplication tables for Galois fields using the method just exposed is a very laborious process that becomes even more cumbersome as the size of the

Appendix C: Constructing the Field F8

89

field increases. Furthermore, since all the “versions” are isomorphic, and therefore equivalent from a mathematical point of view, which ones should we utilize when it comes to doing the calculations? As a benchmark for comparison, I’ll use the circuits represented in Figs. 2.20 and 2.21 to compute the powers of an element. In Fig. 2.20, I have drawn four circuits to compute the powers of 2 and 3 using Tables 2.5a and 2.5b. On the other hand, the six circuits in Fig. 2.21 compute the powers of 2 using Tables 2.7a, 2.7b, 2.7c, 2.7d, 2.7e, and 2.7f. All these circuits are shift registers that change their state at each time tick. For instance, for the circuit that computes the powers of 2 using Table 2.5b, the state of the register changes from (c b a) to (a c a + b). The register is initialized with 1, stored in the register as (1 0 0) (see Fig. 2.22). Observe that, in contrast to what happens when we operate by hand, the leftmost bit is the least significant. The sequence of states is represented in Fig. 2.22. Converted to decimal, the sequence is 1, 2, 4, 5, 7, 3, 6 in agreement to what we obtained before. Remarks • The complexity of the circuits that compute the powers of 2 using Tables 2.5a and 2.5b is the same. • The circuits that compute the powers of 2 using Tables 2.5a and 2.5b are simpler than the circuits that compute the powers of 3: Multiplication by 2 is easier to implement. • The circuits that multiply by 2 using Tables 2.7a, 2.7b, 2.7c, 2.7d, 2.7e, and 2.7f are more complex than the circuits that multiply by 2 using Tables 2.5a and 2.5b. Therefore, Tables 2.5a and 2.5b should be preferred over the others. • Additionally, when 2m  1 is not a prime, 2 won’t be a generator for all tables, and those tables should also be disregarded. In Chapter 3, I’ll address the systematic construction of multiplication tables for Galois fields of 2m elements, a method that avoids the painstaking process used in this appendix. I will also indicate which tables we should select to ease the calculations.

90

2 A First Look at Block Coders

a

a+c c

b b

Next state

a

a+b

c c

a

b

a

Using Table 2.5b

Using Table 2.5a (a) Powers of 2

a+c

a+b+c c

a+b

b

Next state

a+c

a

b+c

b

c

Using Table 2.5a

b

a

Using Table 2.5b

(b) Powers of 3 Fig. 2.20 Circuits that compute the powers of 2 and 3 using Tables 2.5a and 2.5b

a+b

b

c c

b

Next state

b c

a

Using Table 2.7a a

b+c c

Next state a

a

b+c c

Using Table 2.7c b

a+b+c

c

Using Table 2.7e

a

b b

a

Using Table 2.7d Next state

a+b

b

b

Using Table 2.7b

a+b b

a+b

a+c

a

a+b

a+b+c

c

b

b

a

Using Table 2.7f

Fig. 2.21 Circuits to compute the powers of 2 using Tables 2.7a, 2.7b, 2.7c, 2.7d, 2.7e, and 2.7f

Appendix C: Constructing the Field F8 Table 2.7a Multiplication table when a ¼ 5, b ¼ 1, c ¼ 6

Table 2.7b Multiplication table when a ¼ 5, b ¼ 6, c ¼ 7

Table 2.7c Multiplication table when a ¼ 6, b ¼ 5, c ¼ 2

91

∗ 0 1 2

0 0 0 0

1 0 1 2

3 4

0 0

3 4

7 1

4 5

5 6 7

0 0 0

5 6 7

3 4 6

6 2 1

∗ 0 1 2

0 0 0 0

1 0 1 2

2 0 2

3 0 3 7

3 4

0 0

3 4

7 6

4 2

5 6 7

0 0 0

5 6 7

4 3 1

1 5 6

∗ 0 1 2

0 0 0 0

1 0 1 2

2 0 2

3 0 3 4

3 4

0 0

3 4

4 5

7 1

5 6 7

0 0 0

5 6 7

7 3 1

2 5 6

2 0 2

5

5

6

3 0 3 7

4 0 4

5 0 5 3

6 0 6 4

7 0 7 6

6 2

2 7

1 3

2 7 3

7 1 4

1 3 5

4 5 2

4 0 4

5 0 5 4

6 0 6 3

7 0 7 1

1 3

5 1

6 5

3 1 5

6 7 2

7 2 4

2 4 3

4 0 4

5 0 5 7

6 0 6 3

7 0 7 1

2 6

5 7

6 3

3 1 4

1 4 2

4 2 5

1 5

6

6 2

7

5 1

2 6 7 3

92 Table 2.7d Multiplication table when a ¼ 6, b ¼ 1, c ¼ 3

Table 2.7e Multiplication table when a ¼ 7, b ¼ 6, c ¼ 3

Table 2.7f Multiplication table when a ¼ 7, b ¼ 3, c ¼ 2

2 A First Look at Block Coders ∗ 0 1 2

0 0 0 0

1 0 1 2

3 4

0 0

3 4

4 1

7 5

5 6 7

0 0 0

5 6 7

3 7 5

6 1 2

∗ 0 1 2

0 0 0 0

1 0 1 2

2 0 2

3 0 3 5

3 4

0 0

3 4

5 6

6 2

5 6 7

0 0 0

5 6 7

4 1 3

1 7 4

∗ 0 1 2

0 0 0 0

1 0 1 2

2 0 2

3 0 3 5

3 4

0 0

3 4

5 3

6 7

5 6 7

0 0 0

5 6 7

1 4 6

4 2 1

2 0 2

6

7

7

3 0 3 4

4 0 4

5 0 5 3

6 0 6 7

7 0 7 5

6 7

1 2

2 6

7 2 6

2 4 1

4 5 3

1 3 4

4 0 4

5 0 5 4

6 0 6 1

7 0 7 3

1 7

7 5

4 1

7 5 1

2 3 6

3 4 2

6 2 5

4 0 4

5 0 5 1

6 0 6 4

7 0 7 6

4 6

2 1

1 5

3 7 2

7 5 3

2 3 4

1 5

3

6 2

3

3 7

2 6 1 5

Appendix D: The Rank of a Matrix

93

Fig. 2.22 Sequence of states for the circuit on top

1

0

0

(100) (011)

(010)

(001)

(110)

Most significant bit

(101)

(111) 1 6

2

4

3

5

7

Appendix D: The Rank of a Matrix The row rank of a matrix is the maximum number of linearly independent (LI) rows. Similarly, the column rank, is the maximum number of LI columns. An important, and perhaps unexpected, result is that the two ranks coincide. This number is called the matrix rank. The aim of this appendix is to illustrate such fact, since I used it repeatedly in this chapter. Say that the row rank of the following 5  7 matrix is 3. 0

a11 B a21 B B a31 B @ a41 a51

a12 a22 a32 a42 a52

a13 a23 a33 a43 a53

a14 a24 a34 a44 a54

a15 a25 a35 a45 a55

a16 a26 a36 a46 a56

1 a17 a27 C C a37 C C a47 A a57

that is: only three of the five rows are LI. Suppose, for instance, that rows 1, 2, and 4 are LI. Then, we have:

94

2 A First Look at Block Coders

R3 ¼ aR1 þ bR2 þ cR4

ð2:2Þ

R5 ¼ dR1 þ eR2 þ fR4

ð2:3Þ

where Ri stands for row i. From (2.2), we obtain the following equalities a31 ¼ aa11 þ ba21 þ ca41 a32 ¼ aa12 þ ba22 þ ca42 ... ... ...: a37 ¼ aa17 þ ba27 þ ca47 Similarly, from (2.3) we can write a51 ¼ da11 þ ea21 þ fa41 a52 ¼ da12 þ ea22 þ fa42 ... ... ...: a57 ¼ da17 þ ea27 þ fa47 Then, we have ða11 a21 a31 a41 a51 Þ ¼ a11 ð1 0 a 0 dÞ þ a21 ð0 1 b 0 eÞ þ a41 ð0 0 c 1 f Þ ða12 a22 a32 a42 a52 Þ ¼ a12 ð1 0 a 0 dÞ þ a22 ð0 1 b 0 eÞ þ a42 ð0 0 c 1 f Þ ... ... ... ða17 a27 a37 a47 a57 Þ ¼ a17 ð1 0 a 0 dÞ þ a27 ð0 1 b 0 eÞ þ a47 ð0 0 c 1 f Þ The seven columns are a linear combination of the three LI columns, namely: (1 0 a 0 d), (0 1 b 0 e), and (0 0 c 1 f ). Therefore, the column rank is also 3. The following is the same proof written more compactly. The linear dependency of rows R3 and R5 on R1, R2, and R4 can be written as 0

a11 B a21 B B a31 B @ a41 a51 0

a12 a22 a32 a42 a52

1 B0 B ¼B Ba @0 d

a13 a23 a33 a43 a53 0 1 b 0 e

a14 a24 a34 a44 a54

1 0 0 0C C a11 @ cC C a21 1 A a41 f

a15 a25 a35 a45 a55 a12 a22 a42

a16 a26 a36 a46 a56 a13 a23 a43

Taking transpose on both sides, we obtain:

1 a17 a27 C C a37 C C a47 A a57 a14 a24 a44

a15 a25 a45

a16 a26 a46

1 a17 a27 A a47

Appendix D: The Rank of a Matrix

0

a11 B a12 B B a13 B B a14 B B a15 B @ a16 a17

a21 a22 a23 a24 a25 a26 a27

a31 a32 a33 a34 a35 a36 a37

a41 a42 a43 a44 a45 a46 a47

1 0 a11 a51 B a12 a52 C C B B a53 C C B a13 C a54 C ¼ B B a14 B a55 C C B a15 A @ a16 a56 a57 a17

95

a21 a22 a23 a24 a25 a26 a27

1 a41 a42 C C0 a43 C C 1 0 @ a44 C C 0 1 C a45 C 0 0 a46 A a47

a b c

0 0 1

1 d eA f

which expresses that the column space has dimension 3, the same as the row space.

Chapter 3

RS and Binary BCH Codes

3.1

Introduction

In the development of coding theory, there was an impasse when engineers tried to extend the ideas of single error correcting codes to the correction of multiple errors. That impasse lasted very long, for about 10 years. Finally, this period of mischance ended and the breakthrough occurred with the work of two American mathematicians and engineers (Irving Reed and Gustave Solomon), a French mathematician (Alexis Hocquenghem), and two Indian American mathematicians (Raj Bose and Dijen Ray-Chaudhuri). In their honor, those codes are called Reed–Solomon (RS) and Bose–Chaudhuri–Hocquenghem (BCH) codes, respectively. Reed and Solomon worked together, and so did Bose and Chaudhuri. Hocquenghem worked alone, and his work slightly antecedes that of Bose–Chaudhuri’s. In this chapter, I present the coding algorithms for these two families of codes. Both types of codes are widely used and share many common features. For instance, the length of the codewords of both codes is 2m
1 (m ¼ 8, in most applications). They differ, though, in the type of symbols they handle: m-bit bytes for RS codes and bits for binary BCH codes. Also, in both cases, the algebra is done in Fq, with q ¼ 2m. This requires the construction of these fields which, although we explored some simple cases in Chapter 2, is by no means an obvious task. I will postpone the topic of the systematic construction of Fq to Section 3.3, after I introduce the original approach to RS codes in the next section.

3.2

The Original Approach to RS Codes

To get the essence of the original construction of RS codes, I’ll use the field of q ¼ 23elements whose addition and multiplication tables appear in Fig. 2.19. As already said, the length of the codewords is 7. How many of those 7 symbols can be © Springer Nature Switzerland AG 2019 E. Sanvicente, Understanding Error Control Coding, https://doi.org/10.1007/978-3-030-05840-1_3

97

98

3 RS and Binary BCH Codes

information symbols? It depends on the correction capability desired. Say we want to correct 2 errors. Then, according to the Singleton bound, r  2t ¼ 4. Therefore, the most we can expect is 3 information symbols. RS codes reach this bound. In general, the main parameters for the RS codes are the following: Field size: q ¼ 2m Codeword length: q
1 Check symbols: 2t Given q and t, the codeword length and code dimension corresponding to those two values are (q
1, q
1
2t). For q ¼ 8 and r ¼ 2, we have a (7, 3) code, as indicated. Matrices H and G, introduced in Chapter 2, although related, they play different roles in coding theory. In fact, H produces the code whereas G defines the coder and, as a consequence, provides also the code. Reed and Solomon focused their work on obtaining G. Their construction is presented next. Suppose we want to transmit to a distant colleague the straight line y ¼ ax þ b. We can do this by sending the pair (a, b). But, what if the channel is noisy and the pair is received erroneously? A possible solution is to send the coordinates of several points. Only two points are needed to specify the line, but we send more (we “oversample” the line) to fight errors. The same could be said about sending a second-degree polynomial y ¼ ax2 þ bx þ c. Now, even though only three points are needed to determine the polynomial, we transmit more points to cover ourselves against the possibility of errors. To continue with this construction, I will consider as an example the following quadratic polynomial in F8 y ¼ 2x2 þ x þ 6 To specify this polynomial is enough to know its value at three points: 1, 2, and 3, for instance. Using the multiplication and addition tables in F8 (See Fig. 2.19, Section 2.11), we have y1 ¼ 2 þ 1 þ 6 ¼ 5 y2 ¼ 2∗22 þ 2 þ 6 ¼ 7 y3 ¼ 2∗32 þ 3 þ 6 ¼ 4 Since we are assuming that the channel is not reliable, we’ll also send

3.2 The Original Approach to RS Codes

99

y4 ¼ 2∗42 þ 4 þ 6 ¼ 5 y5 ¼ 2∗52 þ 5 þ 6 ¼ 6 y6 ¼ 2∗62 þ 6 þ 6 ¼ 4 y7 ¼ 2∗72 þ 7 þ 6 ¼ 7 In view of the above, to reliably send (2 1 6) (the coefficients of the polynomial), we transmit the ordinates (5 7 4 5 6 4 7) that correspond to abscissas (1 2 3 4 5 6 7). Thus, for any polynomial (a b c), the ordinates of the seven points are obtained as follows: 0

1 22 @ ð a b cÞ 1 2 1 1

32 3 1

42 4 1

52 5 1

62 6 1

1 72 7 A ¼ ð y1 y2 y3 y4 y5 y6 y7 Þ 1

ð3:1Þ

(a b c) is the message and (y1 y2 y3 y4 y5 y6 y7) the codeword. I revert now to the usual notation for messages and write (x1 x2 x3) instead of (a b c). Equation (3.1) is, therefore, rewritten as 0

1 ð x1 x2 x3 Þ @ 1 1

22 2 1

32 3 1

42 4 1

52 5 1

62 6 1

1 72 7 A ¼ ð y1 1

y2

y3

y4

y5

y6

y7 Þ

The (nonsystematic) generator matrix of the coder is then 0

1 G ¼ @1 1

22 2 1

32 3 1

42 4 1

52 5 1

62 6 1

1 72 7A 1

ð3:2Þ

In the absence of errors, the coefficients of the quadratic polynomial (the message) can be recovered from any three of the above seven ordinates by solving the corresponding system of equations. For instance, if we choose the second, third, and fourth ordinates, we have to solve 22 x1 þ 2x2 þ x3 ¼ 7 32 x1 þ 3x2 þ x3 ¼ 4 42 x1 þ 4x2 þ x3 ¼ 5 Similarly, for the last three ordinates, the system to solve is

ð3:3Þ

100

3 RS and Binary BCH Codes

52 x1 þ 5x2 þ x3 ¼ 6 62 x1 þ 6x2 þ x3 ¼ 4 72 x1 þ 7x2 þ x3 ¼ 7

ð3:4Þ

Both systems of equations provide the same solution, namely: x1 ¼ 2, x2 ¼ 1, x3 ¼ 6. All the above imply that if the channel erasures four symbols, the message (x1 x2 x3) can be recovered from the remaining three ordinates. This fact induces us to think that, instead of four erasures, two errors could be corrected as well. In other words: the oversampling of the quadratic polynomial (7 points instead of 3) is sufficient to correct two errors. But how? The correction of errors is not a simple task, and we’ll learn several approaches in Chapters 4 and 5. However, when the length of the code is small, the correction can be done by “trial and error” as indicated below. Suppose that the codeword (5 7 4 5 6 4 7) is transmitted, that the channel introduces one error, and that the received word is (error in red). As indicated before, in the absence of errors, the message can be obtained from any set of three components. Thus, select any three, compute the message, and see if the corresponding codeword coincides with the received word. If it does not, an error has occurred. In that case, if the number of discrepancies between the received word and the computed codeword doesn’t exceed the correction capability of the code, decode the word in the computed codeword. Say, for instance, we select the last three components. The system to solve is (3.4). Solving, we obtain (2 1 6) as the message and (5 7 4 5 6 4 7) as the codeword. This codeword differs from the received word in only one symbol. Therefore, we decide (5 7 4 5 6 4 7) was the transmitted codeword. The same happens if we choose system (3.3). However, if we select the first, second, and fourth components of the word (starting the count from the left), the system to solve is x1 þ x2 þ x3 ¼ 5 22 x1 þ 2x2 þ x3 ¼ 7 42 x1 þ 4x2 þ x3 ¼ 1 The corresponding message is now (7 5 7), and the associated codeword . There are four discrepancies (in red) between this codeword and the received word. Therefore, this choice is discarded, and the search continues until codeword (5 7 4 5 6 4 7) is found.  How  many tries do we need? The total number of possibilities to explore is 7 ¼ 35, and in the case of only one error, the number of choices that provide 3   6 proper decoding is ¼ 20. This means that in about two decoding attempts 3 (on the average) we would be successful.

3.2 The Original Approach to RS Codes

101

Something similar happens when two errors occur. In Chapters 4 and 5, I will present more expedite decoding methods than the “trial and error” approach described here. This code cannot correct three errors. In fact, that would be tantamount to saying that the code can correct six erasures, which is clearly impossible. The coder in (3.2) is nonsystematic. The systematic coder can be obtained by combining linearly the rows of the matrix. The first row of the systematic generator matrix can be found as follows 0 1 1 22 3 2 42 52 62 72 B C ∗ ∗ ∗ ∗ C ð x1 x2 x3 Þ B Þ @1 2 3 4 5 6 7 A ¼ ð1 0 0 1 1 1 1 1 1 1 The solution is: x1 ¼ 3, x2 ¼ 3, x3 ¼ 1. Entering those values in the expression above, we have (1 0 0 7 7 6 6). The other rows can be computed analogously. The result is the following matrix 0

1

B Gsys ¼ @ 0 0

6

1

0

0

7 7

6

1

0

2 3

2

C 3A

0

1

4 5

5

4

ð3:5Þ

Coders (3.2) and (3.5) are different, but the codes they generate are the same. As an example, the codeword assigned to message (5 7 4) by the systematic coder is (5 7 4 5 6 4 7), which is the codeword corresponding to message (2 1 6) when coder (3.2) is used. Observe that to do the computations by hand we need to memorize the multiplication and addition tables. Likewise, the coder and decoder must have those tables stored in their memories to perform the calculations. Storage requirements can be kept to a minimum and computations can be simplified if we represent the nonzero field elements as powers of a common base. Then, to multiply we only have to add exponents and a multiplication table is not needed. But the question remains: can we represent the field elements as powers of a common base? The answer is affirmative: in every finite field there are elements that when raised to successive powers generate all the nonzero elements of the field. They are called generators. In fact, in F8 all elements (except 0 and 1, obviously) are generators. Say, we chose 2 as a generator, then according to the multiplication table for the field, we have 21 ¼ 2

22 ¼ 4

23 ¼ 3

24 ¼ 6

25 ¼ 7

26 ¼ 5

27 ¼ 1

Then, a different generator matrix for a (7, 3) RS coder could be the following

102

3 RS and Binary BCH Codes

0  6 2 2 B 0 B G ¼ @ 26 0

1 25

B 6 ¼B @2 1

1

 5 2 2

 4 2 2

 3 2 2

 2 2 2

22

25

24

23

22

2

C 1C A

1

1

1

1

1

1

1

0

52

23

2

26

24

22

25

24

23

22

2

C B B 1C A¼@ 5

1

1

1

1

1

1

1

1

1

72

62

32

42

22

7

6

3

4

2

C 1C A

1

1

1

1

1

1

1

1

ð3:6Þ Remark The ordering of the columns is a permutation of the ordering chosen for the generator matrix given in (3.2). Therefore, the components of the codewords experience the same permutation. As the coder in (3.2), this coder is also nonsystematic. A systematic coder can be obtained as we did before. The result is the following matrix 0 0

Gsys

1 0

B ¼B @0 1 0 0

0

24

1

24

0

22

1

26

1

23

1

2

1

0 1 0 C B 26 C A ¼ @0 1 0 0 23 25

1

0

6

1 6

7

0

4

1 5

C 5A

1

3

1 2

3

ð3:7Þ

Again, coders (3.6) and (3.7) are different, but the codes are the same.

3.3

The Construction of F2m

In Chapter 2, we saw how to construct F2, F3, and F4 using only rudimentary methods. We also know that addition and multiplication in Fq with q prime is done modulo q, but that this is not the case when q is the power of a prime. In Appendix C to Chapter 2, I constructed F8, but the meticulous process I used does not shed much light on what to do in general. Obviously, to construct a field with more elements (for instance, q ¼ 28 ¼ 256) we cannot follow the same approach. When we learned how to operate with complex numbers, we encountered a similar difficulty: how to define addition and multiplication. The sum of two complex numbers was done adding separately real and imaginary parts: ða þ bjÞ þ ðc þ djÞ ¼ ða þ cÞ þ ðb þ dÞj The multiplication rule was a little more involved. As High School students we were told to consider a + bj and c + dj as polynomials in j, to multiply them and then to replace j2 by
1. Here are the two steps

3.3 The Construction of F2m

103

ða þ bjÞ∗ðc þ djÞ ¼ ac þ ðad þ bcÞj þ bdj2 ða þ bjÞ∗ðc þ djÞ ¼ ðac
bd Þ þ ðad þ bcÞj There’s not much to comment about the first step, which basically is the distributive law. But let’s look at the second step in a slightly different way. To begin with, since we are treating a + bj and c + dj as polynomials, let’s change the notation to a + bD and c + dD, where D is not a number, but a symbol. Multiplying, we obtain ða þ bDÞ∗ðc þ dDÞ ¼ ac þ ðad þ bcÞD þ bdD2 The right side of the above equality cannot be considered a complex number due to the presence of the D2 term. However, if we divide the right side by a seconddegree polynomial, the remainder of that division is a linear polynomial and we can view it as a complex number, in fact, as the product of the two complex numbers. This is much the same as what we do with modulo-p arithmetic with p a prime number: to multiply two numbers in Fp, we first multiply the two numbers as integers, divide the product by p, and take the remainder as the product in Fp. If the divisor chosen is D2 + 1, the remainder of the division is (ac
bd) + (ad + bc)D, the classical result for the multiplication of complex numbers. What is so special about D2 + 1? It is a polynomial with real coefficients but without real roots. That is: the polynomial cannot be factored into the product of two polynomials. Could we have chosen a different polynomial to define multiplication? Say we choose a polynomial D2 + AD + B that has two real roots, α and β. Then D2 þ AD þ B ¼ ðD
αÞðD
βÞ And the product of the two nonzero complex numbers
α + j and
β + j would be zero which is not allowed. Therefore, A and B must satisfy the inequality A2
4B < 0 (see Fig. 3.1). All the points in the “interior” of the parabola B ¼ 14 A2 can be chosen to construct a permissible polynomial (the boundary is not included). The choice (A, B) ¼ (0, 1) (which, by the way, corresponds to the focus of the parabola) is the one to be preferred because it provides the simplest multiplication rule. To summarize: • Not all polynomials of degree 2 can be chosen to define the multiplication of complex numbers: the polynomial cannot have real roots. • Out of all possible polynomials, the one selected as divisor (as modulo) is the one that provides the simplest multiplication rule. The definition of addition and multiplication for finite fields draws heavily on the approach used for complex numbers. To illustrate the method, let’s construct the tables for the field F4.

104

3 RS and Binary BCH Codes

Fig. 3.1 Parabola B ¼ 14 A2

Using decimal to binary conversion, represent 0, 1, 2, and 3 as (0 0), (0 1), (1 0), (1 1), respectively. As polynomials, they are 0, 1, D, D2 + 1. Analogously to the addition of complex numbers, to add two field elements, we add the corresponding polynomials. This is equivalent to what we did in Chapter 2 when we used bit-wise addition. To multiply, we will also mimic the process of multiplication of complex numbers. Therefore, we need a binary polynomial of degree two with no binary roots. The only possible choice is D2 + D + 1. Now, to compute the product 3 ∗ 2, for instance, we proceed as follows. First step: Represent the numbers as polynomials and multiply those polynomials 3∗2 ¼ ð1 1Þ∗ð1 0Þ ¼ ðD þ 1Þ∗D ¼ D2 þ D Second step: Divide D2 + D by D2 + D + 1 to find the remainder. The result is 1, which coincides with the result given in Chapter 2. This type of operation is called multiplication modulo D2 + D + 1. The remainder can also be obtained replacing D2 by D + 1, similarly to what we do with complex numbers (when we replace j2 by
1). The other elements of the multiplication table can be computed similarly, and the results agree with those presented in Chapter 2. What happens if the multiplication is done modulo D2 + 1? Multiplying 3 by itself, we obtain

3.3 The Construction of F2m

105

3∗3 ¼ ð1 1Þ∗ð1 1Þ ¼ ðD þ 1Þ∗ðD þ 1Þ ¼ D2 þ 1 The remainder of the division by D2 + 1 is 0 which invalidates this choice as modulo polynomial. Thus, the polynomial chosen cannot be decomposed into the product of two polynomials with coefficients over the field of binary numbers. In other words: the polynomial has to be irreducible over the original (binary) field, called the background field. This fact is the key to the construction of other fields, for instance F8 and F16. The field F8 To construct the multiplication table, we need an irreducible polynomial of degree 3. There are eight binary polynomials of degree 3, but a little computation shows that only two of them are irreducible: D3 + D + 1 and D3 + D2 + 1. Say we choose D3 + D + 1. Similar results can be obtained with the other. Suppose, then, that we want to compute the product of 7 by 5. These are the two steps: First step:    7∗ 5 ¼ ð1 1 1Þ∗ð1 0 1Þ ¼ D2 þ D þ 1 D2 þ 1 ¼ D4 þ D3 þ D þ 1 Second step: Divide D4 + D3 + D + 1 by D3 + D + 1 to obtain D2 + D ¼ (1 1 0) as the remainder. Therefore, 7 ∗ 5 ¼ 6. Using the same procedure, we can find the other products (see Table 3.1). This is the same table given in Fig. 2.19 and used in Section 3.2 to construct the (7, 3) RS code. If we represent the elements of the field as powers of a generator, we don’t need to memorize (or store) the multiplication table. Multiplication is simple: just add exponents. What about addition? To add two numbers using this format, a table of dimension q
2 is required. Say, for instance, we choose 2 as the generator and we want to add 26 and 24. We write

Table 3.1 The multiplication table for F8

* 0 1 2 3 4 5 6 7

0 0 0 0 0 0 0 0 0

1 0 1 2 3 4 5 6 7

2 0 2 4 6 3 1 7 5

3 0 3 6 5 7 4 1 2

4 0 4 3 7 6 2 5 1

5 0 5 1 4 2 7 3 6

6 0 6 7 1 5 3 2 4

7 0 7 5 2 1 6 4 3

106

3 RS and Binary BCH Codes

  26 þ 24 ¼ 24 22 þ 1 Since 2 is a generator, 22 + 1 is a power of 2. Call it 2z(2). Then, we have   26 þ 24 ¼ 24 22 þ 1 ¼ 24þzð2Þ Once z(2) has been precomputed, the addition of those two numbers is reduced to the addition modulo 7 of two exponents: min{6, 4} and z(6
4). Let’s compute z(2). We have 22 ¼ 4 ¼ ð 1 0 0Þ Therefore 22 þ 1 ¼ ð1 0 0Þ þ ð0 0 1Þ ¼ ð1 0 1Þ ¼ 5 ¼ 26 Thus, z(2) ¼ 6, and finally   26 þ 24 ¼ 24 22 þ 1 ¼ 24þzð2Þ ¼ 24þ6 ¼ 23 ¼ 3 In summary: to add two numbers given as powers of 2, we only need a small table with the six exponents (indexes) z(1) to z(6). We already know z(2). The other exponents can be computed likewise. In Table 3.2 we have all the exponents. A note on notation Once we decide to represent all the nonzero field elements as powers of a generator, the only decimal numbers that appear in the calculations are the exponents and the base (the generator). The exponents are integers that are added modulo 7 (in general, modulo 2m
1) as done before. But the base (2, in our case), when raised to a power, is not to be treated as an integer. Recall that 2 is only a “shorthand” notation for (0 1 0) and the “powers of 2” are in fact powers of D computed modulo D3 + D + 1. Therefore, it would have been more adequate, but more cumbersome, to express all the elements as powers of (0 1 0) instead of powers of 2. The solution is to create a new symbol to represent(0 1 0). The symbol chosen is α. When working with complex numbers, we encountered a similar situation, and j was chosen to represent (0 1). The field F16 The construction of F16 follows the same approach. This time we need an irreducible binary polynomial of degree 4. Are there any? Yes; irreducible polynomial exist for all degrees, and a little computation shows that there are three irreducible polynomials of degree 4, namely: Table 3.2 Indexes for F8

i z(i)

1 3

2 6

3 1

4 5

5 4

6 2

3.3 The Construction of F2m

107

D4 þ D þ 1 D4 þ D3 þ 1 D4 þ D3 þ D2 þ D þ 1 To do arithmetic in F16, we must choose one of them. Let’s choose D4 + D + 1. Later, I will comment about the other two possibilities. As before, (0 0 0 0) is 0 and (0 0 0 1) is 1. But will (0 0 1 0) ¼ α be a generator as (0 1 0) was in F8 ? to answer the question, let’s compute its successive powers. α¼ D α2 ¼ α α ¼ D2 α3 ¼ α2 α ¼ D2 D ¼ D3 α4 ¼ α3 α ¼ D3 D ¼ D þ 1 Notice what I did in the last equation. Clearly, D3D ¼ D4, but multiplications by D must be done modulo D4 + D + 1 . Thus, D4 must be divided by D4 +D + 1 to find the remainder. The result is α4 ¼ D + 1, as indicated above. We continue as follows α5 ¼ α4 α ¼ ðD þ 1Þ D ¼ D2 þ D   α6 ¼ α5 α ¼ D2 þ D D ¼ D3 þ D2   α7 ¼ α6 α ¼ D3 þ D2 D ¼ D3 þ D þ 1   α8 ¼ α7 α ¼ D3 þ D þ 1 D ¼ D2 þ 1   α9 ¼ α8 α ¼ D2 þ 1 D ¼ D3 þ D   α10 ¼ α9 α ¼ D3 þ D D ¼ D2 þ D þ 1   α11 ¼ α10 α ¼ D2 þ D þ 1 D ¼ D3 þ D2 þ D   α12 ¼ α11 α ¼ D3 þ D2 þ D D ¼ D3 þ D2 þ D þ 1   α13 ¼ α12 α ¼ D3 þ D2 þ D þ 1 D ¼ D3 þ D2 þ 1   α14 ¼ α13 α ¼ D3 þ D2 þ 1 D ¼ D3 þ 1   α15 ¼ α14 α ¼ D3 þ 1 D ¼ 1

Since we obtain all the nonzero elements of F16, α is a generator. The same happens with the polynomial D4 + D3 + 1; α is, again, a generator. However, this is not the case for D4 + D3 + D2 + D + 1. If we decide to use this irreducible polynomial to construct the field, we also have generators, but D is not one of them. Irreducible polynomials for which D is a generator are called primitive polynomials. The circuits to compute the powers of a generator, as well as coding and decoding, are simpler when primitive polynomials are chosen as modulo polynomials. For that reason, they are the only ones used in error control coding. This is similar to what happens when we multiply complex numbers: there are an infinite number of possible selections for the divisor, but D2 + 1 is the one favored because of computational simplicity.

108

3 RS and Binary BCH Codes

Table 3.3 Indexes for F16 i z(i)

1 4

2 8

3 14

4 1

5 10

6 13

7 9

8 2

9 7

10 5

11 12

12 11

13 6

14 3

In the examples in this book, we’ll use F16 extensively. To multiply two elements represented as powers of α is easy. To add two elements, we need a table like the one in Fig. 3.3. Let’s compute one of the items, say z(5). By definition αzð5Þ ¼ 1 þ α5 We know that α5 ¼ D2 þ D and then α5 þ 1 ¼ D2 þ D þ 1 ¼ α10 Therefore, z(5) ¼ 10. Now, α7 + α12 can be calculated as follows   α7 þ α12 ¼ α7 1 þ α5 ¼ α7 α10 ¼ α17 ¼ α2 The table containing all the indexes appears in Table 3.3.

3.4

An Alternative Approach to RS Codes

In this section, I present a different construction of the RS codes, characterizing them through the parity-check matrix instead of the generator matrix as Reed– Solomon did. Let’s focus on the same code we considered in Section 3.2. A parity-check matrix for a (7, 3) code has seven columns and four independent rows. This guarantees that the matrix has four LI columns. However, if we want to correct two errors, it is not enough that the matrix has four LI columns. What we need is that any four columns are LI. In Chapter 2 we learned that matrices with the “Vandermonde type structure” provide a solution to the problem, and I will use the same structure here, namely

3.4 An Alternative Approach to RS Codes

0  6 p α B  pþ1 B α6 B H¼B B  6 pþ2 B α @  6 pþ3 α

 5 p α  5 pþ1 α  5 pþ2 α  5 pþ3 α

109

ðα4 Þ

p

ðα 3 Þ

p

ðα2 Þ

p

αp

pþ1

ðα3 Þ

pþ1

ðα 2 Þ

pþ1

αpþ1

pþ2

ðα3 Þ

pþ2

ðα 2 Þ

pþ2

αpþ2

pþ3

ðα3 Þ

pþ3

ðα 2 Þ

pþ3

αpþ3

ðα4 Þ ðα4 Þ ðα4 Þ

1

1

C 1C C C C 1C A 1

By an appropriate choice of the power, p, of the first row, we can generate the same code as the one defined by the generator matrix (3.6). Matrix (3.6) is copied here, replacing 2 by α. 0  2 α6 B 6 G¼B @ α 1

 5 2 α

ðα 4 Þ

α5 1

2

2

2

α2

1

ðα3 Þ

ðα2 Þ

α4

α3

α2

α

C 1C A

1

1

1

1

1

1

Since the three rows of the matrix G are codewords, they must be orthogonal to the four rows of H. Observe that p cannot be 0, since the dot product of the last row of G by the first row of H would be 1, not 0. For p ¼ 1, we have 0

α6 B  6 2 B α B H ¼ B  6 3 B α @  6 4 α

α5  5 2 α  5 3 α  5 4 α

α4

α3

α2

α

1

1

ðα4 Þ

2

ðα3 Þ

2

ðα2 Þ

2

α2

ðα4 Þ

3

ðα3 Þ

3

ðα2 Þ

3

α3

C 1C C C 1C A

ðα4 Þ

4

ðα3 Þ

4

ðα2 Þ

4

α4

1

ð3:8Þ

Now, the dot product of last row of G by the first row of H is α6 þ α5 þ α4 þ α3 þ α2 þ α þ 1 þ1 The sum of this geometric progression is ααþ1 ¼ 0 (Recall that α7 ¼ 1). The same happens with the dot product of the last row of G with any other row of H. Take for instance the last row of H. The dot product is 7

 6 4  5 4 4 4 4 α þ α þ ðα4 Þ þ ðα3 Þ þ ðα2 Þ þ α4 þ 1 6

5

4

3

2

¼ ðα4 Þ þ ðα4 Þ þ ðα4 Þ þ ðα4 Þ þ ðα4 Þ þ α4 þ 1 7

¼

4

ðα4 Þ þ 1 ðα7 Þ þ 1 ¼ 4 ¼0 α4 þ 1 α þ1

110

3 RS and Binary BCH Codes

The orthogonality of other rows of G and H is also satisfied. Therefore, the codes produced by the H matrix given in (3.8) and the RS coder of (3.6) are the same. The decoding algorithms for RS and BCH codes in Chapters 4 and 5 depend heavily on the structure of the H matrix given in (3.8). Let’s check that with the parity matrix (3.8) we obtain the generator matrix (3.7). Matrix (3.8) is 0

α6

B 5 Bα H¼B B 4 @α α3

1

α5

α4

α3

α2

α

α3

α

α6

α4

α2

α

α5

α2

α6

α3

C 1C C C 1A

α6

α2

α5

α

α4

1

0

1

And, in systematic form 0 H sys

1

α2

α3

1

0

0

1

1

0

1

0

α6

α

0

0

1

C 0C C C 0A

α6

α3

0

0

0

1

0

0 α4

1

α4

1

0 α2

1

α6

C α6 A

0

1 α3

1

α

α3

α4

B B1 ¼B B 4 @α α5

The corresponding generator matrix is 0

1

B G ¼ @0 0

α5

1

Which coincides with the given in (3.7), once we replace 2 by α.

3.5

Decoding to Code

Decoding is more computational complex than coding. Thus, even though what follows is instructive, in practice we won’t use the approach presented in this section to code. A t-error correcting RS code allows for the recovery of any set of 2t erasures in the absence of errors. I have already considered the case of erasure correction in Chapter 2, namely: Section 2.10 (working in F11) and in Section 2.11 (working in F8). In this section, I will use the same method to compute the 2t parity symbols of any message considering them as erasures in a word whose k first symbols are the message symbols. Thus, what I do here is a repetition of previous ideas. However, in this section I use the (15, 11) RS code. This will allow us to gain familiarity with operations in the field F16 utilized in the rest of the book.

3.5 Decoding to Code

111

Additionally, we’ll have the opportunity to go back to Section 1.7 and justify a question we took on faith there. The parity-check matrix the (15, 11) RS code is 0

α14 B 14 2 B ðα Þ B B 14 3 B ðα Þ @ 14 4

ðα Þ

α13

α12

α11

13 2

ðα Þ

3

ðα12 Þ

ðα Þ ðα13 Þ

13 4

ðα Þ

α10

12 2

ðα Þ

3

ðα11 Þ

12 4

ðα Þ

α9

11 2

ðα Þ

3

ðα10 Þ

11 4

ðα Þ

α8

10 2

ðα Þ

3

ðα9 Þ

10 4

ðα Þ

α7

9 2

ðα Þ

3

ðα8 Þ

9 4

ðα Þ

8 2

ðα Þ

3

ðα7 Þ

8 4

ðα Þ

7 2 3

7 4

ðα Þ

α6  6 2 α  6 3 α  6 4 α

α5  5 2 α  5 3 α  5 4 α

α4

α3

α2

4 2

ðα Þ

3

ðα3 Þ

ðα Þ ðα4 Þ

4 4

ðα Þ

α 3

α3

C 1C C C 1C A

2 4

α4

1

3

ðα2 Þ

ðα Þ

1

α2

ðα Þ

3 4

1

2 2

3 2

ðα Þ

Since α15 ¼ 1, we have 0

α14

B 13 Bα B B 12 @α α11

1

α13

α12

α11

α10

α9

α8

α7

α6

α5

α4

α3

α2

α

α11

α9

α7

α5

α3

α

α14

α12

α10

α8

α6

α4

α2

α9

α6

α3

1

α12

α9

α6

α3

1

α12

α9

α6

α3

C 1C C C 1A

α7

α3

α14

α10

α6

α2

α13

α9

α5

α

α12

α8

α4

1

1

Suppose we want to code the following message   0 0 0 α14 1 α6 α10 α3 α9 α7 α6 The coding algorithm attaches four symbols: x, y, v, w 

0 0 0 α14 1 α6 α10 α3 α9 α7 α6 x y v w



To find those symbols, we need the generator matrix. To compute it, we could follow the same method we used in Section 3.4: write H in systematic form and obtain G from it. As an alternative, consider this vector is a word with the parity symbols erased. Computing the parity symbols this way, we are, in fact, decoding to code! Equating the four syndromes to 0, we have α10 þ α3 x þ α2 y þ αv þ w ¼ 0 α7 þ α6 x þ α4 y þ α2 v þ w ¼ 0 α3 þ α9 x þ α6 y þ α3 v þ w ¼ 0 α2 þ α12 x þ α8 y þ α4 v þ w ¼ 0 The solution to the above system of linear equations is x ¼ α4 , y ¼ α14 , v ¼ α4 , w ¼ α3 Therefore, the codeword corresponding to the given message is

112

3 RS and Binary BCH Codes



0 0 0 α14 1 α6 α10 α3 α9 α7 α6 α4 α14 α4 α3



As explained in Chapter 1, the (15, 11) code can be shortened to (12, 8) if desired. Then, the message 

α14 1 α6 α10 α3 α9 α7 α6



is coded as 

α14 1 α6 α10 α3 α9 α7 α6 α4 α14 α4 α3



Or, in hexadecimal notation ð 9 1 C 7 8 A B C 3 9 3 8Þ This is the example I presented in Section 1.7 when I said that to protect the message ð9 1 C 7 8 A B C Þ against the occurrence of two errors we had to append four symbols, namely: 3, 9, 3, 8.

3.6

The Period of Binary Irreducible Polynomials

In Fig. 3.2, we have a circuit that stores four bits (a0 a1 a2 a3). The content of the circuit can be described by the polynomial aðDÞ ¼ a3 D3 þ a2 D2 þ a1 D þ a0 The circuit is specified by giving its connection polynomial

Fig. 3.2 A linear feedback shift register

3.6 The Period of Binary Irreducible Polynomials

113

cðDÞ ¼ D4 þ c3 D3 þ c2 D2 þ c1 D þ c0 If ci ¼ 1 (0  i  3), the connection exits; otherwise, it does not. Circuits like these are linear and are known as linear feedback shift registers (LFSR). Remarks • In the continuous coder of Fig. 1.20, we have a linear shift register without feedback. There are, however, continuous coders (mostly, nonlinear) implemented with feedback shift registers. • In Fig. 3.2, the rightmost bit is fedback to some of the (many) XORs placed between (“internal” to) the storage elements of the register. This “one-to-many” configuration is called internal-XOR or Galois. In Chapter 4, when dealing with decoding, I will introduce a different linear feedback shift register structure in which some of the (many) bits stored in the register are XORed and fedback to the leftmost position of the circuit. This many-to-one configuration is known as external-XOR. See Fig. 4.1 for a “justification” of the name. The structure is also known as Fibonacci, in memory of Leonardo de Pisa (nicknamed Fibonacci), an Italian mathematician of the thirteenth century. The circuit is controlled by a clock. At each clock tick, the content (called “state”) of the register changes. If the state is (a0 a1 a2 a3), the next state is ða3 c0

a3 c 1 þ a0

a3 c 2 þ a1

a 3 c 3 þ a2 Þ

Or, in polynomial form ða3 c3 þ a2 ÞD3 þ ða3 c3 þ a2 ÞD3 þ ða3 c3 þ a2 ÞD3 þ a3 c0 Observe that this polynomial is Rc(D){Da(D)}. In words: at each tick, the circuit multiplies its content by D modulo c(D). In this section, we want to analyze the sequence ai ðDÞ ¼ RcðDÞ ½Dai
1 ðDÞ a0 ð D Þ ¼ 1 generated by a LFSR when c(D) is irreducible. Let us begin with c(D) ¼ D4 + D + 1, which is not only irreducible, but also primitive (see Fig. 3.3). The sequence of polynomials generated by the circuit in Fig. 3.3 initially loaded with 1 is D,D2 ,D3 ,D þ 1, D2 þ D . . . This sequence appears in Fig. 3.4.

114

Fig. 3.3 A shift register with connection polynomial D4 + D + 1

Fig. 3.4 Evolution of the register content

3 RS and Binary BCH Codes

3.6 The Period of Binary Irreducible Polynomials

115

Fig. 3.5 Evolution of the register content

This is also the sequence of powers of α computed in Section 3.3. In fact, in both cases (polynomial multiplication or the evolution of the shift register) we calculate the powers of D modulo D4 + D + 1. The same applies to the primitive polynomial D4 + D3 + 1 (see Fig. 3.5). The number of different nonzero configurations that a shift registers of length m can generate is 2m
1. Therefore, the content of the register has to revert to the initial configuration after a maximum of 2m
1 ticks. As we have seen in the previous examples, when the connection polynomial is primitive, we revert to the initial state at the 2m
1 cycle. What happens if the irreducible polynomial is not primitive? Let’s choose the irreducible polynomial D4 + D3 + D2 + D + 1 as the connection polynomial. As before, let’s initialize the register with 1 and keep shifting until the initial state appears again. As we see in Fig. 3.6, after 5 shifts we revert to the initial state without having gone through all possible states. This also happens for any initial loading. Graphically, we say that the period of the polynomial D4 + D3 + D2 + D + 1 is 5, a divisor of 15. This is a general fact: the period of any irreducible polynomial of degree

116

3 RS and Binary BCH Codes

Fig. 3.6 Evolution of the register content

m divides 2m
1. In the case of a primitive polynomial, its period is the maximum possible, 2m
1 (15, in the examples above). Even though α ¼ D is not a generator when we construct F16 using D4 + D3 + D2 + D + 1, generators always exist for irreducible polynomial. Let’s check that β ¼ D + 1 is a generator. Recall that the product by D + 1 has to be done modulo D4 + D3 + D2 + D + 1. The powers of β are the following β¼Dþ1 β2 ¼ ββ ¼ ðD þ 1ÞðD þ 1Þ ¼ D2 þ 1   β3 ¼ β2 β ¼ D2 þ 1 ðD þ 1Þ ¼ D3 þ D2 þ D þ 1   β4 ¼ β3 β ¼ D3 þ D2 þ D þ 1 ðD þ 1Þ ¼ D3 þ D2 þ D   β5 ¼ β4 β ¼ D3 þ D2 þ D ðD þ 1Þ ¼ D3 þ D2 þ 1   β6 ¼ β5 β ¼ D3 þ D2 þ 1 ðD þ 1Þ ¼ D3 β 7 ¼ β 6 β ¼ D 3 ð D þ 1Þ ¼ D 2 þ D þ 1   β8 ¼ β7 β ¼ D2 þ D þ 1 ðD þ 1Þ ¼ D3 þ 1   β9 ¼ β8 β ¼ D3 þ 1 ðD þ 1Þ ¼ D2 β10 ¼ β9 β ¼ D2 ðD þ 1Þ ¼ D3 þ D2   β11 ¼ β10 β ¼ D3 þ D2 ðD þ 1Þ ¼ D3 þ D þ 1   β12 ¼ β11 β ¼ D3 þ D þ 1 ðD þ 1Þ ¼ D β13 ¼ β12 β ¼ DðD þ 1Þ ¼ D2 þ D   β14 ¼ β13 β ¼ D2 þ D ðD þ 1Þ ¼ D3 þ D   β15 ¼ β14 β ¼ D3 þ D ðD þ 1Þ ¼ 1

3.7 The Polynomial Approach to Coding

117

Fig. 3.7 Multiplying by D + 1 modulo D4 + D3 + D2 + D + 1

Although the generation of all nonzero elements of F16 as powers of β ¼ D + 1 is straightforward, it requires more effort than computing the powers of α ¼ D modulo D4 + D + 1. The circuit that mechanizes the process is in Fig. 3.7. Observe that the circuit is more complex than the Galois LFSRs of Figs. 3.3, 3.4, 3.5, and 3.6 (it is not a one-tomany LFSR). Thus, to avoid unnecessary complexities, the polynomials used in error control coding are always primitive.

3.7

The Polynomial Approach to Coding

To explain this method, I’ll use a triple error correcting code. Messages and codewords of the (15, 9) RS code are vectors of 9 and 15 components, respectively, namely x ¼ ð x1 x2 x3 x4 x5 x6 x7 x8 x9 Þ y ¼ ðy1 y2 y3 y4 y5 y6 y7 y8 y9 y10 y11 y12 y13 y14 y15 Þ Or, represented as polynomials x1 D8 þ x2 D7 þ    þ x8 D þ x9 y1 D14 þ y2 D13 þ    þ y14 D þ y15 To keep track of indexes more easily, I change the notation as follows x 1 ¼ u8 , x 2 ¼ u 7 . . . . . . x 8 ¼ u1 , x 9 ¼ u0 y1 ¼ v14, y2 ¼ v13 . . . . . . y14 ¼ v1 , y15 ¼ v0 I do the same for words, and write

118

3 RS and Binary BCH Codes

z1 ¼ w14, z ¼ w13 . . . . . . z14 ¼ w1 , z15 ¼ w0 Now, messages, codewords, and words can be written as uð D Þ ¼

X8 i¼0

ui Di

vð D Þ ¼

X14

v Di i¼0 i

wðDÞ ¼

X14 i¼0

wi Di

Or, more simply as uðDÞ ¼

X

vð D Þ ¼

ui D i ,

X

vi Di

wðDÞ ¼

X

wi Di

The parity-check matrix for this code is like the one given in Section 3.5, but with six rows instead of four. 0

α14

B 14 2 B ðα Þ B B 14 3 B ðα Þ B B 14 4 B ðα Þ B B B ðα14 Þ5 @ ðα14 Þ

6

α13

:

: :

: :

α7

:

: : :

α2

α

1

1

ðα13 Þ

2

:

: :

: :

ðα7 Þ

2

:

: : :

ðα2 Þ

2

α2

ðα13 Þ

3

:

: :

: :

ðα7 Þ

3

:

: : :

ðα2 Þ

3

α3

ðα13 Þ

4

:

: :

: :

ðα7 Þ

4

:

: : :

ðα2 Þ

4

α4

ðα13 Þ

5

:

: :

: :

ðα7 Þ

5

:

: : :

ðα2 Þ

5

α5

C 1C C C 1C C C 1C C C 1C A

ðα13 Þ

6

:

: :

: :

ðα7 Þ

6

:

: : :

ðα2 Þ

6

α6

1

The dot product of the codeword by the first row of H is X

vi αi ¼ vðαÞ ¼ 0

The second parity condition is X  2 X  i   vi α2 ¼ v α2 ¼ 0 vi αi ¼ And the last one X  6 X  i   vi αi ¼ vi α6 ¼ v α6 ¼ 0 Thus, v(D) has α, α2, α3, α4 α5, α6 as roots. Next, consider the polynomial       gðDÞ ¼ ðD þ αÞ D þ α2 D þ α3 D þ α4 D þ α5 D þ α6 This polynomial is the minimum degree polynomial that has those roots. Therefore, v(D) must be a multiple of g(D). Linear codes that satisfy this property

3.8 More About Coding

119

are called polynomial codes, and the polynomial g(D) is called the generator polynomial of the code. Not all linear codes are polynomial codes. Chapter 6 explores the important topic of polynomial codes. Since we want the code to be systematic, the following equalities must be satisfied v14 ¼ u8 , v13 ¼ u7 . . . v7 ¼ u1 , v6 ¼ u0 In polynomial form vð D Þ ¼

P14

i¼6 vi D

¼ D6

P8

i¼0

i

þ

P5

i i¼0 vi D

ui D i þ

P5

i¼0 vi D

i

Or vðDÞ ¼ D6 uðDÞ þ r ðDÞ where r ðDÞ ¼

5 X

vi Di

i¼0

is called the parity-check polynomial. Therefore, using linearity   RgðDÞ vðDÞ ¼ RgðDÞ D6 uðDÞ þ r ðDÞ And, since v(D) is a multiple of g(D),   0 ¼ RgðDÞ D6 uðDÞ þ r ðDÞ Or     r ðDÞ ¼
RgðDÞ D6 uðDÞ ¼ RgðDÞ D6 uðDÞ

3.8

More About Coding

In this section, I present two examples of polynomial coding and illustrate some interesting questions related to this approach to coding.

120

3 RS and Binary BCH Codes

Example 1 Say we want to find the codeword corresponding to the message 

α 0 0 0 0 α2 1 α13 α2



for the (15, 9) RS code. Written as a polynomial, the message is uðDÞ ¼ αD8 þ α2 D3 þ D2 þ α13 D þ α2 The parity polynomial is given by    r ðDÞ ¼ RgðDÞ D6 αD8 þ α2 D3 þ D2 þ α13 D þ α2 The generator polynomial is       gðDÞ ¼ ðD þ αÞ D þ α2 D þ α3 D þ α4 D þ α5 D þ α6 ¼ D6 þ g5 D5 þ g4 D4 þ g3 D3 þ g2 D2 þ g1 D þ g0 Multiplying, we obtain gðDÞ ¼ D6 þ α10 D5 þ α14 D4 þ α4 D3 þ α6 D2 þ α9 D þ α6 The result of dividing D6 uðDÞ ¼ αD14 þ α2 D9 þ D8 þ α13 D7 þ α2 D6 by g(D) is α9 D5 þ α9 D4 þ α2 D3 þ α11 D2 þ α6 D þ α13 Therefore, the codeword corresponding to the above message is 

 α 0 0 0 0 α2 1 α13 α2 α9 α9 α2 α11 α6 α13 (Parity highlighted) To code a different message, we must perform another division like the preceding one, a straightforward but time-consuming and boring task. The approach I present now reduces this effort to nine additions (k, in general) once we precompute nine polynomials. This observation will also help us to understand the circuitry that mechanizes the coding algorithm.

3.8 More About Coding

121

We have      r ðDÞ ¼ RgðDÞ D6 uðDÞ ¼ RgðDÞ D6 u8 D8 þ    þ u1 D þ u0   ¼ RgðDÞ u8 D8þ6 þ    þ u1 D1þ6 þ u0 D6 ¼ u8 RgðDÞ D8þ6 þ    þ u1 RgðDÞ D1þ6 þ u0 RgðDÞ D6 ¼ u8 R8 ðDÞ þ    þ u1 R1 ðDÞ þ u0 R0 ðDÞ where I have use the notation   Ri ðDÞ ¼ RgðDÞ Diþ6 The remainders Ri(D) can be computed once for all. Then, to code we only need to combine them linearly according to the message. Before we proceed any further, a digression. For any two polynomials a(D), b(D), we have RcðDÞ faðDÞ þ bðDÞg ¼ RcðDÞ aðDÞ þ RcðDÞ bðDÞ In words: the application Rc(D){a(D)} is linear. Here is the proof. aðDÞ ¼ cðDÞqa ðDÞ þ RcðDÞ aðDÞ bðDÞ ¼ cðDÞqb ðDÞ þ RcðDÞ bðDÞ Adding  aðDÞ þ bðDÞ ¼ cðDÞ½qa ðDÞ þ qb ðDÞ þ RcðDÞ aðDÞ þ RcðDÞ bðDÞ Now  degree RcðDÞ aðDÞ þ RcðDÞ bðDÞ   max degreeRcðDÞ aðDÞ; degreeRcðDÞ aðDÞ < d where d is the degree of c(D). Therefore RcðDÞ aðDÞ þ RcðDÞ bðDÞ ¼ RcðDÞ ½aðDÞ þ bðDÞ The following can be obtained easily from (3.9)

ð3:9Þ

122

3 RS and Binary BCH Codes

  RcðDÞ faðDÞbðDÞg ¼ RcðDÞ RcðDÞ aðDÞRcðDÞ bðDÞ

ð3:10Þ

Back to our coding problem, the remainders Ri(D) can be calculated iteratively using (3.10)

   Riþ1 ðDÞ ¼ RgðDÞ Dðiþ1Þþ6 ¼ RgðDÞ DRgðDÞ Diþ6 ¼ RgðDÞ fDRi ðDÞg We start with R0 ðDÞ ¼ g5 D5 þ g4 D4 þ g3 D3 þ g2 D2 þ g1 D þ g0 ¼ α10 D5 þ α14 D4 þ α4 D3 þ α6 D2 þ α9 D þ α6 Next, to compute R1(D) divide α10 D6 þ α14 D5 þ α4 D4 þ α6 D3 þ α9 D2 þ α6 D by g(D) again (this only requires five additions). The result is R1 ðDÞ ¼ α12 D5 þ α14 D4 þ α8 D3 þ α3 D2 þ α12 D þ α Continue the same way to obtain all the others R2 ðDÞ ¼ αD5 þ α7 D4 þ α9 D3 þ α10 D2 þ α11 D þ α3 R3 ðDÞ ¼ α8 D5 þ α7 D4 þ D3 þ α8 D2 þ α12 D þ α7 R4 ðDÞ ¼ α4 D5 þ α9 D4 þ α9 D3 þ α5 D2 þ α12 D þ α14 R5 ðDÞ ¼ α4 D5 þ αD4 þ α4 D3 þ α3 D2 þ α2 D þ α10 R6 ðDÞ ¼ α7 D5 þ α7 D4 þ α13 D3 þ α4 D2 þ α9 D þ α10 R7 ðDÞ ¼ α12 D5 þ D4 þ α13 D3 þ α10 D2 þ α8 D þ α13 R8 ðDÞ ¼ α9 D5 þ α4 D4 þ α8 D3 þ α13 D2 þ D þ α3 To code the message 

α 0 0 0 0 α2 1 α13 α2

we only need to add the vectors



3.9 BCH Codes

123

    α α9 α4 α8 α13 1 α3 ¼ α10 α5 α9 α14 α α4     α2 α8 α7 1 α8 α12 α7 ¼ α10 α9 α2 α1 0 α14 α9     1 α α7 α9 α10 α11 α3 ¼ α α7 α9 α1 0 α11 α3     α13 α12 α14 α8 α3 α12 α ¼ α10 α12 α6 α α10 α14     α2 α10 α14 α4 α6 α9 α6 ¼ α12 αα6 α8 α11 α8 The result of the addition is  9 9 2 1 1 6 13  α α α α α α This is what we obtained before. Example 2 Here is a second example. Using the Ri(D) computed before, we can easily find the codeword corresponding to the message(1 0 1 1 1 0 0 0 1). Observe that all the information symbols are bits. But the parity symbols are not bits necessarily. In fact, the codeword is 

1 0 1 1 1 0 0 0 1 α5 α14 α α6 α9 α13



An interesting question is the following: are there binary RS codewords? As shown in the next section, the answer is affirmative.

3.9

BCH Codes

The RS codeword corresponding to the message ð 1 0 1 1 1 0 0 0 0Þ is a binary codeword, namely ð 1 0 1 1 1 0 0 0 0 1 0 1 0 0 1Þ Clearly, the sum of two binary RS codewords is another binary codeword. Therefore, the set of all those codewords is a subspace (a code!) of the binary words of length 15. Codes obtained this way are known as binary BCH codes. Three questions suggest themselves. • What is the dimension of the BCH code? • How can the BCH codewords be generated? • What is the correction capability of BCH code?

124

3 RS and Binary BCH Codes

Fig. 3.8 Relation between the (15, 9) RS and the (15, 5) BCH codes

I’ll come back to these issues in Sections 3.11 and 3.12. For the time being, is enough to say for the (15, 9) RS code, the dimension of the BCH code is 5, that is: we have a (15, 5) BCH code (see Fig. 3.8). This code is also a 3 error correcting code. Figure 3.9 may be of some help to remember the process of “sifting” RS codewords, to select those that have only binary components.

3.10

Encoding Using a Shift Register

In this section, I apply the ideas presented in Section 3.8 to mechanize the coding algorithm using shift registers, in this case a register of length 6 (In general, the number of parity symbols, r). In Fig. 3.10a, we have a 6 stage shift register loaded with zeros. The connection polynomial is gðDÞ ¼ D6 þ g5 D5 þ g4 D4 þ g3 D3 þ g2 D2 þ g1 D þ g0

3.10

Encoding Using a Shift Register

125

Fig. 3.9 Sifting RS codewords

If we input 1 to the adder at the right hand corner of the circuit, the state of the register will change to R0(D) ¼ g(D) (see Fig. 3.10b). From then on, if there are no more inputs (or, equivalently: if we input zeros), the state of the register evolves as follows. At the first shift the state will be RgðDÞ fDR0 ðDÞg ¼ R1 ðDÞ At the second shift RgðDÞ fDR1 ðDÞg ¼ R2 ðDÞ At the third:

126

3 RS and Binary BCH Codes

Fig. 3.10 Encoding using a shift register

RgðDÞ fDR2 ðDÞg ¼ R3 ðDÞ And so on. In Fig. 3.11, we have the final state of the register when fed by the nine different input sequences shown. Therefore, by linearity, if we input the sequence ð u8 u7 u6 u5 u4 u3 u 2 u1 u0 Þ as indicated in Fig. 3.12, the final state of the register is u8 R8 ðDÞ þ    þ u1 R1 ðDÞ þ u0 R0 ðDÞ That is, r(D). Before I close this section, I want to say a few words about the implementation of the products seen in Figs. 3.10, 3.11, and 3.12. Call ζ the fedback symbol. We need to multiply ζ by g0 . . . g5. This can be done using six different memories: ζ is the memory address where the product gi ζ is stored. In Table 3.4, we have the memory corresponding to g5 ¼ α10. Say, for instance, ζ ¼ α14 ¼ D3 + 1. Then, in address (1001), we store 10 14 α α ¼ α9 ¼ D3 + D, that is: (1010).

3.10

Encoding Using a Shift Register

Fig. 3.11 Inputs and final states

127

128

3 RS and Binary BCH Codes

Fig. 3.12 An encoder for the (15, 9) RS code Table 3.4 Memory to multiply by α10

3.11

Address 1111 1110 1101 1100 1011 1010 1001 1000 0111 0110 0101 0100 0011 0010 0001

Content 1011 1100 0101 0010 0100 0011 1010 1101 0110 0001 1000 1111 1001 1110 0111

Analyzing BCH Codes

In this section, I analyze the structure of the four BCH codes obtained from the (15, 13), (15, 11), (15, 9), (15, 7) RS codes. Case 1: (15, 13) RS Code The parity-check matrix for this code is the following 

α14 2 ðα14 Þ

α13 2 ðα13 Þ

α12 2 ðα12 Þ

α11 2 ðα11 Þ

α10 2 ðα10 Þ

α9 2 ðα9 Þ

α8 2 ðα8 Þ

α7 2 ð α7 Þ

 α6 2 α 6

 α5 2 α 5

α4 2 ðα4 Þ

α3 2 ð α3 Þ

α2 2 ðα2 Þ

All codewords, including obviously binary codewords, satisfy vð α Þ ¼ 0

  v α2 ¼ 0

But, for binary codewords, we have 2

ðvðαÞÞ2 ¼ ðv14 α14 þ v13 α13 þ    þ v1 α þ v0 Þ 14 13 ¼ v14 ðα2 Þ þ v13 ðα2 Þ þ    þ v1 α2 þ v0 ¼ vðα2 Þ since v2i ¼ vi .

α ðαÞ2

1 1



3.11

Analyzing BCH Codes

129

Therefore, the only condition that the binary codewords of the (15, 13) RS code have to satisfy is that their dot product by the row   14 13 12 11 10 9 8 7 6 5 4 3 2 α α α α α α α α α α α α α α1 ð3:11Þ is zero. That is v14 ð1001Þ þ v13 ð1101Þ þ    þ v1 ð0010Þ þ v0 ð0001Þ ¼ ð0000Þ In other words: the scalar product of the binary word by any of the four rows of the following matrix 0

1 B0 B @0 1

1 1 0 1

1 1 1 1

1 1 1 0

0 1 1 1

1 0 1 0

0 1 0 1

1 0 1 1

1 1 0 0

0 1 1 0

0 0 1 1

1 0 0 0

0 1 0 0

0 0 1 0

1 0 0C C 0A 1

ð3:12Þ

is zero. This parity-check matrix has four LI rows. Thus, k ¼ n
r ¼ 15
4 ¼ 11. Therefore, there are 211 binary codewords in the (15, 13) RS code. In fact, the binary code is the (15, 11) Hamming code. As an example, the message ð 1 1 0 0 0 1 0 0 0 0 1 1 1Þ is coded as ð 1 1 0 0 0 1 0 0 0 0 1 1 1 0 1Þ by the (15, 13) RS coder. This is also the codeword assigned to the message ð 1 1 0 0 0 1 0 0 0 0 1Þ by the (15, 11) Hamming coder. Remark There are many systematic parity-check matrices for the (15, 11) Hamming code. In fact, 11!  40  106. Writing the columns as hexadecimal numbers, a different choice to the one given in (3.11) is, for instance the following ðF E D C BA 9 7 6 5 3 8 4 2 1Þ Or, expanding 0

1

B B1 B B1 @ 1

0

1

1 1

1

1

1 1

0

0

0

0 1

0

0

1 1

1

0

0 0

1

1

1

0 0

1

0

1 0

0

1

1 0

1

1

0

1 0

0

1

C 0C C 0C A

0 1

0

1

0 1

1

0

1

1 0

0

0

1

ð3:13Þ

130

3 RS and Binary BCH Codes

Should we choose (3.12) or (3.13) (or any other)? I already considered (but not answered!) this question in Section 2.8 with the (7, 4) Hamming code. I said there that, for the (7, 4) Hamming code, matrices 0

1

1

1

1 0

1

0

0

B H1 ¼ @ 0

1

1 1

0

1

C 0A

1

1

0 1

0

0

1

1

0

1 1

1

0

0

B H2 ¼ @ 1

1

1 0

0

1

C 0A

0

1

1 1

0

0

1

or 0

1

should be preferred to any other matrix with a different permutation of the first four columns. The reason is to simplify implementation. Consider the columns of the above matrices as elements of F8. If we construct F8 using D3 + D + 1 as the modulo polynomial, we can write H1 as   H 1 ¼ α6 α5 α4 α3 α2 α 1 Similarly, choosing D3 + D2 + 1 as modulo, we have   H 2 ¼ α6 α5 α4 α3 α2 α 1 Observe the ordering is the same as the one in (3.11). And it is this ordering that allows coding with LFSRs. See the remarks at the end of Section 3.12. Case 2: (15, 11) RS Code Things become more interesting when we look for the binary codewords in the (15, 11) RS code. As said before, the parity matrix is now 0

α14 B 14 2 B ðα Þ B B 14 3 B ðα Þ @ 14 4

ðα Þ

α13 13 2

ðα Þ

13 3

ðα Þ

13 4

ðα Þ

α12 12 2

ðα Þ

12 3

ðα Þ

12 4

ðα Þ

α11 11 2

ðα Þ

11 3

ðα Þ

11 4

ðα Þ

α10 10 2

ðα Þ

10 3

ðα Þ

10 4

ðα Þ

α9 9 2

ðα Þ

9 3

ðα Þ

9 4

ðα Þ

α8 8 2

ðα Þ

8 3

ðα Þ

8 4

ðα Þ

α7 7 2

ðα Þ

7 3

ðα Þ

7 4

ðα Þ

α6  6 2 α  6 3 α  6 4 α

α5  5 2 α  5 3 α  5 4 α

α4 4 2

ðα Þ

4 3

ðα Þ

4 4

ðα Þ

α3 3 2

ðα Þ

3 3

ðα Þ

3 4

ðα Þ

α2

α

1

1

2 2

α

2 3

α3

C 1C C C 1C A

2 4

α4

1

ðα Þ ðα Þ ðα Þ

2

For binary codewords, the fourth row is also superfluous, for the same reason as before. In fact, for any element,β, of the field, we have v(β2) ¼ [v(β)]2. Write β ¼ α2. Then, v(α4) ¼ [v(α2)]2 ¼ v(α)4 ¼ 0. Thus, only the first and third rows do any “screening.” The third row of the above matrix is

3.11

Analyzing BCH Codes



α12

α9

α6

α3

131

1

α12

α9

α6

α3

1

α12

α9

α6

α3

1



The dot product of this row by the codeword is v14 ð1111Þ þ v13 ð1010Þ þ    þ v1 ð1000Þ þ v0 ð0001Þ ¼ ð0000Þ The parity-check matrix for this code is 0

1 1

1

1

0 1

0

1

1

0 0

1

0

1

1

1

1 0

1

0

1

1 0

0

1

0

1

1

1 1

0

1

0

1 1

0

0

1

1

0

1 0

1

1

0

0 1

0

0

1

1

1

0 1

1

1

1

0 1

1

1

0

1

0

0 1

0

1

0

0 1

0

1

1

0

0

0 1

1

0

0

0 1

1

0

0

0

0

1 1

0

0

0

1 1

0

0

B B0 B B B0 B B B1 B B1 B B B1 B B B1 @ 1

0 0

1

C 0 0C C C 1 0C C C 0 1C C 1 0C C C 0 0C C C 0 0C A 0 1

Does it mean that the code is a (15, 7) code? Not necessarily, since some of the rows may be redundant. However, it turns out that all the rows are LI, as can be seen reducing the above matrix to echelon form. Therefore, the code is a (15, 7) BCH code. Is it a double error correcting code, as the (15, 11) RS code, or can this code correct more errors? We know that the minimum weight of the (15, 11) RS codewords is 5, and thus the minimum weight of the binary codewords is at least 5, but clearly it can be more. If the minimum weight were 7, for instance, the (15, 7) binary code would be a triple error correcting code. This is not the case, thought, and the code is a binary double error correcting code. In the next section, we’ll learn how to code using the polynomial approach. Case 3: (15, 9) RS Code As we did in Case 2, write the H matrix of the code, equate to zero the dot products of the binary codeword by the first, third, and fifth rows of H (the sixth row is redundant) and write those conditions in binary, as before. The resulting matrix is the following

132

3 RS and Binary BCH Codes

0

1 B0 B B0 B B B1 B B1 B B1 B B B1 B B1 B B0 B B B1 B @1 1

1 1 0 1 1 0 1 0 0 1 1 0

1 1 1 1 1 1 0 0 0 0 0 1

1 1 1 0 1 0 0 0 0 1 1 1

0 1 1 1 0 0 0 1 0 1 1 0

1 0 1 0 1 1 1 1 0 0 0 1

0 1 0 1 1 0 1 0 0 1 1 1

1 0 1 1 1 1 0 0 0 1 1 0

1 1 0 0 1 0 0 0 0 0 0 1

0 1 1 0 0 0 0 1 0 1 1 1

0 0 1 1 1 1 1 1 0 1 1 0

1 0 0 0 1 0 1 0 0 0 0 1

0 1 0 0 1 1 0 0 0 1 1 1

0 0 1 0 1 0 0 0 0 1 1 0

1 0 0C C 0C C C 1C C 0C C 0C C C 0C C 1C C 0C C C 0C C 0A 1

Not all the rows are LI. For instance: there’s a zero row and, also, the second row from the bottom coincides with the third. So, two rows can be eliminated. The remaining rows are LI. Therefore, r ¼ 10 and k ¼ 5. The binary code generated is the (15, 5) BCH code. The minimum weight is at least 7, and in fact is only 7 (See next section). Therefore, with this code we can correct 3 errors. Remark Since, as we have seen, not all rows of the binary parity matrix obtained from the original RS parity check are LI, we can say that the dimension of the BCH code is k  n
mt. Case 4: (15, 7) RS code What kind of binary code can we obtain from the (15, 7) RS code? The binary check matrix, once we eliminate the linear dependent rows (only the two rows mentioned before) is the following 0

1 B0 B B0 B B1 B B1 B B1 B B1 B B1 B B1 B B1 B B1 B B0 B @1 0

1 1 0 1 1 0 1 0 1 0 1 0 0 0

1 1 1 1 1 1 0 0 0 1 1 1 1 1

1 1 1 0 1 0 0 0 1 1 1 1 0 0

0 1 1 1 0 0 0 1 1 0 0 0 0 1

1 0 1 0 1 1 1 1 0 1 1 0 1 0

0 1 0 1 1 0 1 0 1 1 1 0 0 0

1 0 1 1 1 1 0 0 1 0 1 1 1 1

1 1 0 0 1 0 0 0 0 1 1 1 0 0

0 1 1 0 0 0 0 1 1 1 0 0 0 1

0 0 1 1 1 1 1 1 1 0 1 0 1 0

1 0 0 0 1 0 1 0 0 1 1 0 0 0

0 1 0 0 1 1 0 0 1 1 1 1 1 1

0 0 1 0 1 0 0 0 1 0 1 1 0 0

1 0 0C C 0C C 1C C 0C C 0C C 0C C C 1C C 0C 1C C 0C C 0C C 0A 1

Observe that since H has 14 rows, G only has 1 .The single row generator matrix is G ¼ ð 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1Þ

3.12

BCH Coders

133

Notice that, since the weight of all the rows of H is even, the dot product of the only row of G by all the rows of H is zero, as it should. The code is a repetition code of minimum weight 15 (not only 9) able to correct 7 errors (not only 4). In the next section, I analyze BCH codes using polynomials to further clarify their structure, and to provide an easy method to code that does not require working with matrices.

3.12

BCH Coders

I will first focus on the binary codewords of the (15, 9) RS systematic code. We know that the binary words of this code have to satisfy the three following conditions vðαÞ ¼ 0

    v α3 ¼ 0 v α5 ¼ 0

The first of the three conditions above says that the binary polynomial v(D) has α as a root. This fact imposes some conditions on v(D). To clarify this, let’s think in the more familiar real and complex fields. Say we have a polynomial with real coefficients and that 3 + 2j is one of its roots. What can we say about this polynomial? We know that for polynomials with real coefficients, complex roots come in conjugate pairs: if 3 + 2j is a root, then 3
2j is also a root. Therefore, the polynomial has to look something like this   ðD
ð3 þ 2jÞÞðD
ð3
2jÞÞpðDÞ ¼ D2
6D þ 13 pðDÞ where p(D) is a polynomial with real coefficients. Out of all those polynomials, D2
6D + 13 is the one that has minimum degree, and it is called the minimal polynomial of 3 + 2j. Going back to our case, recall that the polynomial v(D) has binary coefficients, and α is one of its roots. Then α2, α4, α8 are also roots of v(D). The minimal polynomial of α is     m1 ðDÞ ¼ ðD þ αÞ D þ α2 D þ α4 D þ α8 ¼ D4 þ D þ 1 The codeword v(D) must be a multiple of m1(D). For the same reason, v(D) must also be a multiple of the minimal polynomials of α3 and α5. These polynomials are the following      m3 ðDÞ ¼ D þ α3 D þ α6 D þ α12 D þ α9 ¼ D4 þ D3 þ D2 þ D þ 1    m5 ðDÞ ¼ D þ α5 D þ α10 ¼ D2 þ D þ 1 Therefore, v(D) is a multiple of the least common multiple (LCM) of m1(D), m3(D), and m5(D) gðDÞ ¼ LCM fm1 ðDÞ; m3 ðDÞ; m5 ðDÞg

134

3 RS and Binary BCH Codes

Fig. 3.13 A 10 stage encoder for the (15, 5) BCH code

Thus, like RS codes, BCH codes are also polynomial codes. In our case LCM fm1 ðDÞ; m3 ðDÞ; m5 ðDÞg ¼ m1 ðDÞm3 ðDÞm5 ðDÞ because the three polynomials m1(D), m3(D), m5(D) are different and irreducible. Operating, we have     gðDÞ ¼ D4 þ D þ 1 D4 þ D3 þ D2 þ D þ 1 D2 þ D þ 1 ¼ D10 þ D8 þ D5 þ D4 þ D2 þ D þ 1 Recall that the minimum weight of the binary codewords of the (15, 9) RS code is guaranteed to be at least 7. Since g(D) is a 7 weight codeword, the minimum weight of the binary code (although it could have been greater than 7) is indeed 7. Also, as with RS codes, the degree of the generator polynomial is the redundancy of the code. We therefore have a (15, 5) triple error correcting BCH code. The parity-check polynomial corresponding to a message can now be computed similarly to what we did with RS codes, namely   r ðDÞ ¼ RgðDÞ D10 uðDÞ As an example, the message (1 0 1 1 1) is coded as ð 1 0 1 1 1 0 0 0 0 1 0 1 0 0 1Þ This is also the codeword we obtained before using the (15, 9) RS code. In Fig. 3.13, we have a circuit to implement the coding algorithm using a shift register of length r ¼ 10. Remarks • For the (15, 11) Hamming code, coding is done with a LFSR of length 4 with D4 + D + 1 as the connexion polynomial. • For the (7, 4) Hamming codes of Sections 3.11 and 2.8, with parity-check matrices H1 and H2, the LFSRs have length 3 and connexion polynomials D3 + D + 1 for H1 and D3 + D2 + 1 for H2.

Chapter 4

Decoding RS and BCH Codes (Part 1)

4.1

Introduction

In the preceding chapter we saw how to code RS and BCH codes. We also know how to decode when the received word contains only erasures. In this chapter we’ll learn how to decode in the presence of errors. The decoding process in this case is more complicated since, contrary to what happens with erasures, the location of the errors is unknown. In fact, we don’t even know how many errors the word has. Therefore, the first task is to devise a method to decide the number of errors assuming that the error correction capability of the code has not been exceeded. Of course, this won’t always be the case and at times our decision will be incorrect. Error control coding can never guarantee error free decoding, and the probability of erroneous decoding always exits. We are already familiar with this possibility from Chapters 1 and 2 where we saw that undetectable error patterns occur when the error introduced by the channel is a codeword. However, when the capability of the code is surpassed, the decoding methods presented in this chapter are able to detect in some cases (by failing to decode!) the occurrence of these undesirable but inevitable events. Frequently, errors and erasures appear together, and although most of this chapter is dedicated to the correction of only errors, there is a simple algebraic elimination method that reduces the decoding problem when both errors and erasures are present to the case without erasures. This topic will be analyzed further in Chapter 5.

4.2

The Number of Errors

The only information available to figure out the number of errors is the set of syndromes. Once we decide on the number of errors, we must find their locations. The error values can then be computing by solving a system of linear © Springer Nature Switzerland AG 2019 E. Sanvicente, Understanding Error Control Coding, https://doi.org/10.1007/978-3-030-05840-1_4

135

136

4 Decoding RS and BCH Codes (Part 1)

equations, as we did with erasures in Chapter 2. In this section I’ll concentrate on finding the number of errors, leaving for Section 4.5 how to locate their positions. To explain the procedure, I’ll use the (15, 9) RS code.

4.2.1

One Error

Let’s start by assuming that only one error is present. This fact must impose some structure on the set of partial syndromes. What kind of structure? Below is a single error pattern, together with a sketchy representation of the parity-check matrix. The values of e1 and x1 are unknown (although in this illustration x1 ¼ α10). 0ð0 : B: B B: B B: B @: :

0 : : : : : :

0 : : : : : :

0 : : : : : :

e1 0 0 x1 : : x21 : : x31 : : x41 : : x51 : : x61 : :

0 : : : : : :

0 : : : : : :

0 : : : : : :

0 : : : : : :

0 : : : : : :

0 : : : : : :

0 : : : : : :

01 Þ : :C C :C C :C C :A :

The (partial) syndromes are S1 ¼ e 1 x 1

S2 ¼ e1 x21

S3 ¼ e1 x31

S4 ¼ e1 x41

S5 ¼ e1 x51

S6 ¼ e1 x61

Hence, the syndromes are in geometric progression. The values of x1 and e1 are x1 ¼

S2 S1

e1 ¼

S1 x1

From all the above, we see that in the case of one error, there exist a number L1(¼x1), the ratio of the geometric progression, that satisfies the five following equations S1 L1 ¼ S2 S2 L 1 ¼ S3 S3 L1 ¼ S4 S4 L1 ¼ S5 S5 L1 ¼ S6 In other words, we have a compatible set of five equations with only one unknown, L1.

4.2 The Number of Errors

137

Fig. 4.1 Generation of syndromes using linear feedback shift registers (a) One error (b) Two errors (c) Three errors

Observe also that initializing the linear feedback shift register (LFSR) of Fig. 4.1a with S1, the circuit generates the other five syndromes. Example 1 In Section 3.8 we found that the codeword corresponding to the message 

α 0 0 0 0 α2 1 α13 α2



is   α 0 0 0 0 α2 1 α13 α2 α9 α9 α2 α11 α6 α13 Say now that the received word is (error, highlighted)

138

4 Decoding RS and BCH Codes (Part 1)



α 0 0 0 1 α2 1 α13 α2 α9 α9 α2 α11 α6 α13



The syndrome is 

α10 α5 1 α10 α5 1



The above sequence is in geometric progression and we have x1 ¼

S2 α5 ¼ 10 ¼ α10 S1 α

e1 ¼

S1 α10 ¼ ¼1 x1 α10

as it should.

4.2.2

Two Errors

What happens when two errors are present? In Section 4.4 we’ll see that in this case there exits two numbers L2 and L1 that satisfy the following two equations

 S The determinant Δ2 ¼  1 S2 L1 and L2 also satisfy

S1 L2 þ S2 L1 ¼ S3

ð4:1Þ

S2 L2 þ S3 L1 ¼ S4

ð4:2Þ

 S2  must be different from zero. S3  S3 L2 þ S4 L1 ¼ S5

ð4:3Þ

S4 L2 þ S5 L1 ¼ S6

ð4:4Þ

Notice that the occurrence of two errors is indicated by the compatibility of the above system of four equations with only two unknowns, as the sequence of syndromes in geometric progression was an indication for the presence of a single error. The four equations above imply that the LFSR in Fig. 4.1b, initialized with syndromes S2, S1, generates the other four syndromes if L1 and L2 are chosen according to (4.1) and (4.2). Observe that if there is only one error, Δ2 is zero (The second column is a multiple of the first). Remark The LFSRs of Fig. 4.1 are of the many-to-one (Fibonacci) type. Example 2 For the same codeword as in Example 1, suppose now that we have the following two error pattern

4.2 The Number of Errors

139

ð α 0 0 0 1 0 0 0 0 0 0 0 0 0 0Þ The received word is 

0 0 0 0 1 α2 1 α13 α2 α9 α9 α2 α11 α6 α13



The syndrome of the word is 

α5 α12 α6 α3 α3 α5



and the determinant  S Δ2 ¼  1 S2

  S2   α5 ¼ S3   α12

 α12  ¼ α2 6¼ 0 α6 

Then, for sure, there is more than one error (one error would make the second column of the determinant multiple of the first, and Δ2 ¼ 0). But are there two? Let’s check the compatibility of Eqs. (4.1)–(4.4). Equations (4.1) and (4.2) are α5 L2 þ α12 L1 ¼ α6 α12 L2 þ α6 L1 ¼ α3 Solving the system, we obtain L2 ¼ α9 ,

L1 ¼ α11

Those values also satisfy Eqs. (4.3) and (4.4). Therefore, we conclude there are two errors. Now, contrary to what happened in the case of a single error, we don’t know (yet) how to find the location of the two errors.

4.2.3

Three Errors

When three errors are present, there exits three numbers L1, L2, and L3 that satisfy the three equations S1 L3 þ S2 L2 þ S3 L1 ¼ S4 S2 L3 þ S3 L2 þ S4 L1 ¼ S5 S3 L3 þ S4 L2 þ S5 L1 ¼ S6

ð4:5Þ

140

4 Decoding RS and BCH Codes (Part 1)

   S1 S2 S3    The determinant Δ3 ¼  S2 S3 S4  must be different from zero.  S3 S4 S5  Thus, using these values for L1, L2, and L3, and loading the register in Fig. 4.1c with S3, S2, S1, the circuit generates S4, S5, and S6. Observe that, if there are two errors, the determinant Δ3 is zero (The third column is a linear combination of the first two. See Eqs. (4.1)–(4.3)). Δ3 is also zero if there is one error (The second column is a multiple of the first). Example 3 Same transmitted codeword as before with error pattern 

α 0 0 0 1 0 0 0 0 0 0 0 0 α7 0



The received word is 

0 0 0 0 1 α2 1 α13 α2 α9 α9 α2 α11 α10 α13



The syndrome is 

α4 α8 α7 α5 α10 α7



and the determinant   S1  Δ3 ¼  S2  S3

S2 S3 S4

  S3   α4 S4  ¼  α8 S5   α7

α8 α7 α5

 α7  α5  ¼ α10 6¼ 0 α10 

which indicates the presence of three errors. As in Example 2, we do not know their location.      S S2   α4 α8  ¼  ¼ α6 6¼ 0 could lead us to think Remark The determinant  1 S2 S3   α8 α7  there are two errors. The solution to Eqs. (4.1) and (4.2) is L1 ¼ α

L2 ¼ α11

These values do not satisfy Eqs. (4.3) and (4.4). Therefore, we discard two errors. Let’s recapitulate • The determinant Δ3 is zero if there are two errors. • Determinants Δ3 and Δ2 are zero if there is only one error. • From Δ2 6¼ 0, we cannot infer that there are two errors (Recall Example 3 before). However, if there are not three errors, for sure two errors are present (One error would make Δ2 ¼ 0). Figure 4.2 represents all these facts (Δ1 ¼ S1).

4.2 The Number of Errors

141

Three errors Two errors One error

Δ3

Δ2

Δ1(=S1)

≠0 0 0

0 or ≠ 0 ≠0 0

0 or ≠ 0 0 or ≠ 0 ≠0

Fig. 4.2 Different possibilities when the number of errors does not exceed 3

Let’s now proof that the following two matrices  Δ2 ¼

S2 S3

S1 S2

0



S2 S3 S4

S1 Δ 3 ¼ @ S2 S3

1 S3 S4 A S5

are non-singular when two or three errors are present, respectively. Then we’ll see how we can decide about the number or errors based solely on the values of Δ2 and Δ3 without needing to do anything else (checking for equations compatibility or for syndromes in geometric progression). We have S1

S2

S2

S3

! ¼ ¼

e1 x1 þ e2 x2

e1 x21 þ e2 x22

!

1

¼ x1 e1 x21 þ e2 x22 e1 x31 þ e2 x32 ! ! ! 1 1 0 e1 x1 1 x1 x2

x1

0

e2 x 2

1

!

x2

e1 x1

e1 x21

e2 x2

e2 x22

!

1 x2

and therefore   S1   S2

 S2  ¼ ðx1 þ x2 Þ2 e1 e2 x1 x2 6¼ 0 S3 

(Recall that x1 6¼ x2) Similarly, we can write 0

S1

B @ S2 S3

S2

S3

1

0

e1 x1 þ e2 x2 þ e3 x3

S3

C B S4 A ¼ @ e1 x21 þ e2 x22 þ e3 x23

S4

S5

e1 x21 þ e2 x22 þ e3 x23 e1 x31 þ e2 x32 þ e3 x33

e1 x31 þ e2 x32 þ e3 x33 e1 x41 þ e2 x42 þ e3 x43 10 1 1 1 1 e1 x1 e1 x21 e1 x31 B CB C ¼ @ x1 x2 x3 A@ e2 x2 e2 x22 e2 x32 A 0

x21

x22

x23

1

1

1

B ¼ @ x1

x2

CB x3 A@ 0

x21

x22

x23

0

10

e3 x3

e3 x23

e3 x33

e1 x1

0

0

0

e2 x2 0

10

1

CB 0 A@ 1 e3 x3

1

e1 x31 þ e2 x32 þ e3 x33

1

C e1 x41 þ e2 x42 þ e3 x43 A e1 x51 þ e2 x52 þ e3 x25 3

x1

x21

1

x1

C x21 A

x1

x21

ð4:6Þ

142

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.3 Decision tree

When there are three errors, the determinants of the above three matrices are nonzero and, therefore, the matrix of syndromes is nonsingular. In Fig. 4.3, we have a tree to decide the number of errors based on the values of the three numbers Δ3, Δ2 , and Δ1. Notice that the vector Δ ¼ (Δ3Δ2Δ1) is nonzero if the number of errors does not exceed three. Observe also that, to decide the number of errors, we first compute the value of Δ3 and, if Δ3 ¼ 0, then we calculate Δ2 (Recall that when there are three errors, Δ2 may be nonzero and, therefore, we cannot decide two errors based solely on Δ2 6¼ 0. We have to previously check that Δ3 ¼ 0). I close this section with four additional examples to further illustrate that some errors can be detected when the capability of the code is exceeded. Example 4 The same codeword of the previous examples, but now the received word is 

α 0 0 0 0 α2 1 α13 α2 α9 α9 0 α4 α13 α3



Observe that there are four errors. The syndrome is 

0 0 0 α4 α α3



Since S1 ¼ S2 ¼ S3 ¼ 0, we have Δ1 ¼ Δ2 ¼ Δ3 ¼ 0. Therefore, the error cannot be corrected but it has been detected.

4.2 The Number of Errors

143

For the three next examples the transmitted codeword is ð 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1Þ Example 5 Suppose the received word is ð 1 0 1 1 1 1 0 0 1 1 1 1 0 1 0Þ The word has five errors and the syndrome is 

α5 α10 1 α5 1 1



We have   S1  Δ3 ¼  S2  S3

S2 S3 S4

  S3   α5 S4  ¼  α10 S5   1

α10 1 α5

 1  α5  ¼ 0 1

Thus, the number of errors is not three. Likewise, since  S Δ2 ¼  1 S2

  S2   α5 ¼ S3   α10

 α10  ¼0 1 

we know it is not two either. But it cannot be one, because the partial syndromes are not in geometric progression! Then, as in the previous example, the error cannot be corrected, but it has been detected. Example 6 The received word for this example is 

1 1 1 1 1 1 1 1 1 α12 α3 α3 α8 0 α14



The channel introduced six errors. The syndrome is  10  α 1 0 1 α10 α We have   α10  Δ3 ¼  1  0

1 0 1

  0  S 1  ¼ 0 Δ2 ¼  1 S2 α10 

  S2   α10 ¼ S3   1

 1  ¼1 0

144

4 Decoding RS and BCH Codes (Part 1)

Therefore, we tentatively decide there are two errors. But, we still have to check the compatibility of Eqs. (4.1)–(4.4). Replacing the syndromes by their values, the first two equations are α10 L2 þ L1 ¼ 0 L2 ¼ 1 Therefore, L1 ¼ α10. Even though those two values of L1 and L2 satisfy the third equation, they do not satisfy the fourth. Thus, the error has been detected although not corrected. I’ll reconsider this example in Section 4.6. Example 7 As a final example, say now the received word is the following ð 1 0 1 1 1 1 0 0 1 1 1 1 0 0 0Þ The syndrome is 

α2 α4 α14 α8 α10 α13



We have   S1  Δ3 ¼  S2  S3

S2 S3 S4

  S3   α2 S4  ¼  α4 S5   α14

α4 α14 α8

 α14  α8  ¼ 1 α10 

which indicates the possible occurrence of a triple error. But is this really the case? Now we don’t have any extra conditions to double check the validity of our decision. Therefore, we continue with the decoding process, finding (or trying to find, rather!) the location and values of the errors. If we can finish the decoding algorithm, we should compute the syndrome of our potential codeword to check if the decoding process has produced a valid codeword or not. I’ll come back to this example in Section 4.6.

4.3

Computation of Partial Syndromes

Syndromes are the dot product of w by the six rows of H. Recall that the first row of H contains the powers of α in descending order from left to right. The elements of the second row are those of the first raised to the second power and so on. Then, the partial syndrome Si is

4.3 Computation of Partial Syndromes i

145 i

Si ¼ w14 ðα14 Þ þ w13 ðα13 Þ þ    þ w1 αi þ w0 14 13 ¼ w14 ðαi Þ þ w13 ðαi Þ þ    þ w1 αi þ w0 i ¼ wðα Þ The value of a polynomial at a given point can be calculated efficiently using a clever grouping to reduce the number of operations and the storage needed. I’ll illustrate the method with a polynomial of degree 4. Say we are given the polynomial wðDÞ ¼ w4 D4 þ w4 D4 þ w4 D4 þ w1 D þ w0 and we want to calculate w(α) . We order the computations as follows wðαÞ ¼ ðððw4 α þ w3 Þα þ w2 Þα þ w1 Þα þ w0 This disposition is called Horner’s rule, after William Horner, a British mathematician of the nineteenth century. These operations can be mechanized as indicated in Fig. 4.4. Observe that the algorithm requires only 4 multiplications, 4 additions, and one storage element. Clearly, we have wðαÞ ¼ RDþα fwðDÞg This is an elementary result known in Mathematics as Ruffini’s rule, after Paolo Ruffini, an Italian mathematician of the nineteenth century. Thus, the circuit in Fig. 4.4, known as the Ruffini–Horner scheme, computes the remainder of the division of w(D) by D + α. The six syndromes can be calculated in parallel as shown in Fig. 4.5. As an illustration, in Fig. 4.6, we have the details of the computation of S1 for Example 7.

Fig. 4.4 Computation of w(α) (a) Initial state (b) Final state

146

Fig. 4.5 Computation of the syndromes

Fig. 4.6 The computation of S1

4 Decoding RS and BCH Codes (Part 1)

4.4 The Error Locator Polynomial

4.4

147

The Error Locator Polynomial

Once the number of errors has been decided using the method presented in Section 4.2, the task remaining is not easy. Say, for instance, that we know the channel introduced three errors. Then, the system of equations we have to solve is e 1 x 1 þ e 2 x 2 þ e 3 x 3 ¼ S1

ð4:7Þ

e1 x21 þ e2 x22 þ e3 x23 ¼ S2

ð4:8Þ

e1 x31 þ e2 x32 þ e3 x33 ¼ S3

ð4:9Þ

e1 x41 þ e2 x42 þ e3 x43 ¼ S4

ð4:10Þ

e1 x51 þ e2 x52 þ e3 x53 ¼ S5

ð4:11Þ

e1 x61

þ

e2 x62

þ

e3 x63

¼ S6

ð4:12Þ

This is a system of six equations with six unknowns. But the system is nonlinear, and therefore difficult to solve. Fortunately, there’s a clever approach that “decouples” the positions (x1 x2 x3) from the value of errors (e1 e2 e3). First, the location of the errors is found by solving a polynomial equation. That polynomial is called the error locator polynomial and its coefficients can be obtained from the syndromes solving a system of linear equations. After this is done, the error magnitudes can be evaluated the same way we computed the values of erasures in Chapter 2 (again, solving a linear system). The nonlinearity of Eqs. (4.7)–(4.12) has been reduced to finding the roots of a polynomial! These ideas originated with William Peterson, an American mathematician and computer scientist. Later on, they were improved upon and generalized by Daniel Gorenstein and Neal Ziegler, two American mathematicians. In their honor, this decoding approach is known as PGZ. Figure 4.7 is a modified reproduction of Fig. 2.11 featuring the two components mentioned earlier: the location of the errors and the computation of their values. In this section, I concentrate on the error locator. I’ll present several examples of the computation of the error values in Section 4.6. The error locator gives the positions of the erroneous symbols and, in a way, performs a task similar to the demodulator when it flags erasures. Let’s go back to Example 3. The transmitted codeword was 

α 0 0 0 0 α2 1 α13 α2 α9 α9 α2 α11 α6 α13

and the received word,



148

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.7 Error estimator



0 0 0 0 1 α2 1 α13 α2 α9 α9 α2 α11 α10 α13



The task of the error locator is to indicate that the first, fifth, and fourteenth received symbols are incorrect (Recall that the leftmost symbol is received first). This information is provided by a function f() that flags those positions as erroneous, producing a 0 when the argument is 1, 5, or 14. We require that f ð 1Þ ¼ 0

f ð 5Þ ¼ 0

f ð14Þ ¼ 0

The following function satisfies those conditions     f ðiÞ ¼ α14 αi þ 1 α10 αi þ 1 ααi þ 1 In other words   f ðiÞ ¼ L αi where    LðDÞ ¼ α14 D þ 1 α10 D þ 1 ðαD þ 1Þ

4.4 The Error Locator Polynomial

149

Multiplying, we obtain LðDÞ ¼ α10 D3 þ α8 D2 þ α6 D þ 1 Such a polynomial is called the error locator polynomial. It is a trivial task to compute this polynomial when the locations of the errors are given. The interesting fact is that the polynomial can be found directly from the syndromes. That is, in the case of three errors, the coefficients L3, L2, L1 of the error locator polynomial LðDÞ ¼ L3 D3 þ L2 D2 þ L1 D þ 1 can be obtained from   S ¼ ðS1 S2 S3 S4 S5 S6 Þ ¼ α4 α8 α7 α5 α10 α7 by solving system (4.5). Entering in (4.5) the values of the syndromes, we have 0

α4 @ α8 α7

α8 α7 α5

10 1 0 5 1 L3 α7 α α5 A@ L2 A ¼ @ α10 A L1 α10 α7

And the solution is L3 ¼ α10

L2 ¼ α8

L1 ¼ α6

As it should. Let’s prove now that when there are three errors the coefficients of the error locator polynomial satisfy system (4.5). To begin with, remember that in the example the polynomial was    LðDÞ ¼ α14 D þ 1 α10 D þ 1 ðαD þ 1Þ So, in general, we can write the polynomial as LðDÞ ¼ ðx1 D þ 1Þðx2 D þ 1Þðx3 D þ 1Þ We have   L x1 ¼ 0, 1

    L x1 ¼ 0, L x1 ¼ 0, 2 3

Expanding the above, we obtain

150

4 Decoding RS and BCH Codes (Part 1)

  2 1 ¼ L3 x3 L x1 1 1 þ L 2 x 1 þ L1 x 1 þ 1 ¼ 0   2 1 L x1 ¼ L3 x3 2 2 þ L 2 x 2 þ L1 x 2 þ 1 ¼ 0   2 1 L x1 ¼ L3 x3 3 3 þ L 2 x 3 þ L1 x 3 þ 1 ¼ 0

ð4:13Þ ð4:14Þ ð4:15Þ

Next, multiply (4.13) by e1 x41 , (4.14) by e2 x42 , and (4.15) by e3 x43 L3 e1 x1 þ L2 e1 x21 þ L1 e1 x31 þ e1 x41 ¼ 0 L3 e2 x2 þ L2 e2 x22 þ L1 e2 x32 þ e2 x42 ¼ 0 L3 e3 x3 þ L2 e3 x23 þ L1 e3 x33 þ e3 x43 ¼ 0 Adding the three, we get L3 S1 þ L2 S2 þ L1 S3 þ S4 ¼ 0 Similarly, if we multiply (4.13), (4.14), and (4.15) by e1 x51 , e2 x52 , and e3 x53 , respectively, and we add them together as before, the equation is L3 S2 þ L2 S3 þ L1 S4 þ S5 ¼ 0 Finally, the third equation is obtained multiplying (4.13), (4.14), and (4.15) by e1 x61 , e2 x62 , and e3 x63 and adding L3 S 3 þ L 2 S 4 þ L 1 S 5 þ S 6 ¼ 0 Proceeding analogously, when two errors occur, Eqs. (4.1) and (4.2), as well as (4.3) and (4.4), are obtained.

4.5

The Chien Search

The Chien search, named after Robert Chien, a Chinese American engineer, is an algorithm for sequentially computing the roots of the error locator polynomial. Given the error locator polynomial LðDÞ ¼ 1 þ L1 D þ L2 D2 þ L3 D3 The circuit drawn in Fig. 4.8 produces L(αi) at time i. At time 4, for instance, the output is

4.6 Evaluation of Errors

151

Fig. 4.8 Circuit for the Chien search

 4  4 1 þ L1 α4 þ L2 α2 þ L3 α3 which can be written as  2  3   1 þ L1 α4 þ L2 α4 þ L3 α4 ¼ L α4 Example 8 In Section 4.4, we computed the error locator polynomial corresponding to Example 3. In Fig. 4.9, we have the outputs produced by the circuit at each tick. Observe that the outputs at times 1, 5, and 14 are 0. As explained before, this indicates that the first, fifth, and fourteenth symbols are erroneous.

4.6

Evaluation of Errors

For the time being, until we further explore this topic in the next chapter, there’s nothing much to say about the evaluation of errors: the error magnitudes are found solving a system of linear equations.

152

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.9 Example of the Chien search

Example 9: Three Errors I begin with Example 3, in which the error correction capability of the code is not exceeded. In Section 4.2, we computed the syndromes; in Section 4.4, the error locator polynomial and in Section 4.5, its roots. Now, we can easily find the error magnitudes using Eqs. (4.7)–(4.9).

4.6 Evaluation of Errors

153

α14 e1 þ α10 e2 þ αe3 ¼ α4 α13 e1 þ α5 e2 þ α2 e3 ¼ α8 α12 e1 þ e2 þ α3 e3 ¼ α7 The solution is: e1 ¼ α, e2 ¼ 1, e3 ¼ α7 as it should. Remark For binary BCH codes, this step is not necessary, since once we have determined the erroneous positions, we only have to invert the corresponding bits. Consider, for instance, the (15, 5) code presented in Section 3.12. We know that the codeword corresponding to message (1 0 1 1 1) is ð 1 0 1 1 1 0 0 0 0 1 0 1 0 0 1Þ Say the channel introduces the error ð 0 0 0 1 1 0 0 0 0 0 0 0 0 1 0Þ The received word is ð 1 0 1 0 0 0 0 0 0 1 0 1 0 1 1Þ The (partial) syndromes are S1 ¼ α7

S3 ¼ 1

S1 ¼ α10

Compute the determinant   S1  Δ3 ¼  S2  S3

S2 S3 S4

  S3   α7 S4  ¼  α14 S5   1

α14 1 α13

 1  α13  ¼ α3 6¼ 0 α10 

That tells us there are 3 errors (assuming the error capacity of the code is not exceeded). Now, we solve the system 0

α7 @ α14 1

α14 1 α13

10 1 0 13 1 L3 α 1 α13 A@ L2 A ¼ @ α10 A L1 α10 1

The solution is L3 ¼ α7 The error locator polynomial is

L2 ¼ α13

L1 ¼ α7

154

4 Decoding RS and BCH Codes (Part 1)

LðDÞ ¼ α7 D3 þ α13 D2 þ α7 D þ 1 Using the Chien search, the roots are: α4, α5, α14. Therefore, we only have to invert the fourth, fifth, and fourteenth bits. Let’s now explore some of the possibilities that may arise when the number of errors exceeds the correction capability of the code. Example 10: More Than Three Errors I present four different cases. Case 1: We cannot even decide how many errors there are, much less find their values. This case is represented by Example 4. The decoding algorithm is aborted, and the error is detected. Case 2: Decoding is completed, but the decoding algorithm does not provide a valid codeword. Example 6 fits this case. In Section 4.2 we saw that Δ3 ¼ 0 and Δ2 ¼ 1. This indicates that two errors may be present. However, the system of Eqs. (4.1)– (4.4) was not compatible and, in Section 4.2, we dismissed the case. The error was detected. It is also interesting to analyze Example 6 from a different perspective. We know from Section 4.2 that L1 ¼ α10 and L2 ¼ 1. The error locator polynomial is LðDÞ ¼ D2 þ α10 D þ 1 Applying the Chien search, we find two roots, namely: α3 and α12. The values of the two errors are now obtained solving the equations α12 e1 þ α3 e2 ¼ α10 α9 e1 þ α6 e2 ¼ 1 The solutions are: e1 ¼ α14, e2 ¼ α11. Accordingly, the “corrected” word is   v~ ¼ 1 1 α3 1 1 1 1 1 1 α12 α3 α5 α8 0 α12 ~ of v~ to confirm that the “corrected” word is We now compute the syndrome, S, indeed a codeword. In this case, the calculation gives   S~ ¼ 0 0 0 0 0 α8 6¼ ð0 0 0 0 0 0Þ Therefore, the correction failed, but the error was detected.

4.6 Evaluation of Errors

155

Case 3: The number of errors does not coincide with the number of roots of the error locator polynomial. Consider now Example 7. The syndrome is 

α2 α4 α14 α8 α10 α13



We have   S1  Δ3 ¼  S2  S3

S2 S3 S4

  S3   α2 S4  ¼  α4 S5   α14

α4 α14 α8

 α14  α8  ¼ 1 α10 

Therefore, we presume the channel introduced three errors and proceed trying to find their locations. We compute the error location polynomial solving the system 0

α2

α4

α14

10

L3

1

0

α8

1

B 4 @ α

α14

CB C B C α8 A@ L2 A ¼ @ α10 A

α14

α8

α10

L1

α13

The solution is L3 ¼ α14 ,

L2 ¼ α4 ,

L1 ¼ α 2

and the error locator polynomial LðDÞ ¼ α14 D3 þ α4 D2 þ α2 D þ 1 However, this polynomial does not have any roots in F16 and the algorithm ends. Error detected. Remark Even though we have seen many similarities between finite fields and the complex field, when it comes to finding the roots of polynomials the difference is profound. Polynomials with complex coefficients always have complex roots, but polynomials with coefficients in a finite field may not have roots in that field. For instance, binary irreducible polynomials do not have binary roots. Thus, we cannot continue decoding any further; the algorithm is aborted but the error has been detected! The algorithm also fails when the number of the roots of the locator polynomial does not match the number of estimated errors. Case 4: Decoding is completed and the algorithm produces a valid codeword, but the codeword is different from the one sent.

156

4 Decoding RS and BCH Codes (Part 1)

This is erroneous decoding. The following example illustrates this possibility. As in Examples 6 and 7, suppose also that the transmitted codeword is ð 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1Þ The received word is  4  α 1 1 1 1 1 1 α6 α8 α7 α7 α8 α12 α13 α6 Since there are 9 errors, the correction capability of the code has been greatly surpassed. The syndromes are (α7α2α4 1 α4α5). The value of the determinant Δ3 is   α7  Δ3 ¼  α2  α4

α2 α4 1

 α4  1  ¼ 0 α4 

We decide the number of errors is not 3. Since Δ2 ¼ α13, we conclude there are two errors. To find the coefficients, L1 and L2, of the error locator polynomial we solve the system α7 L2 þ α2 L1 ¼ α4 α2 L2 þ α4 L1 ¼ 1 The solution is: L1 ¼ α12, L2 ¼ α2. The roots of the error locator polynomial are: α6 and α7. The error magnitudes are the solutions of the linear system α9 e1 þ α8 e2 ¼ α7 α3 e1 þ αe2 ¼ α2 The values are: e1 ¼ α2, e2 ¼ 1. Then, v~ is   v~ ¼ α4 1 1 1 1 α8 0 α6 α8 α7 α7 α8 α12 α13 α6 Its syndrome is zero and, therefore, it is output as the estimated transmitted codeword, ^v , producing an erroneous decoding.

4.6 Evaluation of Errors

157

Fig. 4.10 Schematic representation of the decoding process

All these cases are represented in Fig. 4.10, where we can observe the five different possibilities already mentioned in Chapter 1, namely: No error, un-detectable error (The error is a codeword). Error detection (Example 10, Cases 1–3) Error correction, erroneous decoding (Example 9; Example 10, Case 4)

158

4.7

4 Decoding RS and BCH Codes (Part 1)

The Massey Algorithm: A Presentation

The Massey algorithm, named after his inventor, James Massey, an American information theorist and cryptographer, is (among other things) an efficient method to iteratively compute the error locator polynomial. Although the work needed to find L(D) is reduced to the simple task of solving a set of linear equations, computations may be very laborious in many cases. Say, for instance, we are working in F16 as before, but now we want to correct 6 errors instead of only 3. After calculating the syndrome, the first thing we must do is to see if the determinant   S1    S2    S3    S4  S  5  S 6

S2

S3

S4

S5

S3

S4

S5

S6

S4

S5

S6

S7

S5

S6

S7

S8

S6

S7

S8

S9

S7

S8

S9

S10

 S6   S7    S8    S9   S10   S  11

is zero. This is hard work, and computations get more time consuming as the number of errors we want to correct increases. Besides, what if there is only one error? Shouldn’t we first check, just in case, if the syndromes are in geometric progression? As I explained before, this is equivalent to saying that the syndromes can be generated using a shift register of length one. Many times this won’t be possible, and then we discard the hypothesis of only one error. We could continue this way, increasing minimally the register length to check if there is a shift register of length 2 that produces the sequence of syndromes. Recall that this is more than simply saying that Δ2 is nonzero. As we know, Δ2 6¼ 0 does not guarantee two errors, but that the syndromes can be generated with a register of length 2, does. The idea now is to keep trying more registers, either increasing their lengths or changing the connections until we find a register that matches the sequence of syndromes. If the channel didn’t introduce more than six errors, the match will eventually happen, at the latest when the length is 6. As anticipated before, this increase in length should be done carefully to avoid the possibility of leaving some options (some lengths/connections) unexplored. Notice the difference between this approach and the PGZ method presented before. For a t error correcting code, the PGZ algorithm starts evaluating Δt. Then (if Δt ¼ 0), it proceeds calculating Δt  1, Δt  2, and so on in descending order until a determinant Δe 6¼ 0 is found (the subindex e is the number of errors). At this point, the algorithm produces the register that outputs all the syndromes in a “one shot” computation. The Massey algorithm, on the contrary, proceeds iteratively, computing a sequence of registers that finally provide the solution. In the “construction path,” going from one register to the next until the match is obtained, sometimes the

4.8 The Massey Algorithm at Work: (15, 9) RS Code

159

connections are changed, and sometimes the length is increased when the mere change of connections does not increase the number of correctly generated symbols. Moreover, at each step of the computation, the Massey algorithm builds the new register using previously constructed registers. In the next two sections, I illustrate the workings of the algorithm using several examples. The justification, although elementary (but not at all trivial), is somewhat lengthy. Refer for the details to Appendix F.

4.8

The Massey Algorithm at Work: (15, 9) RS Code

In this section, I’ll use the Massey algorithm to find the error location polynomial of Example 2. The polynomial was already computed there using the PGZ algorithm and the result is LðDÞ ¼ α9 D2 þ α11 D þ 1 In the following example, I obtain the same polynomial using the Massey algorithm. Example 11 As said, the Massey algorithm starts by checking if the syndromes are in geometric progression. If this were the case, the sequence of syndromes could be reproduced using a register of length one (see Fig. 4.11a). The symbols output by this register are: α5, α12, α4 . . . . . . There’s a discrepancy in the third symbol, namely: α4 + α6 ¼ α12. Therefore, the hypothesis of one error is discarded and to match more symbols we have to increase the register’s length (see Fig. 4.11b). However, although the lengths of the registers in Fig. 4.11a, b are different, they output the same sequence. Therefore, the discrepancy in the third symbol remains. It can be eliminated if we input the discrepancy (as a correcting term) to the adder in Fig. 4.11c. The resulting register is drawn in a slightly different way in Fig. 4.11d. This register correctly generates α5, α12, α6. The discrepancy occurs in the fourth symbol. Its value is α11 + α3 ¼ α5. The circuit that generates the corrections must now produce 0, α5 (Recall that α6 is correct) (see Fig. 4.12a, b). This circuit is drawn in Fig. 4.12c, d. The value of the multipliers of the correction circuit (call them x and y) can be obtained solving the system α12 x þ α5 y ¼ 0 α6 x þ α12 y ¼ α5 The solution is x ¼ α8, y ¼ 1. The final register is in Fig. 4.13, the same register we found using the PGZ algorithm.

160

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.11 Massey algorithm for Example 11 (a) Register that generates two symbols (b) Register that generates the same sequence as in (a) (c) Generation of the correcting term (d) Register in (c) drawn differently

4.8 The Massey Algorithm at Work: (15, 9) RS Code

161

Fig. 4.12 Massey algorithm for Example 11: Continuation (a) Generating α6 (b) Generating α3 (c) Discrepancy 0 (d) Discrepancy α5

To get what “pattern” the connection polynomials follow, let’s analyze their “evolution” in this example. We start computing the difference between the polynomial L6(D) in Fig. 4.13 (that generates the six syndromes) and L3(D) in Fig. 4.11d (that only produces three syndromes). Recall, again, that subtraction is addition.     L6 ðDÞ þ L3 ðDÞ ¼ α9 D2 þ α11 D þ 1 þ α7 D2 þ α7 D þ 1 α5 ¼ α8 Dð1 þ α7 DÞ ¼ 12 D32 L2 ðDÞ α where L2(D) is the polynomial of the register in Fig. 4.11a that correctly outputs two syndromes.

162

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.13 Massey algorithm for Example 11: Final register

α12

α5 α7 + α8 = α11

α 7 +1 = α9

Generates:

α5 α12α6 α3 α3 α5

Therefore, L6(D) is obtained as L6 ðDÞ ¼ L3 ðDÞ þ

α5 32 D L2 ðDÞ α12

ð4:16Þ

Observe now, α5 ¼ Discrepancy using L3(D) α12 ¼ Discrepancy using L2(D) 3 ¼ Number of syndromes generated by L3(D) 2 ¼ Number of syndromes generated by L2(D) Continuing with the search for a pattern, the difference between L3(D) and L2(D) is   L3 ðDÞ þ L2 ðDÞ ¼ α7 D2 þ α7 D þ 1 þ ð α7 D þ 1Þ α12 ¼ α7 D2 ¼ 5 D20 α And thus L 3 ð D Þ ¼ L2 ð D Þ þ

α12 20 D L0 ðDÞ α5

This expression has the same structure as Eq. (4.16) if we agree on the “existence” of an initial “register” L0(D) ¼ 1 that generates zeros and that, therefore, “disagrees” with the given sequence in the first nonzero syndrome. Most algorithms have a peculiar and somewhat contrived way of being initialized, and Massey algorithm is not an exception. We’ll see more about this in Examples 12 and 13. Although from the construction just presented we can get a general idea for Massey algorithm, there are some points that need more elaboration. This I do in the next section.

4.9 The Massey Algorithm at Work: (15, 3) RS Code

4.9

163

The Massey Algorithm at Work: (15, 3) RS Code

If we want to correct t ¼ 6 errors, the redundancy is r ¼ 2t ¼ 12 and k ¼ 3. The generator polynomial for the (15, 3) code is gðDÞ ¼

iY ¼12 

D þ αi



i¼1

Operating, we get gðDÞ ¼ D12 þ α8 D11 þ α14 D10 þ α8 D9 þ α3 D8 þ D7 þ α2 D6 þα13 D5 þ α14 D4 þ α2 D3 þ α6 D2 þ α13 D þ α3 As explained in Section 3.8, to code it is convenient to precompute   R0 ðDÞ ¼ RgðDÞ D12 R1 ðDÞ ¼ RgðDÞ ðDR0 ðDÞÞ R2 ðDÞ ¼ RgðDÞ ðDR1 ðDÞÞ Coding is then reduced to combining linearly those polynomials using the message symbols. The polynomials are R0 ðDÞ ¼ α8 D11 þ α14 D10 þ α8 D9 þ α3 D8 þ D7 þ α2 D6 þ α13 D5 þ α14 D4 þ α2 D3 þ α6 D2 þ α13 D þ α3 R1 ðDÞ ¼ α7 D11 þ α11 D10 þ α9 D9 þ α12 D8 þ D7 þ α9 D6 þ α8 D5 þ α12 D4 þ α7 D3 þ α2 D2 þ α2 D þ α11 R2 ðDÞ ¼ α12 D11 þ α5 D10 þ α11 D9 þ α5 D8 þ D7 þ α12 D6 þ α14 D5 þ α10 D4 þ α11 D3 þ α14 D2 þ α3 D þ α10 For the message (1 1 1), the parity polynomial is r ðDÞ ¼ R0 ðDÞ þ R1 ðDÞ þ R2 ðDÞ ¼ D11 þ D10 þ D9 þ D8 þ D7 þ D6 þ D5 þ D4 þ D3 þ D2 þ D þ 1 And the corresponding codeword ð 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1Þ Suppose the channel introduces the following error pattern

164

4 Decoding RS and BCH Codes (Part 1)

  e ¼ 1 0 α 0 0 0 0 0 0 α2 0 0 0 α3 α Then the receiver gets the word   w ¼ 0 1 α4 1 1 1 1 1 1 α8 1 1 1 α14 α4 The 12 partial syndromes are S1 ¼ wðαÞ ¼ α11 S4 ¼ wðα4 Þ ¼ α12

S2 ¼ wðα2 Þ ¼ 1   S5 ¼ w α5 ¼ α13

S3 ¼ wðα3 Þ ¼ α11   S6 ¼ w α 6 ¼ α 7

S7 ¼ wðα7 Þ ¼ α6

S8 ¼ wðα8 Þ ¼ α4

S9 ¼ wðα9 Þ ¼ α5

S10 ¼ wðα10 Þ ¼ 0

S11 ¼ wðα11 Þ ¼ α9

S12 ¼ wðα12 Þ ¼ α3

Let’s first find the locator polynomial using the PGZ method. Compute Δ6  11 α    1   11 α Δ6 ¼   α12   α13    α7

1

α11

α12

α13

α11

α12

α13

α7

α12

α13

α7

α6

α13

α7

α6

α4

α7

α6

α4

α5

α6

α4

α5

0

 α7   α6   α4  ¼0  α5   0   α9 

Thus, there are fewer than 6 errors. Now, compute Δ5.  11 α    1   Δ5 ¼  α11   12 α   α13

1

α11

α12

α11

α12

α13

α12

α13

α7

α13

α7

α6

α7

α6

α4

 α13   α7    α6  ¼ α6   α4   α5 

Therefore, the word has 5 errors (we knew this!). We can find the error locator solving the system

4.9 The Massey Algorithm at Work: (15, 3) RS Code

0

α11

1

α11

α12

B B 1 B B 11 Bα B B α12 @

α11

α12

α13

α12

α13

α7

α13

α7

α6

α13

α7

α6

α4

α13

165

1

0 1 0 71 α C L5 α 7 CB L C B α 6 C CB 4 C B C C B 4C L3 C α 6 CB C ¼ Bα C CB @ A @ α5 A L2 α4 C A L1 0 α5

The solution is L5 ¼ α2

L4 ¼ α10

L3 ¼ α9

L2 ¼ α7

L1 ¼ α4

Those values satisfy also the two following equations S6 L5 þ S7 L4 þ S8 L3 þ S9 L2 þ S10 L1 ¼ S11 S7 L5 þ S8 L4 þ S9 L3 þ S10 L2 þ S11 L1 ¼ S12 In other words, the shift register of Fig. 4.14, initialized as indicated, generates α7, α , α4, α5, 0, α9, α3 in this order. 6

Remark Observe that LðDÞ ¼ α2 D5 þ α10 D4 þ α9 D3 þ α7 D2 þ α4 D þ 1 can be factored as

Fig. 4.14 Generation of the syndromes with a shift register

166

4 Decoding RS and BCH Codes (Part 1)

    LðDÞ ¼ 1 þ α14 D 1 þ α12 D 1 þ α5 D ð1 þ αDÞð1 þ DÞ in accordance with the location of the errors. Let’s apply the Massey algorithm following the guides presented in Example 11. Example 12 A complete description of the shift register and its performance requires giving the connection polynomial, its length, the number of syndromes generated, and the discrepancy. As we have seen in the preceding section, when we iterate we obtain a new 0 polynomial, L(D), adding to the last polynomial found, L (D), a correction term. 0

LðDÞ ¼ L ðDÞ þ Correction Polynomial The correction polynomial is the product of another previously computed 00 polynomial, L (D), multiplied by a monomial, M(D) 0

LðDÞ ¼ L ðDÞ þ M ðDÞL00 ðDÞ

ð4:17Þ

The monomial is 0

M ðD Þ ¼ 0

d G0 G00 D d00

ð4:18Þ

0

where the pair (G , d ) describes the performance of the register constructed with 0 L (D), namely: 0

G : Number of syndromes correctly generated 0 d : Discrepancy of the first incorrect symbol 00

and likewise for L (D). 00 I still have to explain how to choose L (D). Let’s proceed in steps. Initialization As said in Example 11, we initialize the algorithm as follows Polynomial ¼ 1 Syndromes generated ¼ 0 Discrepancy ¼ α11 First Step The first two syndromes S1 ¼ α11, S2 ¼ 1 are generated by the shift register of length one depicted in Fig. 4.15 with

4.9 The Massey Algorithm at Work: (15, 3) RS Code

167

Fig. 4.15 Massey algorithm for Example 12. First step

L1 ¼

S2 1 ¼ ¼ α4 S1 α11

However, the third symbol produced by the circuit (α4) is different from the third syndrome (α11). The discrepancy is d ¼ α11 þ α4 ¼ α13 We have already the first two polynomials in the iteration: 1 and 1 + α4D. Second Step To match the third symbol, we apply (4.17) and (4.18). 0

L ðDÞ ¼ 1 þ α4 D α13 M ðDÞ ¼ 11 D20 α

L00 ðDÞ ¼ 1

Then LðDÞ ¼ 1 þ α4 D þ

α13 20 D 1 ¼ 1 þ α4 D þ α2 D2 α11

The discrepancy in the fourth syndrome is α9.

168

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.16 Massey algorithm for Example 12, Third step

Third Step Now, set L00 ðDÞ ¼ 1 þ α4 D α9 M ðDÞ ¼ 13 D32 α

0

L ðDÞ ¼ 1 þ α4 D þ α2 D2

Then LðDÞ ¼ 1 þ α4 D þ α2 D2 þ

 α9 32  D 1 þ α4 D ¼ 1 þ α13 D þ α8 D2 13 α

See Fig. 4.16. The register generates four syndromes. The discrepancy in the fifth is α14. Observe that, contrary to what happened in the second step, in this iteration we don’t increase the length. Fourth Step To find the register of minimum length that generates one more syndrome, the corresponding polynomial is obtained applying again (4.17) and (4.18). As 0 before, L (D) is the last computed polynomial, but now we have more than one 00 choice for L (D) (see Fig. 4.17). To guarantee that the new register has 00 minimum length, we must choose as L (D) the polynomial just prior to the 0 whole “bunch” of polynomials with the same length as L (D). Refer to Appendix F for the proof. 00

Remark We could argue that in the third step we also had two choices for L (D), 00 namely: 1 and 1 + α4D. I disregarded L (D) ¼ 1 without even mentioning the possibility existed. As just indicated here, this was the right decision!

4.9 The Massey Algorithm at Work: (15, 3) RS Code

169

Fig. 4.17 Massey algorithm for Example 12, Fourth step

Then, again L00 ðDÞ ¼ 1 þ α4 D And we have, M ðDÞ ¼

α14 42 D α13

Therefore   LðDÞ ¼ 1 þ α13 D þ α8 D2 þ αD2 ð1 þ α4 DÞ ¼ 1 þ α13 D þ α10 D2 þ α5 D3 We generate 5 syndromes, and the discrepancy in the sixth is α6. In this iteration we also have an increase in the length of the register. So, sometimes the length increases, sometimes it doesn’t. In general, the length, L, depends only on the preceding register, and it is given by the formula  0 0  0 L ¼ max L ; G þ 1  L Again, this is proved in Appendix F. Remark The lengths of the registers in the previous steps satisfy this formula, even for the first step if we agree on assigning length 0 to the initial register. See also the next example.

170

4 Decoding RS and BCH Codes (Part 1)

The algorithm can now be continued as indicated below. Fifth Step Polynomial ¼ 1 þ α5 D þ D2 þ α10 D3 Register length ¼ maxð2; 4 þ 1  2Þ ¼ 3 Syndromes generated ¼ 6 Discrepancy ¼ α8 Sixth Step Polynomial ¼ 1 þ α5 D þ α7 D2 þ α6 D3 þ α2 D4 Register length ¼ 4 Syndromes generated ¼ 7 Discrepancy ¼ α11 Seventh Step Polynomial ¼ 1 þ α11 D þ α11 D2 þ α2 D3 þ α14 D4 Register length ¼ 4 Syndromes generated ¼ 8 Discrepancy ¼ α5 Eighth Step Polynomial ¼ 1 þ α11 D þ D2 þ α5 D4 þ α7 D5 Register length ¼ 5 Syndromes generated ¼ 9 Discrepancy ¼ α3 Ninth Step Polynomial ¼ 1 þ α4 D þ α7 D2 þ α9 D3 þ α10 D4 þ α2 D5 Register length ¼ 5 Syndromes generated ¼ 12 Discrepancy ¼ None This polynomial is the same we obtained using the PGZ algorithm at the beginning of this section. Example 13 For this example, the error pattern is 

1 0 α2 0 0 0 0 0 0 α2 0 0 0 α5 α10



The locations of the errors are the same as in Example 12. Thus, we must obtain the same error locator polynomial. The syndrome is   0 0 α6 α11 α6 α11 α3 α7 0 α12 0 1

4.9 The Massey Algorithm at Work: (15, 3) RS Code

171

Initialization Recall that the “initial register” generates zeros. Thus, the number of syndromes generated by this “register” is the number of leading zeros, and the discrepancy is the value of the first nonzero syndrome. Polynomial ¼ 1 Register length ¼ 0 Syndromes generated ¼ 2 Discrepancy ¼ α6 First Step Since the first two syndromes are zero, any circuit capable of generating the third syndrome must have length 3. Observe this agrees with the formula that gives the 0 0 length of the register as a function of the parameters (L and G ) of the last register obtained, in this case the “initial register.” In fact, we have n 0 0 o 0 L ¼ max L ; G þ 1  L ¼ maxf0; 2 þ 1  0g ¼ 3 Choosing α5 as the value of the multiplier, the register in Fig. 4.18 produces the first four syndromes but not the fifth. The discrepancy is α11. Observe that the register length is different from the degree of the polynomial.

Fig. 4.18 Massey algorithm for Example 13, First step

172

4 Decoding RS and BCH Codes (Part 1)

Second Step The minimum length register that generates the fifth syndrome is   α11 LðDÞ ¼ 1 þ α5 D þ 6 D42 1 ¼ 1 þ α5 D þ α5 D2 α The register length never decreases. Thus, it must be 3 as before, not 2 (the degree of the polynomial). Notice that the formula n 0 0 o 0 L ¼ max L ; G þ 1  L ¼ maxf3; 4 þ 1  3g ¼ 3 provides also this value. The sixth symbol generated is α6, not α11. Thus, the discrepancy is α6 + α11 ¼ α (see Fig. 4.19). Third Step To match more syndromes, we will take 0

L ðDÞ ¼ 1 þ α5 D þ α5 D2 00

L (D) must be again the initialization polynomial (since the polynomial 0 corresponding to the shift register in Fig. 4.18 has the same length as L (D)). Thus, we have   α LðDÞ ¼ 1 þ α5 D þ α5 D2 þ 6 D52 1 α ¼ 1 þ α5 D þ α5 D2 þ α10 D3 The rest of the iterations are illustrated in Fig. 4.20. Observe that the last polynomial is LðDÞ ¼ α2 D5 þ α10 D4 þ α9 D3 þ α7 D2 þ α4 D þ 1 as anticipated.

Fig. 4.19 Massey algorithm for Example 13. Second step

Fig. 4.20 Massey algorithm for Example 13. All steps

174

4.10

4 Decoding RS and BCH Codes (Part 1)

Decoding When Errors and Erasures Are Present

To explain how to decode in the presence of errors and erasures, I’ll start with the (15, 9) RS code. I assume that two erasures occurred and that the correction capability of the code is not exceeded. This implies that the maximum number of errors is two, but of course we don’t know how many errors there are, perhaps none! The six partial syndromes satisfy the following equations S1 ¼ e 1 x 1 þ e 2 x 2 þ d 1 y 1 þ d 2 y 2 S2 ¼ e1 x21 þ e2 x22 þ d 1 y21 þ d 2 y22 S3 ¼ e1 x31 þ e2 x32 þ d 1 y31 þ d 2 y32 S4 ¼ e1 x41 þ e2 x42 þ d 1 y41 þ d 2 y42 S5 ¼ e1 x51 þ e2 x52 þ d 1 y51 þ d 2 y52 S6 ¼ e1 x61 þ e2 x62 þ d 1 y61 þ d 2 y62 where e1 or e2 or both can be zero. Since the location of the erasures (y1 and y2) are known, we have six nonlinear equations with six unknowns. To solve the above system of equations, I’ll begin by eliminating the unknowns d1 and d2. After the elimination, we’ll end up with four equations with four unknowns. The system is also nonlinear but, as we’ll see, has the same structure as if two errors were present. Adding y1S2 to S3, eliminates d1 y31 . However, this causes the appearance of the new term y1 y22 d 2 . Similarly, when we add y2S2 to S3, we eliminate d2 y32 but y21 y2 d2 appears. We have S3 þ S2 ðy1 þ y2 Þ ¼ F ðe1 ; e2 ; x1 ; x2 ; y1 ; y2 Þ þ y1 y22 d2 þ y21 y2 d 2 where F(e1, e2, x1, x2, y1, y2) is an expression that doesn’t contain d1 or d2. The terms y1 y22 d2 þ y21 y2 d2 can be cancelled adding y1y2S1 to the above. Define T 1 ¼ S1 y 1 y 2 þ S2 ð y 1 þ y 2 Þ þ S3 Operating, we have   T 1 ¼ ðe1 x1 þ e2 x2 Þy1 y2 þ e1 x21 þ e2 x22 ðy1 þ y2 Þ   þ e1 x31 þ e2 x32 Grouping terms, we can write this last equation as

ð4:19Þ

4.10

Decoding When Errors and Erasures Are Present

T 1 ¼ E 1 x1 þ E 2 x2

175

ð4:20Þ

where

E 1 ¼ e1 x21 þ ðy1 þ y2 Þx1 þ y1 y2

E 2 ¼ e2 x22 þ ðy1 þ y2 Þx2 þ y1 y2

ð4:21Þ ð4:22Þ

Similar results are obtained with the expressions T 2 ¼ S2 y 1 y 2 þ S3 ð y 1 þ y 2 Þ þ S4

ð4:23Þ

T 3 ¼ S3 y 1 y 2 þ S4 ð y 1 þ y 2 Þ þ S5

ð4:24Þ

T 4 ¼ S4 y 1 y 2 þ S5 ð y 1 þ y 2 Þ þ S6

ð4:25Þ

T 2 ¼ E 1 x21 þ E2 x22

ð4:26Þ

T 3 ¼ E 1 x31 þ E2 x32

ð4:27Þ

T4 ¼

ð4:28Þ

namely,

E 1 x41

þ

E2 x42

T1, T2, T3, and T4 are called modified syndromes. Observe that they are zero if there are no errors. Also, they are in geometric progression in the case of only one error. The system of Eqs. (4.20), (4.26)–(4.28) is nonlinear, but it has the same structure as the system we encountered when only errors were present. Thus, it can be solved using the same method we employed for the case of only errors, eliminating the nonlinearity by first calculating the values of x1 and x2. In the next example, I illustrate the computations using the word in Example 4 slightly modified. Example 14 The received word in Example 4 had four errors and we couldn’t correct them, only detect them. The situation is totally different if two of the errors are flagged as erasures, say by the demodulator. Suppose, for instance, that the flagged symbols are symbols 12 and 13. Then, the decoder receives    ∗ α 0 0 0 0 α2 1 α13 α2 α9 α9 0∗ α4 α13 α3 Thus y1 ¼ α3 , y2 ¼ α2

176

4 Decoding RS and BCH Codes (Part 1)

The syndrome is (0 0 0 α4 α α3). The modified symbols are calculated using (4.19), (4.23)–(4.25). The result is T 1 ¼ 0,

T 2 ¼ α4 ,

T 3 ¼ α8 ,

T 4 ¼ α14

The matrix 

T1 T2

T2 T3



 ¼

0 α4

α4 α8

 ¼ α8

is nonsingular and, therefore, we have two errors. To find the error locator polynomial, we solve the linear system 

0 α4

α4 α8



L2 L1



 ¼

α8 α14



The solution is L1 ¼ α4 ,

L2 ¼ α

The locator polynomial is L(D) ¼ 1 + α4D + αD2. Its roots are α14 and 1. Thus, x1 ¼ α and x2 ¼ 1. The magnitudes for the errors and the erasures are found solving the following system of linear equations α3 d1 þ α2 d 2 þ αe1 þ e2

¼0

α6 d1 þ α4 d 2 þ α2 e1 þ e2 ¼ 0 α9 d1 þ α6 d 2 þ α3 e1 þ e2 ¼ 0 α12 d 1 þ α8 d2 þ α4 e1 þ e2 ¼ α4 Observe that to write these equations, we are using the syndromes, not the modified syndromes. The solution is d 1 ¼ α2 ,

d2 ¼ α13 ,

e1 ¼ 1,

e2 ¼ α8

And the decoded codeword 

α 0 0 0 0 α2 1 α13 α2 α9 α9 α2 α11 α6 α13



4.10

Decoding When Errors and Erasures Are Present

177

Remark A better alternative to computing e1, e2, d1, and d2 is to split the computation in two steps, solving two systems of two equations instead of one system of four equations. First Step Solve for E1 and E2 using Eqs. (4.20) and (4.26) αE 1 þ E2 ¼ 0 α2 E 1 þ E 2 ¼ α4 The result is: E1 ¼ α14, E2 ¼ 1. Now apply (4.21) and (4.22) e1 ¼ e2 ¼

E1 α14 ¼ 2 ¼1 þ ðy1 þ y2 Þx1 þ y1 y2 α þ ðα3 þ α2 Þα þ α5 E2 1 ¼ ¼ α8 3 þ ðy1 þ y2 Þx2 þ y1 y2 1 þ ðα þ α2 Þ þ α5

x21 x22

Second Step

d1 and d2 are found solving α3 d 1 þ α2 d2 ¼ αe1 þ e2 ¼ α þ α8 ¼ α10 α6 d 1 þ α4 d2 ¼ α2 e1 þ e2 ¼ α2 þ α8 ¼ 1 The solution is d1 ¼ α2, d2 ¼ α13. For the next two examples I’ll use the (15, 3) RS code, and assume as before that the error correction capability of the code has not been surpassed. Example 15 Suppose the error pattern is 

1 0 α∗ 0 0 1 0 0 0 α2 0 0 1 α3 α∗



There are seven errors, but two of them are flagged as erasures. Therefore, the seven errors can be corrected. The syndrome is 

0 α9 α13 α5 α7 α11 α13 α11 α α10 α7 α9



The modified syndromes are computed as T i ¼ y1 y2 Si þ ðy1 þ y2 ÞSiþ1 þ Siþ2

ði ¼ 1 to 10Þ

Entering the values of y1 ¼ α12 and y2 ¼ 1, we have

178

4 Decoding RS and BCH Codes (Part 1)

T i ¼ α12 Si þ α11 Siþ1 þ Siþ2

ði ¼ 1 to 10Þ

Doing the calculations, we obtain T 1 ¼ α7 T 2 ¼ 0 T 3 ¼ α11 T 4 ¼ α T 5 ¼ α8 T 6 ¼ 1 T 7 ¼ α11 T 8 ¼ α13 T 9 ¼ α9 T 10 ¼ α14 We use these modified syndromes to find the location of the errors utilizing either the PGZ or the Massey algorithm. The result is LðDÞ ¼ 1 þ α4 D þ α9 D2 þ α10 D3 þ α14 D4 þ αD5 which indicates that the number of errors is 5. The roots of L(D) are: α, α6, α10, α13, and α14. That is, symbols 1, 6, 10, 13, and 14 are erroneous. The magnitudes of erasures and errors can now be calculated as before. Example 16 The error for this example is 

1 0 α∗ 0 0 1 0 0 0 α2 0

0

1∗ α3 α∗



which is the same as for Example 15 except that we have three erasures. The syndromes are the same as in Example 15. However, the erasures are different. Therefore, the modified syndromes will also be different. But how can we find them? In other words, how can we eliminate the effect d1, d2 and d3 have on the syndromes? The answer is provided by the erasure locator polynomial. To find the error location polynomial requires some work. However, we can construct the erasure locator polynomial, L∗(D) “for free,” since the positions of the erasures are given to the decoder by either the demodulator or by another decoder. For instance, in Examples 14 and 15, L∗(D) is L∗ ðDÞ ¼ ð1 þ y1 DÞð1 þ y2 DÞ ¼ 1 þ ðy1 þ y2 ÞD þ y1 y2 D2 Observe that the coefficients of L∗(D) are the numbers by which we multiply the syndromes to eliminate d1, d2. This is true in general. Thus, for three erasures, the numbers we need to eliminate d1, d2, and d3 are the coefficients of the polynomial L∗ ðDÞ ¼ ð1 þ y1 DÞð1 þ y2 Þð1 þ y3 Þ ¼ 1 þ ðy1 þ y2 þ y3 ÞD þ ðy1 y2 þ y1 y3 þ y2 y3 ÞD2 þ y1 y2 y3 D3 The erasure locator polynomial is

Appendix E: The “Condensation” Method for Evaluating Determinants

179

L∗ ðDÞ ¼ ð1 þ α12 DÞð1 þ α2 DÞð1 þ DÞ ¼ 1 þ α9 D þ αD2 þ α14 D3 The modified syndromes are calculated as T i ¼ y1 y2 y3 Si þ ðy1 y2 þ y1 y3 þ y2 y3 ÞSiþ1 þ ðy1 þ y2 þ y3 ÞSiþ2 þ Siþ3 Or T i ¼ α14 Si þ αSiþ1 þ α9 Siþ2 þ Siþ3

ði ¼ 1 to 9Þ

The results of the computations are T 1 ¼ α9 T 6 ¼ α9

T 2 ¼ α11 T 3 ¼ α12 T 4 ¼ α13 T 7 ¼ 0 T 8 ¼ α7 T 9 ¼ α10

T 5 ¼ α5

Using the PGZ or the Massey algorithm we find the error locator polynomial LðDÞ ¼ 1 þ α10 D þ α8 D2 þ α14 D4 Its roots are: α, α6, α10, α14. Finally, the magnitudes for both erasures and errors are computed following the steps indicated before. In the next chapter, we’ll continue with this topic.

Appendix E: The “Condensation” Method for Evaluating Determinants When done by hand, the evaluation of determinants is a very laborious task for large orders. For a (15, 3) RS code, for instance, to decide if 6 errors are present, we need to compute the value of a 6  6 determinant. The cofactor expansion method for evaluating a determinant of order 6 involves the computation of 6 determinants of order 5, which in turn requires the evaluation of 5 determinants of order 4 and so on. Therefore, the number of 2  2 determinants that must be computed to find the value of a 6 order determinant is 360 (6  5  4  3). The method for evaluating determinants presented in this appendix reduces this task considerably. For instance, for a 6  6 determinant it only involves the computation of 55 determinants of order 2, a mere 15% of the work required by the cofactor expansion. To get a flavor for the method, I start by presenting two examples.

180

4 Decoding RS and BCH Codes (Part 1)

Example 17 Say we want to compute the following determinant of real numbers  5  6  2

3 4 2

 2  1  3

Two definitions before we begin: interior of a determinant and consecutive minor. The interior of a determinant is the array (the matrix) resulting after we eliminate the first and last rows and columns. For a 3  3 determinant, its interior is a single number. In the above example, 4. For a 6  6 determinant, its interior is a 4  4 array and so on. A consecutive minor is a minor whose rows and columns are adjacent in the original determinant. The minor  3  4

 2  1

 5  6

 2  1

is a consecutive minor, but the minor

is not. The method starts by “condensing” the above determinant into a 2  2 determinant whose elements are all the consecutive minors of the original determinant, that is: the minors “pivoting” on the elements a11, a12, a21, and a22. In the example,  5  6  6  2

 3  4  4  2

 3  4  4  2

 2    1    2 ¼ 1    4  3

 5  10 

After this initial condensation, with the “condensed” determinant  2  4

 5  10 

we do the following two things: • Condense it (evaluate it!) into a number, 40. • Divide this value by the “interior” (4) of the given determinant. The result (10) is the value of the original determinant.

Appendix E: The “Condensation” Method for Evaluating Determinants

181

Remark Two remarks are in order. First, the method requires that the interior of the 3  3 determinant be different from 0. This is always possible (permuting rows/ columns), except for trivial cases of no interest. Second: we had to compute five 2  2 determinants, whereas the usual expansion by minors requires only three. Therefore, for determinants of order 3, the method does not offer any advantage. However, the situation reverses for higher orders. Example 18 The next determinant is a 4  4 Vandermonde determinant. We know how to compute its value from Chapter 3.   1 1 1 1   1 2 3 4  A0 ¼   1 4 9 16    1 8 27 64  ¼ ð2  1Þð3  1Þð3  2Þð4  1Þð4  2Þð4  3Þ ¼ 12 Remark The reason for the negative signs is that we are working with real numbers. To apply the “condensation” method, we start by “condensing” the above determinant into a determinant of order 3. For that, we compute its 9 “consecutive minors,” from

to

and finally

The result is

182

4 Decoding RS and BCH Codes (Part 1)

 1  A1 ¼  2 4

1 6 36

 1  12  144 

After this initial condensation step, we proceed with additional condensation/ division (C/D) steps. 0

• Condense A1 into A1   4 A1 ¼  48 0

 6  432 

0

• Divide the elements of A1 by the elements of the “interior” of the determinant A0 (highlighted here), which must be different from zero.

We obtain   2 A2 ¼  12

 2  48 

Continue now as in Example 17: Condense A2 and divide it by the interior of A1 (that is, 6), which, again, must be different from zero. The result is 72=6 ¼ 12, as said before. Let us recapitulate. The computation consists of an initial condensation (In this example, from 4  4 to 3  3) followed by two condensation/division pairs. The number if these condensation/division pairs increases with the order of the determinant we want to evaluate. To evaluate a determinant of order n, the number of C/D pairs is n  2. Remark If any of the entries in the interior of A0 are 0, use elementary row/column operations to remove all zeros. Interchanging two rows or columns is enough in many cases. Two more examples, related to the PGZ decoding of RS codes, follow. Example 19 To find the locator polynomial of the (15, 3) RS code presented in Section 4.9, we need to compute six determinants of order 5. Say, for instance, we want to calculate L4

Appendix E: The “Condensation” Method for Evaluating Determinants

183

   α11 α7 α11 α12 α13     1 α6 α12 α13 α7     α11 α4 α13 α7 α6     α12 α5 α7 α6 α4     α13 0 α6 α4 α5   L4 ¼  11 1 α11 α12 α13  α  1 α11 α12 α13 α7     α11 α12 α13 α7 α6     α12 α13 α7 α6 α4     α13 α7 α6 α4 α5 

Let’s compute the numerator using the condensation method explained before. The matrix is the following 0

α11

B B 1 B B A0 ¼ B α11 B B α12 @ α13

α13

1

α7

α11

α12

α6

α12

α13

α4

α13

α7

α5

α7

α6

C α7 C C C α6 C C α4 C A

0

α6

α4

α5

The initial condensation produces the 4  4 matrix 0

α12

B 10 Bα A1 ¼ B B @ 0 α3

α13

1

α10

0

1

α13

α5

α9

C α9 C C C 1 A

α11

1

α7

The other matrices are 0

α14

0 B A1 ¼ @ 1

0

A2 ¼ And finally

α8

α11

1

α

C α8 A

α8

0

α4

α8

α13

α

α

6

!

A3 ¼

0

α8

B A2 ¼ @ α11 α3 !

α8

1

α

α7

α11 α3 0

α13

1

C α A

α13

184

4 Decoding RS and BCH Codes (Part 1) 0

A3 ¼ α4

A4 ¼ α

Therefore, we conclude that DetðA0 Þ ¼ α Remark Similarly, we can compute the denominator. The result is α6 and therefore L4 ¼ αα6 ¼ α10 as said in Section 4.9. Example 20 Before we proceed with the calculation of the locator polynomial, we need to know how many errors are present. The first step is to see if there are six errors. Therefore, we must find the value the determinant of the 6  6 matrix 0

B B 1 B B 11 Bα A0 ¼ B B 12 Bα B B α13 @ α7

α7

1

1

α11

α12

α13

α11

α12

α13

α7

α12

α13

α7

α6

α13

α7

α6

α4

α7

α6

α4

α5

C α6 C C C α4 C C C α5 C C 0C A

α6

α4

α5

0

α9

α11

All the entries in the interior of A0 are nonzero. But, after a quick look at the elements of A0 we notice that, when we condense A0 into A1, the element a22 of A1 is zero. In fact, a22

  α11 ¼  12 α

 α12  α13 

This element belongs to the interior of A1, which makes impossible the computation of A3. Interchanging rows or columns usually solves the problem. For instance, permuting columns 1 and 2, we have the matrix 0

1

B 11 Bα B B 12 Bα B A∗ ¼ 0 B 13 Bα B B α7 @ α6

α7

1

α11

α11

α12

α13

1

α12

α13

α7

α11

α13

α7

α6

α12

α7

α6

α4

α13

α6

α4

α5

C α6 C C C α4 C C C α5 C C 0C A

α7

α4

α5

0

α9

We can now proceed with the computation of A1 and the other matrices.

Appendix F: The Massey Algorithm

185

0

α7

0

α13

α3

α13

α9

α12

α9

1

α

11

1

α7

α14 1 α8 C α4 C C C α11 A

α7

α10 0

α9

B 2 Bα B B A1 ¼ B 0 B B α13 @ 0

α9 α8

α5

α11

α3

α8

α14

α4

α14

1

α11

α4

α

α9

B 14 Bα 0 A1 ¼ B B 10 @α 0

B A2 ¼ @ α12

0

0

A4 ¼ 0

C 1 C C C α7 C C α10 C A α14 α8

B 3 Bα A2 ¼ B B 13 @α

α9

0

α α

13

7

C α A

B A3 ¼ @ 1

α11

α

α13

1

α11

α2

1

α

0

A3 ¼

1

α

!

A4 ¼

1

α9

α8

α13

α5

α

α7

α13

α9

α7 1

α3 α

4

α

α6

α

α

α3

8

1

α

1

C α13 C C C α7 A α4

C α7 A α6 !

A5 ¼ 0

This implies that the number of errors present is not 6. The computational effort required by the condensation method, when it can be made to work, compares very favorably to the usual cofactor expansion. The nice feature of Massey algorithm is that it completely avoids the evaluation of determinants, and that it always works. In this same line of reducing computational complexity, I present in Chapter 5 a method, due to Forney, to find the error values without having to solve a system of linear equations, in sharp contrast to the methods I used in Sections 4.6 and 4.10.

Appendix F: The Massey Algorithm The Massey algorithm iteratively solves the problem of finding the shortest shift register that produces a prescribed sequence of symbols. Therefore, it can be applied to finding the error locator polynomial or to problems in other areas, for instance cryptography. A shift register is defined giving its length, L, and its connection polynomial, L(D). Since the length may not be equal to the degree of L(D), both L(D) and L  g are needed to specify the circuit. Equivalently, the register is also described appending L  g leading zeros to L(D), that is writing

186

4 Decoding RS and BCH Codes (Part 1)

LðDÞ ¼ 1 þ c1 D þ c2 D2 þ    þ cg Dg þ 0Dgþ1 þ    þ 0DL instead of LðDÞ ¼ 1 þ c1 D þ    þ cg Dg It is a trivial task to find a register that produces the sequence s0, s1, . . . , sN, namely: L ¼ N + 1 and any L(D) (In fact, we don’t care about the symbols the register generates, and therefore about the polynomial. They are irrelevant, since all the symbols we want to match are already loaded in the register!). However, to find a minimum length register requires a little work and much insight. As stated, Massey algorithm works iteratively. So, say we have found some register (Ln(D), Ln) (not necessarily minimum length) that produces the first 0 n terms of s0, s1, . . . , sN but not sn. Let’s call sn 6¼ sn the symbol output by the register. Keeping up with the idea of employing prior computations, to find a register (Ln + 1(D), Ln + 1) that also generates sn (and perhaps more terms, although this is not required), we’ll use Ln(D) adding to it a correction term constructed utilizing the connection polynomial Lm(D) of a previously obtained register (Lm(D), Lm) with 0 which we produced s0, s1, . . ., sm  1 but not sm. Again, call sm the register output. The discrepancies are (remember: subtraction is the same as addition) 0

0

dm ¼ sm þ sm 6¼ 0, d n ¼ sn þ sn 6¼ 0 Then, the following correcting term does the job dn nm D Lm ðDÞ dm Thus Lnþ1 ðDÞ ¼ Ln ðDÞ þ

dn nm D Lm ðDÞ dm

I show below that the register with the connection polynomial given above 0 generates s0, s1, . . . , sn  1, sn. It may even produce n  n + 1 symbols. However, we don’t care about that. To avoid unnecessary complications, I’ll justify the above formula using an example. Say that (L8(D), L8) and (L5(D), L5) produce only the first 8 and 5 symbols with 5 cells and 3 cells, respectively (see Fig. 4.21). I underlined “only” to emphasize 0 that symbol s8 , output by (L8(D), L8), differs from s8, and the same happens with s5 0 and s5 , the symbol generated by (L5(D), L5).

Appendix F: The Massey Algorithm

187

Fig. 4.21 The register (L8(D), L8), and (L5(D), L5)

A full description of the circuits is provided by the polynomials L8(D) and L5(D) L8 ðDÞ ¼ 1 þ

5 X

ci D i

L5 ðDÞ ¼ 1 þ

3 X

1

0

ci D i

1

0

Recall that c5 and c3 (and other coefficients, as well) may be zero. After being initially loaded with s0, s1, s2, s3, s4, the first four symbols generated by (L8(D), L8) are s5 ¼ s4 c1 þ s3 c2 þ s2 c3 þ s1 c4 þ s0 c5 s6 ¼ s5 c1 þ s4 c2 þ s3 c3 þ s2 c4 þ s1 c5 s7 ¼ s6 c1 þ s5 c2 þ s4 c3 þ s3 c4 þ s2 c5 0

s8 ¼ s7 c1 þ s6 c2 þ s5 c3 þ s4 c4 þ s3 c5 6¼ s8 Similarly, with register (L5(D), L5) we generate

188

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.22 The register (L9(D), L9) 0

0

0

0

0

0

0

0

0

s3 ¼ s2 c1 þ s1 c2 þ s0 c3 s4 ¼ s3 c1 þ s2 c2 þ s1 c3 0

s5 ¼ s4 c1 þ s3 c2 þ s2 c3 6¼ s5 after initially loading it with s0, s1, s2. The connection polynomial for the circuit that (as we shall see) also produces (at least) s8 is: d8 85 D L5 ðDÞ d5 ! ! 5 3 X X d8 3 0 i i ¼ 1þ ci D þ D 1 þ ci D d5 1 1   d8 3 ¼ 1 þ c1 D þ c2 D 2 þ c3 þ D    d5  d8 0 d8 0 d8 0 4 þ c4 þ c1 D þ c5 þ c2 D5 þ c3 D6 d5 d5 d5

L9 ðDÞ ¼ L8 ðDÞ þ

The circuit is represented in Fig. 4.22. Its length is 6, but its grade may be less 0 than 6 (if c3 ¼ 0). To prove that the circuit generates s8 also (at least!), we’ll begin by looking at the equivalent circuit in Fig. 4.23. If the upper connections were not present, the lower connections would clearly produce the same symbols as (L8(D), L8), although with a longer register. Therefore, the lower part of the circuit can be called the generating part of the register. Remark From Fig. 4.23, it is apparent that, in general, the length of the circuit is maxfLn ; n  m þ Lm g In the example

Appendix F: The Massey Algorithm

189

Fig. 4.23 The register (L9(D), L9) generates S6

maxf5; 8  5 þ 3g ¼ 6 Since the symbols produced by the upper and lower connections are added, let’s see what effect have the symbols that come from the upper connections. From Fig. 4.23, the first symbol generated by the upper connections is 0

0

0

0

0

0

s3 þ s2 c1 þ s1 c2 þ s0 c3 But s 3 ¼ s 2 c1 þ s 2 c1 þ s 2 c1 Therefore, the contribution is 0, and s6 enters the register unchanged (as if the upper connections wouldn’t exist). The same happens with s7 (see Fig. 4.24). Finally, from Fig. 4.25 we see that the third contribution from the upper part of the circuit is  d   d d8  0 0 0 0 8 8 s5 þ s4 c1 þ s3 c2 þ s2 c3 ¼ s5 þ s5 ¼ d 5 ¼ d 8 d5 d5 d5 This is exactly what we need to correct the output provided by the lower part of the circuit. Thus, the upper part of the shift register can be called the correcting part of the circuit, in agreement with the name (correcting term) given to the second term of L9(D). Let us recapitulate. The construction just presented to synthesize a (Ln + 1(D), Ln + 1) register capable of producing (at least) the first n + 1 terms of a given sequence works with any pair (Ln(D), Ln), (Lm(D), Lm) that only output the first n and m(m < n) symbols, respectively. The feedback polynomial is

190

4 Decoding RS and BCH Codes (Part 1)

Fig. 4.24 The register (L9(D), L9) generates S7

Fig. 4.25 The register (L9(D), L9) generates S8

Lnþ1 ðDÞ ¼ Ln ðDÞ þ

dn nm D Lm ðDÞ dm

with Ln ðDÞ ¼ 1 þ

Ln X 1

and the register length

ci Di

Lm ðDÞ ¼ 1 þ

Lm X 1

ci D i

Appendix F: The Massey Algorithm

191

Lnþ1 ¼ maxfLn ; n  m þ Lm g Suppose that the lengths of (Ln(D), Ln) and (Lm(D), Lm) are the shortest ^ n and L ^m. possible? Call these minimum lengths L Now, two questions ^ . ^ n and L • Is there anything we can say about L   m ^ m , is there a choice that guarantees that ^ m ðDÞ; L • If we have several choices for L (Ln + 1(D), Ln + 1) is also a shortest length register? We’ll proceed in three steps. First Step The first step towards answering the questions above is to prove a lower bound on Ln+1, namely: Lnþ1  n þ 1  Ln To show that, let’s consider the following problem: We have the two registers, Reg1, of length 2, and Reg2, of length 5, both represented in Fig. 4.26. Reg1 is initially loaded with s0 and s1. The output the sequence is s0 s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 . . .

Fig. 4.26 Matching registers

192

4 Decoding RS and BCH Codes (Part 1)

where s2 ¼ s1 c1 þ s0 c2

ð4:29Þ

s3 ¼ s2 c1 þ s1 c2

ð4:30Þ

s4 ¼ s3 c1 þ s2 c2

ð4:31Þ

s5 ¼ s4 c1 þ s3 c2

ð4:32Þ

s6 ¼ s5 c1 þ s4 c2

ð4:33Þ

s7 ¼ s6 c1 þ s5 c2

ð4:34Þ

and so on. Reg2 is initialized with the first 5 symbols output by Reg1. How many of the symbols produced by Reg1 can be matched by Reg2? Clearly, at least 5, but perhaps more symbols depending on the connections. Let’s write the equations required by the matching 0

0

0

0

0

s 4 c1 þ s 3 c2 þ s 2 c3 þ s 1 c4 þ s 0 c5 ¼ s 5

ð4:10 Þ

0

0

0

0

0

ð4:20 Þ

0

0

0

0

0

ð4:30 Þ

0

0

0

0

0

ð4:40 Þ

0

0

0

0

0

ð4:50 Þ

s 5 c1 þ s 4 c2 þ s 3 c3 þ s 2 c4 þ s 1 c5 ¼ s 6 s 6 c1 þ s 5 c2 þ s 4 c3 þ s 3 c4 þ s 2 c5 ¼ s 7 s 7 c1 þ s 6 c2 þ s 4 c3 þ s 4 c4 þ s 3 c5 ¼ s 8 s 8 c1 þ s 7 c2 þ s 6 c3 þ s 5 c4 þ s 4 c5 ¼ s 9 0

0

0

0

0

s9 c1 þ s8 c2 þ s7 c3 þ s6 c4 þ s5 c5 ¼ s10 0

0

0

0

0

s10 c1 þ s9 c2 þ s8 c3 þ s7 c4 þ s6 c5 ¼ s11

ð4:60 Þ ð4:70 Þ

and so on. Observe that Eq. (4.30 ) is a linear combination of Eqs. (4.10 ) and (4.20 ). In fact, we have ð4:30 Þ ¼ c1 ð4:20 Þ þ c2 ð4:10 Þ as can be seen from the Eqs. (4.29)–(4.34). Similarly, we have: ð4:40 Þ ¼ c1 ð4:30 Þ þ c2 ð4:20 Þ ð4:50 Þ ¼ c1 ð4:40 Þ þ c2 ð4:30 Þ ð4:60 Þ ¼ c1 ð4:50 Þ þ c2 ð4:40 Þ ð4:70 Þ ¼ c1 ð4:60 Þ þ c2 ð4:50 Þ and so on.

Appendix F: The Massey Algorithm

193

This means that, not only Eq. (4.30 ), but also Eqs. (4.40 )–(4.70 ). . . are linear combinations of Eqs. (4.10 ) and (4.20 ). Therefore, if Eqs. (4.10 ) and (4.20 ) are satisfied, all the other equations are satisfied. In other words, if the coefficients of Reg2 are chosen to output s5 and s6, then Reg2 produces not only the first 7(¼5 + 2) symbols output by Reg1, but all of them. Expressing this more generally, we can say that whenever the outputs of two registers of length L1 and L2 coincide in the first L1 + L2 symbols, they always coincide. This is the key result needed to prove the lower bound on Ln + 1. But before we do that, here is a numerical example to illustrate the preceding argument. Example 21 Refer to Fig. 4.24. Reg1 is loaded with s0 ¼ 1 and s1 ¼ α. The connection polynomial is LðDÞ ¼ 1 þ α3 D þ α7 D2 The register output is 1 α α3 α14 α4 α10 α4 α12 α12 α 0 α8 . . . . . . Reg2 is loaded with s0 ¼ 1,

s1 ¼ α,

s2 ¼ α3 ,

s3 ¼ α14 ,

s4 ¼ α 4

Equations (4.10 ) and (4.20 ) are 0

0

0

0

0

α4 c1 þ α14 c2 þ α3 c3 þ αc4 þ c5 ¼ α10 0

0

0

0

0

α10 c1 þ α4 c2 þ α14 c3 þ α3 c4 þ αc5 ¼ α4 0

0

0

0

0

The values of c4 and c5 can be determined as functions of c1 , c2 , c3 . We obtain 0

0

0

0

c4 ¼ α7 þ α9 c1 þ α10 c2 þ α3 c3 0

0

0

0

c5 ¼ α þ α2 c1 þ α10 c2 þ α7 c3 There are multiple solutions. If, for instance, we set 0

0

0

c1 ¼ c2 ¼ c3 ¼ 0 we have 0

c4 ¼ α7 ,

0

c5 ¼ α

194

4 Decoding RS and BCH Codes (Part 1)

The symbols output by Reg2 are 1 α α3 α14 α4 α10 α4 α12 α12 α 0 α8 . . . . . . This agrees with the symbols produced by Reg1. Let’s proceed now to prove the lower bound on Ln + 1. Assume the contrary, that is Lnþ1 < n þ 1  Ln Then Lnþ1 þ Ln  n Since the outputs of registers (Ln(D), Ln) and (Ln + 1(D), Ln + 1) coincide in n symbols, and n is greater than or equal to the sum of the two lengths, their outputs must always coincide, which contradicts that (Ln + 1(D), Ln + 1) generates sn and (Ln(D), Ln) does not. Second Step This bound is valid in general and, therefore, also when (Ln(D), Ln) is a shortest length register. Thus ^n Lnþ1  n þ 1  L Clearly, the above equation implies ^ nþ1  n þ 1  L ^n L On the other hand ^n Lnþ1  L ^ n contradicts that ( Lnþ1 < L produces n symbols) Consequently



^ n ðDÞ; L ^n L



is a minimum length register that

^ nþ1  L ^n L So, we can write   ^ nþ1  max L ^n; n þ 1  L ^n L

ð4:35Þ

Appendix F: The Massey Algorithm

195

Third Step To continue, say we have iteratively constructed a sequence of registers that satisfy (4.35) with equality, that is: registers of the minimum possible length. Then, I   ^ m ðDÞ; L ^ m is chosen properly. shall prove that Ln + 1 also does if L ^ n ðDÞ and L ^ m ðDÞ The polynomial Ln + 1(D) is constructed using L ^ n ðDÞ þ Lnþ1 ðDÞ ¼ L

dn nm ^ D L m ðDÞ dm

ð4:36Þ

As said before, the length of the circuit is  ^n; n  m þ L ^m Lnþ1 ¼ max L If we could find a register such that ^m ¼ m þ 1  L ^n L we would have  ^ ;n  m þ L ^m Lnþ1 ¼ max L  n ^n; n  m þ m þ 1  L ^n ¼ max L  ^n; n þ 1  L ^n ¼ max L That is, a register of minimum length!   ^ m the register just prior to the whole bunch of registers of ^ m ðDÞ; L Choose as L ^ n . That is, the register that generates more symbols than any other register of length L ^ n (see Fig. 4.27). length less than L

Fig. 4.27 A sequence of registers of minimum length

196

4 Decoding RS and BCH Codes (Part 1)

  ^ m ðDÞ; L ^ m produces s0 s1 . . . sm  1 but not sm. Remark Recall that the register L ^ m0 ðDÞ, L ^ m0 ) outputs s0 s1 . . . sm1 sm . . . sm0 1 . That is: at least up to sm, Similarly, (L 0 but perhaps more. Therefore, m  m + 1 and dm0 are both known. Hence, it is more ^ m0 ðDÞ, L ^ m0 ) than (L ^ mþ1 ðDÞ, L ^ mþ1 ). appropriate to write (L We, then, have ^n ^m < L L

^ m0 ¼ L ^n and L

 0  m mþ1

^ m0 ðDÞ, L ^ m0 ) is minimum length and generates sm, we can write Now, since (L   ^ m0 ¼ max L ^m; m þ 1  L ^m L Therefore   ^n ¼ L ^m ^ m0 ¼ max L ^m; m þ 1  L ^m ¼ m þ 1  L L ^n > L ^ m ). (The last equality holds because L Hence ^m ¼ m þ 1  L ^n L as desired. Summarizing: As we did in the examples of this chapter, we start the algorithm with two 00 0 00 0 minimum length registers of different lengths, say L and L with L < L , such that 00 the register of length L generates more symbols than any other register of length less 0 than L . Then, the algorithm guaranties that the registers will be minimum length at every step. ^ nþ1 ) has been computed, we know how many symbols it ^ nþ1 ðDÞ, L Remark Once (L generates. Then, we incorporate the register to the “chain” depicted in Fig. 4.25 with ^ n0 ðDÞ, L ^ n0 ), where n0  n + 1 is the number of symbols produced. the new “name” (L That information, together with dn0 , will be used in the construction of other registers with which to obtain more terms of the given sequence.

Chapter 5

Decoding RS and BCH Codes (Part 2)

5.1

Introduction

I begin this chapter presenting a different derivation of the equations to compute the error location polynomial. The original idea is due to Elwyn Berlekamp, an American mathematician and electrical engineer. There are several benefits emerging from this new method. First, we obtain a formula for computing the values of errors and erasures. Therefore, thanks to the Massey algorithm and to this formula we can do away with the chore of solving systems of linear equations to decode. Second, the modified syndromes appear automatically, without having to resort to the elimination procedure introduced in the previous chapter. Third, the method naturally leads to an iterative decoding algorithm, useful not only for the decoding RS codes, but also for other classes of codes, like the Goppa codes presented in the appendix to this chapter. This iterative method is based on the Euclidean algorithm and does not require the previous calculation of the error locator polynomial. I end the chapter revisiting the relations between partial syndromes and error words, and extending them somewhat. I show that these relations are, with minor modifications, formally identical to the so-called Discrete Fourier Transform (DFT) that originated in the field of Digital Signal Processing to compute the Fourier transform of time signals. Then, I use the DFT approach to decode RS codes in the presence of errors and erasures.

5.2

Berlekamp Method

To illustrate this method, I consider two cases: only errors and errors and erasures, jointly called errata. I use the (15, 9) RS code to present the procedure and I assume that the error correction capability of the code has not been exceeded. © Springer Nature Switzerland AG 2019 E. Sanvicente, Understanding Error Control Coding, https://doi.org/10.1007/978-3-030-05840-1_5

197

198

5 Decoding RS and BCH Codes (Part 2)

5.2.1

Case 1: Only Errors

Say we have three errors, e1, e2, e3 in positions x1, x2, x3. Consider the expression e1 x1 e2 x2 e3 x3 þ þ 1 þ x1 D 1 þ x2 D 1 þ x3 D We have e1 x1 e2 x2 e3 x3 E ðDÞ þ þ ¼ 1 þ x1 D 1 þ x2 D 1 þ x3 D LðDÞ where L(D) is the error locator polynomial LðDÞ ¼ ð1 þ x1 DÞð1 þ x2 DÞð1 þ x3 DÞ ¼ L3 D3 þ L2 D2 þ L1 D þ 1 and E ðDÞ ¼ e1 x1 ð1 þ x2 DÞð1 þ x3 DÞ þ e2 x2 ð1 þ x1 DÞð1 þ x3 DÞ þe3 x3 ð1 þ x1 DÞð1 þ x2 DÞ is a polynomial of degree not greater than 2. Since 1 x6 D6 ¼ 1 þ xD þ x2 D2 þ x3 D3 þ x4 D4 þ x5 D5 þ 1 þ xD 1 þ xD we can write
 e1 x71 D6 e1 x1 ¼ e1 x1 1 þ x1 D þ x21 D2 þ x31 D3 þ x41 D4 þ x51 D5 þ 1 þ x1 D 1 þ x1 D
 e2 x72 D6 e2 x2 ¼ e2 x2 1 þ x2 D þ x22 D2 þ x32 D3 þ x42 D4 þ x52 D5 þ 1 þ x2 D 1 þ x2 D
 e3 x3 e3 x73 D6 ¼ e3 x3 1 þ x3 D þ x23 D2 þ x33 D3 þ x43 D4 þ x53 D5 þ 1 þ x3 D 1 þ x3 D Adding the three equations above, we obtain   e1 x1 e2 x2 e3 x3 e1 x71 e2 x72 e3 x73 þ ¼ sðDÞ þ þ þ D6 1 þ x1 D 1 þ x 2 D 1 þ x3 D 1 þ x1 D 1 þ x2 D 1 þ x3 D ð5:1Þ s(D) is the syndrome polynomial.

5.2 Berlekamp Method

199

sðDÞ ¼ s0 þ s1 D þ s2 D2 þ s3 D3 þ s4 D4 þ s5 D5 where, for notational convenience, I have set si ¼ Si + 1(0  i  5). Multiplying both sides of (5.1) by L(D), we obtain EðDÞ ¼ LðDÞsðDÞ þ PðDÞD6

ð5:2Þ

where PðDÞ ¼ e1 x71 ð1 þ x2 DÞð1 þ x3 DÞ þ e2 x72 ð1 þ x1 DÞð1 þ x3 DÞ þe3 x73 ð1 þ x1 DÞð1 þ x2 DÞ From (5.2), we have   RD6 fEðDÞg ¼ RD6 LðDÞsðDÞ þ PðDÞD6   ¼ RD6 f LðDÞsðDÞg þ RD6 PðDÞD6 ¼ RD6 f LðDÞsðDÞg As said, the degree of E(D) is not greater than 2, and thus RD6 fEðDÞg ¼ E ðDÞ Therefore, we finally have E ðDÞ ¼ RD6 fsðDÞLðDÞg

ð5:3Þ

EðDÞ ¼ RD2t fsðDÞLðDÞg

ð5:4Þ

Or, in general

where t is the number of errors we want to correct. Equation (5.4) is called the key equation due to the major role it plays in what follows. To begin with, I show now how L(D) can be computed using it. But, as I explain in Sections 5.3 and 5.4, there are other reasons why this equation is important. Multiplying s(D) by L(D), we can write sðDÞLðDÞ ¼ E 0 þ E 1 D þ E2 D2 þ z1 D3 þ z2 D4 þ z3 D5 þ QðDÞD6 where

200

5 Decoding RS and BCH Codes (Part 2)

QðDÞ is an irrelevant polynomial of degree 2 and z1 ¼ s0 L3 þ s1 L2 þ s2 L1 þ s3 z2 ¼ s1 L3 þ s2 L2 þ s3 L1 þ s4 z3 ¼ s2 L3 þ s3 L2 þ s4 L1 þ s5 Therefore E ðDÞ ¼ RD6 fsðDÞLðDÞg ¼ E 0 þ E 1 D þ E 2 D2 þ z1 D3 þ z2 D4 þ z3 D5 But the degree of E(D) is not greater than 2. Thus z1 D3 þ z2 D4 þ z3 D5 ¼ 0 Or z1 ¼ 0

z2 ¼ 0

z3 ¼ 0

ð5:5Þ

These are the equations to compute the error location polynomial that we encountered in Sections 4.2 and 4.5. This is another proof that the syndromes can be generated by a shift register of length 3 initially loaded with s0, s1, and s2. Now E ðD Þ ¼ E 0 þ E 1 D þ E 2 D 2 But is this of any value once L(D) has been computed? As we’ll see in Section 5.3, the answer is in the affirmative. What happens if there are only two errors? Now, L(D) is a second-degree polynomial and we have sðDÞLðDÞ ¼ E 0 þ E 1 D þ z1 D2 þ z2 D3 þ z3 D4 þ z4 D5 þ QðDÞD6 where QðDÞ is an irrelevant polynomial of degree 1 and

5.2 Berlekamp Method

201

z1 ¼ s0 L2 þ s1 L1 þ s2 z2 ¼ s1 L2 þ s2 L1 þ s3 z3 ¼ s2 L2 þ S3 L1 þ s4 z4 ¼ s3 L2 þ s4 L1 þ s5 Therefore E ðDÞ ¼ RD6 fSðDÞLðDÞg ¼ E 0 þ E 1 D þ z1 D2 þ z2 D3 þ z3 D4 þ z4 D5 But now the degree of E(D) is not greater than 1. Thus z1 D2 þ z2 D3 þ z3 D4 þ z4 D5 ¼ 0 Or z1 ¼ 0 z2 ¼ 0

z3 ¼ 0

z4 ¼ 0

ð5:6Þ

The compatibility of these four equations with two unknowns imply that the syndromes can be generated by a shift register of length 2, a fact we already know from Sections 4.2 and 4.5. In the case of only one error, the error locator polynomial is LðDÞ ¼ L1 D þ 1 And SðDÞLðDÞ ¼ E0 þ z1 D þ z2 D2 þ z3 D3 þ z4 D4 þ z5 D5 þ s5 L1 D6 where z1 ¼ s0 L1 þ s1 z2 ¼ s1 L1 þ s2 z3 ¼ s2 L1 þ s3 z4 ¼ s3 L1 þ s4 z5 ¼ s4 L1 þ s5 Therefore E ðDÞ ¼ RD6 fSðDÞLðDÞg ¼ E 0 þ z1 D þ z2 D2 þ z3 D3 þ z4 D4 þ z5 D5 Now, E(D) is a constant. Thus

202

5 Decoding RS and BCH Codes (Part 2)

z1 D þ z2 D2 þ z3 D3 þ z4 D4 þ z5 D5 ¼ 0 Or z1 ¼ 0

z2 ¼ 0

z3 ¼ 0

z4 ¼ 0

z5 ¼ 0

ð5:7Þ

These equations indicate that the syndromes are in geometric progression and can be generated by a shift register of length 1. This was the starting point to the shift register approach in Section 4.2. Three examples follow, to illustrate the three possibilities just analyzed, namely: 1, 2, or 3 errors. Example 1 To make things simpler, say the transmitted codeword is the zero codeword and that we receive (0 0 0 0 α11 0 0 0 α8 0 0 α7 0 0 0). The syndrome is
 ðs0 s1 s2 s3 s4 s5 Þ ¼ α α14 α α7 α6 0 Or, in polynomial form sðDÞ ¼ α þ α14 D þ αD2 þ α7 D3 þ α6 D4 þ 0D5 If the word has 3 errors, the degree of E(D) is not greater than 2 and the system (5.5) of equations has to be satisfied. In this example, those equations are αL3 þ α14 L2 þ αL1 ¼ α7 α14 L3 þ αL2 þ α7 L1 ¼ α6 αL3 þ α7 L2 þ α6 L1 ¼ 0 And the solution is L3 ¼ α4 ,

L2 ¼ α8 ,

L1 ¼ α4

Therefore, there are in fact three errors and the error locator polynomial is. LðDÞ ¼ α4 D3 þ α8 D2 þ α4 D þ 1 From here, we find the solutions of the equation L(D) ¼ 0(using the Chien sequential search), and finally solve a set of linear equations to obtain the error values, as we did in Chapter 4. Let’s compute the polynomial E(D) to see that its degree is not greater than 2

5.2 Berlekamp Method

E ðDÞ ¼ RD6

203



 α þ α14 D þ αD2 þ α7 D3 þ α6 D4 þ 0D5 α4 D3þα8 D2 þ α4 D þ 1

That is: multiply s(D) by L(D) and discard terms of degree 6 or higher. Then, we obtain EðDÞ ¼ α12 D þ α Observe that its degree is less than 2. In general, if t is the number of errors we want to correct and the number of errors introduced by the channel is e  t, the degree of E(D) is not greater than e  1 but, clearly, it can be less than e  1. But the question still remains: Is α12D + α of any use? In Section 5.3 we’ll see that this is indeed the case. Example 2 The received word is (0 0 0 0 α11 0 0 0 0 0 0 α7 0 0 0). The syndrome is
 ðs0 s1 s2 s3 s4 s5 Þ ¼ α7 α12 α6 α12 α14 α14 The system of Eq. (5.5) does not have a solution since the determinant  7 α   12 α   6 α

α12 α6 α12

 α6    α12    α14

is zero. Therefore, the number of errors is not three. However, system (5.6) is compatible and the solution is L2 ¼ α13, L1 ¼ α12. Thus, the word has two errors and the error locator polynomial is LðDÞ ¼ α13 D2 þ α12 D þ 1 The roots and the error values are calculated as usual. E(D) is computed as in Example 1, and we have E(D) ¼ α6D + 1. Example 3 Received word is (0 0 0 0 0 0 0 0 0 0 0 α7 0 0 0). The syndrome is
 ðs0 s1 s2 s3 s4 s5 Þ ¼ α10 α13 α α4 α7 α10 Now, neither system (5.5) nor system (5.6) has a solution, since   α10   α13   α

α13 α α4

 α  α4  ¼ 0, α7 

Therefore, there’s only one error.

  α10   α13

 α13  ¼0 α 

204

5 Decoding RS and BCH Codes (Part 2)

System (5.7) is a compatible system of equations and its solution is L1 ¼ α3. The error locator polynomial is L(D) ¼ α3D + 1. Since there’s only one error, the root and the error value are very easily found: root α12, and the error magnitude, α7. In this case, E(D) must be a constant. In fact, E(D) ¼ α10.

5.2.2

Case 2: Errata (Errors and Erasures)

Suppose we have two erasures and two errors. Consider the expression e1 x1 e2 x2 d 1 y1 d 2 y2 E ðDÞ þ þ þ ¼ 1 þ x1 D 1 þ x2 D 1 þ y1 D 1 þ y2 D L~ðDÞ where E ðDÞ ¼ e1 x1 ð1 þ x2 DÞð1 þ y1 DÞð1 þ y2 DÞ þe2 x2 ð1 þ x1 DÞð1 þ y1 DÞð1 þ y2 DÞ þd1 y1 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y2 DÞ þd2 y2 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y1 DÞ and L~ðDÞ ¼ LðDÞL∗ ðDÞ L(D) is the error locator polynomial LðDÞ ¼ ð1 þ x1 DÞð1 þ x2 DÞ L∗(D) is the erasure locator polynomial L∗ ðDÞ ¼ ð1 þ y1 DÞð1 þ y2 DÞ L~ðDÞ is the errata locator polynomial L~ðDÞ ¼ ð1 þ x1 DÞð1 þ x2 DÞ ð1 þ y1 DÞð1 þ y2 DÞ Observe that the degree of E(D) is not greater than 3. In general, deg E ðDÞ  e þ d  1 Or

5.2 Berlekamp Method

205

deg E ðDÞ < e þ d On the other hand, the degree of L(D) satisfies deg L(D) ¼ e. There are two functions defined on the real line that are of interest here. These two functions are called “floor” and “ceiling.” They are denoted by floor(x) and ceil(x) and defined as follows If x is an integer: floor(x) ¼ ceil(x) ¼ x. If x is not an integer, floor(x) and ceil(x) give the nearest integer down or up, respectively. Clearly, for any integer x, we have floorðx=2Þ þ ceilðx=2Þ ¼ x In the hypothesis that the error correcting capability of the code has not been exceeded, we can write   d e þ ceil t 2 Therefore   d deg LðDÞ ¼ e  t  ceil 2 And then deg EðDÞ < e þ d 

t  ceil

     

  d d d d þ floor þ ceil ¼ t þ floor 2 2 2 2

The two inequalities   d deg EðDÞ < t þ floor 2   d deg LðDÞ  t  ceil 2

ð5:8Þ ð5:9Þ

will play an important role in the development of the Euclidean algorithm. Let’s continue with to the computation of E(D). To compute E(D), we’ll proceed as in Case 1.

206

5 Decoding RS and BCH Codes (Part 2)

e1 x1 e2 x2 d 1 y1 d 2 y2 þ þ þ ¼ sðDÞ 1 þ x1 D 1 þ x2 D 1 þ y1 D 1 þ y2 D   e1 x71 e2 x72 d1 y71 d 2 y72 þ þ þ þ D6 1 þ x1 D 1 þ x2 D 1 þ y1 D 1 þ y2 D Therefore EðDÞ ¼ L~ðDÞ



e1 x1 e2 x2 d 1 y1 d 2 y2 þ þ þ 1 þ x1 D 1 þ x2 D 1 þ y1 D 1 þ y2 D



¼ sðDÞL~ðDÞ þ PðDÞD6 where

PðDÞ ¼ e1 x71 ð1 þ x2 DÞð1 þ y1 DÞð1 þ y2 DÞ þe2 x72 ð1 þ x1 DÞð1 þ y1 DÞð1 þ y2 DÞ þd1 y71 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y2 DÞ þd2 y72 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y1 DÞ Thus   E ðDÞ ¼ RD6 sðDÞL~ðDÞ We have   E ðDÞ ¼ RD6 sðDÞL~ðDÞ ¼ RD6 fsðDÞLðDÞL∗ ðDÞg ¼ RD6 fLðDÞRD6 ½sðDÞL∗ ðDÞg RD6 fsðDÞL∗ ðDÞg is called the modified syndrome polynomial, t(D) tðDÞ ¼ RD6 ½sðDÞL∗ ðDÞ

ð5:10Þ

This polynomial plays the role of the modified syndromes defined in Chapter 4. Finally, we have EðDÞ ¼ RD6 ftðDÞLðDÞg

ð5:11Þ

which is called the key equation for errata. Equation (5.11) can be written in general as EðDÞD2t tðDÞLðDÞ That is, E(D) and t(D)L(D), although different, are equal modulo D2t.

ð5:12Þ

5.2 Berlekamp Method

207

The two polynomials E(D) and L(D) are related by Eq. (5.12) and satisfy conditions (5.8) and (5.9). In Section 5.4, I’ll show how we can use those two facts to compute E(D) and L(D). Remark Observe that if there are not erasures, we have L∗(D) ¼ 1. Thus, t(D) ¼ s(D), and then E ðDÞ ¼ RD6 fsðDÞLðDÞg which is the key equation for errors we obtained previously. If there are not errors, we have L(D) ¼ 1. Therefore, E ðDÞ ¼ RD6 ft ðDÞg ¼ t ðDÞ Notice the similarity between the two expressions EðDÞ ¼ RD6 fsðDÞLðDÞg

ðOnly errorsÞ

E ðDÞ ¼ RD6 ½sðDÞL∗ ðDÞ ðOnly erasuresÞ

ð5:13Þ

Three examples follow. In all of them, the transmitted codeword is the zero codeword. Example 4 In this example, we have six erasures, marked with asterisks. The received word is 
∗
∗
∗ α∗ 0 0 0 α11 0 0 0 α8 0 0 α7 0 1∗ 1∗ The six erasure magnitudes are found solving a system of six equations, as we already know from Chapter 3. Problem solved. So, should we continue with the computation of E(D)? As far as we know, E(D) is important when there are errors because it allows us to find the error locator polynomial. But in this example there are no errors. So, is all the work to find E(D) necessary? Let’s continue with the computation of E(D), anyway. The syndrome polynomial is sðDÞ ¼ 0 þ α8 D þ α5 D2 þ α5 D3 þ α8 D4 þ α9 D5 The erasure locator polynomial is L∗ ðDÞ ¼ ð1 þ α14 DÞð1 þ α14 DÞð1 þ α14 DÞ ð1 þ α14 DÞð1 þ α14 DÞð1 þ α14 DÞ ¼ 1 þα14 D þ αD2 þ α7 D3 þ α9 D4 þ α3 D5 þ α4 D6

The modified syndrome polynomial is

208

5 Decoding RS and BCH Codes (Part 2)

t ðDÞ ¼ RD6 fsðDÞL∗ ðDÞg ¼ 0 þ α8 D þ α13 D2 þ α12 D3 þ α7 D4 þ α5 D5 which, according to (5.13), is also E(D). We continue in Example 7. Example 5 This is Example 14 of Chapter 4. The received word is 

α 0 0 0 0 α2 1 α13 α2 α9 α9 0∗


4 ∗ 13 3 α α α

The syndromes are
 ðs0 s1 s2 s3 s4 s5 Þ ¼ 0 0 0 α4 α α3 In polynomial form sðDÞ ¼ α4 D3 þ αD þ α3 D5 The erasure locator polynomial is,

 L∗ ðDÞ ¼ 1 þ α2 D 1 þ α3 D ¼ 1 þ α6 D þ α5 D2 The modified syndrome polynomial is t ðDÞ ¼ RD6 fsðDÞL∗ ðDÞg 

 ¼ RD6 α4 D3 þ αD þ α3 D5 1 þ α6 D þ α5 D2 ¼ α4 D3 þ α8 D4 þ α14 D5 We know that degEðDÞ < t þ floor

    d 2 ¼ 3 þ floor ¼4 2 2

This condition will allow us to find L(D). We have E ðDÞ ¼ RD6 ft ðDÞLðDÞg 

 ¼ RD6 α4 D3 þ α8 D4 þ α14 D5 1 þ L1 D þ L2 D2 ¼ α4 D3 þ ðα4 L1 þ α8 ÞD4 þ ðα14 þ α8 L1 þ α4 L2 ÞD5

5.2 Berlekamp Method

209

Therefore α8 þ α4 L1 ¼ 0 α14 þ α8 L1 þ α4 L2 ¼ 0 These are the same equations we obtained in Chapter 4. The solution is L1 ¼ α4, L2 ¼ α. Moreover, E(D) ¼ α4D3. Example 6 This is Example 16 of Chapter 4. The received word is


1 0 α∗ 0 0 1 0 0 0 α2 0 0 1∗ α3 α∗



The syndromes are ðs0 s1 s2 s3 s4 s5 s6 s7 s8 s9 s10 s11 Þ
 ¼ 0 α9 α13 α5 α7 α11 α13 α11 α α10 α7 α9 In polynomial form sðDÞ ¼ 0 þ α9 D þ α13 D2 þ α5 D3 þ α7 D4 þ α11 D5 þ α13 D6 þα11 D7 þ αD8 þ α10 D9 þ α7 D10 þ α9 D11 The erasure locator polynomial is

 L∗ ðDÞ ¼ 1 þ α12 D 1 þ α2 D ð1 þ DÞ ¼ 1 þ α9 D þ αD2 þ α14 D3 The modified syndrome polynomial is t ðDÞ ¼ RD12 fsðDÞL∗ ðDÞg ¼ 0 þ α9 D þ α8 D2 þ α9 D3 þ α11 D4 þα12 D5 þ α13 D6 þ α5 D7 þ α9 D8 þ 0D9 þ α7 D10 þ α10 D11 Also degE ðDÞ < t þ floor We have

    d 3 ¼ 6 þ floor ¼7 2 2

210

5 Decoding RS and BCH Codes (Part 2)

E ðDÞ ¼ RD12 ft ðDÞLðDÞg 
¼ RD12 0 þ α9 D þ α8 D2 þ α9 D3 þ α11 D4 þ α12 D5 þ þα13 D6 þ α5 D7 
 þα9 D8 þ 0D9 þ α7 D10 þ α10 D11 1 þ L1 D þ þL2 D2 þ L3 D3 þ L4 D4 ¼ E 0 þ E 1 D þ E 2 D2 þ E 3 D3 þ E 4 D4 þ E 4 D5 þ E 6 D6 þz1 D7 þ z2 D8 þ z3 D9 þ z4 D10 þ z5 D11

where E0 ¼ 0 E1 ¼ α9 E2 ¼ α8 þ α9 L1 E3 ¼ α9 þ α8 L1 þ α9 L2

ð5:14Þ

E4 ¼ α11 þ α9 L1 þ α8 L2 þ α9 L3 E5 ¼ α12 þ α11 L1 þ α9 L2 þ α8 L3 þ α9 L4 E6 ¼ α13 þ α12 L1 þ α11 L2 þ α9 L3 þ α9 L4 and z1 ¼ α5 þ α13 L1 þ α12 L2 þ α11 L3 þ α9 L4 ¼ 0 z2 ¼ α9 þ α5 L1 þ α13 L2 þ α12 L3 þ α11 L4 ¼ 0 z3 ¼ 0 þ α9 L1 þ α5 L2 þ α13 L3 þ α12 L4 ¼ 0 z4 ¼ α þ 0L1 7

z5 ¼ α þ α L1 þ 0L2 10

ð5:15Þ

þ α L2 þ α L3 þ α L4 ¼ 0 9

7

5

13

þ α9 L3

þ α5 L4 ¼ 0

L1 ¼ 0,

L1 ¼ α14

The solution to the system (5.15) is L1 ¼ α10 ,

L1 ¼ α8 ,

The roots of the error locator polynomial LðDÞ ¼ 1 þ α10 D þ α8 D2 þ 0D3 þ α14 D4 are α, α6, α10, α14. Thus, the first, sixth, tenth, and fourteenth received symbols are erroneous. The error magnitudes are computed solving a set of linear equations, as indicated in the previous chapter.

5.3 Forney Formula

211

To find E(D), we only have to substitute the values of L1, L2, L3, L4 in (5.14). The polynomial E(D) is EðDÞ ¼ 0 þ α9 D þ α5 D2 þ α5 D3 þ α12 D4 þ αD5 þ α11 D6

5.3

Forney Formula

Up to know, the only method at our disposal to compute the magnitudes of the errata is to solve a system of linear equations. In this section, I present a closed form expression that provides the errata values. The formula is due to David Forney, already mentioned in Chapter 1 in relation to the concatenation of codes. Thus, thanks to Massey algorithm and to Forney formula we can decode without having to solve systems of linear equations, which greatly reduces the computational complexity. I illustrate how to obtain the formula using Case 2 of the preceding section. Recall, we have four errata: two erasures and two errors. In this case, the polynomial E(D) is E ðDÞ ¼ e1 x1 ð1 þ x2 DÞð1 þ y1 DÞð1 þ y2 DÞ þe2 x2 ð1 þ x1 DÞð1 þ y1 DÞð1 þ y2 DÞ þd1 y1 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y2 DÞ þd2 y2 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y1 DÞ And the errata locator polynomial L~ðDÞ ¼ LðDÞL∗ ðDÞ ¼ ð1 þ x1 DÞð1 þ x2 DÞð1 þ y1 DÞð1 þ y2 DÞ Evaluating E(D) at x1 1 , we have



 E x1 ¼ e1 x1 1 þ x2 x1 1 þ y1 x1 1 þ y2 x1 1 1 1 1 Therefore
 E x1 1 

 e1 ¼
1 þ y1 x1 1 þ y2 x1 x1 1 þ x2 x1 1 1 1

ð5:16Þ

Since we are working in finite fields, we cannot speak of limits, much less of derivatives. But let’s disregard that for the time being and compute the derivative of L~ðDÞ as if we were dealing with real numbers. Calling ∂L~ðDÞ the derivative of L~ðDÞ, we have

212

5 Decoding RS and BCH Codes (Part 2)

∂L~ðDÞ ¼ x1 ð1 þ x2 DÞð1 þ y1 DÞð1 þ y2 DÞ þx2 ð1 þ x1 DÞð1 þ y1 DÞð1 þ y2 DÞ þy1 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y2 DÞ þy2 ð1 þ x1 DÞð1 þ x2 DÞð1 þ y1 DÞ Therefore



 ¼ x1 1 þ x2 x1 1 þ y1 x1 1 þ y2 x1 ∂L~ x1 1 1 1 1 which is the same expression (has the same “form”) as the denominator of (5.16). For this reason, the denominator of (5.16) is called the “formal derivative” of L~ðDÞ evaluated at x1 1 . n1 On the other hand, recall that x1 1 ¼ α , where n1 indicates that the n1th symbol is erroneous. Then, we can write e1 ¼

E ðαn1 Þ ∂L~ðαn1 Þ

e2 ¼

E ðαn2 Þ ∂L~ðαn2 Þ

Likewise, for the second error

This justifies the name error evaluator polynomial given to E(D). ∗ Calling n∗ 1 and n2 the location of the erasures, we also have
∗ E αn1
∗ d1 ¼ ∂L~ αn1

and


∗ E αn2
∗ d2 ¼ ∂L~ αn2

The evaluation of polynomials can be done very efficiently. See Fig. 4.5. Thus, Forney formula greatly reduces the computational burden. Example 7 Going back to Example 4, if we do not use the above formulas, the system to solve is 0

α14 B α13 B B α12 B B α11 B @ α10 α9

α10 α5 1 α10 α5 1

α6 α12 α3 α9 1 α6

α3 α6 α9 α12 1 α3

α α2 α3 α4 α5 α6

10 1 0 1 0 d1 1 B d 2 C B α8 C 1C CB C B 5 C B C B C 1C CB d 3 C ¼ B α 5 C C B C C 1 CB B d 4 C B α8 C A @ d5 A @ α A 1 d6 α9 1

The work is greatly reduced using the formulas.

5.3 Forney Formula

213

The error evaluator polynomial is E ðDÞ ¼ α8 D þ α13 D2 þ α12 D3 þ α7 D4 þ α5 D5 The erasure locator polynomial is L∗ ðDÞ ¼ 1 þ α14 D þ αD2 þ α7 D3 þ α9 D4 þ α3 D5 þ α4 D6 The derivative of L∗(D) is ∂L∗ ðDÞ ¼ α14 þ 2αD þ 3α7 D2 þ 4 α9 D3 þ 5 α3 D4 þ 6 α4 D5 But in F16 (or in any field of 2m elements) x + x ¼ 0, x + x + x ¼ x, and so on. So, we can write ∂L∗ ðDÞ ¼ α14 þ α7 D2 þ α3 D4 Using Forney formula, we calculate d1 as follows  d1 ¼

E ðDÞ ∂L∗ ðDÞ



 ¼ α

¼

α8 D þ α13 D2 þ α12 D3 þ α7 D4 þ α5 D5 α14 þ α7 D2 þ α3 D4 11þα10

α þ1þ1þα α14 þ α9 þ α7 9

¼

 α

α ¼α α3 4

The other magnitudes are obtained similarly  8   E ðD Þ α D þ α13 D2 þ α12 D3 þ α7 D4 þ α5 D5 ¼ ¼ ∂L∗ ðDÞ α5 α14 þ α7 D2 þ α3 D4 α5  8    E ðD Þ α D þ α13 D2 þ α12 D3 þ α7 D4 þ α5 D5 ¼ ¼ ∂L∗ ðDÞ α9 α14 þ α7 D2 þ α3 D4 α9  8    E ðD Þ α D þ α13 D2 þ α12 D3 þ α7 D4 þ α5 D5 ¼ ¼ ∂L∗ ðDÞ α12 α14 þ α7 D2 þ α3 D4 α12  8    13 2 12 3 7 4 5 5 E ðD Þ α Dþα D þα D þα D þα D ¼ ¼ ∂L∗ ðDÞ α14 α14 þ α7 D2 þ α3 D4 α14  8    13 2 12 3 7 4 5 5 E ðD Þ α Dþα D þα D þα D þα D ¼ ¼ ∂L∗ ðDÞ α15 α14 þ α7 D2 þ α3 D4 1 

d2 d3 d4 d5 d6

¼

α14 ¼ α11 α3

¼

α10 ¼ α8 α2

¼

α2 ¼ α7 α10

¼

α5 ¼1 α5

¼

Example 8 This is the continuation of Example 6. Errata locator polynomial 
 L~ðDÞ ¼ LðDÞL∗ ðDÞ ¼ 1 þ α10 D þ α8 D2 þ 0D3 þ α14 D4
 1 þ α9 D þ αD2 þ α14 D3 ¼ 1 þ α13 D þ α2 D2 þ α4 D3 þ α14 D4 þ α11 D5 þ D6 þ α13 D7

α9 ¼1 α9

214

5 Decoding RS and BCH Codes (Part 2)

Its derivative ∂L~ðDÞ ¼ α13 þ α4 D2 þ α11 D4 þ α13 D6 Error evaluator polynomial (already computed in Example 6) EðDÞ ¼ 0 þ α9 D þ α5 D2 þ α5 D3 þ α12 D4 þ αD5 þ α11 D6 Now, we have to evaluate ∂LE∗ðDðDÞ Þ at α, α6, α10, α14 (the roots of L(D)) to find the errors in the first, sixth, tenth, and fourteenth received symbols, and at α3, α13, α15 to find the errors at the positions flagged by, say, the demodulator. These are the results EðαÞ α7 ¼ 7¼1 ∗ ∂L ðαÞ α Eðα14 Þ α2 ¼ ¼ α3 ∂L∗ ðα14 Þ α14 E ð 1Þ α14 ¼ 13 ¼ α ∗ ∂L ð1Þ α

5.4


 E α6 α9 ∗ 6 ¼ 9 ¼ 1 ∂L ðα Þ α E ðα3 Þ α14 ¼ ¼α ∂L∗ ðα3 Þ α13

E ðα10 Þ α7 2 ∗ 10 ¼ 5 ¼ α ∂L ðα Þ α E ðα13 Þ α5 ¼ ¼1 ∂L∗ ðα13 Þ α5

The Euclidean Decoding Algorithm

From Section 5.2, we know that Eq. (5.12), together with conditions (5.8) and (5.9), has a solution. In fact, we have found the solution (the polynomials E(D) and L(D)) in Section 5.2. In this section, I explain a new method to find E(D) and L(D). The method is due to the Japanese engineer Yasuo Sugiyama and his coworkers, and originally was proposed to decode Goppa codes, named after Valery Goppa, a Russian mathematician. I present an elementary construction of Goppa codes in Appendix G to this chapter. The algorithm is reminiscent of the Euclidean algorithm used to find the greatest common divisor of two numbers and hence its name: Euclidean decoding algorithm. I’ll begin by recalling some facts already employed in Chapter 3. Namely aðDÞ  bðDÞ Imply

and

f ðDÞ  gðDÞ

5.4 The Euclidean Decoding Algorithm

215

aðDÞ þ f ðDÞ  bðDÞ þ gðDÞ And also, for any (D), we have cðDÞ f ðDÞ  cðDÞgðDÞ Therefore, we can write aðDÞ þ cðDÞf ðDÞ  bðDÞ þ cðDÞgðDÞ

ð5:17Þ

Equation (5.17) is valid for any modulo. To decode RS (and, of course, BCH codes), the chosen modulo is D2t. So, let’s apply (5.17) repeatedly, starting with the two following equalities D2t  0 t ðDÞ

ð5:18Þ

t ðDÞ  1t ðDÞ

ð5:19Þ

Now, divide D2t by t(D) obtaining a quotient, q1(D), and a remainder, r1(D). We have r 1 ðDÞ ¼ D2t þ t ðDÞq1 ðDÞ In view of (5.17), multiplying (5.19) by q1(D) and adding (5.18), we can write r 1 ðDÞ  ½0 þ q1 ðDÞt ðDÞ Or r 1 ðDÞ  l1 ðDÞt ðDÞ where l1 ðDÞ ¼ q1 ðDÞ Now we have three equations D2t  0 t ðDÞ t ðDÞ  1t ðDÞ r 1 ðDÞ  l1 ðDÞt ðDÞ To continue, do the same again: divide t(D) by r1(D), obtaining quotient q2(D) and remainder r2(D). That is,

216

5 Decoding RS and BCH Codes (Part 2)

r 2 ðDÞ ¼ t ðDÞ þ r 1 ðDÞq2 ðDÞ Then r 2 ðDÞ  ½1 þ q2 ðDÞl1 ðDÞt ðDÞ Or r 2 ðDÞ  l2 ðDÞt ðDÞ where l2 ðDÞ ¼ 1 þ q2 ðDÞl1 ðDÞ The next equation is r 3 ðDÞ  l3 ðDÞt ðDÞ where l3 ðDÞ ¼ l1 ðDÞ þ q3 ðDÞl2 ðDÞ The five equations we have obtained are D2t  0 t ðDÞ t ðDÞ  1t ðDÞ r 1 ðDÞ  l1 ðDÞt ðDÞ r 2 ðDÞ  l2 ðDÞt ðDÞ r 3 ðDÞ  l3 ðDÞt ðDÞ Call r0 the degree of t(D), r1 the degree of r1(D), and so on. We have r0 > r1 > r2 > r3 . . . . . . Remark To produce polynomial equalities like the above, we could have utilized any factors ( f1(D), f2(D) . . . . . .) instead of q1(D), q2(D) . . . . . . but by choosing the quotients we can guarantee that the degrees of the polynomials r1(D), r1(D), r1(D). . . decrease, which is the key reason for the algorithm to work. Polynomials ri(D) and li(D) satisfy Eq. (5.12). But, to find the solution to our problem, we have to make sure that we stop when both conditions (5.8) and (5.9) are also satisfied. To satisfy condition (5.8), we have to stop when

5.4 The Euclidean Decoding Algorithm

217

  d r i < t þ floor 2 Since the sequence of degrees is decreasing, this will eventually happen, and will continue to happen for all subsequent iterations. Which i should we choose? The answer is: choose the first i that satisfies Eq. (5.8). Call h that value of i. To prove that we have to stop at h, I’ll use the following equality li ¼ 2t  r i1

ð5:20Þ

where li is the degree of li(D). (I prove (5.20) at the end of this section) Now, if we stop at any i  h + 1 we have r i1

  d < t þ floor 2

Thus, we can write  

    d d d li ¼ 2t  r i1 > 2t  t þ floor ¼ t  floor  t  ceil 2 2 2 That is li > t  ceil

  d 2

contravening Eq. (5.9). In summary, we have only one possibility to satisfy conditions (5.8) and (5.9): we cannot stop before h (otherwise (5.8) doesn’t hold true) and we cannot stop after h (otherwise (5.9) is not satisfied). h is the only value that satisfies both conditions. Therefore EðDÞ ¼ rh ðDÞ

and

LðDÞ ¼ lh ðDÞ

Remark Can r0 be less than t + floor(d/2)? Yes, it can, and when this happens we have to stop there, that is: without even doing the first division! In this case, we have E ðDÞ ¼ t ðDÞ and

Lð D Þ ¼ 1

which means that there are no errors, and therefore r0 < d, not only r0 < t + floor(d/2). (Notice that t + floor(d/2) is always greater than or equal to d. Indeed, since t  ceil(d/2),

218

5 Decoding RS and BCH Codes (Part 2)

then t + floor(d/2)  ceil(d/2) + floor(d/2) ¼ d). The next example illustrates this case. Example 9 This is Case 3 (Only erasures) of Example 14 in Chapter 4. The received word is 

α 0 0 0 0 α2 1 α13 α2 α9 α9 0∗


4 ∗ 6 13 α α α

There are two erasures. There may be up to two errors without exceeding the error capability of the code, but we don’t know whether there are errors or not. The syndrome is (α10 1 α13 α8 1 1). The erasure polynomial is

 L∗ ðDÞ ¼ 1 þ α3 D 1 þ α2 D ¼ α5 D2 þ α6 D þ 1 The modified syndrome polynomial is


 t ðDÞ ¼ R6 ½sðDÞL∗ ðDÞ ¼ R6 D5 þ D4 þ α8 D3 þ α13 D2 þ D þ α10
5 2  α D þ α6 D þ 1 ¼ α4 D þ α10

deg t (D) = 1 < t + floor (d / 2) = 4 STOP! Therefore, there are no errors, and E(D) ¼ t(D) ¼ α4D + α10. Observe that degt(D) is also less than d ¼ 2. The function ri is only defined at i ¼ 0 (see Fig. 5.1a). In the next example we need to iterate to find the error evaluator and error locator polynomials. Example 10 For this example, the code is the (15, 7) RS code capable of correcting 4 errors. The error vector is 
∗ ∗ ∗ 1 0 0 0 α5 0 0 0 0 α2 1 α

0 0 0

The syndrome polynomial is sðDÞ ¼ 0D7 þ α14 D6 þ D5 þ α7 D4 þ α7 D3 þ α8 D2 þ α7 D þ α4 The erasure locator polynomial is


 t ðDÞ ¼ 1 þ α5 D 1 þ α4 D 1 þ α3 D ¼ α12 D3 þ α2 D2 þ α13 D þ 1 The modified syndrome polynomial is

5.4 The Euclidean Decoding Algorithm Fig. 5.1 The function ri for Examples 9 and 10 (a) t ¼ 3, d ¼ 2, e ¼ 0. ri is only defined at i ¼ 0 (b) t ¼ 4, d ¼ 3, e ¼ 2

219

ri

4 3 2

d=2

1 STOP 1

2

3

i

4

a) t=3, d=2, e=0. ri is only defined at i=0 ri 7 6 5 4 3 STOP

2 1

1

2

3

4

i

b) t=4, d=3, e=2 t ðDÞ ¼ α3 D7 þ α13 D6 þ α7 D5 þ α14 D4 þα12 D3 þ α12 D2 þ α12 D þ α4 The degree of t(D) is greater than t + floor(d/2) ¼ 5. Therefore, the word has some errors and we have to proceed iteratively to find E(D) and L(D). At each step we have a dividend, a divisor, a quotient, and a remainder.

220

5 Decoding RS and BCH Codes (Part 2)

Step 1 Dividend D8 Divisor t ðDÞ ¼ α3 D7 þ α13 D6 þ α7 D5 þ α14 D4 þ α12 D3 þ α12 D2 þ α12 D þ α4 Remainder

r 1 ðDÞ ¼ α8 D6 þ α10 D5 þ α5 D4 þ α14 D3 þ α14 D2 þ D þ α11

Quotient q1 ðDÞ ¼ α12 D þ α7 Step 2

Dividend t (D) = a 3 D7 + a 13D6 + a 7D5 + a 14D4 + a 12D3 + a 12D2 + a 12 D + a 4 Divisor

r 1 (D) = a 8 D6 + a 10D5 + a 5D4 + a 14D3 + a 14D2 + D + a 11

Remainder r 2 (D) = a 3 D3 + a 8D2 + a 9D + a 2 r2 = 3 < 5

STOP!

Quotient q 2 (D) = a 10 D + a 14 Remark As said, when we stop we always have   d r h1  t þ floor 2 But, when d is odd (as in this example), rh  1 has to be greater than t þ floor
 It cannot be equal to t þ floor d2 . In fact, if r h1

  d ¼ t þ floor 2

we have 

lh ¼ 2t  r h1

      d d d ¼ 2t  t þ floor ¼ t  floor > t  ceil 2 2 2

which, again, is a contradiction. Therefore, when d is odd r hi

  d > t þ floor 2

Or r hi

    d d  t þ floor þ 1 ¼ t þ ceil 2 2


d  2 ;

5.4 The Euclidean Decoding Algorithm

221

Thus r h1  r h  t þ ceil

     

d d d  r h > t þ ceil  t þ floor ¼1 2 2 2

Or r h1  r h  2 which is what happens in this example, since r1  r2 ¼ 6  3. The function ri is represented in Fig. 5.1b. Back to the decoding, we have EðDÞ ¼ r2 ðDÞ ¼ α3 D3 þ α8 D2 þ α9 D þ α2 It only remains to find L(D). We know LðDÞ ¼ l2 ðDÞ Once q1(D) . . . q1(D) have been computed, the polynomials li(D) can be obtained iteratively using the formula li ðDÞ ¼ li2 ðDÞ þ qi ðDÞli1 ðDÞ with l2 ðDÞ ¼ 0 and l1 ðDÞ ¼ 1 In this example, we have l1 ðDÞ ¼ q1 ðDÞ ¼ α12 D þ α7 l2 ðDÞ ¼ 1 þ ðα10 D þ α14 Þðα12 D þ α7 Þ ¼ α7 D2 þ α9 D þ α13 Thus LðDÞ ¼ α7 D2 þ α9 D þ α13 To finish this section, I prove that li + ri  1 ¼ 2t. Calling qi the degree of qi(D), from D2t ¼ t ðDÞq1 ðDÞ þ r 1 ðDÞ we obtain

222

5 Decoding RS and BCH Codes (Part 2)

2t ¼ r 0 þ q1 Moreover, from l1 ðDÞ ¼ q1 ðDÞ, we have l1 ¼ q 1

Thus, l1 ¼ 2t  r0. Similarly, from

t ðDÞ ¼ r 1 ðDÞq2 ðDÞ þ r 2 ðDÞ

and l2 ðDÞ ¼ 1 þ q2 ðDÞl1 ðDÞ

we can write r 0 ¼ r 1 þ q2

and

l2 ¼ q2 þ l1

Then l2 ¼ ðr 0  r 1 Þ þ ð2t  r 0 Þ ¼ 2t  r1 Now, we proceed by induction from li ðDÞ ¼ li2 ðDÞ þ qi ðDÞli1 ðDÞ and r i2 ðDÞ ¼ r i1 ðDÞqi ðDÞ þ r i ðDÞ Assuming li2 ¼ 2t  r i3

and li1 ¼ 2t  r i2

we have li ¼ maxfli2 ; qi þ li1 g ¼ maxf2t  r i3 ; r i2  r i1 þ 2t  r i2 g ¼ maxf2t  r i3 ; 2t  r i1 g ¼ 2t  ri1

5.5

Decoding Using the Discrete Fourier Transform (DFT)

To keep the presentation as simple as possible, I will explain this method using the (15, 9) RS code.

5.5 Decoding Using the Discrete Fourier Transform (DFT)

223

Once the word w ¼ ðw14 w13 w12 w11 w10 w9 w8 w7 w6 w5 w4 w3 w2 w1 w0 Þ is received, the first thing we do is to find its (partial) syndromes computing the scalar product of w by the rows of the matrix 0

α14

B 14 2 B ðα Þ B B ∗ B B B ∗ B B B ∗ @ ðα14 Þ

6

α13

α12 2

ðα13 Þ

ðα12 Þ

2

∗

∗

∗

α2

∗

∗

∗

ðα 2 Þ

2

α2

∗

ðα 2 Þ

6

α6

α

∗ ∗ ∗ 6

ðα13 Þ

ðα12 Þ

6

∗

∗

1

1

C 1C C ∗C C C ∗C C C ∗C A 1

The syndrome Si is given by
 X14
j w αi Si ¼ w αi ¼ j¼0 j As usual, call e the error vector ðe14 e13 e12 e11 e10 e9 e8 e7 e6 e5 e4 e3 e2 e1 e0 Þ For any value of i, define the expression
 X14 E i ¼ e αi ¼ e αij j¼0 j

ð5:21Þ

This infinite sequence is clearly periodic with period 15. Therefore, we only need its values for 0  i  14. For values of i out of this range, the subindex has to be interpreted modulo 15. Call E the vector ðE14 E 13 E12 E 11 E10 E 9 E 8 E 7 E 6 E5 E4 E3 E2 E 1 E 0 Þ What do we know about E? Since, for 1  i  6, Si ¼ w(αi) ¼ e(αi) ¼ Ei, the vector E is known in the range highlighted ðE14 E13 E 12 E 11 E10 E9 E8 E7 E6 E5 E4 E3 E2 E1 E 0 Þ And what do we know about e?

224

5 Decoding RS and BCH Codes (Part 2)

The only thing we know about e is that (at the most) only three of its components are nonzero. Remark As usual, we are assuming here that the error correction capability of the code has not been exceeded. Therefore, we have information in the “domain” of e called “the time domain” (the channel introduces errors one after the other “in time”) and in the “domain” of E, called “the frequency domain” for reasons I’ll explain later. With that partial information in both domains, I’ll show that the vector E can be found. But our goal is to find e, not E. So, let us see first how to obtain e from E.

5.5.1

Obtaining e from E

The fifteen Eq. (5.21) can be written in matrix form as E ¼ eA where the matrix A is the following 15 ∗ 15 matrix 0

ðα14 Þ

14

B B ðα14 Þ13 B B 14 12 B ðα Þ B B ∗ B B ∗ B B B ∗ B B ∗ B B B 14 i B ðα Þ B ∗ B B B ∗ B B B ∗ B B ∗ B B B ðα14 Þ2 B B 14 @ α 1

14

ðα13 Þ

∗

∗

∗

∗

∗

14

ðα j Þ

13

ðα j Þ

12

ðα j Þ

ðα13 Þ ðα13 Þ

∗

∗

∗

∗

14

α14

13

α13

12

α12

ðα2 Þ

13

ðα2 Þ

12

ðα2 Þ

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

13 i

2 i

j i

ðα Þ

ðα Þ

ðα Þ

αi

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

2

ðα13 Þ α13 1

∗

∗

∗

∗

∗

ðα j Þ αj 1

2

2

∗

∗

∗

∗

ðα2 Þ α2 1

α2 α 1

1

1

C 1C C C 1C C ∗C C C ∗C C ∗C C C ∗C C C 1C C ∗C C ∗C C C ∗C C ∗C C C 1C C C 1A 1

Clearly, the matrix A has an inverse (it is Vandermonde). Therefore, we can write e ¼ EA 2 1 Then, e can be computed from E knowing A1.

ð5:22Þ

5.5 Decoding Using the Discrete Fourier Transform (DFT)

225

To compute the inverse of a matrix is a laborious task when the dimension is large. However, in this case it is very easy.  Given any matrix, M ¼ (mij), we know that, in general, we cannot say that M 1 ¼ m1 . However, for the matrix A, this ij is what happens! ~ the matrix with components a~ij ¼ a1 . Call A ij The row i of A(starting the count from below) is


α14i α13i . . . . . . α2i αi 1



~ (starting the count from the right) is The column j of A


α14j α13j . . . . . . α2j αj 1



The scalar product of the above two vectors is α14ðijÞ þ α13ðijÞ þ    þ α2ðijÞ þ αij þ 1 ¼

14 X

αðijÞk

ð5:23Þ

k¼0

For j ¼ i, the value of (5.23) is 1. ðijÞ15 þ1 For j 6¼ i, the value of (5.23) is αα ji þ1 ¼ 0 (geometric progression). 1 ~ We conclude that A ¼ A , as claimed. Thus, using (5.22), we have ej ¼

14 X

E i αij

ð0  j  14Þ

ð5:24Þ

i¼0

Defining E(D) as E14 D14 þ E14 D14 þ    þ E 2 D2 þ E 1 D þ E 0 Equation (5.24) can be also written as (compare to (5.21))
 e j ¼ E αj

ð5:25Þ

Thus, we can obtain e from E using the serial Chien search introduced in Chapter 4. The circuit is in Fig. 5.2. The 15 cells are loaded with the vector E, and the outputs of the circuit are

226

5 Decoding RS and BCH Codes (Part 2)

E0

α

α2

E1

E2

...

α13

α14

E13

E14

E(α)=e14 First output E(α2)=e13

... E(α14)=e1 E(1)=e0

Last output

Fig. 5.2 Finding the errors using the Chien search

E0 E1 … E13 E14

0

0

0

0

... α14

1

Final state:

α2

α

RD+1{E(D)} E(1)

RD+α14{E(D)} E(α14)=E(α-1)

RD+α2{E(D)} E(α2)=E(α-13)

RD+α{E(D)} E(α)=E(α-14)

e0

e1

e13

e14

Fig. 5.3 Finding the errors dividing by D + αi


 EðαÞ ¼ E α15 α14 ¼ E ðα14 Þ ¼ e14
 Eðα2 Þ ¼ E α15 α13 ¼ Eðα13 Þ ¼ e13 ... ... ... ... ... ... ...
 Eðα14 Þ ¼ E α15 α1 ¼ Eðα1 Þ ¼ e1
15 
15 0  E α ¼E α α ¼ E ð 1Þ ¼ e 0

At the first tick At the second tick ... ... ... ... At the fourteenth tick At the last tick

Since
 E αj ¼ RDþαj fEðDÞg e can also be computed with the circuit shown in Fig. 5.3, used in Chapter 4 to find the partial syndromes.

5.5 Decoding Using the Discrete Fourier Transform (DFT)

227

Summarizing: The pair of vectors e and E are related by (5.21) and (5.24) as indicated below e

E

ei ¼

14 X

E j αij

Ei ¼

j¼0

14 X

e j αij

j¼0

This type of relations, although in the complex field and with a few minor modifications, appeared in Digital Signal Processing to compute the Fourier transform, E( f ), of a time signal, e(t). Hence the name “frequency domain” given before to the vector E. Eqs. (5.21) and (5.24) are called a Discrete Fourier Transform pair.

5.5.2

How to Compute E

Let’s see now how to compute E from the fragmented information we have in both domains. First, “define” the error locator polynomial LðDÞ ¼ L3 D3 þ L2 D2 þ L1 D þ 1 as a polynomial whose roots indicate the positions of the errors. We represent the locator polynomial as the vector L ¼ ð0 0 0 0 0 0 0 0 0 0 0 L3 L2 L1 L0 Þ ðL0 ¼ 1Þ Call l the transform of L in the time domain. Then, we have lj ¼

14 X


 Li αij ¼ L αj

i¼0

The vector l is zero in the positions where the errors occur. If, for instance, the three errors are located in the indicated positions ð0 0 0 0 e10 0 0 0 0 0 0 e3 e2 0 0Þ we have

 L α5 ¼ 0 L α12 ¼ 0 And, according to (5.26)


 L α13 ¼ 0

ð5:26Þ

228

5 Decoding RS and BCH Codes (Part 2)


 l10 ¼ Lðα10 Þ ¼ L α5 ¼ 0 l3 ¼ Lðα3 Þ ¼ Lðα12 Þ ¼ 0 l2 ¼ Lðα2 Þ ¼ Lðα13 Þ ¼ 0 Therefore, l looks like this ðl14 l13 l12 l11 0 l9 l8 l7 l6 l5 l4 0 0 l1 l0 Þ Place e below l ð0 0 0 0 e10 0 0 0 0 0 0 e3 e2 0 0Þ Observe that the vector g ¼ el ¼ ðe14 l14 e13 l13 . . .

. . . e2 l2 e1 l1 e0 l0 Þ

is the zero vector. Call G the frequency transform of g. The vector G can be obtained from L and E. Here is how Gi ¼

14 X

L j Eij

ð0  i  14Þ

ð5:27Þ

j¼0

This operation is called the circular convolution of E and L and it is represented as G ¼ Lð∗ÞE The name circular comes from the fact that the subindex i  j in (5.27) must be interpreted modulo 15. The proof of (5.27) follows Gi ¼

14 X gk αik k¼0

14 X ¼ ek lk αik k¼0 ! 14 14 X X kj ¼ ek L jα αik j¼0 k¼0 ! 14 14 X X ¼ Lj ek αkðijÞ j¼0

k¼0

14 X ¼ L j Eij j¼0

5.5 Decoding Using the Discrete Fourier Transform (DFT) i=4

229

i=5

i=6

E1

E1

E1

E2

L3 L2

E2 L3

E3

L1 1

E2 E3

L2 L1

E4

L3 L2

E4

1

L1

E5

1

E5

E6

E5

E6

E4+L1E3+L2E2+L3E1=0

E6

E5+L1E4+L2E3+L3E2=0

E6+L1E5+L2E4+L3E3=0

Fig. 5.4 Finding L1, L2, L3 using E1, E2, E3, E4, E5, E6 i=8

i=7

i=15

E3 E12

E3 L3

E4

E4 L3

L1

L2

E5

1

1

Computing E7

E8

E7

Computing E8

E2

L1 1

E3

L3

E4 E5

E10

E6

E6 E7

L2

E11

E5

L1

E1

E13

E2

E2

L2

E0

E14

E1

E1

E6

E9

...

E8

E7

Computing E0

Fig. 5.5 Finding E7, E8 . . . E0 using L1, L2, L3

Since G ¼ 0, we have Gi ¼ 0

For all i

ð5:28Þ

Figures 5.4 and 5.5 represent some of the equations in (5.28): Fig. 5.4, for i ¼ 4, 5 and 6; Fig. 5.5, for i ¼ 7 to 15 (Recall, E15 ¼ E0). The inner circle rotates inside the fixed outer circle as table trays seen in Chinese restaurants. In Fig. 5.4, using E1, E2, E3, E4, E5, E6 we compute L1, L2, L3. In Fig. 5.5, after L1, L2, L3 have been found, the computation of E7, E8, E9, E10, E11, E12, E13, E14, E0 follows. These two figures may further justify the name circular given to the convolution. Example 11 The word
 w ¼ α11 α 1 α2 α α5 α2 α3 α7 α9 α10 α9 0 1 α10

230

5 Decoding RS and BCH Codes (Part 2)

is the corrupted version of a codeword generated by a (15, 7) RS coder. The code can correct 4 errors. The erroneous positions are highlighted, but (of course!) this is not known to the receiver. The number of partial syndromes is 8. Their values are: S1 ¼ wðαÞ ¼ α6 S4 ¼ wðα4 Þ ¼ α3

S2 ¼ wðα2 Þ ¼ α9 S3 ¼ wðα3 Þ ¼ α7

 S5 ¼ w α5 ¼ α6 S6 ¼ w α6 ¼ α4

S7 ¼ wðα7 Þ ¼ 1 S8 ¼ wðα8 Þ ¼ α3 Now, we need to find the number of errors 0

α6

B 9 Bα Δ4 ¼ B B 7 @α α

3

α9

α7

α

α

3

α

α

6

α

α4

7 3 6

α3

1

C α C C¼0 C α4 A 6

0

α9

α6

B Δ3 ¼ @ α9 α7

1

α7

1

α7

C α3 A ¼ α9 6¼ 0

α3

α6

Therefore, there are only 3 errors. We obtain L1, L2, L3 from S1, S2, S3, S4, S5, S6 as indicated graphically in Fig. 5.4, that is: solving the (by now well known) system of equations 0

α6

B 9 @α α7

α9

α7

10

L3

1

0

α

1

α7

CB C B C α3 A@ L2 A ¼ @ α6 A

α3

α6

α4

L1

The solution is L3 ¼ α12

L2 ¼ 0

L1 ¼ 0

E7 and E8 are known. Thus, we only need to compute the values of E9, E10, E11, E12, E13, E14, E0 as shown in Fig. 5.5. Below, I have represented the outer circle using a straight line (starting at E1 ¼ S1 ¼ α6 and ending at E0). The other lines are the different positions of the inner circle as it rotates (“1” points to the symbol we want to compute) α6

α9

α7

α3

α6

α4 α12

1 0 α12

α3 0 0 α12

E9 1 0 0 α12

E10 1 0 0 α12

E 11

1 0 0 α12

E 12

E13

E 14

E0

1 0 0 α12

1 0 0

1 0

1

5.5 Decoding Using the Discrete Fourier Transform (DFT)

231

E9 can be computed as follows α4 α12 þ 0 þ 0 þ E9 ¼ 0 Therefore, E9 ¼ α. The other Ei can be calculated analogously. The resulting vector is
 E ¼ α12 α9 α13 1 α12 α α3 1 α4 α6 α3 α7 α9 α6 α10 The vector e is obtained from E using (5.25) (or Fig. 5.2). The result is
 e ¼ α 0 0 0 0 α2 0 0 0 0 1 0 0 0 0 Thus, the decoded codeword is
 ^v ¼ w þ e ¼ α6 α 1 α2 α α α2 α3 α7 α9 α5 α9 0 1 α10

5.5.3

Decoding with Erasures

The preceding ideas, with minor modifications and a few more calculations, can be extended to decode words that contain errors and erasures. This is explained in the next example. Example 12 The received word is 
∗ 7 9 10 9 w ¼ α11 α 1 α2 α α5 α2 α5 α α α α 0 1 0∗ As in Example 11, we want to compute E since e is obtained from it by the inversion formula. The partial syndromes are S1 ¼ wðαÞ ¼ α4 S4 ¼ wðα4 Þ ¼ α8 S7 ¼ wðα7 Þ ¼ α10

S2 ¼ wðα2 Þ ¼ α9 S3 ¼ wðα3 Þ ¼ α3

 S5 ¼ w α5 ¼ α14 S6 ¼ w α6 ¼ 1 S8 ¼ wðα8 Þ ¼ α2

Since there are 2 erasures, we know the maximum number of errors is 3. The positions of the erasures provide another piece of information: the erasure locator polynomial, L∗(D).

232

5 Decoding RS and BCH Codes (Part 2)


 L∗ ðDÞ ¼ α7 D þ 1 ðD þ 1Þ ¼ α7 D2 þ α9 D þ 1 The corresponding L∗ vector is
 L∗ ¼ 0 0 0 0 0 0 0 0 0 0 0 0 α7 α9 1 We obtain its time transform, l∗, using the Chien search. The result is
 l∗ ¼ α6 1 α4 α13 α6 α4 α12 0 α11 α13 α11 α12 α α 0
 ∗ 8 ∗ α ¼ 0 and l∗ Observe that l∗ 7 ¼L 0 ¼ L ð1Þ ¼ 0, as it should. Call l time transform of L, the vector corresponding to the error locator polynomial, L(D). l is unknown but its components are 0 at the positions where the errors occurred. This implies that the vector ~l ¼ ll∗ is 0 where errata are present. Therefore g ¼ e~l ¼ 0

and

G ¼ Eð∗ÞL~ ¼ 0

ð5:29Þ

e~l ¼ 0 can be written as ðel∗ Þl ¼ 0

or as

eð l ∗ l Þ ¼ 0

Inverting, we have fEð∗ÞL∗ gð∗ÞL ¼ Eð∗ÞfL∗ ð∗ÞLg ¼ 0 That is, the convolution operation is associative. ~ After that, Using {E(∗)L∗}(∗)L ¼ 0 we find L. Once L is known, we compute L. ∗ from E(∗){L (∗)L} ¼ 0 we obtain E. Finally, we invert to get e. Define F ¼ Eð∗ÞL∗ The vector F will play the role of a modified syndrome vector, and now we have Fð∗ÞL ¼ 0

ð5:30Þ

A similar expression to what we had before when we only had errors, namely E(∗)L ¼ 0.

5.5 Decoding Using the Discrete Fourier Transform (DFT)

233

We need to find “a few” symbols of F to compute L, as when knowing “a few” symbols of E in Example 11 (see Fig. 5.4) allowed us to calculate L. We have Fi ¼

14 X

∗ 9 7 L∗j E ij ¼ Ei þ L∗ 1 E i1 þ L2 E i2 ¼ E i þ α E i1 þ α E i2

j¼0

Since for 1  i  8, Ei ¼ Si, Fi can be computed for 3  i  8. Let’s find F3 F 3 ¼ S3 þ α9 S2 þ α7 S1 ¼ α3 þ α9 α9 þ α7 α4 ¼ α11 F4 to F8 are calculated analogously, and the results are F 4 ¼ α3

F 5 ¼ α9

F 6 ¼ α8

F7 ¼ 1

F 8 ¼ α6

Knowing those few components of F, we can find L using (5.30). The component i of F(∗)L is F i þ L1 F i1 þ L2 F i2 þ L3 F i3 ¼ 0 For i ¼ 6, we obtain F 6 þ L1 F 5 þ L 2 F 4 þ L3 F 3 ¼ 0 Or α8 þ α9 L1 þ α3 L2 þ α11 L3 ¼ 0 For i ¼ 7, the resulting equation is 1 þ α8 L1 þ α9 L2 þ α3 L3 ¼ 0 And for i ¼ 8 α6 þ L1 þ α8 L2 þ α9 L3 ¼ 0 This is the same system we found in Example 11 and the solution is L3 ¼ α12

L2 ¼ 0

L1 ¼ 0

Now compute L~ as the convolution of L∗ and L. We have

ð5:31Þ

234

5 Decoding RS and BCH Codes (Part 2)

L~i ¼

14 X

∗ ∗ L∗j Lij ¼ L∗ 0 Li þ L1 Li1 þ L2 Li2

j¼0

¼ Li þ α9 Li1 þ α7 Li2 Since Li ¼ 0 for i  4, then L~i ¼ 0 for i  6. The other values of L~i are L~5 ¼ L5 þ α9 L4 þ α7 L3 ¼ α7 L3 L~4 ¼ L4 þ α9 L3 þ α7 L2 ¼ α9 L3 þ α7 L2 L~3 ¼ L3 þ α9 L2 þ α7 L1

ð5:32Þ

L~2 ¼ L2 þ α9 L1 þ α7 L0 ¼ L2 þ α9 L1 þ α7 L~1 ¼ L1 þ α9 L0 þ α7 L1 ¼ L1 þ α9 L0 þ α7 L14 ¼ L1 þ α9 L~0 ¼ L0 þ α9 L1 þ α7 L2 ¼ 1 þ α9 L14 þ α7 L13 ¼ 1 Substituting in (5.32) the values given in (5.31), we obtain L~5 ¼ α4

L~4 ¼ α6 L~3 ¼ α12

L~2 ¼ α7

L~1 ¼ α9

The vector L~ is
 0 0 0 0 0 0 0 0 0 α4 α6 α12 α7 α9 1 Remark In polynomial form, L~ is L~ðDÞ ¼ α4 D5 þ α6 D4 þ α12 D3 þ α7 D2 þ α9 D þ 1 Observe that we can also obtain L~ðDÞ as the product of the two polynomials. L∗ ðDÞ ¼ α7 D2 þ α9 D þ 1

and

LðDÞ ¼ α12 D3 þ 1

We can now calculate E9, E10, E11, E12, E13, E14, E0 as we did in Example 11. α4

α9

α3

α8 α4

α14 α6 α4

1 α12 α6 α4

α10 α7 α12 α6 α4

α2 α9 α7 α12 α6 α4

E9 1 α9 α7 α12 α6 α4

E 10

E11

E 12

E 13

E 14

E0

1 α9 α7 α12 α6 α4

1 α9 α7 α12 α4

1 α9 α7 α4

1 α9 α4

1 α4

1

Appendix G: The Goppa Codes

E 9 ¼ α4 E 4 þ α6 E5

235

þ α12 E6 þ α7 E 7

þ α9 E8 ¼ α6

E 10 ¼ α4 E5 þ α6 E 6

þ α12 E 7 þ α7 E 8 þ α9 E9

¼ α2

E 11 ¼ α4 E6 þ α6 E 7

þ α12 E 8 þ α7 E 9 þ α9 E10 ¼ α7

E 12 ¼ α4 E7 þ α6 E 8

þ α12 E 9 þ α7 E 10 þ α9 E 11 ¼ α6

E 13 ¼ α4 E8 þ α6 E 9

þ α12 E 10 þ α7 E11 þ α9 E 12 ¼ α

E 14 ¼ α4 E9 þ α6 E 10 þ α12 E 11 þ α7 E12 þ α9 E13 ¼ α7 E 0 ¼ α4 E 10 þ α6 E 11 þ α12 E 12 þ α7 E 13 þ α9 E14 ¼ α11 Inverting
 E ¼ α7 α α6 α7 α2 α6 α2 α10 1 α14 α8 α3 α9 α4 α11 we finally obtain e
 e ¼ α 0 0 0 0 α2 0 α11 0 0 1 0 0 0 α10 The decoded codeword is
 ^v ¼ w þ e ¼ α6 α 1 α2 α α α2 α3 α7 α9 α5 α9 0 1 α10

Appendix G: The Goppa Codes The Multiplicative Inverse of a Polynomial To present these codes, I need to introduce the concept of multiplicative inverse of a polynomial. In Section 5.2 we learned that, given polynomials D2t and t(D) (the modified syndrome polynomial), the polynomial equation EðDÞD2t t ðDÞLðDÞ (together with some conditions on the degrees of E(D) and L(D)) has a solution. In Section 5.4 we found the solution using the Euclidean algorithm. I begin this appendix by considering a similar problem, namely: Given two polynomials, M(D) and A(D), with coefficients in a field, find other polynomial, B(D), such that A(D)B(D)M(D)1. The polynomial B(D) is called the multiplicative inverse of A(D) modulo M(D). The first question we should ask is if there is a solution to the problem. We’ll see that, contrary to what happens with the decoding problem, we don’t always have a solution. The solution only exits when M(D) and A(D) don’t have common factors.

236

5 Decoding RS and BCH Codes (Part 2)

Table 5.1 Product of binary polynomial modulo D3 + 1

∗

0

1

0

0

0

0

0

0

0

0

0

1

0

1

D

D+1

D2

D 2+ 1

D 2+ D

D 2+ D + 1

D

0

D

D2

D 2+ D

1

D+1

D 2+ 1

D 2+ D + 1

D+1

0

D+1

D 2+ D

D 2+ 1

D 2+ 1

D 2+ D

D 2+ 1

D2

0

D

1

D +1

D

D +D

D+1

D 2+ 1

0

D 2+ 1

D+1

D 2+ D

D 2+ D

D+1

D 2+ 1

D 2+ D

0

D 2+ D

D 2+ 1

D 2+ 1

D+1

D 2+ 1

D 2+ D

0

0

D +D+1

0

0

D +D+1

D 2+ 1

D 2+ D

D 2+ D + 1

D +D+1 2

0

D

2

D +D+1 D +D+1 2

2

D2

D+1

2

D 2+ 1

2

2

D 2+ D

D 2+ D + 1

0 D2

+D+1 0

2

Table 5.2 Product of binary polynomial modulo D3 + D + 1 ∗

0

1

D

D+1

D2

0

0

0

0

0

0

0

0

0

0

1

D

D+1

D2

D 2+ 1

D 2+ D

D 2+ D + 1

D

0

D

D2

D 2+ D

D+1

1

D+1

0

D+1

D 2+ D

D 2+ 1

D 2+ D + 1

D2

1

D+1

D 2+ D + 1

D

D 2+ 1

1

1

D2

1

0

D2

D 2+ 1

0

D 2+ 1

2+ D

0

D 2+ D

0

D 2+ D + 1

D2

D

D 2+ D + 1

D

2+ D + 1

D 2+ 1

1 D

D

2+ D

D D

2+ 1

1

D

D 2+ D + 1 D 2+ 1 D

D+1

D 2+ D

D+1

D

D2

D 2+ D

D2

D+1

2+ D + 1

Assuming this is the case, how can we find the solution? Before I continue, let’s consider two examples. In Table 5.1, we have the product, modulo D3 + 1, of binary polynomials of degree 2 or less. As we can see, only 1, D and D2 have inverses, in agreement with the fact that
 D3 þ 1 ¼ ðD þ 1Þ D2 þ D þ 1 In Table 5.2, the products are computed modulo D3 + D + 1. This polynomial is irreducible in F2 and, therefore, all binary polynomials of degree 2 have inverses modulo D3 + D + 1. Although represented in a different format, the table is the same as Table 3.1.

Appendix G: The Goppa Codes

237

To decide whether or not a polynomial A(D) has a multiplicative inverse modulo another polynomial M(D) we don’t need to construct the entire multiplication table, as the following example shows. Example 13 Given the polynomial A(D) ¼ D3 + α8D2 + α3D + α6, with coefficients in F16, we want to compute its inverse modulo M ðDÞ ¼ D4 þ α12 D3 þ α12 D2 þ α8 D þ α3 The first method I present requires some work, but it is the easiest to understand. First Method Say B(D) ¼ xD3 + yD2 + zD + w is the inverse (if it exits!) The following equation has to be satisfied



 xD3 þ yD2 þ zD þ w D3 þ α8 D2 þ α3 D þ α6 M ðDÞ 1

Multiplying both polynomials, we have p6 D6 þ p5 D5 þ p4 D4 þ p3 D3 þ p2 D2 þ p1 D þ p0 M ðDÞ 1

ð5:33Þ

where p6 ¼ x p5 ¼ α8 x þ y p4 ¼ α3 x þ α8 y þ z p3 ¼ α6 x þ α3 y þ α8 z þ w

ð5:34Þ

p2 ¼ α6 y þ α3 z þ α8 w p1 ¼ α6 z þ α3 w p0 ¼ α6 w From (5.33), we obtain
 RM ðDÞ p6 D6 þ p5 D5 þ p4 D4 þ p3 D3 þ p2 D2 þ p1 D þ p0 ð5:35Þ

¼ p6 RM ðDÞ D6 þ p5 RM ðDÞ D5 þ p4 RM ðDÞ D4 þ p3 D 3 þ p2 D 2 þ p1 D þ p0 ¼ 1 Dividing, we have RM ðDÞ D4 ¼ α12 D3 þ α12 D2 þ α8 D þ α3 RM ðDÞ D5 ¼ α8 D3 þ α12 D2 þ α11 D þ 1 RM ðDÞ D ¼ α D þ α D þ α D þ α 6

14

3

3

2

4

11

ð5:36Þ

238

5 Decoding RS and BCH Codes (Part 2)

Entering Eqs. (5.34) and (5.36) in Eq. (5.35), we obtain α5 x þ α7 y þ α9 z þ w ¼ 0 α12 x þ α8 y þ α10 z þ α8 w ¼ 0 α11 x þ α6 y þ α14 z þ α3 w ¼ 0 α10 x þ α12 y þ α3 z þ α6 w ¼ 1 The above system has a solution, namely x ¼ α8 ,

y ¼ α,

z ¼ α12 ,

w ¼ α2

Therefore, the inverse is α8D3 + αD2 + α12D + α2. Second Method The most common method to find the multiplicative inverse of a polynomial is to use the Euclidean algorithm. As we know, the degrees of the remainders in the Euclidean algorithm decrease as we iterate. But now, instead of stopping “somewhere in the middle” of the iteration, as we did when we computed E(D) and L(D), we continue iterating to the end, that is: until we obtain a remainder of degree zero, a number. This number can be zero or not. If the number is 0, the last divisor is a common factor of A(D) and M(D) (In fact, it clearly is the greatest common divisor of A(D) and M(D) up to a multiplicative constant). When this happens, A(D) does not have an inverse modulo M(D). If the number is different from zero, the two polynomials don’t have common factors and therefore, A(D) has an inverse. Using the Euclidean algorithm, the calculations for the previous example are the following Step 1 Dividend Divisor Remainder Quotient

D4 þ α12 D3 þ α12 D2 þ α8 D þ α3 D3 þ α8 D2 þ α3 D þ α6 α4 D2 þ α5 D þ α14 D þ α9

Dividend Divisor Remainder Quotient

D3 þ α8 D2 þ α3 D þ α6 α4 D2 þ α5 D þ α14 D þ α9 α11 D þ α6

Dividend Divisor Remainder Quotient

a 4D2 + a 5D + a 14 D + a9 a7 ≠ 0 a 4D + a 7

Step 2

Step 3

The inverse exits!

Appendix G: The Goppa Codes

239

To compute the inverse, we iterate using the quotients obtained before. In fact, both computations are carried out at the same time. Below, I focus on the right hand side of the equations, mimicking what I just did on the left side. M(D) ≡ 0 A(D) A(D) ≡ 1 A(D) r1(D) ≡ [0 + 1 (D +a 9)] A(D) ≡ (D + a 9) A(D) r2(D) ≡ [1 + (D + a 9) (a 11D +a 6)] A(D) ≡ (a 11D2 + a 9D) A(D) r3(D) ≡ [(D + a 9) +(a 11D2 + a 9D)(a 4D +a 7)] A(D) ≡ (D3 + a 8D2 + a 4D + a 9) A(D)

The last equation is

Or


 α7  D3 þ α8 D2 þ α4 D þ α9 AðDÞ


 1  α8 D3 þ α8 D2 þ α4 D þ α9 AðDÞ

Therefore, the multiplicative inverse of A(D) is BðDÞ ¼ α8 D3 þ αD2 þ α12 D þ α2

The Reed–Solomon Code Revisited In some special but important cases, the computation of the inverse can be performed much more easily. In fact, for binomials there is a close form expression to compute the inverse. Say we want to compute the inverse of D + a modulo M(D). As we know, for the inverse to exits, M(a) 6¼ 0. On the other hand, D + a is a factor of M(D) + M(a) (since a is a root of M(D) + M(a)). Therefore, M ðDÞ þ M ðaÞ Dþa is a polynomial. Now, we have ðD þ aÞðM ðaÞÞ1 Or

M ð D Þ þ M ð aÞ ¼ ðM ðaÞÞ1 M ðDÞ þ 1 Dþa

240

5 Decoding RS and BCH Codes (Part 2)

ðD þ aÞðM ðaÞÞ1

M ð D Þ þ M ð aÞ 1 Dþa

Thus, we can write ðD þ aÞ1 ¼ ðM ðaÞÞ1

M ðDÞ þ M ðaÞ Dþa

ð5:37Þ

Example 14 Working in the field F16, let us compute the inverse of D + αi (0  i  14) modulo D6. Notice that the inverse of D + αi exist, since the only root of D6 ¼ 0 is 0 6¼ αi. Using (5.37), we have


D þ αi

1


1 D6 þ α6i ¼ α6i D þ αi

A few cases follow i¼1


D6 þ α6 ¼ α9 α5 þ α4 D þ α3 D2 þ α2 D3 Dþα  þαD4 þ D5 ¼ α14 þ α13 D þ α12 D2 þ α11 D3 þ α10 D4 þ α9 D5

ðDþαÞ1 ¼ α6 i¼2 ðD þ α 2 Þ

1


D6 þ α12 ¼ α3 α10 þ α8 D þ α6 D2 þ α4 D3 2 D þ α þαD2 þ D5 ¼ α13 þ α11 D þ α9 D2 þ α7 D3 þ α5 D4 þ α3 D5

¼ α12

i ¼ 14
1
D6 þ α9 ¼ α9 ¼ α6 α10 þ α11 D þ α12 D2 þ α13 D3 D þ α14 14 Dþα  þ α14 D4 þ D5 ¼ α þ α2 D þ α3 D2 þ α4 D3 þ α5 D4 þ α6 D5 i ¼ 0 ðor 15Þ D6 þ 1
¼ 1 þ D þ D2 þ D3 ðD þ 1Þ1 ¼ Dþ1  þD4 þ D5 ¼ 1 þ D þ D2 þ D3 þD4 þ D5 The other inverses can be calculated similarly. I’ve written the six coefficients of the fifteen multiplicative inverses in a 6  15 matrix. The first column has the coefficients of (D + a 1)–1 ordered as follows: in the first row, the constant term, in the second row, the coefficient of D, and so on to the sixth row, where we have the coefficient of D5. The second column has the coefficients of (D + a 2)–1 likewise ordered. Continue the same way to the fourteenth and fifteenth columns, where we have, respectively, the coefficients of 1 (D + a 14)–1 and (D + a 15)–1 (that is, of (D + 1) ).

Appendix G: The Goppa Codes

0

α14

B 13 Bα B B 12 Bα B B 11 Bα B B α10 @ α9

241

α13

α12

α11

α10

α9

α8

α7

α6

α5

α4

α3

α2

α

α11

α9

α7

α5

α3

α

α14

α12

α10

α8

α6

α4

α2

α9

α6

α3

1

α12

α9

α6

α3

1

α12

α9

α6

α3

α7

α3

α14

α10

α6

α2

α13

α9

α5

α

α12

α8

α4

α5

1

α10

α5

1

α10

α5

1

α10

α5

1

α10

α5

α3

α12

α6

1

α9

α3

α12

α6

1

α9

α3

α12

α6

1

1

C 1C C C 1C C C 1C C 1C A

1 ð5:38Þ

Recall that, given the set of vectors of length n with elements in a finite field (words), to design a code is to choose a “screening” method that selects some of the words “upgrading” them to codewords. This is what we did when we “sifted” words using parity-check matrices. Those parity matrices were chosen carefully to achieve the level of error correction required. I present now a (seemingly) different way of screening. Here it is: Given words of length 15 with coefficients in F16, I select codewords using the following criterion: The word (w14 w13 . . . w1 w0) is a codeword if
1
1 w14 ðD þ αÞ1 þ w13 D þ α2 þ w12 D þ α3 þ 

 13 1 14 1 þ w2 D þ α þ w1 D þ α þ w0 ðD þ 1Þ1 ¼ 0 where the inverses are computed modulo D6. 14 X
21 The polynomial wi D þ αi is called the syndrome of the word, and the 0

codewords are the words of zero syndrome. The set of codewords is clearly a subspace due to the linearity of the screening method. Therefore, it can be characterized by a parity-check matrix. Let’s find one such matrix. 14 X
1 Let’s now compute the syndrome wi D þ αi . 0 14 X
1
 wi D þ αi ¼ w14 α14 þ α13 D þ α12 D2 þ α11 D3 þ α10 D4 þ α9 D5 0
 þw13 α13 þ α11 D þ α9 D2 þ α7 D3 þ α5 D4 þ α3 D5 þ .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . þ þw1
α þ α2 D þ α3 D2 þ α4 D3 þ α5 D4 þ α6 D5 þw0 1 þ D þ D2 þ D3 þ D4 þ D5

Or

242

5 Decoding RS and BCH Codes (Part 2)

ðw14 α14 þ w13 α13 þ    þ w1 α þ w0 Þ þ ðw14 α13 þ w13 α11 þ    þ w1 α2 þ w0 ÞD þ ðw14 α12 þ w13 α9 þ    þ w1 α3 þ w0 ÞD2 þ ðw14 α11 þ w13 α7 þ    þ w1 α4 þ w0 ÞD3
 þ w14 α10 þ w13 α5 þ    þ w1 α5 þ w0 D4
 þ w14 α9 þ w13 α3 þ    þ w1 α6 þ w0 D5 Observe the expressions in parenthesis are the scalar product of the word by the rows of matrix (5.38). Thus, matrix (5.38) is a parity-check matrix of the code. In fact, it is the parity-check matrix of the (15, 9) RS code considered in Chapter 3. Therefore, the only thing we have done is to characterize RS codes in a different way! If we restrict the codewords to be binary, the second, fourth, and sixth equations are redundant, and the number of information bits is k  15  4 ∗ 3 ¼ 3. In fact, we know k ¼ 5, the (15, 5) BCH code.

The Codes I will present the codes as a generalization of the screening method introduced before. (vn  1 . . . v1 v0) is a codeword of a binary Goppa code of length n if it satisfies the equation n1 X

vi ðD þ αi Þ1 ¼ 0

0

where • The multiplicative inverse is computed modulo a polynomial, g(D), of degree t and coefficients in F 2m . g(D) is called the Goppa polynomial of the code. • αn  1 . . . α1, α0 are elements of F 2m such that g(αi) 6¼ 0 (Otherwise the inverse of D + αi does not exit). The vector (αn  1 . . . α1α0) is called the support of the code. Remark The code is clearly linear. Therefore, it can be characterized by a paritycheck matrix that we’ll obtain later. If g(D) is irreducible over F2m , or the product of irreducible factors of degree greater than 1, none of the field elements are roots of g(D) and, thus, the length of the code can be 2m.

Appendix G: The Goppa Codes

243

Example 15 In this example, I explain how to find polynomials of degree 2 irreducible over F16. Without loss of generality, I’ll focus on monic polynomials, D2 + AD + B. If D2 + AD + B is not irreducible, it must have two roots, r1 and r2. Thus, we have A ¼ r1 þ r2

and

B ¼ r1 r2

If A ¼ 1, then B ¼ r1(1 + r1). When r1 takes all the values in F16, B only takes the following values: 0, 1, α, α2, α4, α5, α8, α10. Therefore, the other eight values of B provide irreducible polynomials. In particular, the polynomial D2 + D + α3 is irreducible over F16. The same happens when A ¼ αi (i ¼ 1 . . . 14), we again have 8 irreducible polynomials. For instance, for A ¼ α, one of them is D2 + αD + 1. In total, we have 8 ∗ 15 ¼ 120 irreducible monic polynomials. Any of those polynomials can be used to construct a Goppa code of length 16. Example 16 Let us construct a Goppa code using the following irreducible polynomial in F16 gðDÞ ¼ D2 þ αD þ 1 Since g(D) has no roots in F16, the length of the code can be 16. As support ðα15 α14 α13 . . . α2 α1 α0 Þ I choose the following vector


0 α14 α13 . . . α2 α 1



which is reminiscent of the ordering we used for RS and binary BCH codes (with a 0 attached at the leftmost position). Using the formula ðD þ aÞ1 ¼ ðgðaÞÞ1

gðDÞ þ gðaÞ Dþa

we compute the multiplicative inverse of D,D þ 1, D þ α . . . D þ α14 modulo D2 + αD + 1. The results of the computations are the following

244

5 Decoding RS and BCH Codes (Part 2)

D1 ¼ D þ α

ðD þ 1Þ1 ¼ α14 D þ α3

ðD þ αÞ1 ¼ D

ðD þ α2 Þ

1

ðD þ α3 Þ ¼ α4 D þ α13
1 D þ α5 ¼ α6 D þ α8

1

¼ α6 D þ α11

1

ðD þ α4 Þ ¼ α14 D þ α14
1 D þ α6 ¼ α7 D þ α3 1

ðD þ α7 Þ

1

¼ α2 D þ α

ðD þ α8 Þ

ðD þ α9 Þ

1

¼ α4 D þ α7

ðD þ α10 Þ

1

¼ αD þ α9

¼ αD þ α11

ðD þ α11 Þ

1

¼ α7 D þ α13

ðD þ α12 Þ

1

¼ α10 D þ α8

ðD þ α13 Þ

1

¼ α10 D þ α7

ðD þ α14 Þ

1

¼ α2 D þ α9

Codewords must satisfy the equation 1

1

v15 ðD þ 0Þ1 þ v14 ðD þ α14 Þ þ v13 ðD þ α13 Þ þ    1 þ v2 ðD þ α2 Þ þ v1 ðD þ αÞ1 þ v0 ðD þ 1Þ1 ¼ 0 Or v15 ðD þ
αÞ þ v14 ðα2 D þ α9 Þ þ v13 ðα10 D þ α7 Þ þ    þ v2 α6 D þ α11 þ v1 ðD þ 0Þ þ v0 ðα14 D þ α13 Þ ¼ 0 Thus, the scalar product of ðv15 v14 v13 . . . v2 v1 v0 Þ by the two rows of the (parity-check) matrix 1 α2 α10 α10 α7 α α9 α7

α α4

α

α8 α13 α9 α7 α11

α2 α7 α6 α14 α4

α6 1 α14

!

α α3 α8 α14 α13 α11 0 α3 ð5:39Þ

is zero. The two rows of (5.39) are LI. Thus, there are two LI columns. That doesn’t mean that any two columns are LI. But, we can check that they are. Therefore, this Goppa code is a double error detecting code. On the other hand, the degree of g(D) is 2. Can we generalize this fact and say that if g(D) is any polynomial of degree t the Goppa code is a t error-detecting code? The answer is affirmative and to prove it we need to analyze the structure of H.

Appendix G: The Goppa Codes

245

Fig. 5.6 A circuit to compute the quotient of the division by D + b

The Structure of the Parity-Check Matrix To avoid unnecessary complications in the notation, I assume that the degree of g(D) is 3. We want to show that the Goppa code detects three errors. To begin, suppose D + b divides D3 + a2D2 + a1D + a0, that is b 3 þ a2 b2 þ a1 b þ a0 ¼ 0 Then D3 þ a2 D2 þ a1 D þ a0 ¼ D 2 þ c1 D þ c0 Dþb where c 1 ¼ a2 þ b

and

c0 ¼ a1 þ bc1 ¼ a1 þ bða2 þ bÞ

The coefficients c1 and c0 can be obtained with the same circuit we used in Chapter 4 to find the remainder of the division by D + αi (see Fig. 5.6). Appling the above to g(D) + g(αi) and D + αi with

246

5 Decoding RS and BCH Codes (Part 2)

gðDÞ ¼ D3 þ g2 D2 þ g1 D þ g0 we obtain gðDÞ þ gðαi Þ ¼ D2 þ ðg2 þ αi ÞD þ ½g1 þ αi ðg2 þ αi Þ D þ αi Therefore ðD þ αi Þ1 ¼ ðgðαi ÞÞ1

gðDÞ þ gðαi Þ 1 g þ αi g þ αi ðg2 þ αi Þ D2 þ 2 Dþ 1 ¼ D þ αi gð α i Þ gðαi Þ gðαi Þ

The column corresponding to αi in the matrix H is 1 1 C B gð α i Þ C B C B 1 αi C B þ g 2 C B gðαi Þ gðαi Þ C B 2 A @ 1 αi α þ g2 þ i g1 gð α i Þ gðαi Þ gðαi Þ 0

The first row of H is 

1 1 1 ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ ∗ gðαn1 Þ gðαi Þ gðα0 Þ



The second row is the sum of two rows  R¼

αn1 gðαn1 Þ

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

αi gðαi Þ

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

α0 gðα0 Þ



and 

0

R ¼

g2

1 gðαn1 Þ

∗

∗

g2

1 g ðα i Þ

∗

∗

∗

∗

g2

1 g ðα 0 Þ



0

R is a multiple of the first row and can be eliminated. Similarly, the third row can be reduced to 

α2n1 gðαn1 Þ

∗

∗

∗

∗

∗

∗

∗

α2i gðαi Þ

∗

∗

∗

∗

∗

∗

α20 gðα0 Þ



Therefore, the computation of the matrix H is straightforward once all g(αi) have been found. The inverses of the binomials D + αi are, in fact, not needed!

Appendix G: The Goppa Codes

247

After eliminating the superfluous terms, the matrix H is 0

1 B gðαn1 Þ B B αn1 B B gð α Þ n1 B B @ α2 n1

gðαn1 Þ

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

1 gðαi Þ αi gðαi Þ α2i gðαi Þ

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

∗

1 1 gðα0 Þ C C α0 C C gðα0 Þ C C C 2 A α0 gðα0 Þ

The matrix has 3 rows, and any 3 columns are LI since any such 3 ∗ 3 matrix is, again!, a Vandermonde-like matrix. Thus, 3 errors can be detected, the same as the degree of g(D). The g(αi) can be easily computed using the Chien search method (see Example 17). Example 17 In Case 3 of Example 10 of Chapter 4, we came across a degree 3 polynomial with coefficients in F16 but without roots in this field. That polynomial is α14D3 + α4D2 + α2D + 1. Its monic version is gðDÞ ¼ D3 þ α5 D2 þ α3 D þ α We have g(0) ¼ α. The other values of g(D) can be obtained as indicated in Fig. 5.7. As support vector, I’ll use the same as in Example 16, namely


0 α14 α13 . . . α2 α 1



We need the values of g(D) at the support points





  gð0Þ g α14 g α13 . . . g α2 gðαÞ gð1Þ

From Fig. 5.4, we have


α 1 α3 α5 α6 α14 α10 α9 α9 α2 α10 α7 α9 α α α13



Then, the matrix H is easily computed 0

α14 @ 0 0

1 α14 α13

α12 α10 α8

α10 α7 α4

α9 α5 α

α α11 α6

α5 α14 α8

α6 α14 α7

And any three of its columns are LI.

α6 α13 α5

α13 α4 α10

α5 α10 1

α8 α12 α

α6 α9 α12

α14 α α3

α14 1 α

1 α2 α2 A α2

248

5 Decoding RS and BCH Codes (Part 2)

Fig. 5.7 Computation of g(αi) using the Chien search

Restriction to Binary Codewords Let’s focus now on the binary codewords of the (16, 14) double error detecting Goppa code obtained in Example 16. We did something similar in Chapter 3 when we defined BCH codes as the binary codewords of RS codes. In bits, the parity-check matrix is

Appendix G: The Goppa Codes

0

0

B B0 B B B0 B B B1 H¼B B0 B B B0 B B B1 @ 0

249

0

0 0

1

0

0 0

0

1

1

1 0

1

0

1

1 1

0

0

0 0

1

0

1

0 0

1

0

0

1 1

1

1

1 1

0

1

0

0 1

0

0

0

1 1

1

0

1 0

0

1

0

1 1

0

1

1

1 0

1

1

1 1

0

1

0

1 1

1

0

0

0 1

1

0

0 1

0

0

1

0 1

1

0

1

1 0

0

1

1 1

1

0

0

0 0

1

0

0

1 1

1

0

1 0

0

0

1

1 1

0

0

1

1

C 0C C C 0C C C 1C C 1C C C 0C C C 0C A 0

The systematic form of the above matrix is 0

H sys

1

B B1 B B B1 B B B0 ¼B B1 B B B0 B B B1 @ 0

0 0

1

1

0 0

1

1

0 0

0

0

0

1 0

0

1

1 1

1

0

1 0

0

0

0

0 0

1

0

1 1

1

0

0 1

0

0

0

1 0

1

1

1 0

1

0

0 0

1

0

0

1 1

1

0

0 0

0

0

0 0

0

1

0

1 1

1

1

1 1

0

0

0 0

0

0

1

0 1

0

1

0 1

1

0

0 0

0

0

0

1 1

1

0

0 1

1

0

0 0

0

0

0

0 0

1

C 0 0C C C 0 0C C C 0 0C C 0 0C C C 0 0C C C 1 0C A 0 1

Since the row rank of Hsys is 8, we have k ¼ n  r ¼ 16  8 ¼ 8 information bits. In cases when not all the rows are LI, k is greater. Thus, in general we have k  n  m ∗ t. The generator matrix is 1 B0 B B B0 B B0 B G¼B B0 B B0 B B @0

0 0 1 0

0 0

0 0

0 0

0 0 0 0

1 0

1 1

1 0 0 1

1 1

0 1

0 1 0 0

0 1

0 0

0 0

0 0 0 0

0 1

0 0

0 0 1 1

1 1

1 1

0 0

0

1

0

0 0

1

1

0 1

0

1

0 0 0 0

0 0

0 0

1 0

0 0 1 0

0 0

1 1

1 1 1 0

0 0

1 1

1 1 0 0 1C C C 1 1C C 0 1C C C 1 0C C 0 0C C C 1 1A

0

0 0

0

0

0

0 1

1

1

1 1

0

0

1 1

0

As an example, the codeword corresponding to the message

ð5:40Þ

250

5 Decoding RS and BCH Codes (Part 2)

ð 0 1 0 0 0 1 0 1Þ is ð 0 1 0 0 0 1 0 1 1 1 0 1 1 0 1 0Þ Remark For the (16, 14) Goppa code of Example 16, the codeword corresponding to the message ð 0 1 0 0 0 1 0 1 1 1 0 1 1 0Þ is also ð 0 1 0 0 0 1 0 1 1 1 0 1 1 0 1 0Þ Observe that there are binary codewords of weight 5 (the third row of G, for instance). On the other hand, the minimum weight of the binary codewords cannot be less than the minimum weight of all the words (which is 3) but can be greater. In fact, I prove at the end of this appendix that if gðDÞ ðof degree t Þ is irreducible over F 2m or The irreducible factors of gðDÞ have multiplicity 1

ð5:41Þ

then the weight of the binary Goppa codewords is at least 2t + 1 (not only t + 1). That is, the code can correct t errors, not only detect them, as the “mother” code! Thus, the binary code defined by the generator matrix in (5.8) is a (16, 8) double error correcting code. To finish this introduction to Goppa codes, I still have to prove that if the Goppa polynomial has degree t and satisfies the conditions (5.41), the binary code corrects at least t errors. First, three remarks: 1. Say we have a polynomial, p(D), of degree w. The degree of its formal derivative, 0 0 p (D), is less than the degree of p(D). Besides, the degree of p (D) is even, say 2u. Therefore: w > 2u. If, for instance, w ¼ 6 pðDÞ ¼ D6 þ a5 D5 þ a4 D4 þ a3 D3 þ a2 D2 þ a1 D þ a0 Then 0

p ðDÞ ¼ a5 D4 þ a3 D2 þ a1 That is, u ¼ 2. 2. If a polynomial, p(D), has only even exponents, it can be written as the square of another polynomial q(D).

Appendix G: The Goppa Codes

251

If pðDÞ ¼ D6 þ α6 D4 þ α13 D2 þ α5 Then

3 2 D þ α3 D2 þ α14 D þ α10 ¼ D6 þ α6 D4 þ α13 D2 þ α5 And qðDÞ ¼ D3 þ α3 D2 þ α14 D þ α10 3. If n divides N2, and the multiplicity of the prime factors of n is 1, then n also divides N. In fact, say n ¼ pe11 pe22 pe33 and N ¼ pE1 1 pE2 2 pE3 3 with pi prime, ei  1 and Ei  1 (i ¼ 1, 2, 3). That n divides N2 implies 2Ei  ei. But we cannot say that Ei  ei (that is, n divides N ) unless ei ¼ 1. For instance, 120 ¼ 23 ∗ 3 ∗ 5 divides 3600 ¼ 602 ¼ 24 ∗ 32 ∗ 52 but does not divide 60 ¼ 22 ∗ 3 ∗ 5. The same can be said about polynomials, replacing prime numbers by irreducible factors. The binary codewords of the Goppa code satisfy the equation n1 X

vi ðD þ αi Þ1 ¼ 0 ðvi is 0 or 1Þ

i¼0

Calling w the weight of the codeword, and ij (1  j  w) the w positions where vi ¼ 1, we can write w
X

D þ αi j

1

¼0

j¼1

Or w X j¼1

Consider the polynomial


 1 gð D Þ þ g α i j  ¼0 D þ αi j g αi j


ð5:42Þ

252

5 Decoding RS and BCH Codes (Part 2)

F ðDÞ ¼

w Y

ðD þ αik Þ

k¼1

The formal derivative of F(D) is F 0 ðD Þ ¼

w 1kw Y X j¼1

ðD þ αik Þ

ð5:43Þ

k6¼j

Now, multiply (5.42) by F(D) to obtain w X j¼1

Y
 1kw 1  gðDÞ þ g αi j ðD þ αik Þ ¼ 0 g αi j k6¼j


ð5:44Þ

The remainder of dividing (5.44) by g(D) is RgðDÞ

w 1kw X Y j¼1

ðD þ αik Þ ¼ 0

k6¼j

Or, according to (5.43), n 0 o RgðDÞ F ðDÞ ¼ 0 At this point, using Remarks 1–3 above, we can say 0

• F (D) only has even powers. Calling 2u its grade, we know that 2u < w (Remark 1) 0 • There is a polynomial, G(D), such that F (D) ¼ G2(D) (Remark 2) • Since, by assumption, the multiplicity of the irreducible factors of g(D) is 1, g(D) divides not only G2(D), but also G(D) (Remark 3) That g(D) (of degree t) divides G(D) (of degree u), implies t  u. Thus, 2t  2u < w. Or w  2t + 1. Therefore, the code corrects t errors. An example may further clarify all the above. Example 18 Refer to Example 16. The binary vector ð 0 1 0 0 0 1 0 1 1 1 0 1 1 0 1 0Þ Is a codeword of the Goppa code generated by gðDÞ ¼ D2 þ αD þ 1: The equation

Appendix G: The Goppa Codes

253 1

v15 ðD þ 0Þ1 þ v14 ðD þ α14 Þ þ v13 ðD þ α13 Þ þv1 ðD þ αÞ1 þ v0 ðD þ 1Þ1 ¼ 0

1

þ    þ v2 ðD þ α2 Þ

1

Becomes 1

1

1

ðD þ α14 Þ þ ðD þ α10 Þ þ ðD þ α8 Þ þ ðD þ α7 Þ 1 1 þðD þ α4 Þ þ ðD þ α3 Þ þ ðD þ αÞ1 ¼ 0

1


1 þ D þ α6

Using the expressions for the inverses given in Example 16, we can check that the sum of those eight inverses is indeed 0. We also have F ðDÞ ¼ ðD þ α14 ÞðD þ α10 ÞðD þ α8 ÞðD þ α7 Þ
 D þ α6 ðD þ α4 ÞðD þ α3 ÞðD þ αÞ Multiplying, we obtain F ðDÞ ¼ D8 þ α8 D7 þ α3 D6 þ α14 D5 þ α13 D4 þα3 D3 þ α10 D2 þ α11 D þ α8 The formal derivative is 0

F ðDÞ ¼ α8 D6 þ α14 D4 þ α3 D2 þ α11
2 ¼ α4 D3 þ α7 D2 þ α9 D þ α13 ¼ ½GðDÞ2 0

g(D) divides both F (D) and G(D). In fact, we have
 0 F ðDÞ ¼ α8 D4 þ α9 D3 þ α7 D2 þ α12 D þ α11 gðDÞ GðDÞ ¼ ðα4 D þ α13 ÞgðDÞ

Chapter 6

Polynomial and Cyclic Codes

6.1

Polynomial Codes and the Syndrome Polynomial

The codewords of a polynomial code are multiples of a given polynomial, g(D), called the generator polynomial of the code. Thus, polynomial codes are a subfamily of the linear codes. Examples of polynomial codes are the RS and BCH codes introduced in Chapter 3. In this chapter, I analyze in some detail binary polynomial codes due to their importance in practice. Nonetheless, I also include some questions related to RS codes. Consider a polynomial code with generator polynomial gðDÞ ¼ Dr þ gr1 Dr1 þ    þ g1 D þ g0 The codeword v(D) corresponding to the message uðDÞ ¼ uk1 Dk1 þ    þ u1 D þ u0 is vðDÞ ¼ uðDÞDr þ RgðDÞ fuðDÞDr g Clearly, Rg(D)v(D) ¼ 0. The code generated is a (k + r, k) code. When the channel introduces errors, we receive w(D) ¼ v(D) + e(D). Then, for “polynomial by birth” codes, the natural error indicator is σ ðDÞ ¼ RgðDÞ wðDÞ ¼ RgðDÞ eðDÞ σ(D) is called the syndrome polynomial (Not to be confused with the syndrome polynomial of Chapter 5).

© Springer Nature Switzerland AG 2019 E. Sanvicente, Understanding Error Control Coding, https://doi.org/10.1007/978-3-030-05840-1_6

255

256

6 Polynomial and Cyclic Codes

As said, RS and BCH codes are also polynomial codes, but (at least in this book) they were “born” differently, namely: by a selection process carried out by parity-check matrices. Thus, for them we also have the vector of (partial) syndromes S ¼ (S1 S2 S3 S4S5 S6). Both, S and σ(D) are different, but they must be somehow related and given one we must be able to obtain the other. I analyze this question in Section 6.5. Many times, polynomial codes are used for detection. Then, the generator polynomial g(D) has to satisfy σ ðDÞ ¼ RgðDÞ eðDÞ 6¼ 0

ð6:1Þ

for the error patterns we want to detect. When the code is used for correction, all syndrome polynomials corresponding to the error patterns we want to correct must be different σ i ðDÞ ¼ RgðDÞ ei ðDÞ 6¼ RgðDÞ e j ðDÞ ¼ σ j ðDÞ

ð6:2Þ

In Sections 6.10, 6.11 and 6.12, I analyze how to choose g(D) to satisfy (6.1) or (6.2) in some cases of interest. But before I dwell on that I want to point out a condition the generator polynomial has to satisfy, namely: g0 6¼ 0 (or g0 ¼ 1, for binary codes). Remark The generator polynomials of the RS and BCH codes presented in Chapter 3 satisfy the above condition. Let’s see what happens if the condition is not fulfilled. Suppose, to consider an example, that we use the polynomial gðDÞ ¼ D5 þ g4 D4 þ g3 D3 þ g2 D2 þ D to generate a (7, 2) code. Since v(D) must be a multiple of g(D), we have
 vðDÞ ¼ M ðDÞ D5 þ g4 D4 þ g3 D3 þ g2 D2 þ D
 ¼ M ðDÞD D4 þ g4 D3 þ g3 D2 þ g2 D þ 1 where M(D) is a polynomial of degree 1. This implies that v0 ¼ 0 for all codewords. Therefore, we can eliminate v0. Similarly, if g1 ¼ g0 ¼ 0, then v1 and v0 are superfluous. Example 1 The four codewords of the (7, 2) polynomial code generated by gðDÞ ¼ D5 þ g4 D4 þ g3 D3 þ D2 are (information, highlighted)

6.2 Computation of the Syndrome Polynomial







257

0

0

0

0

0

0

0

0

1

g4

g3

1

0

0

1

0

g3 þ g4

1 þ g3 g4

g4

0

0

1

1

g3

g3 ð 1 þ g4 Þ þ 1

1 þ g4

0

0

  

ð6:3Þ



The (5, 2) code consisting of the following four codewords







0

0

0

0

0

0

1

g4

g3

1

1

0 g3 þ g4

1 þ g3 g4

g4

1

1

g3 ð 1 þ g4 Þ þ 1

1 þ g4

g3

 ð6:4Þ

 

has the same minimum weight as the code in (6.3) and therefore the same error detection/correction capability with only 3 parity checks. The code in (6.4) is generated by the polynomial gðDÞ ¼ D3 þ g4 D2 þ g3 D þ 1

6.2

Computation of the Syndrome Polynomial

To illustrate the method, say n ¼ 15, r ¼ 6, k ¼ 9. The polynomial σ(D) has degree 5 and can be computed as follows
 σ ðDÞ ¼ RgðDÞ wðDÞ ¼ RgðDÞ w14 D14 þ    þ w6 D6 þ w5 D5 þ    þ w1 D þ w0 ¼ w14 RgðDÞ D14 þ    þ w6 RgðDÞ D6 þ w5 D5 þ    þ w1 D þ w0 The circuit in Fig. 6.1 mechanizes the calculation of the above expression. Observe that this circuit has the same structure than the circuit in Fig. 4.4 that computes wðαÞ ¼ RDþα wðDÞ To prove that σ(D) can be obtained as indicated in Fig. 6.1, we have to see that when the input is

258

6 Polynomial and Cyclic Codes

w (D )

0

0

g0

0 g1

σ0

0

g2

σ1

0 g3

σ2

σ3

g4

σ4

Fig. 6.1 A shift register to compute σ(D)

ð 0 . . . . . . 0 w i 0 . . . . . . 0Þ the final state of the register is wiRg(D)Di. This clearly happens for i  5, since wi RgðDÞ Di ¼ wi Di For other values of i, observe that when we input

(1 0 0 0 0 0 0) in the register in Fig. 6.1 and

1 in the register in Fig. 3.10 we end up with the same content in the register, namely ðg0 g1 g2 g3 g4 g5 Þ or


 RgðDÞ D6

ðin polynomial formÞ

Therefore, the final states turned out by these two inputs

(0 0 0 0 0 0 0 0 1) in Fig. 3.10 and

(0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 ) in Fig. 6.1 are both equal to Rg(D)D6. Thus, the input

0 g5

σ5

6.3 Cyclic Codes

259

(0 0 0 0 0 0 0 0 w6 0 0 0 0 0 0 ) produces w6Rg(D)D6 as claimed. The same occurs in other cases. Say, i ¼ 14, for instance.

Input (1 0 0 0 0 0 0 0 0) in Fig. 3.11 Input (1 0 0 0 0 0 0 0 0 0 0 0 0 0 0) in Fig. 6.1 The final state of both registers is clearly the same. From Fig. 3.11, we know the state is R8 ðDÞ ¼ RgðDÞ D14 Then

(w14 0 0 0 0 0 0 0 0 0 0 0 0 0 0) gives w14Rg(D)(D14)

6.3

Cyclic Codes

Say v ¼ (vn  1vn  2 . . . v1v0) is a codeword of a linear code. Shifting cyclically the codeword one position to the left, we obtain the word ~ v1 = (vn−2 ... v1 v0 vn−1). If, for any v, this word is a codeword, any cyclic shift by any number of positions to the left (or to the right!) is also a codeword. In this case, the linear code is called a cyclic code. Cyclicity imposes an additional condition on the generator polynomial. Representing v~1 as a polynomial, we have v~1 ðDÞ ¼ DvðDÞ þ vn1 ðDn þ 1Þ If the code is cyclic, we can write RgðDÞ v~1 ðDÞ ¼ 0 But RgðDÞ v~1 ðDÞ ¼ RgðDÞ f DvðDÞ þ vn1 ðDn þ 1Þg ¼ RgðDÞ fDvðDÞg þ vn1 RgðDÞ ðDn þ 1Þ   ¼ RgðDÞ DRgðDÞ vðDÞ þ vn1 RgðDÞ ðDn þ 1Þ ¼ vn1 RgðDÞ ðDn þ 1Þ

260

6 Polynomial and Cyclic Codes

Thus Rg(D)(Dn + 1) must be zero. In words: the generator polynomial of the code is a divisor of Dn + 1. Remark This implies, again, that g0 ¼ 1. In fact, call p(D) ¼ Dn + 1. If g0 ¼ 0, p(D) cannot be a multiple of g(D) since p(0) ¼ 1 and g(0) ¼ 0. The generator polynomials of the RS and BCH codes presented in Chapter 3 divide D15 + 1 (15 is the length of the codes). Therefore, they are cyclic. Example 2 We want to construct a cyclic polynomial code of length 10. We need to find the factors of D10 + 1 and choose some of them as the components of g(D). To begin with, 1 is a root of D10 + 1. Dividing D10 + 1 by D + 1, we have
 D10 þ 1 ¼ ðD þ 1Þ D9 þ D8 þ D7 þ D6 þ D5 þ D4 þ D3 þ D2 þ D þ 1 Moreover, since the second factor above has 10 terms, it has 1 as a root.


2 D9 þ D8 þ D
7 þ D6 þ D5 þ D4 þ D3 þ  D þDþ1 8 6 4 2 ¼ ð D þ 1Þ D þ D þ D þ D þ 1



Thus, finally D10 + 1 is factored as
2 D10 þ 1 ¼ ðD þ 1Þ2 D4 þ D3 þ D2 þ D þ 1 (From Section 3.3, we know that D4 + D3 + D2 + D + 1 is irreducible in the binary field). Choosing as g(D) the following polynomial
 gðDÞ ¼ ðD þ 1Þ2 D4 þ D3 þ D2 þ D þ 1 ¼ D6 þ D5 þ D þ 1 we can construct a (10, 4) cyclic code. The codeword corresponding to (0 0 0 1) is D6 þ RgðDÞ D6 ¼ D6 þ D5 þ D þ 1 Likewise, the codewords for (0 0 1 0), (0 1 0 0), (1 0 0 0) are D7 þ RgðDÞ D7 ¼ D7 þ D5 þ D2 þ 1 D8 þ RgðDÞ D8 ¼ D8 þ D5 þ D3 þ 1 D9 þ RgðDÞ D9 ¼ D9 þ D5 þ D4 þ 1 From those, we can find all the others by linearity. For instance, the codeword for (1 0 1 1) is

6.3 Cyclic Codes




261



 D9 þ D5 þ D4 þ 1 þ D7 þ D5 þ D2 þ 1 þ D6 þ D5 þ D þ 1

That is D9 þ D7 þ D6 þ D5 þ D4 þ D2 þ D þ 1 Or, in binary form ð1

0

1 1

1

1

0 1

1

1Þ

The 16 codewords are listed here. The bits corresponding to the message are in red.

(0 0 0 0 0 0 0 0 0 0) (0 0 0 1 1 0 0 0 1 1) (0 0 1 0 1 0 0 1 0 1) (0 0 1 1 0 0 0 1 1 0) (0 1 0 0 1 0 1 0 0 1) (0 1 0 1 0 0 1 0 1 0) (0 1 1 0 0 0 1 1 0 0) (0 1 1 1 1 0 1 1 1 1) (1 0 0 0 1 1 0 0 0 1) (1 0 0 1 0 1 0 0 1 0) (1 0 1 0 0 1 0 1 0 0) (1 0 1 1 1 1 0 1 1 1) (1 1 0 0 0 1 1 0 0 0) (1 1 0 1 1 1 1 0 1 1) (1 1 1 0 1 1 1 1 0 1) (1 1 1 1 0 1 1 1 1 0) The minimum weight of the code is 4. Thus, the code detects 3 errors. Let’s label the codewords by the four leading bits (the message) expressed as a decimal number. For instance, the tag attached to codeword (0 0 0 1 1 0 0 0 1 1) is 1. Start from this codeword and cyclically shift it to the left until we come back to it. We obtain the cycle represented in Fig. 6.2a. Do the same with all the other codewords different from the zero codeword. In Fig. 6.2b, c, we have the cycles starting from codewords 2 and 7, respectively. The set of those cycles is called the cycle set of the code. In this example, all the cycles starting on nonzero codewords have the same number of codewords (the same length), but this is not a general property. For instance, the vector (1 1 1 1 1 1 1 1 1 1) is a codeword of the (10, 6)

262

6 Polynomial and Cyclic Codes 2

1

8

7

3 9

12

6

5 11

4

(a)

10

15

13

14

(b)

(c)

Fig. 6.2 The cycle set of the code in Example 1 (a) Cycle beginning at 1 (b) Cycle beginning at 2 (c) Cycle beginning at 7

cyclic code. The length of the cycle starting in this codeword is 1. But the length of the cycles of all the other nonzero codewords is 10. Example 3 Other possible cyclic codes of length 10 are Polynomial Dþ1 ð D þ 1Þ 2 D4
þ D3 þ D2 þ D þ 1  ðD þ 1Þ D4 þ D3 þ D2 þ D þ 1
4 2 D þ D3 þ D2 þ D þ 1
4 2 ðD þ 1Þ D þ D3 þ D2 þ D þ 1

Code ð10; 9Þ Parity ð10; 8Þ ð10; 6Þ ð10; 5Þ ð10; 2Þ ð10; 1Þ Repetition

The code generated by D + 1 is the overall parity-check code, that is: the only parity bit attached to the message u(D) is RDþ1 fDuðDÞg ¼ uð1Þ ¼

X8 i¼0

ui

The code generated by (D + 1)(D4 + D3 + D2 + D + 1)2 is the repetition code, that is: there are only two codewords ð0

6.4

0 0

0

0

0

0 0

0

0Þ and ð1

1

1 1

1

1

1 1

1

1Þ

Two Interesting Property of Cyclic Codes

The first property links the length of the cyclic code to the period of its generator polynomial. The second relates error patterns and syndromes.

6.4 Two Interesting Property of Cyclic Codes

263

To see the link between the code length, n, and the period of the generator polynomial, e, recall that the period of a polynomial, g(D), is the minimum value of e that satisfies the equality RgðDÞ De ¼ 1

or

RgðDÞ fDe þ 1g ¼ 0

On the other hand, we have RgðDÞ fDn þ 1g ¼ 1 Clearly, n  e. Say that n ¼ ke + r (0  r < e). We have     RgðDÞ Dkeþr þ 1 ¼ RgðDÞ RgðDÞ Dkeþr þ 1   ¼ RgðDÞ RgðDÞ Dr þ 1 ¼ RgðDÞ fDr þ 1g ¼ 1 which contradicts that the period is e unless r ¼ 0. Therefore, the length of a cyclic code is a multiple of the period of its generator polynomial. To present the second property, consider the error e(D) and its cyclic shift one position to the left e1 ðDÞ ¼ RDn þ1 fDeðDÞg Call, respectively, σ(D) and σ 1(D) the syndromes of e(D) and e1(D). That is σ ðDÞ ¼ RgðDÞ eðDÞ σ 1 ðDÞ ¼ RgðDÞ e1 ðDÞ Then, we have σ 1 ðDÞ ¼ RgðDÞ fDσ ðDÞg For instance, for the (10, 4) cyclic code analyzed before, suppose eðDÞ ¼ D9 þ D2 þ D

ðFig: 6:3aÞ

Its syndrome is σ ðDÞ ¼ D5 þ D4 þ D2 þ D þ 1

ðFig: 6:3cÞ

The same computation for e1 ðDÞ ¼ D3 þ D2 þ 1 gives

ðFig: 6:3bÞ

ð6:5Þ

264

6 Polynomial and Cyclic Codes Error pattern

0

1

1

0

0

0

0

0

0

1

0

0

0

0

0

0

1

1

1

0

0

(a)

Cyclic shift 1

0

1

1

0

Shifted error pattern

(b)

e(D) 1

1

1

Syndrome of the error in (a)

(c) Cyclic shift 1

0

1

Syndrome of the error in (b)

(d)

Fig. 6.3 Error patterns and syndromes (a) Error pattern (b) Cyclically shifted error pattern (c) Syndrome of the error pattern in (a) (d) Syndrome of the error pattern in (b)

σ 1 ðDÞ ¼ D3 þ D2 þ 1 ðFig: 6:3dÞ And


 RD6 þD5 þDþ1 D D5 þ D4 þ D2 þ D þ 1 ¼ D3 þ D2 þ 1

in accordance to (6.5) (see Fig. 6.3). More generally, we have e2 ðDÞ ¼ RDn þ1 fDe1 ðDÞg ¼ RDn þ1 fDRDn þ1 ½De  ðDÞg ¼ RDn þ1 fDDeðDÞg ¼ RDn þ1 D2 eðDÞ And, in general   ei ðDÞ ¼ RDn þ1 Di eðDÞ The syndrome of ei(D) is related to σ(D) as follows   σ i ðDÞ ¼ RgðDÞ Di σ ðDÞ

ð6:6Þ

Thus, σ i(D) is obtained from σ(D) shifting it cyclically i times in the LFSR that computes syndromes, like the circuit in Fig. 6.1.

6.4 Two Interesting Property of Cyclic Codes

265

To proof (6.6), I use the following fact: If q(D) divides Q(D), then for any polynomial p(D), we have   RqðDÞ RQðDÞ pðDÞ ¼ RqðDÞ pðDÞ In fact, calling C(D) the quotient of dividing p(D) by Q(D), we can write   RqðDÞ RQðDÞ pðDÞ ¼ RqðDÞ ½pðDÞ þ QðDÞCðDÞ ¼ RqðDÞ pðDÞ þ RqðDÞ QðDÞC ðDÞ ¼ RqðDÞ pðDÞ We we’ll use this fact frequently in this chapter. Now, the proof of (6.6) proceeds as follows   σ i ðDÞ ¼ RgðDÞ ei ðDÞ ¼ RgðDÞ RDn þ1 ½Di eðDÞ   ¼ RgðDÞ ½Di eðDÞ ¼ RgðDÞ Di RgðDÞ eðDÞ ¼ RgðDÞ ½Di σ ðDÞ If the code detects the error pattern e(D), then it also detects ei(D). In other words, if σ(D) 6¼ 0, then σ i(D) 6¼ 0. As an example, suppose that the connection polynomial of a register is gðDÞ ¼ D4 þ g3 D3 þ g2 D2 þ g1 D þ g0 and its present state aðDÞ ¼ a3 D3 þ a2 D2 þ a1 D þ a0 or, in vector form, a ¼ (a0 The next state is  0 a0 ¼ a0

0

a2

0 a3 ¼ ð a3 g0

0

a1

a1

a2

a3).

a0 þ a3 g1

a1 þ a3 g2

a2 þ a3 g3 Þ

0

1

0

0

1

0

0

C 0C C 1C A

g1

g2

g3

ð6:7Þ

Equation (6.7), written in matrix form is



0

a0

0

a1

0

a2

0 a3 ¼ ða0

a1

a2

0

B B0 a3 Þ B B0 @ g0

0

1

The matrix above is called the companion matrix of the LFSR and, since g0 ¼ 1, it is non-singular. Therefore, a 0 is different from zero if a is. This guaranties that the shift register, initialized with any vector different from zero, won’t ever

266

6 Polynomial and Cyclic Codes

get stuck in the zero state. Applying this to the register that computes the syndrome polynomial, we can say that σ(D) 6¼ 0 implies σ i(D) 6¼ 0. Remark Call

  wi ðDÞ ¼ RDn þ1 Di wðDÞ

Since wi ðDÞ ¼ vi ðDÞ þ ei ðDÞ and vi(D) is a codeword, the syndrome of wi(D) is

  RgðDÞ wi ðDÞ ¼ RgðDÞ ei ðDÞ ¼ RgðDÞ Di σ ðDÞ

6.5

Relation Between S and σ(D)

When we work with complex numbers, sometimes we use the rectangular form a + bj and other times the polar form re jφ. It is only a matter of convenience since both are related and we can compute one given the other. Likewise, S and σ(D) are also related. Both have the same “information” about the errors (the received word) and, depending upon the decoding method, one may be more convenient than the other. In this section, I focus on the case of RS codes. I’ll consider BCH codes in Section 6.6. Suppose we deal with the (15, 9) RS code. To find the relation between S and σ(D), I first show that σ(D) and w(D) take the same values at the points αi for 1  i  6
   σ αi ¼ RDþαi fσ ðDÞg ¼ RDþαi RgðDÞ ½wðDÞ Since D + αi divides g(D) for 1  i  6, we have
   RDþαi RgðDÞ ½wðDÞ ¼ RDþαi ½wðDÞ ¼ w αi Therefore

 σ αi ¼ w αi ¼ Si Thus, given σ(D) we can compute S. Reciprocally, the five-degree polynomial σ(D) passes through the six points (αi, Si) and, thus, the polynomial is uniquely determined by S.

6.5 Relation Between S and σ(D)

267

An interesting method to compute σ(D) given S is to use the Lagrange interpolation formula. Call Li(D) a polynomial such that: Li(αi) ¼ 1 and Li(α j) ¼ 0 for j 6¼ i. Then σ ðDÞ ¼ S1 L1 ðDÞ þ S2 L2 ðDÞ þ S2 L3 ðDÞ þ S4 L4 ðDÞ þ    þ S5 L5 ðDÞ þ S6 L6 ðDÞ The polynomials Li(D) can be found easily. Let’s find L1(D), for instance. Since L1(D) is zero at α2, α3, α4, α5, α6, we can write




 L1 ðDÞ ¼ K D þ α2 D þ α3 D þ α4 D þ α5 D þ α6 The constant K is determined using that L1(α) ¼ 1. We finally have

 ðD þ α2 ÞðD þ α3 ÞðD þ α4 Þ D þ α5 D þ α6 L1 ðDÞ ¼ ðα þ α2 Þðα þ α3 Þðα þ α4 Þðα þ α5 Þðα þ α6 Þ Call




 gð D Þ M 1 ðDÞ ¼ D þ α2 D þ α3 D þ α4 D þ α5 D þ α6 ¼ Dþα Then L1 ðDÞ ¼ ½M 1 ðαÞ1 M 1 ðDÞ Likewise, defining M i ðD Þ ¼

gðDÞ D þ αi

we have 
1 Li ðDÞ ¼ M i αi M i ðD Þ And thus σ ðDÞ ¼

6 X 
1 Si M i αi M i ðDÞ i¼1

Or σ ðD Þ ¼

6 X

Si ½RDþαi M i ðDÞ1 M i ðDÞ

i¼1

The polynomials Mi(D) are easily found. Write Mi(D) as M i ðDÞ ¼ D5 þ xD4 þ yD3 þ zD2 þ uD þ v

ð6:8Þ

268

6 Polynomial and Cyclic Codes

Then gðDÞ ¼ M i ðDÞðD þ αi Þ ¼ D6 þ ðx þ αi ÞD5 þ ðy þ xαi ÞD4 þ ðz þ yαi ÞD3 þ ðu þ zαi ÞD2 þ þ ðv þ uαi ÞD þ vαi Thus x þ αi ¼ α10 y þ xαi ¼ α14 z þ yαi ¼ α4 u þ zαi ¼ α6 u þ zαi ¼ α6 vαi ¼ α6 For i ¼ 1, we obtain y ¼ α4

x ¼ α8

z ¼ α8

u ¼ α5

v ¼ α5

Or M 1 ðDÞ ¼ D5 þ α8 D4 þ α4 D3 þ α8 D2 þ α5 D þ α5 and M 1 ðαÞ ¼ α12 The other Mi(D) are computed analogously. The results are M 2 ðDÞ ¼ D5 þ α4 D4 þ α8 D3 þ α2 D2 þ α12 D þ α4

M 2 ðαÞ ¼ α10

M 3 ðDÞ ¼ D5 þ α12 D4 þ α3 D3 þ α12 D2 þ α13 D þ α3

M 1 ðαÞ ¼ α5

M 4 ðDÞ ¼ D5 þ α2 D4 þ α8 D3 þ α6 D2 þ α7 D þ α2

M 4 ðαÞ ¼ α7

M 5 ðDÞ ¼ D5 þ D4 þ α12 D3 þ α10 D2 þ α13 D þ α

M 5 ðα Þ ¼ α

M 6 ðDÞ ¼ D þ α D þ α D þ α D þ αD þ 1

M 6 ðαÞ ¼ α7

5

7

4

2

3

5

2

Substituting in (6.8), we obtain
 σ ðDÞ ¼ S1 α3 D5 þ α8 D4 þ α4 D3 þ α8 D2 þ α5 D þ α5
 þS2 α5 D5 þ α4 D4 þ α8 D3 þ α2 D2 þ α12 D þ α4
 þS3 α10 D5 þ α12 D4 þ α3 D3 þ α12 D2 þ α13 D þ α3
 þS4 α8 D5 þ α2 D4 þ α8 D3 þ α6 D2 þ α7 D þ α2
 þS5 α14 D5 þ D4 þ α12 D3 þ α10 D2 þ α13 D þ α
 þS6 α8 D5 þ α7 D4 þ α2 D3 þ α5 D2 þ αD þ 1

ð6:9Þ

6.6 The Case of BCH Codes

269

Example 4 The generator polynomial for the (15, 9) RS code is

 gðDÞ ¼ ðD þ αÞðD þ α2 ÞðD þ α3 ÞðD þ α4 Þ D þ α5 D þ α6 ¼ D6 þ α10 D5 þ α14 D4 þ α4 D3 þ α6 D2 þ α9 D þ α6 Say the channel introduced the error


0

0

0 0

α11

0

0

0

0 0

0

α7

0

0

0



The syndrome is
 S ¼ α7 α12 α6 α12 α14 α14 And the syndrome polynomial σ ðDÞ ¼ RgðDÞ feðDÞg is σ ðDÞ ¼ D5 þ α5 D4 þ α13 D3 þ αD2 þ α8 D þ α10 As said, the syndromes can be obtained from σ(D) σ ðαÞ ¼ α7 σ ðα4 Þ ¼ α12

σ ðα2 Þ ¼ α12 σ ðα3 Þ ¼ α6

 σ α5 ¼ α14 σ α6 ¼ α14

On the other hand, entering the syndromes values in (6.9), we have σ ðDÞ ¼ D5 þ α5 D4 þ α13 D3 þ αD2 þ α8 D þ α10 In accordance with the result we found before. Thus, σ(D) can be computed knowing S.

6.6

The Case of BCH Codes

In Example 4, we had




 gðDÞ ¼ ðD þ αÞ D þ α2 D þ α3 D þ α4 D þ α5 D þ α6 and we were able to compute σ(D) knowing RDþαi wðDÞ for 0  i  6.

270

6 Polynomial and Cyclic Codes

For the (15, 5) BCH code introduced in Chapter 3, the generator polynomial g(D) is the product of m1(D), m3(D), m5(D), the minimal polynomials of α, α3, α5. Thus, we should be able to obtain σ ðDÞ ¼ RgðDÞ wðDÞ from σ 1 ðDÞ ¼ Rm1 ðDÞ wðDÞ

σ 3 ðDÞ ¼ Rm3 ðDÞ wðDÞ

σ 5 ðDÞ ¼ Rm5 ðDÞ wðDÞ

and vice versa. σ i(D) can be computed knowing σ(D)   σ i ðDÞ ¼ Rmi ðDÞ RgðDÞ wðDÞ ¼ Rmi ðDÞ σ ðDÞ But can we find σ(D) from σ 1(D), σ 3(D), σ 5(D)? The question does not have practical interest for BCH codes, since neither σ(D) nor (σ 1(D) σ 3(D) σ 5(D)) were used in the decoding method explained before. However, for Fire codes the generator polynomial is the product of two polynomials gðDÞ ¼ p1 ðDÞ p2 ðDÞ And decoding can be performed in a very effective and compelling way using σ 1 ðDÞ ¼ Rp1 ðDÞ wðDÞ

σ 2 ðDÞ ¼ Rp2 ðDÞ wðDÞ

instead of σ ðDÞ ¼ RgðDÞ wðDÞ Keep in mind, though, that p1(D) and p2(D) must be coprime polynomials. Going back to the case of the BCH code, to see the equivalence between σ(D) and (σ 1(D) σ 3(D) σ 5(D)), we resort to a very old theorem discovered by a Chinese mathematician in the third century A.D., and hence known as The Chinese Remainder Theorem.

6.7

The Chinese Remainder Theorem (CRT)

Say we have n numbers m1, . . . , mn such that gcd (mi, mj) ¼ 1. We want to find a number x knowing the remainders Rmi ðxÞ ¼ xi : The problem does not have a unique solution. In fact, for any integer k and n Y M¼ mi , x + kM is also a solution i¼1

6.7 The Chinese Remainder Theorem (CRT)

271

Rmi ðx þ kM Þ ¼ Rmi fRmi ðxÞ þ Rmi ðkM Þg ¼ Rmi fRmi ðxÞ þ 0g ¼ Rmi ðxÞ Let’s, then, try to find any solution. What function f(x1, . . . , xn) should we choose? The simplest choice is a linear function x ¼ f ð x1 , . . . , xn Þ ¼ x1 e1 þ    þ xn en Since the e1, . . . , en define the linear function, this implies that the same (e1, . . . , en) must be used for any collection of remainders (y1 . . . . . . yn). In other words, the set of coefficients e1 , . . . , en play the role of a “basis” and (x1 . . . . . . xn) can be considered the “coordinates” of x in that basis. But the question remains: is there a set of coefficients that provide a solution? The answer is affirmative, and to show how to find those numbers, avoiding unnecessarily complications in the exposition, I’ll assume that n ¼ 3. We have Rm1 ðx1 e1 þ x2 e2 þ x3 e3 Þ ¼ Rm1 ðRm1 ðx1 e1 Þ þ Rm1 ðx2 e2 Þ þ Rm1 ðx3 e3 ÞÞ

ð6:10Þ

But Rm1 ðx1 e1 Þ ¼ Rm1 ðRm1 x1 Rm1 e1 Þ Rm1 ðx2 e2 Þ ¼ Rm1 ðRm1 x2 Rm1 e2 Þ Rm1 ðx3 e3 Þ ¼ Rm1 ðRm1 x3 Rm1 e3 Þ If e1, e2, e3 satisfy Rm1 e1 ¼ 1

Rm1 e2 ¼ 0 Rm1 e3 ¼ 0

then Rm1 ðx1 e1 Þ ¼ Rm1 ðRm1 ðx1 Þ 1Þ ¼ x1 Rm1 ðx2 e2 Þ ¼ Rm1 ðRm1 ðx2 Þ 0Þ ¼ 0 Rm1 ðx3 e3 Þ ¼ Rm1 ðRm1 ðx3 Þ 0Þ ¼ 0 Entering these values in (6.10), we obtain Rm1 ðx1 e1 þ x2 e2 þ x3 e3 Þ ¼ x1 Likewise, if

ð6:11Þ

272

6 Polynomial and Cyclic Codes

Rm2 e1 ¼ 0

Rm2 e2 ¼ 1

Rm2 e3 ¼ 0

ð6:12Þ

then Rm2 ðx1 e1 þ x2 e2 þ x3 e3 Þ ¼ x2 And if Rm3 e1 ¼ 0

Rm3 e2 ¼ 0

Rm3 e3 ¼ 1

ð6:13Þ

we have Rm3 ðx1 e1 þ x2 e2 þ x3 e3 Þ ¼ x3 Equations (6.11)–(6.13) are easy to remember since they are similar to the orthonormality expressions in the familiar three-dimensional vector space. The following choices of e1, e2, e3 e1 ¼ k1 m2 m3

e2 ¼ k2 m1 m3

e3 ¼ k 3 m1 m2

clearly satisfy the “orthogonality” conditions in (6.11)–(6.13). Now we have to select k1, k2, and k3 to “normalize” e1, e2, and e3. Call M1 ¼

M ¼ m2 m3 m1

M2 ¼

M ¼ m1 m3 m2

M3 ¼

M ¼ m1 m2 m3

Then ei ¼ k i M i Choose as ki the inverse of Mi modulo mi. These inverses exit since the gcd (Mi, mi) ¼ 1. (In fact, say for instance, that gcd (M1, m1) ¼ g 6¼ 1. If p is a prime factor of g, then p divides m1 and M1, and therefore either m2 or m3, contradicting the fact that the moduli are pairwise coprime). Thus k i M i mi 1 Or Rmi ðk i M i Þ ¼ 1 That is Rmi ei ¼ 1 as claimed.

6.7 The Chinese Remainder Theorem (CRT) Fig. 6.4 Parameters in the computation of the CRT

273

ei=ki Mi

ki μi

Inverse 0

1

ki

μi

mi-1

Since Rmi ðki M i Þ ¼ Rmi ðki Rmi M i Þ ki is also the inverse of μi ¼ Rmi M i , and it can be computed using the Euclidean algorithm. Summarizing, we can write h  h  1 1 x ¼ x1 M 1 μ1 m1 þ x2 M 2 μ2 m2 þ x3 M 3 ½μ3 1 m3

ð6:14Þ

where ½μi 1 mi is the inverse of μi modulo mi. See Fig. 6.4 (The “projections” to the horizontal line in Fig. 6.4 must be interpreted as taking modulo mi). Observe the similarity of (6.14) with the Lagrange interpolation formula. Example 5 The numbers m1 ¼ 92 ¼ 22 ∗23

m2 ¼ 87 ¼ 3∗29

m3 ¼ 77 ¼ 7∗11

are pairwise coprime. We want to find the smallest x that satisfies the three following equations

R92(x) = 67

R87(x) = 42

Proceeding as indicated before, we have M ¼ 92∗87∗77 ¼ 616308

R77(x) = 24

274

6 Polynomial and Cyclic Codes

M=

616308 92

= 6699 M =

616308 87

= 7084

M=

616308 77

= 8004

μ1 ¼ R92 ð6699Þ ¼ 75 μ2 ¼ R87 ð7084Þ ¼ 37 μ3 ¼ R77 ð8004Þ ¼ 73

k = |75–1|92 = 27 e1 ¼ 6699∗27

k = |37–1|87 = 40 e2 ¼ 7084∗40

k = |73–1|92 = 19 e3 ¼ 8004∗19

A solution is x ¼ 67∗ð6699∗27Þ þ 42∗ð7084∗40Þ þ 24∗ð8004∗19Þ ¼ 27669435 To obtain the smallest solution, take the remainder of dividing 27669435 by 616308. The result is 551883. None of the above calculations, except perhaps the computations of the inverses, require any explanation. To recall the procedure to calculate inverses, let’s find the inverse of 37 modulo 87. All the following equalities written in red are modulo 87.

87 = 0 * 37 37 = 1 * 37 87 – 2 * 37 = 13 = (0 – 2 * 1) * 37 13 = (–2 ) * 37 37 – 2 * 13 = 11 = [1 – 2 * (–2)] * 37 11 = 5 * 37 13 – 1 * 11 = 2 = [(– 2) * –1 * 5] * 37 2 = (– 7) * 37 11 – 5 * 2 = 1 = [5 – 5 * (– 7)] * 37 1 = 40 * 37 Therefore, the inverse of 37 modulo 87 is 40.

6.8

The CRT for Polynomials

The theorem is equally valid for polynomials. Say we want to find a polynomial σ(D) knowing the remainders

6.8 The CRT for Polynomials

275

σ i ðDÞ ¼ Rmi ðDÞ σ ðDÞ for

i ¼ 1,2,3

where m1(D), m2(D), m3(D) are pairwise coprime polynomials. As with numbers, the solution is not unique. Indeed, if σ(D) is a solution, then σ(D) + k(D)M(D), where k(D) is any polynomial and M ðDÞ ¼ m1 ðDÞm2 ðDÞm3 ðDÞ is also a solution. If we have a solution, but we want a solution whose degree is less than the degree of M(D), we only have to divide by M(D). Similarly to what we have with numbers, a solution to the problem is σ ðD Þ ¼

3 X

σ i ðDÞM i ðDÞ½μi ðDÞ1 mi ðDÞ

ð6:15Þ

i¼1

where M i ðD Þ ¼

M ðD Þ mi ðDÞ

μi ðDÞ ¼ Rmi ðDÞ M i ðDÞ

and ½μi ðDÞ1 mi ðDÞ is the inverse of μi(D) modulo mi(D). Example 6 In this example, I apply the above ideas to BCH codes. As said before, this is done to prepare the ground for the decoding of Fire codes. In Section 3.12, we computed the codeword generated by the (15, 5) BCH code corresponding to the message (1 0 1 1 1). The result is v ¼ ð1

0 1

1

1

0 0

0

0

1 0

1

0

0

1Þ

In the same section, we also calculated the generator polynomial gðDÞ ¼ D10 þ D8 þ D5 þ D4 þ D2 þ D þ 1 Suppose the channel introduces the error e ¼ ð0

0 0

0

1

0 0

1 1

0

0

0

1

0

0Þ

0 1

1

0

1Þ

1

0

0 0

0 1

0

1

The decoder receives w ¼ ð1

0

Computing the remainder of dividing

276

6 Polynomial and Cyclic Codes

wðDÞ ¼ D14 þ D12 þ D11 þ D7 þ D5 þ D3 þ D2 þ 1 by g(D), we obtain σ ðDÞ ¼ RgðDÞ wðDÞ ¼ D8 þ D7 þ D5 þ D4 þ D þ 1: We want to see that σ(D) can also be obtained from σ 1 ðDÞ ¼ Rm1 ðDÞ wðDÞ ¼ D3 σ 2 ðDÞ ¼ Rm2 ðDÞ wðDÞ ¼ 1 σ 3 ðDÞ ¼ Rm3 ðDÞ wðDÞ ¼ D2 where m1 ðDÞ ¼ D4 þ D þ 1 m2 ðDÞ ¼ D4 þ D3 þ D2 þ D þ 1 m3 ðDÞ ¼ D2 þ D þ 1 Remark These are the minimal polynomials of α, α3, α5, computed in Chapter 3 (The notation in Chapter 3 was slightly different; m2(D) was called m3(D) and m3(D) was m5(D)). m1(D), m2(D), and m3(D) are coprime. Using the CRT, σ(D) can be computed knowing the remainders Rm1 ðDÞ σ ðDÞ Rm2 ðDÞ σ ðDÞ

Rm3 ðDÞ σ ðDÞ

But   Rmi ðDÞ σ ðDÞ ¼ Rmi ðDÞ RgðDÞ wðDÞ ¼ Rmi ðDÞ wðDÞ ¼ σ i ðDÞ Therefore, σ(D) can be obtained from σ 1(D), σ 2(D), σ 3(D)! The calculations follow. M 1 ðDÞ ¼ m2 ðDÞm3 ðDÞ ¼ D6 þ D4 þ D3 þ D2 þ 1 M 2 ðDÞ ¼ m1 ðDÞm3 ðDÞ ¼ D6 þ D5 þ D4 þ D3 þ 1 M 3 ðDÞ ¼ m1 ðDÞm2 ðDÞ ¼ D8 þ D7 þ D6 þ D4 þ 1 μ1 ðDÞ ¼ Rm1 ðDÞ fM 1 ðDÞg ¼ D μ2 ðDÞ ¼ Rm2 ðDÞ fM 2 ðDÞg ¼ D2 þ 1 μ3 ðDÞ ¼ Rm3 ðDÞ fM 3 ðDÞg ¼ D þ 1 3 ½μ1 ðDÞ1 m1 ðDÞ ¼ D þ 1 2 ½μ2 ðDÞ1 m2 ðDÞ ¼ D þ D

½μ3 ðDÞ1 m3 ðDÞ ¼ D (Details about the computation of those inverses, later)

6.8 The CRT for Polynomials

277


6 
3  4 3 2 M 1 ðDÞ½μ1 ðDÞ1 m1 ðDÞ ¼ D þ D þ D þ D þ 1 D þ 1 ¼ D9 þ D7 þ D5 þ D4 þ D2 þ 1
6 
2  5 4 3 M 2 ðDÞ½μ2 ðDÞ1 m2 ðDÞ ¼ D þ D þ D þ D þ 1 D þ D ¼ D8 þ D4 þ D2 þ D
8  7 6 4 M 3 ðDÞ½μ3 ðDÞ1 m3 ðDÞ ¼ D þ D þ D þ D þ 1 D ¼ D9 þ D8 þ D7 þ D5 þ D2 Substituting in (6.15), we have
 σ ðDÞ ¼ D3 D9 þ D7 þ D5 þ D4 þ D2 þ 1
 þ1 D8 þ D4 þ D2 þ D
 þD2 D9 þ D8 þ D7 þ D5 þ D

ð6:16Þ

¼ D12 þ D11 þ D9 þ D5 þ D4 þ D2 þ D The polynomial (6.16) is a solution, but we want a polynomial whose degree is less than the degree of g(D). Dividing (6.16) by g(D), we obtain D8 þ D7 þ D5 þ D4 þ D þ 1 in accordance with what we found before.
1 Example 7 Let’s compute D2 þ 1 m2 ðDÞ , the inverse of D2 + 1 modulo m2(D) using the Euclidean algorithm
 D4 þ D3 þ D2 þ D þ 1 ¼ 0 D2 þ 1
 D2 þ 1 ¼ 1 D2 þ 1

ð6:17Þ ð6:18Þ

Dividing D4 + D3 + D2 + D + 1 by D2 + 1, we obtain D2 + D as the quotient and 1 as the remainder. Then




 D4 þ D3 þ D2 þ D þ 1 þ D2 þ D D2 þ 1 ¼ 1

ð6:19Þ

Observe that (6.19) can be written as
 1½17L þ D2 þ D ½18L ¼ 1

ð6:20Þ

where [17]L and [18]L are the left sides of (6.17) and (6.18), respectively. Equation (6.20) must also be true for the right sides of (6.17) and (6.18). That is

278

6 Polynomial and Cyclic Codes


 1½17R þ D2 þ D ½18R ¼ 1 And therefore




 0 D2 þ 1 þ D2 þ D D2 þ 1 ¼ 1

That is, the inverse of (D2 + 1) is (D2 + D). There is a very elementary method to find the inverse that, although requires more computation, does not use the Euclidean algorithm. Since we are working modulo a four-degree polynomial, we only consider thirddegree polynomials. Say, then, that the inverse of D2 + 1 is xD3 + yD2 + zD + u. Multiply xD3 + yD2 + zD + u and D2 + 1



 xD3 þ yD2 þ zD þ u D2 þ 1 ¼ xD5 þ yD4 þ ðx þ zÞD3 þ ðy þ uÞD2 þ zD þ u

Divide the result by D4 + D3 + D2 + D + 1, to obtain the remainder ðx þ y þ zÞD3 þ uD2 þ ðy þ zÞD þ ðx þ y þ uÞ Then xþyþz¼0 u¼0 yþz¼0

xþyþu¼1

Solving, we have x¼0

y¼1

z¼1

u¼0

And the inverse is D2 + D, as before. Example 8 We know that


 m1 ðDÞ ¼ ðD þ αÞ D þ α2 D þ α4 D þ α8 As an additional exercise, let’s compute σ 1 ðDÞ ¼ Rm1 ðDÞ wðDÞ in two different ways: directly and using RDþαi wðDÞ

for

i ¼ 1,2,4,8

Similarly to what happened before, we have   RDþαi σ 1 ðDÞ ¼ RDþαi Rm1 ðDÞ wðDÞ ¼ RDþαi wðDÞ And we can compute σ 1(D) knowing RDþαi wðDÞ ði ¼ 1; 2; 4; 8Þ.

6.8 The CRT for Polynomials

279

As in Example 6, suppose wðDÞ ¼ D14 þ D12 þ D11 þ D7 þ D5 þ D3 þ D2 þ 1 Then Rm1 ðDÞ wðDÞ ¼ D3 On the other hand, we have RDþα wðDÞ ¼ wðαÞ ¼ S1 ¼ α3 RDþα2 wðDÞ ¼ wðα2 Þ ¼ ½wðαÞ2 ¼ S21 ¼ α6 2

RDþα4 wðDÞ ¼ wðα4 Þ ¼ ½wðα2 Þ ¼ S41 ¼ α12 2

RDþα8 wðDÞ ¼ wðα8 Þ ¼ ½wðα4 Þ ¼ S81 ¼ α9 Now M 1 ðDÞ ¼ ðD þ α2 ÞðD þ α4 ÞðD þ α8 Þ ¼ D3 þ αD2 þ α2 D þ α14 M 2 ðDÞ ¼ ðD þ αÞðD þ α4 ÞðD þ α8 Þ ¼ D3 þ α2 D2 þ α4 D þ α13 M 3 ðDÞ ¼ ðD þ αÞðD þ α2 ÞðD þ α8 Þ ¼ D3 þ α4 D2 þ α8 D þ α11 M 4 ðDÞ ¼ ðD þ αÞðD þ α2 ÞðD þ α4 Þ ¼ D3 þ α8 D2 þ αD þ α7 μ1 ðDÞ ¼ RDþα M 1 ðDÞ ¼ M 1 ðαÞ ¼ 1 μ2 ðDÞ ¼ RDþα2 M 2 ðDÞ ¼ M 2 ðα2 Þ ¼ 1 μ3 ðDÞ ¼ RDþα4 M 3 ðDÞ ¼ M 3 ðα4 Þ ¼ 1 μ4 ðDÞ ¼ RDþα8 M 4 ðDÞ ¼ M 4 ðα8 Þ ¼ 1 Applying (6.15), we can write
 Rm1 ðDÞ wðDÞ ¼ S1 D3 þ αD2 þ α2 D þ α14
 þS21
D3 þ α2 D2 þ α4 D þ α13  þS41
D3 þ α4 D2 þ α8 D þ α11 þS81 D3 þ α8 D2 þ αD þ α7 Finally, entering in the above the value of S1, we obtain σ 1 ðDÞ ¼ Rm1 ðDÞ wðDÞ ¼ D3

280

6 Polynomial and Cyclic Codes

Remark We can also directly use the Lagrange interpolation formula, as we did in Section 6.5. Rm2 ðDÞ wðDÞ and Rm3 ðDÞ wðDÞ can be computed similarly. Summarizing: From the three syndromes (S1 S3 S5) we compute (σ 1(D) σ 2(D) σ 3(D)), and then σ(D), as indicated in Example 6.

6.9

How to Compute the Period of a Polynomial

In Chapter 3 we considered the period of irreducible polynomials. In this section, I indicate how to find the period of any binary polynomial g(D) with g(0) ¼ 1. Say the polynomial g(D) factors as gðDÞ ¼ gE11 ðDÞ . . . . . . gENN ðDÞ where the gi(D) are irreducible binary polynomials. Suppose we know the period of gi(D) and we want to know the period of gεi i ðDÞ. As an example, let’s see what happens with the powers of the irreducible polynomial D + 1, whose period is 1.

Polynomial: (D + 1)2 = D2 + 1 Period: 2 Polynomial: (D + 1)3 = D3 + D2 + D + 1 Period: 4 Polynomial: (D + 1)4 = D4 + 1 Period: 4 Polynomial: (D + 1)5 = D5 + D4 + D + 1 Period: 8 Polynomial: (D + 1)6 = D6 + D4 + D2 + 1 Period: 8 Polynomial: (D + 1)7 = D7 + D6 + D5 + D4 + D3 + D2 + D + 1 Period: 8 Polynomial: (D + 1)8 = D8 + 1 Period: 8 Polynomial: (D + 1)9 = D9 + D8 + D + 1 Period: 16 (The periods of the above polynomials can be found using the corresponding shift register circuit).

6.9 How to Compute the Period of a Polynomial

281

Observe that in all cases the period of (D + 1)ε is a power of 2 where the exponent, K, is the smallest number such that 2K  ε. Moreover, if the period of the irreducible polynomial gi(D) is ei, the period of Gi ðDÞ ¼ gEi i ðDÞ is Ei ¼ ei 2K i with 2K i the smallest power of 2 not exceeded by Ei. Example 9 (a) The period of D2 + D + 1 is 3. Then, the period of


D2 þ D þ 1

3

¼ D6 þ D5 þ D3 þ D þ 1

is 3 ∗ 22 ¼ 12. (b) The period of D3 + D + 1 is 7. Then, the period of


D3 þ D þ 1

2

¼ D6 þ D2 þ 1

is 7 ∗ 2 ¼ 14. (c) The period of D4 + D3 + D2 + D + 1 is 5. The period of
4 3 D þ D3 þ D2 þ D þ 1 ¼ D6 þ D5 þ D3 þ D þ 1 is 5 ∗ 22 ¼ 20. Once we know the periods of the polynomials Gi(D), the period of g(D) is e ¼ lcmðE 1 . . . E N Þ

ð6:21Þ

where lcm means least common multiple. Example 10 The period of Dc + 1 is clearly c. Let’s verify that (6.21) provides the correct answer in a few selected cases. Polynomial Period
 D3 þ 1 ¼ ðD þ 1Þ
D2 þ D þ 1 lcm ð 1; 3Þ ¼ 3  D5 þ 1 ¼ ðD þ 1Þ D4 þ D3 þ D2 þ D þ 1 lcmð1; 5Þ ¼ 5
2 D6 þ 1 ¼ ðD þ 1Þ
2 D2 þ D þ 1
 lcmð1∗2; 3∗2Þ ¼ 6 D7 þ 1 ¼ ðD þ 1Þ
D3 þ D þ 1
D3 þ D2 þ 1 lcmð1; 7; 7Þ ¼ 7 D9 þ 1 ¼ ðD þ 1Þ D2 þ D þ 1 D6 þ D3 þ 1 lcmð1; 3; 9Þ ¼ 9 Remark D6 + D3 + 1 is irreducible and its period is 9 (a factor of 26  1). All polynomial of the form Dc + 1 are reducible. Notice that, contrary to what happens to irreducible polynomials, their periods do not divide 2c  1. For instance, 9 (the period of D9 + 1) does not divide 29  1 ¼ 511.

282

6 Polynomial and Cyclic Codes

Example 11 Care must be exercised when computing the period of a polynomial. The polynomials Gi(D), as powers of irreducible polynomials, are pairwise coprime, and when a polynomial g(D) is given, we must make sure it is expressed in this format. As an example, say we want to compute the period of

 gðDÞ ¼ D3 þ 1 D4 þ D3 þ D2 þ 1 The period of D3 + 1 is 3, and the period of D4 + D3 + D2 + 1 is 7. If we apply (6.21) blindly, we could conclude that the period of g(D) is 21, but in fact it is 42. The polynomials D3 + 1 and D4 + D3 + D2 + 1 have D + 1 as a common factor and (6.21) cannot be used as done before. We have
 D3 þ 1 ¼ ðD þ 1Þ D2 þ D þ 1
 D4 þ D3 þ D2 þ 1 ¼ ðD þ 1Þ D3 þ D þ 1 Now, write g(D) as

 gðDÞ ¼ ðD þ 1Þ2 D2 þ D þ 1 D3 þ D þ 1 which is in the appropriate format to apply (6.21). Thus, the period is lcm(1 ∗ 2, 3, 7) ¼ 42. Let’s now proceed with the proof of (6.21). For brevity, call L ¼ lcm (E1 . . . EN). I prove that L ¼ e (the period) in two steps. First I show that e is a multiple of L and then that e divides L. • From the definition of period, Rg(D)De ¼ 1. For 1  i  N, we have   RGi ðDÞ RgðDÞ De ¼ RGi ðDÞ 1 ¼ 1 Since Gi(D) divides g(D) RGi ðDÞ De ¼ 1 Hence, e is a multiple of Ei (the period of Gi(D)) and thus of L. • From RGi ðDÞ DEi ¼ 1, we obtain RGi ðDÞ DL ¼ 1 Or
 RGi ðDÞ DL þ 1 ¼ 0: Hence, DL + 1 is a multiple of Gi(D) (1  i  N ).

6.10

Detecting Random and Burst Errors with Cyclic Codes

283

This implies that DL + 1 is a multiple of lcm{G1(D) . . . GN(D)}. But, by hypothesis lcmfG1 ðDÞ . . . GN ðDÞg ¼ G1 ðDÞ . . . GN ðDÞ ¼ gðDÞ Thus, g(D) divides DL + 1.
 RgðDÞ DL þ 1 ¼ 0

or

RgðDÞ DL ¼ 1

By the definition of period, we have L  e. Now write L ¼ ke + r, with 0  r < e. We have
 0 ¼ RgðDÞ ðDL þ 1Þ ¼ RgðDÞ Dr Dke þ 1
 ¼ RgðDÞ Dr RgðDÞ Dke þ 1 ¼ RgðDÞ ðDr þ 1Þ But, since r < e, Rg(D)(Dr + 1) 6¼ 0 unless r ¼ 0. Hence, r ¼ 0. That is, e divides L, as claimed.

6.10

Detecting Random and Burst Errors with Cyclic Codes

In this section, I consider the detection of random errors (errors that can occur anywhere in the received word) as well as errors that occur in clusters. In this latter case, the only nonzero bits of the error word are confined to a span of contiguous positions, the first and the last of which are both 1. The bits in the middle can be 0 or 1. The span of contiguous bits in the error word is called the burst. We saw in Section 6.4 that any cyclic code able to detect an error word is also able to detect any cyclic shift of that error word. That applies in particular to error words that have all erroneous bits clustered together. A cyclic shift of such a word may split the burst into two pieces. Then, the erroneous bits won’t be “physically” contiguous after the shifting. Therefore, by contiguous we should understand cyclically contiguous, that is contiguous when both ends of the word are “pasted” together. In Fig. 6.5, I have represented several bursts of noise causing errors in the transmitted codewords. Suppose that the duration of the noise doesn’t exceed the time needed to transmit l bits, and that the code is capable of detecting error words containing a burst of length l or less. Then, when a codeword is affected by only one of those noise bursts, the error is detected (see Fig. 6.5a). If the noise spreads over two codewords, it may cause l 0 < l errors at the end of the first one and l 00 < l at the beginning of the second. Thus, there may be erroneous bits at the beginning and at the end of any codeword (see Fig. 6.5b). If l 0 + l 00  l the error is also detected since, in fact, it is a burst of no more than l cyclically contiguous bits. When l 0 + l 00 > l, we cannot assure the error is detected, but in many cases it is. Let us analyze the detection capability of cyclic codes.

284

6 Polynomial and Cyclic Codes

l

Codewords

... 0 0 0 1 x x x x 1 0 0 0 0 0 0 0 ...

Noise

...

...

t (a)

l’ ... 0 0

l’

l ’’

l ’’

l’

l ’’

0 0 0 0 0 0 0 1 x x x x 1 0 0 0 0 0 0 1 x x x x 1 0 0 0 0 1 x x x x 1 0 ...

...

...

t’ For this word

l ’< l

Error detected

t’’

t’

For this word

l ’+ l ’’< l

Error detected

t’’ For this word

t’

t’’

l ’+ l ’’> l

Error may not be detected

(b)

Fig. 6.5 Codewords affected by wrap-around bursts (a) Noise affects only one codeword (b) Noise affects two codewords

6.10.1 Bursts Suppose that the burst can be fitted in the parity section of the word. That is, l  r. Then σ ðDÞ ¼ RgðDÞ eðDÞ ¼ eðDÞ 6¼ 0 Thus, any error word containing a burst of length l  r, or any cyclically shifted version of it, is detected. The codeword g(D) is a burst of length r + 1 (since g0 ¼ 1). Thus, we can say that bursts of length greater than r cannot be detected with r redundant bits.

6.10.2 Odd Number of Errors Say we want to detect all error patterns with an odd number of errors. This can be done with a generator polynomial that has an even number of terms. Such polynomials have 1 as a root and can be written as gðDÞ ¼ ðD þ 1ÞpðDÞ: The generator polynomial g(D) cannot divide any polynomial e(D), of odd weight, since e(1) ¼ 1 and g(1) ¼ 0.

6.10

Detecting Random and Burst Errors with Cyclic Codes

285

6.10.3 Double Errors We know that n is a multiple of e, the period of g(D). Suppose we set n ¼ e. Then, g(D) does not divide any of the following double error patterns eðDÞ ¼ Di þ 1,

0 2l as claimed.

or

r  2l

6.11

Correcting Burst Errors: A First Look at Fire Codes

289

There are Fire codes that only need 3l  1 redundant bits to correct bursts of length l. Since the minimum redundancy is 2l, the efficiency for those codes is 2l 3l1  0:67. The general expression for generator polynomial of Fire codes is gðDÞ ¼ ðDc þ 1ÞpðDÞ

ð6:25Þ

with c > 1 and p(D) an irreducible polynomial of period p. The syndrome of the word w(D) is σ ðDÞ ¼ RgðDÞ wðDÞ

ð6:26Þ

If Dc + 1 and p(D) are coprime polynomials, the syndrome σ(D) ¼ Rg(D)w(D) is univocally determined by the two partial syndromes σ 1 ðDÞ ¼ RDc þ1 wðDÞ

ð6:27Þ

σ 2 ðDÞ ¼ RpðDÞ wðDÞ

ð6:28Þ

And, even though we use g(D) to code, to decode we use (6.27) and (6.28) rather than (6.26). These partial syndromes can be obtained using shift registers. See Fig. 6.8 for the (35, 27) Fire code I present in Example 16 (c ¼ 5, p(D) ¼ D3 + D + 1). I call “first register” the register that computes the “first syndrome,” σ 1(D). I refer to the other register as the “second register.” To correct error words containing a burst of length l or less we must choose c and p(D) appropriately. But, to begin with, we must make sure they are coprime. Let’s analyze this. If Dc + 1 is a multiple of p(D), then gcd{Dc + 1, p(D)} ¼ p(D). Otherwise

Final state

0

0

0

0

0 σ1(D) =RD5+1 w(D)

w(D)

0

0

0 σ2(D) =RD3+D+1 w(D)

Fig. 6.8 Obtaining σ 1(D) and σ 2(D) from w(D)

290

6 Polynomial and Cyclic Codes

gcdfDc þ 1; pðDÞg ¼ 1: which is just what we need to apply the CRT. We have RpðDÞ Dp ¼ 1 Suppose that c is not a multiple of p. Then RpðDÞ Dc 6¼ 1

or

RpðDÞ fDc þ 1g 6¼ 0

Therefore, Dc + 1 is not a multiple of p(D), and the two polynomials are coprime. There are two important consequences of this fact. The first is that the period of g(D) is e ¼ lcm (c, p). The second is that the polynomial code generated by (6.25) is indeed cyclic. Choose a multiple of e as the code length. I want to show that Dn + 1 is a multiple of g(D). In fact, Dn + 1 is a multiple of Dc + 1 (since n is a multiple of c) and, likewise, also a multiple of p(D) (since n is a multiple of p). Then, Dn + 1 is a multiple of lcm (Dc + 1, p(D)) , and therefore of the product (Dc + 1)p(D) ¼ g(D) (because gcd [(Dc + 1), p(D)] ¼ 1). To guarantee the correction of bursts of length l, the following conditions must be satisfied. First: the code length is limited to e. n ¼ e ¼ lcmðc; pÞ Second: Calling m the degree of p(D), m  l. Third: c ¼ 2l  1. See next section for the details. The redundancy of the code is r ¼ c þ m ¼ 2l  1 þ m Its minimum value is ð2l  1Þ þ l ¼ 3l  1 as indicated before. Example 16 In this example, I list the generator polynomial as well as the length and dimension of a few Fire codes.

6.11

Correcting Burst Errors: A First Look at Fire Codes

l¼3 c ¼ 2l  1 ¼ 5 m l ¼ 3 Take m ¼ 4, p(D) ¼ D4 + D + 1, p ¼ 15

 gðDÞ ¼ D5 þ 1 D4 þ D þ 1 ¼ D9 þ D6 þ D5 þ D4 þ D þ 1 n ¼ e ¼ lcmð5; 15Þ ¼ 15 r ¼ c þ m ¼ 5 þ 4 ¼ 8 We have a (15, 6) Fire code. l¼3 c ¼ 2l  1 ¼ 5 ml¼3 Take m ¼ 3, p(D) ¼ D3 + D + 1, p ¼ 7

 gðDÞ ¼ D5 þ 1 D3 þ D þ 1 ¼ D8 þ D6 þ D5 þ D3 þ D þ 1 n ¼ e ¼ 5∗7 ¼ 35

r ¼cþm¼5þ3¼8

We have a (35, 27) Fire code. l¼4 c ¼ 2l  1 ¼ 7 ml¼4 Take m ¼ 4, p(D) ¼ D4 + D3 + D2 + D + 1, p ¼ 5

 gðDÞ ¼ D7 þ 1 D4 þ D3 þ D2 þ D þ 1 ¼ D11 þ D10 þ D9 þ D8 þ D7 þ D4 þ D3 þ D2 þ D þ 1 n ¼ e ¼ 7∗5 ¼ 35

r ¼ c þ m ¼ 7 þ 4 ¼ 11

We have a (35, 24) Fire code. l¼5 c ¼ 2l  1 ¼ 9 ml¼5 Take m ¼ 5, p(D) ¼ D5 + D2 + 1, p ¼ 31

291

292

6 Polynomial and Cyclic Codes



 gðDÞ ¼ D9 þ 1 D5 þ D2 þ 1 ¼ D14 þ D11 þ D9 þ D5 þ D2 þ 1 n ¼ e ¼ 9∗31 ¼ 279

r ¼ c þ m ¼ 9 þ 5 ¼ 14

We have a (279, 265) Fire code. Remark Observe that, although polynomials Dc + 1 and p(D) are always coprime, numbers c and p need not be coprime to construct a Fire code. For instance, for the (15, 6) Fire code, gcd(5, 15) ¼ 5 6¼ 1.

6.12

Additional Details About Fire Codes

In this section, I show that when the length of the code is equal to the period of g(D), c ¼ 2l  1 and m  l, bursts of length up to l can be corrected. The details that follow make clear these conditions and the idea behind Fire codes. The length of the code is a multiple of c. Thus, we can look at the error word as a set of “segments” of size c. Let’s call 0 the rightmost segment, and nc  1 the leftmost one.
 Call k 0  k ; nc  1 the segment where the burst begins, and i0 the location of the rightmost bit of the burst (which must be 1) in the segment (0  i0  c  1). Example 17 Consider the (35, 24) Fire code able to correct error words containing a burst of length 4 or less. For the following error word

(0 0 0 0 0 0 0 0 0 0 0 0 0 0 a b c 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0) the values of k and i0 are: k ¼ 2, i0 ¼ 3. The error polynomial is eðDÞ ¼ aD20 þ bD19 þ cD18 þ D17 Using k and i0, this polynomial can be represented as

e(D) = D3+2*7 (aD3 + bD2 + cD + 1) The polynomial e0(D) ¼ aD3 + bD2 + cD + 1 is called the error pattern. The burst length is 4 if a ¼ 1. As another example, the polynomial for the error word

(1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 a b c) is

6.12

Additional Details About Fire Codes

293

eðDÞ ¼ D34 þ aD2 þ bD þ c Or

e(D) = RD35+1{D6+4*7 (aD3 + bD2 + cD + 1)} a representation that explicitly shows i0, k, and e0(D). In general, the error word can be expressed as   RDn þ1 Di0 þkc eo ðDÞ Its partial syndromes are      σ 1 ðDÞ ¼ RDc þ1 RDn þ1 Di0 þkc e0 ðDÞ ¼ RDc þ1 Di0 þkc e0 ðDÞ      σ 2 ðDÞ ¼ RpðDÞ RDn þ1 Di0 þkc e0 ðDÞ ¼ RpðDÞ Di0 þkc e0 ðDÞ

ð6:29Þ ð6:30Þ

To decode, we must determine k, i0 and e0(D) with the information provided by (6.29) and (6.30). Observe that Equation (6.29) doesn’t give any information about k. In fact, we have     RDc þ1 Di0 þkc e0 ðDÞ ¼ RDc þ1 Di0 e0 ðDÞ Thus, we must obtain k from (6.30). In the next example, I show this is indeed the case, once i0 and e0(D) are found using (6.29). Example 18 The Fire code for this example is the (15, 6) code presented in Section 6.11. The codeword corresponding to message ð1 0

0

1 1Þ

0

is ð1 0

0

0

1 1

1

1

0

1 0

1

1

0 0Þ

0

0 0

0

0

1

0 1

0

0

0 0Þ

Say the error word is ð0 0

0

This double error is treated by the Fire decoder as a burst of length l ¼ 3. The received word is ð1 0

0

Or, as a polynomial

0

1 1

1

1

1

1 1

1

1

0 0Þ

294

6 Polynomial and Cyclic Codes

wðDÞ ¼ D14 þ D10 þ D9 þ D8 þ D7 þ D6 þ D5 þ D4 þ D3 þ D2 Now, on one hand, we know σ 1 ðDÞ ¼ RD5 þ1 wðDÞ ¼ D4 þ D But, according to (6.29), we have   σ 1 ðDÞ ¼ RD5 þ1 Di0 e0 ðDÞ where e0 ðDÞ ¼ aD2 þ bD þ 1

and

0  i0  4

Let’s see what values of i0, a, and b satisfy the equation   RD5 þ1 Di0 e0 ðDÞ ¼ D4 þ D i0 ¼ 0 i0 ¼ 1

RD5 þ1 e0 ðDÞ ¼ aD2 þ bD þ 1 6¼ D4 þ D 
 RD5 þ1 fDe0 ðDÞg ¼ RD5 þ1 D aD2 þ bD þ 1

i0 ¼ 2

¼ aD3 þ bD2 þ D 6¼ D4 þ D 
 RD5 þ1 fDe0 ðDÞg ¼ RD5 þ1 D2 aD2 þ bD þ 1

i0 ¼ 3

¼ aD4 þ bD3 þ D2 6¼ D4 þ D   
 RD5 þ1 D3 e0 ðDÞ ¼ RD5 þ1 D3 aD2 þ bD þ 1

i0 ¼ 4

RD5 þ1



¼ bD4 þ D3 þ a 6¼ D4 þ D 
 D4 e0 ðDÞ ¼ RD5 þ1 D4 aD2 þ bD þ 1 

¼ D4 þ aD þ b ¼ D4 þ D The last equality is satisfied if a ¼ 1 and b ¼ 0. We have, thus, found i0 and e0(D), namely i0 ¼ 4

and

e0 ðDÞ ¼ D2 þ 1

To decode, it only remains to determine the location of the burst. There are three possibilities

6.12

Additional Details About Fire Codes

295

k = 0 (0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 ) k = 1 (0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 ) k = 2 (1 0 0 0 0 0 0 0 0 0 0 0 0 1 0 )

The information to decide which of the above occurred is provided by σ 2(D). We know σ 2 ðDÞ ¼ RD4 þDþ1 wðDÞ ¼ D3 þ D2 þ D þ 1 And we have to solve the equation 
 RD4 þDþ1 D4þ5k D2 þ 1 ¼ D3 þ D2 þ D þ 1 
 k ¼ 0 RD4 þDþ1 D4 D2 þ 1 ¼ D3 þ D2 þ D þ 1 
 k ¼ 1 RD4 þDþ1 D9 D2 þ 1 ¼ D2   
 k ¼ 2 RD4 þDþ1 D14 D2 þ 1 ¼ RD4 þDþ1 D þ D14 ¼ D3 þ D þ 1 Thus, k ¼ 0 and the error has been corrected. What remains now is to show how the conditions on n, c and m allow us to prove the correction capability of Fire codes. I do this in two steps. First Step i0 and e0(D) can be found from (6.29) if c ¼ 2l  1. To see this, let’s first find σ 1(D) for a generic input, w(D). σ 1 ðDÞ ¼ RDc þ1 wðDÞ ¼ RDc þ1

n1 X

wi Di ¼

i¼0

n1 X

wi RDc þ1 Di

i¼0

Dividing i by c, we have i ¼ kc + [i]c where [i]c is i modulo c (that is, the remainder of the division). Now, we have n1 X

wi RDc þ1 Di ¼

i¼0

n1 X

wi RDc þ1 Dkcþ½ic ¼

i¼0

¼

c1 X

n1 X

wi D½ic

i¼0

W i Di

i¼0

To compute Wc  1 . . . . . . W0, write the coefficients of the word w(D) in rows of length c, pile up the rows, and add the bits in each column. Example 19 Let’s go back to the (35, 24) Fire code (Recall that c ¼ 7). Dispose (w34w34 . . . . . . w1w0) as indicated here

296

6 Polynomial and Cyclic Codes

w34

w33

w32

w31

w30

w29

w28

w27

w26

w25

w24

w23

w22

w21

w20

w19

w18

w17

w16

w15

w14

w13

w12

w11

w10

w9

w8

w7

w6

w5

w4

w3

w2

w1

w0

Then, we obtain W 6 ¼ w34 þ w27 þ w20 þ w13 þ w6 W 5 ¼ w33 þ w26 þ w19 þ w12 þ w5 ... ... ... ... ... ... ... ... ... ... ... W 0 ¼ w28 þ w21 þ w14 þ w7 þ w0 Let’s apply the above to error words containing a burst of length 4 or less. In the following c ¼ 7 words, the burst length is 4, the error pattern is the same, but i0 changes from 0 to c  1 ¼ 6. (0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ) (0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ) (0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ) (0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ) (0 0 0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ) (0 0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ) (0 0 0 0 0 0 0 0 0 0 0 1 a b 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 )

To find the syndrome of each word, pile up its segments and add them together. The results are (burst, highlighted) (0 0 0 1 a b 1 )

(i0 = 0)

(0 0 1 a b 1 0 )

(i0 = 1)

(0 1 a b 1 0 0 )

(i0 = 2)

(1 a b 1 0 0 0 )

(i0 = 3)

(a b 1 0 0 0 1 )

(i0 = 4)

(b 1 0 0 0 1 a )

(i0 = 5)

(1 0 0 0 1 a b )

(i0 = 6)

The syndrome of a burst of length l is a (cyclic) “sandwich” of (at the most) l  2 zeros. Thus, if c ¼ l  1 + l, there are l  1 zeros “outside” the sandwich. Once these

6.12

Additional Details About Fire Codes

297

l  1 zeros are spotted, the remaining bits in the syndrome correspond to the burst pattern. Thus, after we have computed the syndrome, to obtain the error pattern, e0(D), and i0, we proceed as follows: If the leftmost l  1 ¼ 3 bits are not zero, keep shifting the syndrome to the left until they are zero. Call δ1  1 the number of shifts. Then i0 + δ1 ¼ c. (For instance, we only need 1 shift to place the three zeros in the leftmost position when i0 = 6). Then, we have determined i0 ¼ c  δ1 and the error pattern e0(D) (the l rightmost bits of the syndrome). Remark When the burst is shorter, the syndrome (after the appropriate shifting) is (0 0 0 0 1 a 1 ) (burst length = 3) (0 0 0 0 0 1 1 ) (burst length = 2) (0 0 0 0 0 0 1 ) (burst length = 1)

The number of additional zeros (in red) is l—burst length. The rightmost bit is always 1. Second Step The nc values given by (6.30) are different if m  l and n ¼ e ¼ lcm (c, p). Say k 0 > k. h i 0   RpðDÞ Di0 þk c e0 ðDÞ 6¼ RpðDÞ Di0 þkc e0 ðDÞ Or

h n 0 o i RpðDÞ Di0 þkc Dðk kÞc þ 1 e0 ðDÞ 6¼ 0

Hence, p(D) (which is irreducible!) cannot be a factor of Di0 þkc , e0 ðDÞ or 0 Dðk kÞc þ 1. Clearly, p(D) is not a factor of Di0 þkc . On the other hand, the degree of e0(D) is at the most l  1. If we choose m  l, then e0(D) is not a multiple of p(D). Remark The code with m ¼ l has the minimum redundancy for the same protection. This is how m is chosen in practice, unless the application for which the code is intended requires a larger m. 0

Can Dðk kÞc þ 1 be a multiple of p(D)? In other words, can (k 0  k)c be a multiple of p, the period of p(D)? We have n  0 1 c¼nc