BCH code

From HandWiki
Revision as of 21:06, 6 February 2024 by S.Timg (talk | contribs) (add)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Short description: Error correction code

In coding theory, the Bose–Chaudhuri–Hocquenghem codes (BCH codes) form a class of cyclic error-correcting codes that are constructed using polynomials over a finite field (also called a Galois field). BCH codes were invented in 1959 by French mathematician Alexis Hocquenghem, and independently in 1960 by Raj Chandra Bose and D.K. Ray-Chaudhuri.[1][2][3] The name Bose–Chaudhuri–Hocquenghem (and the acronym BCH) arises from the initials of the inventors' surnames (mistakenly, in the case of Ray-Chaudhuri).

One of the key features of BCH codes is that during code design, there is a precise control over the number of symbol errors correctable by the code. In particular, it is possible to design binary BCH codes that can correct multiple bit errors. Another advantage of BCH codes is the ease with which they can be decoded, namely, via an algebraic method known as syndrome decoding. This simplifies the design of the decoder for these codes, using small low-power electronic hardware.

BCH codes are used in applications such as satellite communications,[4] compact disc players, DVDs, disk drives, USB flash drives, solid-state drives,[5] quantum-resistant cryptography[6] and two-dimensional bar codes.

Definition and illustration

Primitive narrow-sense BCH codes

Given a prime number q and prime power qm with positive integers m and d such that dqm − 1, a primitive narrow-sense BCH code over the finite field (or Galois field) GF(q) with code length n = qm − 1 and distance at least d is constructed by the following method.

Let α be a primitive element of GF(qm). For any positive integer i, let mi(x) be the minimal polynomial with coefficients in GF(q) of αi. The generator polynomial of the BCH code is defined as the least common multiple g(x) = lcm(m1(x),…,md − 1(x)). It can be seen that g(x) is a polynomial with coefficients in GF(q) and divides xn − 1. Therefore, the polynomial code defined by g(x) is a cyclic code.

Example

Let q = 2 and m = 4 (therefore n = 15). We will consider different values of d for GF(16) = GF(24) based on the reducing polynomial z4 + z + 1, using primitive element α(z) = z. There are fourteen minimum polynomials mi(x) with coefficients in GF(2) satisfying

[math]\displaystyle{ m_i\left(\alpha^i\right) \bmod \left(z^4 + z + 1\right) = 0. }[/math]

The minimal polynomials are

[math]\displaystyle{ \begin{align} m_1(x) &= m_2(x) = m_4(x) = m_8(x) = x^4 + x + 1, \\ m_3(x) &= m_6(x) = m_9(x) = m_{12}(x) = x^4 + x^3 + x^2 + x + 1, \\ m_5(x) &= m_{10}(x) = x^2 + x + 1, \\ m_7(x) &= m_{11}(x) = m_{13}(x) = m_{14}(x) = x^4 + x^3 + 1. \end{align} }[/math]

The BCH code with [math]\displaystyle{ d = 2, 3 }[/math] has generator polynomial

[math]\displaystyle{ g(x) = {\rm lcm}(m_1(x), m_2(x)) = m_1(x) = x^4 + x + 1.\, }[/math]

It has minimal Hamming distance at least 3 and corrects up to one error. Since the generator polynomial is of degree 4, this code has 11 data bits and 4 checksum bits.

The BCH code with [math]\displaystyle{ d=4,5 }[/math] has generator polynomial

[math]\displaystyle{ \begin{align} g(x) &= {\rm lcm}(m_1(x),m_2(x),m_3(x),m_4(x)) = m_1(x) m_3(x) \\ &= \left(x^4 + x + 1\right)\left(x^4 + x^3 + x^2 + x + 1\right) = x^8 + x^7 + x^6 + x^4 + 1. \end{align} }[/math]

It has minimal Hamming distance at least 5 and corrects up to two errors. Since the generator polynomial is of degree 8, this code has 7 data bits and 8 checksum bits.

The BCH code with [math]\displaystyle{ d=6,7 }[/math] has generator polynomial

[math]\displaystyle{ \begin{align} g(x) &= {\rm lcm}(m_1(x),m_2(x),m_3(x),m_4(x),m_5(x),m_6(x)) = m_1(x) m_3(x) m_5(x) \\ &= \left(x^4 + x + 1\right)\left(x^4 + x^3 + x^2 + x + 1\right)\left(x^2 + x + 1\right) = x^{10} + x^8 + x^5 + x^4 + x^2 + x + 1. \end{align} }[/math]

It has minimal Hamming distance at least 7 and corrects up to three errors. Since the generator polynomial is of degree 10, this code has 5 data bits and 10 checksum bits. (This particular generator polynomial has a real-world application, in the format patterns of the QR code.)

The BCH code with [math]\displaystyle{ d=8 }[/math] and higher has generator polynomial

[math]\displaystyle{ \begin{align} g(x) &= {\rm lcm}(m_1(x),m_2(x),...,m_{14}(x)) = m_1(x) m_3(x) m_5(x) m_7(x)\\ &= \left(x^4 + x + 1\right)\left(x^4 + x^3 + x^2 + x + 1\right)\left(x^2 + x + 1\right)\left(x^4 + x^3 + 1\right) = x^{14} + x^{13} + x^{12} + \cdots + x^2 + x + 1. \end{align} }[/math]

This code has minimal Hamming distance 15 and corrects 7 errors. It has 1 data bit and 14 checksum bits. In fact, this code has only two codewords: 000000000000000 and 111111111111111.

General BCH codes

General BCH codes differ from primitive narrow-sense BCH codes in two respects.

First, the requirement that [math]\displaystyle{ \alpha }[/math] be a primitive element of [math]\displaystyle{ \mathrm{GF}(q^m) }[/math] can be relaxed. By relaxing this requirement, the code length changes from [math]\displaystyle{ q^m - 1 }[/math] to [math]\displaystyle{ \mathrm{ord}(\alpha), }[/math] the order of the element [math]\displaystyle{ \alpha. }[/math]

Second, the consecutive roots of the generator polynomial may run from [math]\displaystyle{ \alpha^c,\ldots,\alpha^{c+d-2} }[/math] instead of [math]\displaystyle{ \alpha,\ldots,\alpha^{d-1}. }[/math]

Definition. Fix a finite field [math]\displaystyle{ GF(q), }[/math] where [math]\displaystyle{ q }[/math] is a prime power. Choose positive integers [math]\displaystyle{ m,n,d,c }[/math] such that [math]\displaystyle{ 2\leq d\leq n, }[/math] [math]\displaystyle{ {\rm gcd}(n,q)=1, }[/math] and [math]\displaystyle{ m }[/math] is the multiplicative order of [math]\displaystyle{ q }[/math] modulo [math]\displaystyle{ n. }[/math]

As before, let [math]\displaystyle{ \alpha }[/math] be a primitive [math]\displaystyle{ n }[/math]th root of unity in [math]\displaystyle{ GF(q^m), }[/math] and let [math]\displaystyle{ m_i(x) }[/math] be the minimal polynomial over [math]\displaystyle{ GF(q) }[/math] of [math]\displaystyle{ \alpha^i }[/math] for all [math]\displaystyle{ i. }[/math] The generator polynomial of the BCH code is defined as the least common multiple [math]\displaystyle{ g(x) = {\rm lcm}(m_c(x),\ldots,m_{c+d-2}(x)). }[/math]

Note: if [math]\displaystyle{ n=q^m-1 }[/math] as in the simplified definition, then [math]\displaystyle{ {\rm gcd}(n,q) }[/math] is 1, and the order of [math]\displaystyle{ q }[/math] modulo [math]\displaystyle{ n }[/math] is [math]\displaystyle{ m. }[/math] Therefore, the simplified definition is indeed a special case of the general one.

Special cases

  • A BCH code with [math]\displaystyle{ c=1 }[/math] is called a narrow-sense BCH code.
  • A BCH code with [math]\displaystyle{ n=q^m-1 }[/math] is called primitive.

The generator polynomial [math]\displaystyle{ g(x) }[/math] of a BCH code has coefficients from [math]\displaystyle{ \mathrm{GF}(q). }[/math] In general, a cyclic code over [math]\displaystyle{ \mathrm{GF}(q^p) }[/math] with [math]\displaystyle{ g(x) }[/math] as the generator polynomial is called a BCH code over [math]\displaystyle{ \mathrm{GF}(q^p). }[/math] The BCH code over [math]\displaystyle{ \mathrm{GF}(q^m) }[/math] and generator polynomial [math]\displaystyle{ g(x) }[/math] with successive powers of [math]\displaystyle{ \alpha }[/math] as roots is one type of Reed–Solomon code where the decoder (syndromes) alphabet is the same as the channel (data and generator polynomial) alphabet, all elements of [math]\displaystyle{ \mathrm{GF}(q^m) }[/math] .[7] The other type of Reed Solomon code is an original view Reed Solomon code which is not a BCH code.

Properties

The generator polynomial of a BCH code has degree at most [math]\displaystyle{ (d-1)m }[/math]. Moreover, if [math]\displaystyle{ q=2 }[/math] and [math]\displaystyle{ c=1 }[/math], the generator polynomial has degree at most [math]\displaystyle{ dm/2 }[/math].

Proof

Each minimal polynomial [math]\displaystyle{ m_i(x) }[/math] has degree at most [math]\displaystyle{ m }[/math]. Therefore, the least common multiple of [math]\displaystyle{ d-1 }[/math] of them has degree at most [math]\displaystyle{ (d-1)m }[/math]. Moreover, if [math]\displaystyle{ q=2, }[/math] then [math]\displaystyle{ m_i(x) = m_{2i}(x) }[/math] for all [math]\displaystyle{ i }[/math]. Therefore, [math]\displaystyle{ g(x) }[/math] is the least common multiple of at most [math]\displaystyle{ d/2 }[/math] minimal polynomials [math]\displaystyle{ m_i(x) }[/math] for odd indices [math]\displaystyle{ i, }[/math] each of degree at most [math]\displaystyle{ m }[/math].

A BCH code has minimal Hamming distance at least [math]\displaystyle{ d }[/math].

Proof

Suppose that [math]\displaystyle{ p(x) }[/math] is a code word with fewer than [math]\displaystyle{ d }[/math] non-zero terms. Then

[math]\displaystyle{ p(x) = b_1x^{k_1} + \cdots + b_{d-1}x^{k_{d-1}},\text{ where }k_1\lt k_2\lt \cdots\lt k_{d-1}. }[/math]

Recall that [math]\displaystyle{ \alpha^c,\ldots,\alpha^{c+d-2} }[/math] are roots of [math]\displaystyle{ g(x), }[/math] hence of [math]\displaystyle{ p(x) }[/math]. This implies that [math]\displaystyle{ b_1,\ldots,b_{d-1} }[/math] satisfy the following equations, for each [math]\displaystyle{ i \in \{c, \dotsc, c+d-2\} }[/math]:

[math]\displaystyle{ p(\alpha^i) = b_1\alpha^{ik_1} + b_2\alpha^{ik_2} + \cdots + b_{d-1}\alpha^{ik_{d-1}} = 0. }[/math]

In matrix form, we have

[math]\displaystyle{ \begin{bmatrix} \alpha^{ck_1} & \alpha^{ck_2} & \cdots & \alpha^{ck_{d-1}} \\ \alpha^{(c+1)k_1} & \alpha^{(c+1)k_2} & \cdots & \alpha^{(c+1)k_{d-1}} \\ \vdots & \vdots & & \vdots \\ \alpha^{(c+d-2)k_1} & \alpha^{(c+d-2)k_2} & \cdots & \alpha^{(c+d-2)k_{d-1}} \\ \end{bmatrix}\begin{bmatrix} b_1 \\ b_2 \\ \vdots \\ b_{d-1} \end{bmatrix} = \begin{bmatrix} 0 \\ 0 \\ \vdots \\ 0 \end{bmatrix}. }[/math]

The determinant of this matrix equals

[math]\displaystyle{ \left(\prod_{i=1}^{d-1}\alpha^{ck_i}\right)\det\begin{pmatrix} 1 & 1 & \cdots & 1 \\ \alpha^{k_1} & \alpha^{k_2} & \cdots & \alpha^{k_{d-1}} \\ \vdots & \vdots & & \vdots \\ \alpha^{(d-2)k_1} & \alpha^{(d-2)k_2} & \cdots & \alpha^{(d-2)k_{d-1}} \\ \end{pmatrix} = \left(\prod_{i=1}^{d-1}\alpha^{ck_i}\right) \det(V). }[/math]

The matrix [math]\displaystyle{ V }[/math] is seen to be a Vandermonde matrix, and its determinant is

[math]\displaystyle{ \det(V) = \prod_{1\le i\lt j\le d-1} \left(\alpha^{k_j} - \alpha^{k_i}\right), }[/math]

which is non-zero. It therefore follows that [math]\displaystyle{ b_1,\ldots,b_{d-1}=0, }[/math] hence [math]\displaystyle{ p(x) = 0. }[/math]

A BCH code is cyclic.

Proof

A polynomial code of length [math]\displaystyle{ n }[/math] is cyclic if and only if its generator polynomial divides [math]\displaystyle{ x^n-1. }[/math] Since [math]\displaystyle{ g(x) }[/math] is the minimal polynomial with roots [math]\displaystyle{ \alpha^c,\ldots,\alpha^{c+d-2}, }[/math] it suffices to check that each of [math]\displaystyle{ \alpha^c,\ldots,\alpha^{c+d-2} }[/math] is a root of [math]\displaystyle{ x^n-1. }[/math] This follows immediately from the fact that [math]\displaystyle{ \alpha }[/math] is, by definition, an [math]\displaystyle{ n }[/math]th root of unity.

Encoding

Because any polynomial that is a multiple of the generator polynomial is a valid BCH codeword, BCH encoding is merely the process of finding some polynomial that has the generator as a factor.

The BCH code itself is not prescriptive about the meaning of the coefficients of the polynomial; conceptually, a BCH decoding algorithm's sole concern is to find the valid codeword with the minimal Hamming distance to the received codeword. Therefore, the BCH code may be implemented either as a systematic code or not, depending on how the implementor chooses to embed the message in the encoded polynomial.

Non-systematic encoding: The message as a factor

The most straightforward way to find a polynomial that is a multiple of the generator is to compute the product of some arbitrary polynomial and the generator. In this case, the arbitrary polynomial can be chosen using the symbols of the message as coefficients.

[math]\displaystyle{ s(x) = p(x)g(x) }[/math]

As an example, consider the generator polynomial [math]\displaystyle{ g(x)=x^{10}+x^9+x^8+x^6+x^5+x^3+1 }[/math], chosen for use in the (31, 21) binary BCH code used by POCSAG and others. To encode the 21-bit message {101101110111101111101}, we first represent it as a polynomial over [math]\displaystyle{ GF(2) }[/math]:

[math]\displaystyle{ p(x) = x^{20}+x^{18}+x^{17}+x^{15}+x^{14}+x^{13}+x^{11}+x^{10}+x^9+x^8+x^6+x^5+x^4+x^3+x^2+1 }[/math]

Then, compute (also over [math]\displaystyle{ GF(2) }[/math]):

[math]\displaystyle{ \begin{align} s(x) &= p(x)g(x)\\ &= \left(x^{20}+x^{18}+x^{17}+x^{15}+x^{14}+x^{13}+x^{11}+x^{10}+x^9+x^8+x^6+x^5+x^4+x^3+x^2+1\right)\left(x^{10}+x^9+x^8+x^6+x^5+x^3+1\right)\\ &= x^{30}+x^{29}+x^{26}+x^{25}+x^{24}+x^{22}+x^{19}+x^{17}+x^{16}+x^{15}+x^{14}+x^{12}+x^{10}+x^9+x^8+x^6+x^5+x^4+x^2+1 \end{align} }[/math]

Thus, the transmitted codeword is {1100111010010111101011101110101}.

The receiver can use these bits as coefficients in [math]\displaystyle{ s(x) }[/math] and, after error-correction to ensure a valid codeword, can recompute [math]\displaystyle{ p(x) = s(x)/g(x) }[/math]

Systematic encoding: The message as a prefix

A systematic code is one in which the message appears verbatim somewhere within the codeword. Therefore, systematic BCH encoding involves first embedding the message polynomial within the codeword polynomial, and then adjusting the coefficients of the remaining (non-message) terms to ensure that [math]\displaystyle{ s(x) }[/math] is divisible by [math]\displaystyle{ g(x) }[/math].

This encoding method leverages the fact that subtracting the remainder from a dividend results in a multiple of the divisor. Hence, if we take our message polynomial [math]\displaystyle{ p(x) }[/math] as before and multiply it by [math]\displaystyle{ x^{n-k} }[/math] (to "shift" the message out of the way of the remainder), we can then use Euclidean division of polynomials to yield:

[math]\displaystyle{ p(x)x^{n-k} = q(x)g(x) + r(x) }[/math]

Here, we see that [math]\displaystyle{ q(x)g(x) }[/math] is a valid codeword. As [math]\displaystyle{ r(x) }[/math] is always of degree less than [math]\displaystyle{ n-k }[/math] (which is the degree of [math]\displaystyle{ g(x) }[/math]), we can safely subtract it from [math]\displaystyle{ p(x)x^{n-k} }[/math] without altering any of the message coefficients, hence we have our [math]\displaystyle{ s(x) }[/math] as

[math]\displaystyle{ s(x) = q(x)g(x) = p(x)x^{n-k} - r(x) }[/math]

Over [math]\displaystyle{ GF(2) }[/math] (i.e. with binary BCH codes), this process is indistinguishable from appending a cyclic redundancy check, and if a systematic binary BCH code is used only for error-detection purposes, we see that BCH codes are just a generalization of the mathematics of cyclic redundancy checks.

The advantage to the systematic coding is that the receiver can recover the original message by discarding everything after the first [math]\displaystyle{ k }[/math] coefficients, after performing error correction.

Decoding

There are many algorithms for decoding BCH codes. The most common ones follow this general outline:

  1. Calculate the syndromes sj for the received vector
  2. Determine the number of errors t and the error locator polynomial Λ(x) from the syndromes
  3. Calculate the roots of the error location polynomial to find the error locations Xi
  4. Calculate the error values Yi at those error locations
  5. Correct the errors

During some of these steps, the decoding algorithm may determine that the received vector has too many errors and cannot be corrected. For example, if an appropriate value of t is not found, then the correction would fail. In a truncated (not primitive) code, an error location may be out of range. If the received vector has more errors than the code can correct, the decoder may unknowingly produce an apparently valid message that is not the one that was sent.

Calculate the syndromes

The received vector [math]\displaystyle{ R }[/math] is the sum of the correct codeword [math]\displaystyle{ C }[/math] and an unknown error vector [math]\displaystyle{ E. }[/math] The syndrome values are formed by considering [math]\displaystyle{ R }[/math] as a polynomial and evaluating it at [math]\displaystyle{ \alpha^c, \ldots, \alpha^{c+d-2}. }[/math] Thus the syndromes are[8]

[math]\displaystyle{ s_j = R\left(\alpha^j\right) = C\left(\alpha^j\right) + E\left(\alpha^j\right) }[/math]

for [math]\displaystyle{ j = c }[/math] to [math]\displaystyle{ c + d - 2. }[/math]

Since [math]\displaystyle{ \alpha^{j} }[/math] are the zeros of [math]\displaystyle{ g(x), }[/math] of which [math]\displaystyle{ C(x) }[/math] is a multiple, [math]\displaystyle{ C\left(\alpha^j\right) = 0. }[/math] Examining the syndrome values thus isolates the error vector so one can begin to solve for it.

If there is no error, [math]\displaystyle{ s_j = 0 }[/math] for all [math]\displaystyle{ j. }[/math] If the syndromes are all zero, then the decoding is done.

Calculate the error location polynomial

If there are nonzero syndromes, then there are errors. The decoder needs to figure out how many errors and the location of those errors.

If there is a single error, write this as [math]\displaystyle{ E(x) = e\,x^i, }[/math] where [math]\displaystyle{ i }[/math] is the location of the error and [math]\displaystyle{ e }[/math] is its magnitude. Then the first two syndromes are

[math]\displaystyle{ \begin{align} s_c &= e\,\alpha^{c\,i} \\ s_{c+1} &= e\,\alpha^{(c+1)\,i} = \alpha^i s_c \end{align} }[/math]

so together they allow us to calculate [math]\displaystyle{ e }[/math] and provide some information about [math]\displaystyle{ i }[/math] (completely determining it in the case of Reed–Solomon codes).

If there are two or more errors,

[math]\displaystyle{ E(x) = e_1 x^{i_1} + e_2 x^{i_2} + \cdots \, }[/math]

It is not immediately obvious how to begin solving the resulting syndromes for the unknowns [math]\displaystyle{ e_k }[/math] and [math]\displaystyle{ i_k. }[/math]

The first step is finding, compatible with computed syndromes and with minimal possible [math]\displaystyle{ t, }[/math] locator polynomial:

[math]\displaystyle{ \Lambda(x) = \prod_{j=1}^t \left(x\alpha^{i_j} - 1\right) }[/math]

Three popular algorithms for this task are:

  1. Peterson–Gorenstein–Zierler algorithm
  2. Berlekamp–Massey algorithm
  3. Sugiyama Euclidean algorithm

Peterson–Gorenstein–Zierler algorithm

Peterson's algorithm is the step 2 of the generalized BCH decoding procedure. Peterson's algorithm is used to calculate the error locator polynomial coefficients [math]\displaystyle{ \lambda_1 , \lambda_2, \dots, \lambda_{v} }[/math] of a polynomial

[math]\displaystyle{ \Lambda(x) = 1 + \lambda_1 x + \lambda_2 x^2 + \cdots + \lambda_v x^v . }[/math]

Now the procedure of the Peterson–Gorenstein–Zierler algorithm.[9] Expect we have at least 2t syndromes sc, …, sc+2t−1. Let v = t.

  1. Start by generating the [math]\displaystyle{ S_{v\times v} }[/math] matrix with elements that are syndrome values
    [math]\displaystyle{ S_{v \times v}=\begin{bmatrix}s_c&s_{c+1}&\dots&s_{c+v-1}\\ s_{c+1}&s_{c+2}&\dots&s_{c+v}\\ \vdots&\vdots&\ddots&\vdots\\ s_{c+v-1}&s_{c+v}&\dots&s_{c+2v-2}\end{bmatrix}. }[/math]
  2. Generate a [math]\displaystyle{ c_{v \times 1} }[/math] vector with elements
    [math]\displaystyle{ C_{v \times 1}=\begin{bmatrix}s_{c+v}\\ s_{c+v+1}\\ \vdots\\ s_{c+2v-1}\end{bmatrix}. }[/math]
  3. Let [math]\displaystyle{ \Lambda }[/math] denote the unknown polynomial coefficients, which are given by
    [math]\displaystyle{ \Lambda_{v \times 1} = \begin{bmatrix}\lambda_{v}\\ \lambda_{v-1}\\ \vdots\\ \lambda_{1}\end{bmatrix}. }[/math]
  4. Form the matrix equation
    [math]\displaystyle{ S_{v \times v} \Lambda_{v \times 1} = -C_{v \times 1\,} . }[/math]
  5. If the determinant of matrix [math]\displaystyle{ S_{v \times v} }[/math] is nonzero, then we can actually find an inverse of this matrix and solve for the values of unknown [math]\displaystyle{ \Lambda }[/math] values.
  6. If [math]\displaystyle{ \det\left(S_{v \times v}\right) = 0, }[/math] then follow
           if [math]\displaystyle{ v = 0 }[/math]
           then
                 declare an empty error locator polynomial
                 stop Peterson procedure.
           end
           set [math]\displaystyle{ v \leftarrow v -1 }[/math]
    
    continue from the beginning of Peterson's decoding by making smaller [math]\displaystyle{ S_{v \times v} }[/math]
  7. After you have values of [math]\displaystyle{ \Lambda }[/math], you have the error locator polynomial.
  8. Stop Peterson procedure.

Factor error locator polynomial

Now that you have the [math]\displaystyle{ \Lambda(x) }[/math] polynomial, its roots can be found in the form [math]\displaystyle{ \Lambda(x) = \left(\alpha^{i_1} x - 1\right)\left(\alpha^{i_2} x - 1\right) \cdots \left(\alpha^{i_v} x - 1\right) }[/math] by brute force for example using the Chien search algorithm. The exponential powers of the primitive element [math]\displaystyle{ \alpha }[/math] will yield the positions where errors occur in the received word; hence the name 'error locator' polynomial.

The zeros of Λ(x) are αi1, …, αiv.

Calculate error values

Once the error locations are known, the next step is to determine the error values at those locations. The error values are then used to correct the received values at those locations to recover the original codeword.

For the case of binary BCH, (with all characters readable) this is trivial; just flip the bits for the received word at these positions, and we have the corrected code word. In the more general case, the error weights [math]\displaystyle{ e_j }[/math] can be determined by solving the linear system

[math]\displaystyle{ \begin{align} s_c & = e_1 \alpha^{c\,i_1} + e_2 \alpha^{c\,i_2} + \cdots \\ s_{c+1} & = e_1 \alpha^{(c + 1)\,i_1} + e_2 \alpha^{(c + 1)\,i_2} + \cdots \\ & {}\ \vdots \end{align} }[/math]

Forney algorithm

However, there is a more efficient method known as the Forney algorithm.

Let

[math]\displaystyle{ S(x) = s_c + s_{c+1}x + s_{c+2}x^2 + \cdots + s_{c+d-2}x^{d-2}. }[/math]
[math]\displaystyle{ v \leqslant d-1, \lambda_0 \neq 0 \qquad \Lambda(x) = \sum_{i=0}^v\lambda_i x^i = \lambda_0 \prod_{k=0}^{v} \left(\alpha^{-i_k}x - 1\right). }[/math]

And the error evaluator polynomial[10]

[math]\displaystyle{ \Omega(x) \equiv S(x) \Lambda(x) \bmod{x^{d-1}} }[/math]

Finally:

[math]\displaystyle{ \Lambda'(x) = \sum_{i=1}^v i \cdot \lambda_i x^{i-1}, }[/math]

where

[math]\displaystyle{ i \cdot x := \sum_{k=1}^i x. }[/math]

Than if syndromes could be explained by an error word, which could be nonzero only on positions [math]\displaystyle{ i_k }[/math], then error values are

[math]\displaystyle{ e_k = -{\alpha^{i_k}\Omega\left(\alpha^{-i_k}\right) \over \alpha^{c\cdot i_k}\Lambda'\left(\alpha^{-i_k}\right)}. }[/math]

For narrow-sense BCH codes, c = 1, so the expression simplifies to:

[math]\displaystyle{ e_k = -{\Omega\left(\alpha^{-i_k}\right) \over \Lambda'\left(\alpha^{-i_k}\right)}. }[/math]

Explanation of Forney algorithm computation

It is based on Lagrange interpolation and techniques of generating functions.

Consider [math]\displaystyle{ S(x)\Lambda(x), }[/math] and for the sake of simplicity suppose [math]\displaystyle{ \lambda_k = 0 }[/math] for [math]\displaystyle{ k \gt v, }[/math] and [math]\displaystyle{ s_k = 0 }[/math] for [math]\displaystyle{ k \gt c + d - 2. }[/math] Then

[math]\displaystyle{ S(x)\Lambda(x) = \sum_{j=0}^{\infty}\sum_{i=0}^j s_{j-i+1}\lambda_i x^j. }[/math]
[math]\displaystyle{ \begin{align} S(x)\Lambda(x) &= S(x) \left \{ \lambda_0\prod_{\ell=1}^v \left (\alpha^{i_\ell}x-1 \right ) \right \} \\ &= \left \{ \sum_{i=0}^{d-2}\sum_{j=1}^v e_j\alpha^{(c+i)\cdot i_j} x^i \right \} \left \{ \lambda_0\prod_{\ell=1}^v \left (\alpha^{i_\ell}x-1 \right ) \right \} \\ &= \left \{ \sum_{j=1}^v e_j \alpha^{c i_j}\sum_{i=0}^{d-2} \left (\alpha^{i_j} \right )^i x^i \right \} \left \{ \lambda_0\prod_{\ell=1}^v \left (\alpha^{i_\ell}x-1 \right ) \right \} \\ &= \left \{ \sum_{j=1}^v e_j \alpha^{c i_j} \frac{\left (x \alpha^{i_j} \right )^{d-1}-1}{x \alpha^{i_j}-1} \right \} \left \{ \lambda_0 \prod_{\ell=1}^v \left (\alpha^{i_\ell}x-1 \right ) \right \} \\ &= \lambda_0 \sum_{j=1}^v e_j\alpha^{c i_j} \frac{ \left (x\alpha^{i_j} \right)^{d-1}-1}{x\alpha^{i_j}-1} \prod_{\ell=1}^v \left (\alpha^{i_\ell}x-1 \right ) \\ &= \lambda_0 \sum_{j=1}^v e_j\alpha^{c i_j} \left ( \left (x\alpha^{i_j} \right)^{d-1}-1 \right ) \prod_{\ell\in\{1,\cdots,v\}\setminus\{j\}} \left (\alpha^{i_\ell}x-1 \right ) \end{align} }[/math]

We want to compute unknowns [math]\displaystyle{ e_j, }[/math] and we could simplify the context by removing the [math]\displaystyle{ \left(x\alpha^{i_j}\right)^{d-1} }[/math] terms. This leads to the error evaluator polynomial

[math]\displaystyle{ \Omega(x) \equiv S(x) \Lambda(x) \bmod{x^{d-1}}. }[/math]

Thanks to [math]\displaystyle{ v\leqslant d-1 }[/math] we have

[math]\displaystyle{ \Omega(x) = -\lambda_0\sum_{j=1}^v e_j\alpha^{c i_j} \prod_{\ell\in\{1,\cdots,v\}\setminus\{j\}} \left(\alpha^{i_\ell}x - 1\right). }[/math]

Thanks to [math]\displaystyle{ \Lambda }[/math] (the Lagrange interpolation trick) the sum degenerates to only one summand for [math]\displaystyle{ x = \alpha^{-i_k} }[/math]

[math]\displaystyle{ \Omega \left(\alpha^{-i_k}\right) = -\lambda_0 e_k\alpha^{c\cdot i_k}\prod_{\ell\in\{1,\cdots,v\}\setminus\{k\}} \left(\alpha^{i_\ell}\alpha^{-i_k} - 1\right). }[/math]

To get [math]\displaystyle{ e_k }[/math] we just should get rid of the product. We could compute the product directly from already computed roots [math]\displaystyle{ \alpha^{-i_j} }[/math] of [math]\displaystyle{ \Lambda, }[/math] but we could use simpler form.

As formal derivative

[math]\displaystyle{ \Lambda'(x) = \lambda_0\sum_{j=1}^v \alpha^{i_j}\prod_{\ell\in\{1,\cdots,v\}\setminus\{j\}} \left(\alpha^{i_\ell}x - 1\right), }[/math]

we get again only one summand in

[math]\displaystyle{ \Lambda'\left(\alpha^{-i_k}\right) = \lambda_0\alpha^{i_k}\prod_{\ell\in\{1,\cdots,v\}\setminus\{k\}} \left(\alpha^{i_\ell}\alpha^{-i_k} - 1\right). }[/math]

So finally

[math]\displaystyle{ e_k = -\frac{\alpha^{i_k}\Omega \left(\alpha^{-i_k}\right)}{\alpha^{c\cdot i_k}\Lambda' \left(\alpha^{-i_k}\right)}. }[/math]

This formula is advantageous when one computes the formal derivative of [math]\displaystyle{ \Lambda }[/math] form

[math]\displaystyle{ \Lambda(x) = \sum_{i=1}^v \lambda_i x^i }[/math]

yielding:

[math]\displaystyle{ \Lambda'(x) = \sum_{i=1}^v i \cdot \lambda_i x^{i-1}, }[/math]

where

[math]\displaystyle{ i\cdot x := \sum_{k=1}^i x. }[/math]

Decoding based on extended Euclidean algorithm

An alternate process of finding both the polynomial Λ and the error locator polynomial is based on Yasuo Sugiyama's adaptation of the Extended Euclidean algorithm.[11] Correction of unreadable characters could be incorporated to the algorithm easily as well.

Let [math]\displaystyle{ k_1, ..., k_k }[/math] be positions of unreadable characters. One creates polynomial localising these positions [math]\displaystyle{ \Gamma(x) = \prod_{i=1}^k\left(x\alpha^{k_i} - 1\right). }[/math] Set values on unreadable positions to 0 and compute the syndromes.

As we have already defined for the Forney formula let [math]\displaystyle{ S(x)=\sum_{i=0}^{d-2}s_{c+i}x^i. }[/math]

Let us run extended Euclidean algorithm for locating least common divisor of polynomials [math]\displaystyle{ S(x)\Gamma(x) }[/math] and [math]\displaystyle{ x^{d-1}. }[/math] The goal is not to find the least common divisor, but a polynomial [math]\displaystyle{ r(x) }[/math] of degree at most [math]\displaystyle{ \lfloor (d+k-3)/2\rfloor }[/math] and polynomials [math]\displaystyle{ a(x), b(x) }[/math] such that [math]\displaystyle{ r(x)=a(x)S(x)\Gamma(x)+b(x)x^{d-1}. }[/math] Low degree of [math]\displaystyle{ r(x) }[/math] guarantees, that [math]\displaystyle{ a(x) }[/math] would satisfy extended (by [math]\displaystyle{ \Gamma }[/math]) defining conditions for [math]\displaystyle{ \Lambda. }[/math]

Defining [math]\displaystyle{ \Xi(x)=a(x)\Gamma(x) }[/math] and using [math]\displaystyle{ \Xi }[/math] on the place of [math]\displaystyle{ \Lambda(x) }[/math] in the Fourney formula will give us error values.

The main advantage of the algorithm is that it meanwhile computes [math]\displaystyle{ \Omega(x)=S(x)\Xi(x)\bmod x^{d-1}=r(x) }[/math] required in the Forney formula.

Explanation of the decoding process

The goal is to find a codeword which differs from the received word minimally as possible on readable positions. When expressing the received word as a sum of nearest codeword and error word, we are trying to find error word with minimal number of non-zeros on readable positions. Syndrom [math]\displaystyle{ s_i }[/math] restricts error word by condition

[math]\displaystyle{ s_i=\sum_{j=0}^{n-1}e_j\alpha^{ij}. }[/math]

We could write these conditions separately or we could create polynomial

[math]\displaystyle{ S(x)=\sum_{i=0}^{d-2}s_{c+i}x^i }[/math]

and compare coefficients near powers [math]\displaystyle{ 0 }[/math] to [math]\displaystyle{ d-2. }[/math]

[math]\displaystyle{ S(x) \stackrel{\{0,\cdots,\,d-2\}}{=} E(x)=\sum_{i=0}^{d-2}\sum_{j=0}^{n-1}e_j\alpha^{ij}\alpha^{cj}x^i. }[/math]

Suppose there is unreadable letter on position [math]\displaystyle{ k_1, }[/math] we could replace set of syndromes [math]\displaystyle{ \{s_c,\cdots,s_{c+d-2}\} }[/math] by set of syndromes [math]\displaystyle{ \{t_c,\cdots,t_{c+d-3}\} }[/math] defined by equation [math]\displaystyle{ t_i=\alpha^{k_1}s_i-s_{i+1}. }[/math] Suppose for an error word all restrictions by original set [math]\displaystyle{ \{s_c,\cdots,s_{c+d-2}\} }[/math] of syndromes hold, than

[math]\displaystyle{ t_i=\alpha^{k_1}s_i-s_{i+1}=\alpha^{k_1}\sum_{j=0}^{n-1}e_j\alpha^{ij}-\sum_{j=0}^{n-1}e_j\alpha^j\alpha^{ij}=\sum_{j=0}^{n-1}e_j\left(\alpha^{k_1} - \alpha^j\right)\alpha^{ij}. }[/math]

New set of syndromes restricts error vector

[math]\displaystyle{ f_j=e_j\left(\alpha^{k_1} - \alpha^j\right) }[/math]

the same way the original set of syndromes restricted the error vector [math]\displaystyle{ e_j. }[/math] Except the coordinate [math]\displaystyle{ k_1, }[/math] where we have [math]\displaystyle{ f_{k_1}=0, }[/math] an [math]\displaystyle{ f_j }[/math] is zero, if [math]\displaystyle{ e_j = 0. }[/math] For the goal of locating error positions we could change the set of syndromes in the similar way to reflect all unreadable characters. This shortens the set of syndromes by [math]\displaystyle{ k. }[/math]

In polynomial formulation, the replacement of syndromes set [math]\displaystyle{ \{s_c,\cdots,s_{c+d-2}\} }[/math] by syndromes set [math]\displaystyle{ \{t_c,\cdots,t_{c+d-3}\} }[/math] leads to

[math]\displaystyle{ T(x) = \sum_{i=0}^{d-3}t_{c+i}x^i=\alpha^{k_1}\sum_{i=0}^{d-3}s_{c+i}x^i-\sum_{i=1}^{d-2}s_{c+i}x^{i-1}. }[/math]

Therefore,

[math]\displaystyle{ xT(x) \stackrel{\{1,\cdots,\,d-2\}}{=} \left(x\alpha^{k_1} - 1\right)S(x). }[/math]

After replacement of [math]\displaystyle{ S(x) }[/math] by [math]\displaystyle{ S(x)\Gamma(x) }[/math], one would require equation for coefficients near powers [math]\displaystyle{ k,\cdots,d-2. }[/math]

One could consider looking for error positions from the point of view of eliminating influence of given positions similarly as for unreadable characters. If we found [math]\displaystyle{ v }[/math] positions such that eliminating their influence leads to obtaining set of syndromes consisting of all zeros, than there exists error vector with errors only on these coordinates. If [math]\displaystyle{ \Lambda(x) }[/math] denotes the polynomial eliminating the influence of these coordinates, we obtain

[math]\displaystyle{ S(x)\Gamma(x)\Lambda(x) \stackrel{\{k+v, \cdots, d-2\}}{=} 0. }[/math]

In Euclidean algorithm, we try to correct at most [math]\displaystyle{ \tfrac{1}{2}(d-1-k) }[/math] errors (on readable positions), because with bigger error count there could be more codewords in the same distance from the received word. Therefore, for [math]\displaystyle{ \Lambda(x) }[/math] we are looking for, the equation must hold for coefficients near powers starting from

[math]\displaystyle{ k + \left\lfloor \frac{1}{2} (d-1-k) \right\rfloor. }[/math]

In Forney formula, [math]\displaystyle{ \Lambda(x) }[/math] could be multiplied by a scalar giving the same result.

It could happen that the Euclidean algorithm finds [math]\displaystyle{ \Lambda(x) }[/math] of degree higher than [math]\displaystyle{ \tfrac{1}{2}(d-1-k) }[/math] having number of different roots equal to its degree, where the Fourney formula would be able to correct errors in all its roots, anyway correcting such many errors could be risky (especially with no other restrictions on received word). Usually after getting [math]\displaystyle{ \Lambda(x) }[/math] of higher degree, we decide not to correct the errors. Correction could fail in the case [math]\displaystyle{ \Lambda(x) }[/math] has roots with higher multiplicity or the number of roots is smaller than its degree. Fail could be detected as well by Forney formula returning error outside the transmitted alphabet.

Correct the errors

Using the error values and error location, correct the errors and form a corrected code vector by subtracting error values at error locations.

Decoding examples

Decoding of binary code without unreadable characters

Consider a BCH code in GF(24) with [math]\displaystyle{ d=7 }[/math] and [math]\displaystyle{ g(x) = x^{10} + x^8 + x^5 + x^4 + x^2 + x + 1 }[/math]. (This is used in QR codes.) Let the message to be transmitted be [1 1 0 1 1], or in polynomial notation, [math]\displaystyle{ M(x) = x^4 + x^3 + x + 1. }[/math] The "checksum" symbols are calculated by dividing [math]\displaystyle{ x^{10} M(x) }[/math] by [math]\displaystyle{ g(x) }[/math] and taking the remainder, resulting in [math]\displaystyle{ x^9 + x^4 + x^2 }[/math] or [ 1 0 0 0 0 1 0 1 0 0 ]. These are appended to the message, so the transmitted codeword is [ 1 1 0 1 1 1 0 0 0 0 1 0 1 0 0 ].

Now, imagine that there are two bit-errors in the transmission, so the received codeword is [ 1 0 0 1 1 1 0 0 0 1 1 0 1 0 0 ]. In polynomial notation:

[math]\displaystyle{ R(x) = C(x) + x^{13} + x^5 = x^{14} + x^{11} + x^{10} + x^9 + x^5 + x^4 + x^2 }[/math]

In order to correct the errors, first calculate the syndromes. Taking [math]\displaystyle{ \alpha = 0010, }[/math] we have [math]\displaystyle{ s_1 = R(\alpha^1) = 1011, }[/math] [math]\displaystyle{ s_2 = 1001, }[/math] [math]\displaystyle{ s_3 = 1011, }[/math] [math]\displaystyle{ s_4 = 1101, }[/math] [math]\displaystyle{ s_5 = 0001, }[/math] and [math]\displaystyle{ s_6 = 1001. }[/math] Next, apply the Peterson procedure by row-reducing the following augmented matrix.

[math]\displaystyle{ \left [ S_{3 \times 3} | C_{3 \times 1} \right ] = \begin{bmatrix}s_1&s_2&s_3&s_4\\ s_2&s_3&s_4&s_5\\ s_3&s_4&s_5&s_6\end{bmatrix} = \begin{bmatrix}1011&1001&1011&1101\\ 1001&1011&1101&0001\\ 1011&1101&0001&1001\end{bmatrix} \Rightarrow \begin{bmatrix}0001&0000&1000&0111\\ 0000&0001&1011&0001\\ 0000&0000&0000&0000 \end{bmatrix} }[/math]

Due to the zero row, S3×3 is singular, which is no surprise since only two errors were introduced into the codeword. However, the upper-left corner of the matrix is identical to [S2×2 | C2×1], which gives rise to the solution [math]\displaystyle{ \lambda_2 = 1000, }[/math] [math]\displaystyle{ \lambda_1 = 1011. }[/math] The resulting error locator polynomial is [math]\displaystyle{ \Lambda(x) = 1000 x^2 + 1011 x + 0001, }[/math] which has zeros at [math]\displaystyle{ 0100 = \alpha^{-13} }[/math] and [math]\displaystyle{ 0111 = \alpha^{-5}. }[/math] The exponents of [math]\displaystyle{ \alpha }[/math] correspond to the error locations. There is no need to calculate the error values in this example, as the only possible value is 1.

Decoding with unreadable characters

Suppose the same scenario, but the received word has two unreadable characters [ 1 0 0 ? 1 1 ? 0 0 1 1 0 1 0 0 ]. We replace the unreadable characters by zeros while creating the polynomial reflecting their positions [math]\displaystyle{ \Gamma(x) = \left(\alpha^8x - 1\right)\left(\alpha^{11}x - 1\right). }[/math] We compute the syndromes [math]\displaystyle{ s_1=\alpha^{-7}, s_2=\alpha^{1}, s_3=\alpha^{4}, s_4=\alpha^{2}, s_5=\alpha^{5}, }[/math] and [math]\displaystyle{ s_6=\alpha^{-7}. }[/math] (Using log notation which is independent on GF(24) isomorphisms. For computation checking we can use the same representation for addition as was used in previous example. Hexadecimal description of the powers of [math]\displaystyle{ \alpha }[/math] are consecutively 1,2,4,8,3,6,C,B,5,A,7,E,F,D,9 with the addition based on bitwise xor.)

Let us make syndrome polynomial

[math]\displaystyle{ S(x)=\alpha^{-7}+\alpha^{1}x+\alpha^{4}x^2+\alpha^{2}x^3+\alpha^{5}x^4+\alpha^{-7}x^5, }[/math]

compute

[math]\displaystyle{ S(x)\Gamma(x)=\alpha^{-7}+\alpha^{4}x+\alpha^{-1}x^2+\alpha^{6}x^3+\alpha^{-1}x^4+\alpha^{5}x^5+\alpha^{7}x^6+\alpha^{-3}x^7. }[/math]

Run the extended Euclidean algorithm:

[math]\displaystyle{ \begin{align} &\begin{pmatrix}S(x)\Gamma(x)\\ x^6\end{pmatrix} \\ [6pt] ={} &\begin{pmatrix}\alpha^{-7} +\alpha^{4}x+ \alpha^{-1}x^2+ \alpha^{6}x^3+ \alpha^{-1}x^4+ \alpha^{5}x^5 +\alpha^{7}x^6+ \alpha^{-3}x^7 \\ x^6\end{pmatrix} \\ [6pt] ={} &\begin{pmatrix}\alpha^{7}+ \alpha^{-3}x & 1\\ 1 & 0\end{pmatrix} \begin{pmatrix}x^6\\ \alpha^{-7} +\alpha^{4}x +\alpha^{-1}x^2 +\alpha^{6}x^3 +\alpha^{-1}x^4 +\alpha^{5}x^5 +2\alpha^{7}x^6 +2\alpha^{-3}x^7\end{pmatrix} \\ [6pt] ={} &\begin{pmatrix}\alpha^{7}+ \alpha^{-3}x & 1\\ 1 & 0\end{pmatrix} \begin{pmatrix}\alpha^4 + \alpha^{-5}x & 1\\ 1 & 0\end{pmatrix} \\ &\qquad \begin{pmatrix}\alpha^{-7}+ \alpha^{4}x+ \alpha^{-1}x^2+ \alpha^{6}x^3+ \alpha^{-1}x^4+ \alpha^{5}x^5\\ \alpha^{-3} +\left(\alpha^{-7}+ \alpha^{3}\right)x+ \left(\alpha^{3}+ \alpha^{-1}\right)x^2+ \left(\alpha^{-5}+ \alpha^{-6}\right)x^3+ \left(\alpha^3+ \alpha^{1}\right)x^4+ 2\alpha^{-6}x^5+ 2x^6\end{pmatrix} \\ [6pt] ={} &\begin{pmatrix}\left(1+ \alpha^{-4}\right)+ \left(\alpha^{1}+ \alpha^{2}\right)x+ \alpha^{7}x^2 & \alpha^{7}+ \alpha^{-3}x \\ \alpha^4+ \alpha^{-5}x & 1\end{pmatrix} \begin{pmatrix}\alpha^{-7}+ \alpha^{4}x+ \alpha^{-1}x^2+ \alpha^{6}x^3+ \alpha^{-1}x^4+ \alpha^{5}x^5\\ \alpha^{-3}+ \alpha^{-2}x+ \alpha^{0}x^2+ \alpha^{-2}x^3+ \alpha^{-6}x^4\end{pmatrix} \\ [6pt] ={} &\begin{pmatrix}\alpha^{-3}+ \alpha^{5}x+ \alpha^{7}x^2 & \alpha^{7}+ \alpha^{-3}x \\ \alpha^4+ \alpha^{-5}x & 1\end{pmatrix} \begin{pmatrix}\alpha^{-5}+ \alpha^{-4}x & 1\\ 1 & 0 \end{pmatrix} \\ &\qquad \begin{pmatrix}\alpha^{-3}+ \alpha^{-2}x+ \alpha^{0}x^2+ \alpha^{-2}x^3+ \alpha^{-6}x^4\\ \left(\alpha^{7}+ \alpha^{-7}\right)+ \left(2\alpha^{-7}+ \alpha^{4}\right)x+ \left(\alpha^{-5}+ \alpha^{-6}+ \alpha^{-1}\right)x^2+ \left(\alpha^{-7}+ \alpha^{-4}+ \alpha^{6}\right)x^3+ \left(\alpha^{4}+ \alpha^{-6}+ \alpha^{-1}\right)x^4+ 2\alpha^{5}x^5\end{pmatrix} \\ [6pt] ={} &\begin{pmatrix}\alpha^{7}x+ \alpha^{5}x^2+ \alpha^{3}x^3 & \alpha^{-3}+ \alpha^{5}x+ \alpha^{7}x^2\\ \alpha^{3}+ \alpha^{-5}x+ \alpha^{6}x^2 & \alpha^4+ \alpha^{-5}x\end{pmatrix} \begin{pmatrix}\alpha^{-3}+ \alpha^{-2}x+ \alpha^{0}x^2+ \alpha^{-2}x^3+ \alpha^{-6}x^4\\ \alpha^{-4}+ \alpha^{4}x+ \alpha^{2}x^2+ \alpha^{-5}x^3\end{pmatrix}. \end{align} }[/math]

We have reached polynomial of degree at most 3, and as

[math]\displaystyle{ \begin{pmatrix}-\left(\alpha^4+ \alpha^{-5}x\right) & \alpha^{-3}+ \alpha^{5}x+ \alpha^{7}x^2\\ \alpha^{3}+ \alpha^{-5}x+ \alpha^{6}x^2 & -\left(\alpha^{7}x+ \alpha^{5}x^2+ \alpha^{3}x^3\right)\end{pmatrix} \begin{pmatrix}\alpha^{7}x+ \alpha^{5}x^2+ \alpha^{3}x^3 & \alpha^{-3} + \alpha^{5}x + \alpha^{7}x^2\\ \alpha^{3} + \alpha^{-5}x + \alpha^{6}x^2 & \alpha^4 + \alpha^{-5}x\end{pmatrix} = \begin{pmatrix}1 & 0\\ 0 & 1\end{pmatrix}, }[/math]

we get

[math]\displaystyle{ \begin{pmatrix}-\left(\alpha^4+ \alpha^{-5}x\right) & \alpha^{-3}+ \alpha^{5}x+ \alpha^{7}x^2\\ \alpha^{3}+ \alpha^{-5}x+ \alpha^{6}x^2 & -\left(\alpha^{7}x+ \alpha^{5}x^2+ \alpha^{3}x^3\right)\end{pmatrix} \begin{pmatrix}S(x)\Gamma(x)\\ x^6\end{pmatrix} = \begin{pmatrix}\alpha^{-3}+ \alpha^{-2}x+ \alpha^{0}x^2+ \alpha^{-2}x^3+ \alpha^{-6}x^4\\ \alpha^{-4}+ \alpha^{4}x+ \alpha^{2}x^2+ \alpha^{-5}x^3\end{pmatrix}. }[/math]

Therefore,

[math]\displaystyle{ S(x)\Gamma(x)\left(\alpha^{3} + \alpha^{-5}x + \alpha^{6}x^2\right) - \left(\alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3\right)x^6 = \alpha^{-4} + \alpha^{4}x + \alpha^{2}x^2 + \alpha^{-5}x^3. }[/math]

Let [math]\displaystyle{ \Lambda(x) = \alpha^{3}+ \alpha^{-5}x+ \alpha^{6}x^2. }[/math] Don't worry that [math]\displaystyle{ \lambda_0\neq 1. }[/math] Find by brute force a root of [math]\displaystyle{ \Lambda. }[/math] The roots are [math]\displaystyle{ \alpha^2, }[/math] and [math]\displaystyle{ \alpha^{10} }[/math] (after finding for example [math]\displaystyle{ \alpha^2 }[/math] we can divide [math]\displaystyle{ \Lambda }[/math] by corresponding monom [math]\displaystyle{ \left(x - \alpha^2\right) }[/math] and the root of resulting monom could be found easily).

Let

[math]\displaystyle{ \begin{align} \Xi(x) &= \Gamma(x)\Lambda(x) = \alpha^3 + \alpha^4x^2 + \alpha^2x^3 + \alpha^{-5}x^4 \\ \Omega(x) &= S(x)\Xi(x) \equiv \alpha^{-4} + \alpha^4x + \alpha^2x^2 + \alpha^{-5}x^3 \bmod{x^6} \end{align} }[/math]

Let us look for error values using formula

[math]\displaystyle{ e_j = -\frac{\Omega \left(\alpha^{-i_j} \right)}{\Xi' \left(\alpha^{-i_j} \right)}, }[/math]

where [math]\displaystyle{ \alpha^{-i_j} }[/math] are roots of [math]\displaystyle{ \Xi(x). }[/math] [math]\displaystyle{ \Xi'(x)=\alpha^{2}x^2. }[/math] We get

[math]\displaystyle{ \begin{align} e_1 &=-\frac{\Omega(\alpha^4)}{\Xi'(\alpha^{4})} = \frac{\alpha^{-4}+\alpha^{-7}+\alpha^{-5}+\alpha^{7}}{\alpha^{-5}} =\frac{\alpha^{-5}}{\alpha^{-5}}=1 \\ e_2 &=-\frac{\Omega(\alpha^7)}{\Xi'(\alpha^{7})} = \frac{\alpha^{-4}+\alpha^{-4}+\alpha^{1}+\alpha^{1}}{\alpha^{1}}=0 \\ e_3 &=-\frac{\Omega(\alpha^{10})}{\Xi'(\alpha^{10})} = \frac{\alpha^{-4}+\alpha^{-1}+\alpha^{7}+\alpha^{-5}}{\alpha^{7}}=\frac{\alpha^{7}}{\alpha^{7}}=1 \\ e_4 &=-\frac{\Omega(\alpha^{2})}{\Xi'(\alpha^{2})} = \frac{\alpha^{-4}+\alpha^{6}+\alpha^{6}+\alpha^{1}}{\alpha^{6}}=\frac{\alpha^{6}}{\alpha^{6}}=1 \end{align} }[/math]

Fact, that [math]\displaystyle{ e_3=e_4=1, }[/math] should not be surprising.

Corrected code is therefore [ 1 1 0 1 1 1 0 0 0 0 1 0 1 0 0].

Decoding with unreadable characters with a small number of errors

Let us show the algorithm behaviour for the case with small number of errors. Let the received word is [ 1 0 0 ? 1 1 ? 0 0 0 1 0 1 0 0 ].

Again, replace the unreadable characters by zeros while creating the polynomial reflecting their positions [math]\displaystyle{ \Gamma(x) = \left(\alpha^{8}x - 1\right)\left(\alpha^{11}x - 1\right). }[/math] Compute the syndromes [math]\displaystyle{ s_1 = \alpha^{4}, s_2 = \alpha^{-7}, s_3 = \alpha^{1}, s_4 = \alpha^{1}, s_5 = \alpha^{0}, }[/math] and [math]\displaystyle{ s_6 = \alpha^{2}. }[/math] Create syndrome polynomial

[math]\displaystyle{ \begin{align} S(x) &= \alpha^{4} + \alpha^{-7}x + \alpha^{1}x^2 + \alpha^{1}x^3 + \alpha^{0}x^4 + \alpha^{2}x^5, \\ S(x)\Gamma(x) &= \alpha^{4} + \alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3 + \alpha^{1}x^4 + \alpha^{-1}x^5 + \alpha^{-1}x^6 + \alpha^{6}x^7. \end{align} }[/math]

Let us run the extended Euclidean algorithm:

[math]\displaystyle{ \begin{align} \begin{pmatrix} S(x)\Gamma(x) \\ x^6 \end{pmatrix} &= \begin{pmatrix} \alpha^{4} + \alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3 + \alpha^{1}x^4 + \alpha^{-1}x^5 + \alpha^{-1}x^6 + \alpha^{6}x^7 \\ x^6 \end{pmatrix} \\ &= \begin{pmatrix} \alpha^{-1} + \alpha^{6}x & 1 \\ 1 & 0 \end{pmatrix} \begin{pmatrix} x^6 \\ \alpha^{4} + \alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3 + \alpha^{1}x^4 + \alpha^{-1}x^5 + 2\alpha^{-1}x^6 + 2\alpha^{6}x^7 \end{pmatrix} \\ &= \begin{pmatrix} \alpha^{-1} + \alpha^{6}x & 1 \\ 1 & 0 \end{pmatrix} \begin{pmatrix} \alpha^{3} + \alpha^{1}x & 1 \\ 1 & 0 \end{pmatrix} \begin{pmatrix} \alpha^{4} + \alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3 + \alpha^{1}x^4 + \alpha^{-1}x^5 \\ \alpha^{7} + \left(\alpha^{-5} + \alpha^{5}\right)x + 2\alpha^{-7}x^2 + 2\alpha^{6}x^3 + 2\alpha^{4}x^4 + 2\alpha^{2}x^5 + 2x^6 \end{pmatrix} \\ &= \begin{pmatrix} \left(1 + \alpha^{2}\right) + \left(\alpha^{0} + \alpha^{-6}\right)x + \alpha^{7}x^2 & \alpha^{-1} + \alpha^{6}x \\ \alpha^{3} + \alpha^{1}x & 1 \end{pmatrix} \begin{pmatrix} \alpha^{4} + \alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3 + \alpha^{1}x^4 + \alpha^{-1}x^5 \\ \alpha^{7} + \alpha^{0}x \end{pmatrix} \end{align} }[/math]

We have reached polynomial of degree at most 3, and as

[math]\displaystyle{ \begin{pmatrix} -1 & \alpha^{-1} + \alpha^{6}x \\ \alpha^{3} + \alpha^{1}x & -\left(\alpha^{-7} + \alpha^{7}x + \alpha^{7}x^2\right) \end{pmatrix} \begin{pmatrix} \alpha^{-7} + \alpha^{7}x + \alpha^{7}x^2 & \alpha^{-1} + \alpha^{6}x \\ \alpha^{3} + \alpha^{1}x & 1 \end{pmatrix} = \begin{pmatrix} 1 & 0 \\ 0 & 1 \end{pmatrix}, }[/math]

we get

[math]\displaystyle{ \begin{pmatrix} -1 & \alpha^{-1} + \alpha^{6}x \\ \alpha^{3} + \alpha^{1}x & -\left(\alpha^{-7} + \alpha^{7}x + \alpha^{7}x^2\right) \end{pmatrix}\begin{pmatrix} S(x)\Gamma(x) \\ x^6 \end{pmatrix} = \begin{pmatrix} \alpha^{4} + \alpha^{7}x + \alpha^{5}x^2 + \alpha^{3}x^3 + \alpha^{1}x^4 + \alpha^{-1}x^5 \\ \alpha^{7} + \alpha^{0}x \end{pmatrix}. }[/math]

Therefore,

[math]\displaystyle{ S(x)\Gamma(x)\left(\alpha^{3} + \alpha^{1}x\right) - \left(\alpha^{-7} + \alpha^{7}x + \alpha^{7}x^2\right)x^6 = \alpha^{7} + \alpha^{0}x. }[/math]

Let [math]\displaystyle{ \Lambda(x) = \alpha^{3} + \alpha^{1}x. }[/math] Don't worry that [math]\displaystyle{ \lambda_0 \neq 1. }[/math] The root of [math]\displaystyle{ \Lambda(x) }[/math] is [math]\displaystyle{ \alpha^{3-1}. }[/math]

Let

[math]\displaystyle{ \begin{align} \Xi(x) &= \Gamma(x)\Lambda(x) = \alpha^{3} + \alpha^{-7}x + \alpha^{-4}x^2 + \alpha^{5}x^3, \\ \Omega(x) &= S(x)\Xi(x) \equiv \alpha^{7} + \alpha^{0}x \bmod{x^6} \end{align} }[/math]

Let us look for error values using formula [math]\displaystyle{ e_j = -\Omega\left(\alpha^{-i_j}\right)/\Xi'\left(\alpha^{-i_j}\right), }[/math] where [math]\displaystyle{ \alpha^{-i_j} }[/math] are roots of polynomial [math]\displaystyle{ \Xi(x). }[/math]

[math]\displaystyle{ \Xi'(x) = \alpha^{-7} + \alpha^{5}x^2. }[/math]

We get

[math]\displaystyle{ \begin{align} e_1 &= -\frac{\Omega\left(\alpha^4\right)}{\Xi'\left(\alpha^{4}\right)} = \frac{\alpha^{7} + \alpha^{4}}{\alpha^{-7} + \alpha^{-2}} = \frac{\alpha^{3}}{\alpha^{3}} = 1 \\ e_2 &= -\frac{\Omega\left(\alpha^7\right)}{\Xi'\left(\alpha^{7}\right)} = \frac{\alpha^{7} + \alpha^{7}}{\alpha^{-7} + \alpha^{4}} = 0 \\ e_3 &= -\frac{\Omega\left(\alpha^2\right)}{\Xi'\left(\alpha^2\right)} = \frac{\alpha^{7} + \alpha^{2}}{\alpha^{-7} + \alpha^{-6}} = \frac{\alpha^{-3}}{\alpha^{-3}} = 1 \end{align} }[/math]

The fact that [math]\displaystyle{ e_3 = 1 }[/math] should not be surprising.

Corrected code is therefore [ 1 1 0 1 1 1 0 0 0 0 1 0 1 0 0].

Citations

  1. Reed & Chen 1999, p. 189
  2. Hocquenghem 1959
  3. Bose & Ray-Chaudhuri 1960
  4. "Phobos Lander Coding System: Software and Analysis". http://ipnpr.jpl.nasa.gov/progress_report/42-94/94V.PDF. 
  5. Marelli, Alessia; Micheloni, Rino (2018). "BCH Codes for Solid-State-Drives". Inside Solid State Drives (SSDS). Springer Series in Advanced Microelectronics. 37. pp. 369–406. doi:10.1007/978-981-13-0599-3_11. ISBN 978-981-13-0598-6. https://link.springer.com/chapter/10.1007/978-981-13-0599-3_11. Retrieved 23 September 2023. 
  6. http://pqc-hqc.org/doc/hqc-specification_2020-05-29.pdf[bare URL PDF]
  7. Gill n.d., p. 3
  8. Lidl & Pilz 1999, p. 229
  9. Gorenstein, Peterson & Zierler 1960
  10. Gill n.d., p. 47
  11. Yasuo Sugiyama, Masao Kasahara, Shigeichi Hirasawa, and Toshihiko Namekawa. A method for solving key equation for decoding Goppa codes. Information and Control, 27:87–99, 1975.

References

Primary sources

Secondary sources

  • Gorenstein, Daniel; Peterson, W. Wesley; Zierler, Neal (1960), "Two-Error Correcting Bose-Chaudhuri Codes are Quasi-Perfect", Information and Control 3 (3): 291–294, doi:10.1016/s0019-9958(60)90877-9 
  • Lidl, Rudolf; Pilz, Günter (1999), Applied Abstract Algebra (2nd ed.), John Wiley 
  • Reed, Irving S.; Chen, Xuemin (1999), Error-Control Coding for Data Networks, Boston, MA: Kluwer Academic Publishers, ISBN 0-7923-8528-4 

Further reading