IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
683
Hamming Metric Decoding of Alternant Codes Over Galois Rings Eimear Byrne and Patrick Fitzpatrick, Member, IEEE
Abstract—The standard decoding procedure for alternant codes over fields centers on solving a key equation which relates an error locator polynomial and an error evaluator polynomial by a syndrome sequence. We extend this technique to decode alternant codes over Galois rings. We consider the module of all solutions to the key equation where is the syndrome polynomial and is the number of rows in a parity-check matrix for the code. In decoding we seek a particular solution which we prove can be found . We present an iterative algorithm in a Gröbner basis for which generates a Gröbner basis modulo +1 from a given basis modulo . At the th step, a Gröbner basis for is found, and the required solution recovered.
= (
):
mod
(6 )
Index Terms—Alternant codes, decoding, Galois rings, Gröbner bases, key equation, solution by approximations, solution module.
I. INTRODUCTION
I
NVESTIGATIONS into linear codes over finite rings began with Blake, Spiegel, and Shankar [3], [4], [27], [28], and [26]. Such codes have recently been studied with a renewed interest due to the publication of the seminal paper [15] which established that certain notorious families of nonlinear binary under the codes are images of extended cyclic codes over Gray isometry. Alternant codes over finite fields form a large family that includes the subclasses of Bose–Chaudhuri–Hocquenghem (BCH) and classical Goppa codes and it is well known that there exist alternant codes which are asymptotically good [20]. Alternant codes can also be defined over a Galois ring and, like their field counterparts, can be decoded by solving a key equation. In [17], a modified Berlekamp–Massey algorithm was presented as part of a Hamming metric decoding procedure for BCH and Reed–Solomon (RS) codes defined over Galois rings. The problem of constructing and decoding alternant codes over Galois rings was addressed in [1] by adapting the techniques of [17]. In a more general setting, decoding algorithms for alternant codes over commutative domains and finite-chain rings were given in [23]. In [9], algorithms for the solution of the key equation were given from the perspective of Gröbner bases with the aim of presenting a unified theory. These algorithms, corresponding to the Peterson–Gorenstein–Zierler, extended Euclidean, and Berlekamp–Massey algorithms, are Manuscript received July 11, 2000; revised September 17, 2001. E. Byrne was with the Department of Mathematics, National University of Ireland, Cork, University College, Cork, Ireland. She is now with the Department of Mathematics, National University of Ireland, Maynooth, Ireland. P. Fitzpatrick is with the Department of Mathematics, National University of Ireland, Cork, University College, Cork, Ireland (e-mail:
[email protected]). Communicated by I. F. Blake, Associate Editor for Coding Theory. Publisher Item Identifier S 0018-9448(02)00631-4.
all based on the computation of a Gröbner basis for the module of solutions of the key equation. Here we extend those methods to decoding alternant codes over Galois rings, applying results obtained in [5]. II. GALOIS RINGS The theory of Galois rings has been addressed in [22] and [24]. We introduce notation and give a brief description of such is a nonempty subset of an arbitrary rings. If we denote by the ideal generated by ring in . Any nonzero element of a ring is called regular if it is not a zero divisor. Assume for the remainder that all rings and are finite, local, commutative rings with unity. for some prime . A polynomial Let have maximal ideal is called a basic irreducible if it is irreducible modulo . We construct a Galois ring as a quotient ring of as follows. Definition II.1: Let be a prime number and let , be be a monic basic irreducible positive integers. Let , denoted polynomial of degree . The quotient ring , is called the Galois ring of order and characteristic . The integers , , and determine uniquely (up to isomor[24, p. 207]. For the rephism) the Galois ring will denote a Galois ring, mainder of the text, the symbol its multiplicative group of units, and the unique residue ). Let divide field of (isomorphic to the finite field . Hensel’s Lemma [22] implies a one-to-one corresponmodulo and dence between the irreducible factors of modulo , so that if is a primthe irreducible factors of . For itive basic irreducible, and is a root of then we denote by the map defined by each
(denoting the natural epimorphism from onto by ) and extend to a map from onto in the usual way. Given any nonzero , we denote by the uniquely determined integer
so is the greatest index . We set
such that
is a multiple of
.
III. GRÖBNER BASES IN The theory of Gröbner bases over a Noetherian commutative ring has been described in [2, Ch. 4] and [5]. The former
0018–9448/02$17.00 © 2002 IEEE
684
provides a comprehensive treatment, while the latter is specific to Galois rings. The treatment in [5] is designed to follow as closely as possible the usual formulation for finite fields. In particular, the approach admits the definition of reduced Gröbner bases and normal forms as in the field case, which, although of theoretical interest, is not required for the decoding application presented here. We give a brief summary of results obtained in [5], making appropriate references where the theory departs from [2, Ch. 4]. denotes We first introduce some notation. Throughout, for some the multivariate polynomial ring is an element of the form positive integer . A term in for positive integers , with . An is a arbitrary term will be denoted by . A monomial in . A term order nonzero constant multiple of a term in on is a total order on the terms of such that if , , are terms in then implies . We let denote an arbitrary fixed term order. . The leading term of is identified as Let the highest term in the linear combination of terms making up . The leading coefficient attached to is denoted by , is the leading monomial of . Given any and , we denote by (resp., ) nonempty subset of the set of leading terms (resp., monomials) of the elements of . The ideal of generated by the elements of is denoted and we write for and for . to a total We extend the term order on the terms of in the folquasi-order (see [6, p. 151]) on the elements of , lowing way. Given a term order and nonzero , if or . we say that , other than , contains a (not Each nonempty subset in necessarily unique) minimal element with respect to the total obtained from . The algorithms discussed in quasi-order Section IV are based on finding such a minimal element in a specified subset. with . We say that Definition III.1: Let , , reduces to in one step modulo , denoted , if there exists a monomial of that reduces to a monomial of modulo , that is, if there exists , and a term , such that
where occurs as a term of only if the coefficient of that . term is reduced modulo and a finite set of monomials Given a monomial in in , it is not hard to see that the structure of as a finite local ring means that can be expressed as the for some monomials in if sum [5, Lemma and only if divides for some 2.4.2]. In particular, over a Galois ring, a nontrivial one-step reduction can be performed in the sense of [2, Definition 4.1.1] if and only if a nontrivial strong one-step reduction [2, p. 258] can be carried out, so when we refer to a one-step reduction, we mean that in Definition III.1. If each monomial of
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
is reduced modulo for every , where is a set of nonzero polynomials, we say that is reduced modulo . The division algorithm follows in the usual way as a sequence of one-step reductions. ,
Theorem III.2: Given there exist
where mial of
,
is reduced modulo
, satisfying
or
and either each mono.
If results from a sequence of one-step reductions of a poly, we write nomial by a set of nonzero polynomials in . If and is reduced modulo we say that is a remainder of with respect to and write . Definition III.3: Let
be an ideal in
. A set
of nonzero elements is called a Gröbner basis of if for each there exists an such that is divisible . An arbitrary subset of is called a Gröbner by . basis if it is a Gröbner basis of Note that this is the definition of a strong Gröbner basis, as which is in [2, Definition 4.5.6]. Again, any finite set in a Gröbner basis in the sense of [2, Definition 4.1.13] is also a strong Gröbner basis, so when we refer to a Gröbner basis we mean a finite set satisfying the criteria of Definition III.3. by a set of nonzero polyIn reducing a polynomial in , as outlined in [5], reduction is permitted nomials to occur on any of the monomials of , not just on the leading monomial. This follows the usual form of reduction for the case where is a finite field and, as in the field case, it admits the definition of a reduced Gröbner basis, in which every member of the basis is reduced modulo the remaining basis elements. In the case of a Galois ring, we define a minimal Gröbner basis as follows (compare with [2, Definition 4.1.8]). be a Gröbner basis. Definition III.4: Let , We say that is minimal if for any distinct , is not divisible by . means that division of The presence of zero divisors in one monomial by another may not be possible even if the corresponding terms are compatible. In the usual application of the division algorithm to a polynomial and finite set of nonzero polynomials over an arbitrary Noetherian commutative ring, if the relevant monomial is not divisible by some element of then it is simply added to the remainder. In the case of the Galois ring we can reduce one monomial with respect to another by implementing a procedure on the coefficients, using a division algorithm in (see [5, Sec. 2.2]). The impact of this in the division algorithm is that if we reduce a polynomial using a Gröbner basis then the resulting remainder is uniquely determined [5, Theorem 2.4.4]. Thus, we can define the normal form of an element with respect to a given Gröbner basis in the usual way (see [2, Definition 2.1.3]).
BYRNE AND FITZPATRICK: HAMMING METRIC DECODING OF ALTERNANT CODES OVER GALOIS RINGS
A Gröbner basis for an arbitrary nonzero ideal in can be computed by an extension of Buchberger’s algorithm [5, Theorem 2.5.10]. We denote by the vector with in position and elsewhere (and length implied by the context). Given an the set of ordered -tuple of polynomials satisfying the equation all solutions
Theorem III.8: Let . For each polynomials in and let satisfy basis if and only if for all distinct
and is denoted by of is a monomial and satisfies
The module has a finite generating set of is a monomial for homogeneous syzygies when each [2, p. 212]. The extended algorithm is based on the following theorem. Theorem III.5 [2, Theorem 4.2.3]: Let be a set of nonzero polynomials in . Let neous generating set for if and only if for all Gröbner basis of
be a homoge. Then is a
A specific homogeneous generating set for the syzygy is described module of an ordered -tuple of monomials in by the following theorem [5, Theorem 2.5.2] and leads to an . algorithm for the computation of a Gröbner basis in Definition III.6: Let and let . Then
,
be nonzero elements of satisfy
is called an -polynomial of , and
and .
. Let for
, where
is not uniquely determined for a given Note that and in since an expression pair of polynomials may have more than one solution . Theorem III.7: For each , let , and let mial in . Then the syzygy module, generated by
where
, let
be a monosatisfy , is
.
Likewise, the homogeneous generating set of Theorem III.7 is not unique. However, it suffices for our purposes to consider any homogeneous generating set for and hence any -polynomial for each pair and . The extended Buchberger algorithm is a direct result of Theorems III.5 and III.7.
be a set of nonzero , let . Then is a Gröbner
and where
is called the syzygy module of . An element is called homogeneous if each
685
is an -polynomial of
and
.
We now specialize to the -variable case, proving a result which gives explicitly the Gröbner basis of an ideal generated by two elements satisfying the same constraints as those on the required solution of the key equation. We refer throughout to the . For we denote natural term order . the degree of by , with the convention that is minimal if, for any distinct , A Gröbner basis in , if and only if . As a has at most consequence, any minimal Gröbner basis in elements. such that Lemma III.9: Let be an ideal in and for some . Then has a satisfying Gröbner basis of the form for each ; i) for each , with ; ii) for each ; iii) is a Gröbner basis of for iv) . each and are Gröbner Moreover, if for each bases of satisfying i) and ii) then . Proof: That has a Gröbner basis satisfying i) and ii) follows immediately from the remarks above: we simply take a minimal Gröbner basis of and form a new basis of size exactly consisting of -multiples of elements in the minimal occurs as the leading coefficient of basis, chosen such that . We show an element in the new set for each that any Gröbner basis of satisfying i) and ii) also satisfies iii). so that by the Note first that in . Now by the division algorithm there minimality of , such that exist
and either each monomial of is reduced modulo . In particular, since divides and, since and lows that is a Gröbner basis of , we deduce that . Thus,
and such that
. Similarly, there exist
which implies argument give the result.
or it fol-
,
. Repeated applications of the
686
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
Let be nonzero in and let be any polynomial in satisfying . From the division algorithm, there exist satisfying
where
Theorem III.10: Let satisfy for each i) for each , ii) ;
. Let ; such that
for each
iii) Define
.
by
Indeed, it is not hard to see that the can be chosen so that, for , each nonzero coefficient of is a unit each for some , in , and so assume this is the case. Then
and
where
Then the set and each coefficient of is a unit in for each . We can always choose the polynomial such , for if then that
and
If
then
and
which proves iv), by Definition III.3. and are Finally, suppose Gröbner bases of satisfying i) and ii) (and hence iii)). We , the ideal claim that for each satisfies
Clearly, before, there exist
. Now let such that
. Then, as
is a Gröbner basis of . then Proof: We use induction on . If , and , , so and the theorem is true. Suppose now that the result holds for of characterfor all . Since is regular, from Lemma istic has a Gröbner basis of the form III.9, where, for each , , , and for . For we denote by . and let . These are Let which have the same form as so, polynomials in has a Gröbner basis by induction,
Since lows that
and
is a Gröbner basis of
, it fol-
. Since
Lemma III.9 and Condition i) imply that . Thus, there exist such that
where
and, for each unit in unless
, every coefficient of is a . It follows that if and only if if and only if .
and such that
. Let for
, and choose any . Then
Thus, for each
and
(1)
.
The following rather technical result has a specific application to the results of the next section, where we provide algorithms for the decoding of an alternant code over with respect to the Hamming metric. In particular, it is used to describe the module of solutions to the key equation associated with the de, and coding procedure. Recall that if , we say that and are coprime. We use the convention that the is . empty product in
for some and rearranging gives
Since that
and
. Multiplying this equation by
are coprime, there exist , so that
,
such
BYRNE AND FITZPATRICK: HAMMING METRIC DECODING OF ALTERNANT CODES OVER GALOIS RINGS
where
From (1) and Lemma III.9
and so . It follows that where Consider the ideal
Since
Now
.
Theorem IV.1: The minimum Hamming distance of is greater than .
then
is contained in
as
, , , and is a unit for . . We If is the all- ’s vector we omit it, writing have the following lower bound on the minimum Hamming , which can be proved using a distance standard determinantal argument.
, we have
Conversely, if
687
if and only if . Thus,
, in which case
and are polynomials in so, by induction, the set
of the same form
where is the For the remainder of the paper, let number of rows of the parity-check matrix as in (5). Then, is a -error-correcting code and we develop procedures that determine all error patterns of Hamming weight at most . be a received word, where is a codeword of Let and the error vector has Hamming weight be the syndrome vector. Let at most . Let be the set of indexes of nonzero coefficients of , so that . The first task of the decoder is to determine the set of error locations. We define the error polynomial
(2) . We claim that
is a Gröbner basis of
(3) and, hence, of . In is a Gröbner basis of and is an ideal in then if general, if . This means that there is a one-to-one and only if in and correspondence between the elements of in . Let the elements of for some satisfying . Since has the Gröbner basis of (2), is divisible by or for some and, since for each , it follows that is divisible by or for some . . Thus, (3) is a Gröbner basis of , it follows that Since
so that
is generated by (4) and
If , then divisible by .
then is divisible by or for some . If is divisible by and, hence, is . It follows that (4) is a Gröbner basis of
and syndrome polynomial
in the usual way. The error locator polynomial is
and the error evaluator polynomial is
These polynomials are related by the well-known key equation
and the decoding problem involves solving this congruence subject to certain conditions. We proceed by a consideration of the -submodule , consisting of all solutions of the key equation
In particular, we prove that the required solution can be with respect to a specified identified in a Gröbner basis of term order.
IV. ALTERNANT CODES FOR THE HAMMING METRIC
V. THE SOLUTION MODULE
Let be a separable extension of a Galois where divides . We define ring , so of length with symbols the alternant code in by the parity-check matrix
The theory of Gröbner bases for -submodules can be viewed as an instance of the theory of . We indicate this for the for ideals of . The reader is referred to [6] for a more decase which tailed analysis. The set of all polynomials in are homogeneous of degree in the variables and , denoted by
.. .
.. .
.. .
.. .
(5)
688
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
is an -module. Let be a set of nonzero satisfying polynomials in for each . Then, is a Gröbner basis for -module generated by if and the for all such that
We have the following
-module isomorphism:
In view of this isomorphism, Gröbner bases for -submodare identified with Gröbner bases for submodules ules of . Returning to the module of solutions of to the key equation
we define the following structures associated with :
for each
Thus, we obtain a chain of modules
and a sequence of subsets
Definition V.1: Let be an integer. The term order on is defined as follows: and for ; i) if and only if . ii) An element on the right) if
has leading term on the left (resp., has the form (resp., ).
-submodule of generated Lemma V.2: Let be an by a set of monomials. Then there exist nonnegative integers and such that has a Gröbner basis which takes exactly one of the following forms: : ; I : ; II III where for all , with , for all , with . and in the form I,II, or Moreover, any Gröbner basis of III is unique. Proof: Let be a term order and extend to a total quasiorder as described at the start of Section III. Among those elements of with leading terms on the left (if any such exist) there where exists one with minimal leading monomial has the least possible value. Similarly, if there are any elements with leading terms on the right, then , there exists one with minimal leading monomial
with minimal. Note that since is not the zero ideal, at least one of these elements exists. We let denote the set comprising these elements. Any Gröbner basis of must contain a unit multiple of each of the elements of . of elements of , none of whose Consider now the set monomials is divisible by any element of . This set contains comprising at most two monomials, one minimal a subset with leading terms on the left among the elements of among those el(if any exist), and the other minimal in ements with leading terms on the right (if any exist). Any monohas the form where , , and mial in is least among the possible candidates in , or where , , and is least among the pos. Again, a unit multiple sible candidates in must be contained in a Gröbner of each of the elements of of elebasis of . We continue in this manner finding sets , until ments minimal on the left and right in is the empty set for some integer . Then, is a Gröbner basis of and is the unique basis clearly, formed by this construction. If we augment this basis by appropriate -multiples of elements already in the basis, the resulting generating set clearly has the required form. If is a module generated by a set of monomials in then the Gröbner basis of constructed as above takes the form I if all elements of have leading terms on the left, takes the have leading terms on the right, form II if all elements of and takes the form III if contains both elements with leading terms on the left and elements with leading terms on the right. We call the , , as defined above, the set of minimal exponents of . It is clear that this set is uniquely determined by . If is an arbitrary submodule of then we define the set of minimal exponents of to be the set of minimal exponents of . The general structure of a Gröbner basis for an arbitrary -submodule of is described as follows. -submodule of . Then, Theorem V.3: Let be an such that has a there exist nonnegative integers and Gröbner basis which takes exactly one of the following forms: ; I ; II III where i) for all
and , , and for some nonnegative integers and ; form the set of minimal exponents of the ii) the module , and are uniquely determined.
Proof: Given an arbitrary module , there exists integers , such that the monomial module is generated by a set of the same form as that given in the statement of Lemma V.2, so has a Gröbner basis consisting of a set of elements in whose leading monomials are in this same form. The result follows. Let module
be an -submodule of . We say that the is of type I, II, or III corresponding to the type of
BYRNE AND FITZPATRICK: HAMMING METRIC DECODING OF ALTERNANT CODES OVER GALOIS RINGS
Gröbner basis admitted by , as indicated by Theorem V.3. We define the following vector, which will be useful for results presented in the next section. -submodule of Definition V.4: Let be an have Gröbner basis III, and let
for some integers ,
of type
where
and The vector of minimal exponents of defined by
, denoted by
, is
The next result gives some conditions under which an element is minimal in some . Here we write for . , and let satisfy the Theorem V.5: Let : following, for some integer , i) . ii) is minimal in with respect to the term order Then . is Proof: Note that the first condition implies that . Suppose there exists regular, so that such that , where satisfies the given criteria. Since it follows and so that that . If is on the left then and then since
means that
. But then , since is regular. It follows that with respect to the given term order.
in
. If
is on the right then
so again we obtain . In both cases, , so there exist From Condition ii), such that . Then
so that is minimal
If
is a Gröbner basis of , then if and only if , so that : and the normal form de. If an fines an equivalence relation on the elements of element has the same normal form as an element in some set then we say that it is contained up to equivalence in that set. If and are both minimal in (that is, they both have the same leading term which is minimal among the ele), then applying the division algorithm to ments of and , we find that where is reduced modulo . In fact, each monomial of is diviswithout loss of generality, we may assume that , so that is an element of , and each term ible by is reduced modulo . By the minimality of of in , it follows that and . If an element satisfies the conditions of for some Theorem V.5, then it is a minimal element of , and is thus contained up to equivalence is minimal in in a Gröbner basis of . Moreover, if , it is certainly minimal in and, therefore, identifiable up to equivalence as the minimal regular element of . , write Given an arbitrary vector
where for some . Note that this , correpresentation is not unique. For a received word responding to an error vector , we decompose the syndrome in the same way as
where so that and
689
for each
.
Theorem V.6: Let and be a pair of error locator and error and evaluator polynomials. There exist polynomials , satisfying the following. i)
.
ii)
. , where
so that
Since unless
iii) iv)
, it follows that
.
for each . v) be the set Proof: For each , let . Associated with each of indices of nonzero components of is an error polynomial error vector
. If the former is the case then
giving a contradiction. On the other hand, if
for . for each
then
690
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
and an error locator polynomial of in (we let
if
Given an element using the fact that , and in particular
, minimal in
, we compute the roots for all minimal
. Writing
we get a sequence of
The roots are then determined uniquely from the roots and , whose components the location vector comprise a set of distinct coset representatives for the cosets of in . Once is known, the error values can be determined by implementing a modified Forney procedure [14], [16].
key equations
.. .
.. .
.. .
Example V.8: Consider the double error correcting code, where
where
The corresponding parity-check matrix is
Then Suppose that the all-zero codeword is sent and that the is received. Then the syndrome vector and has associated vector is given by . The errorsyndrome polynomial . locator polynomial is we find that Multiplying by and reducing modulo . With the notation of Theorem V.6, we have , , , and . If we choose and then the are given by corresponding values for the
and
where
which proves i) and ii). It is easy to see that iii) and v) hold: for , since then , clearly, for each from the and . For each we have definition of
and we get the following equations:
Moreover, So if
then if and only if and , which contradicts the fact that and are chosen . Hence and from among the elements of are coprime in from which we conclude that are coprime in , proving iv). From Theorem III.10, we deduce that basis of the form
From Theorem III.10, it follows that of the form
has a Gröbner basis
has a Gröbner
Indeed, if
so that, by Theorem V.5, the pair is minimal in with and is thus contained up to equivarespect to the term order lence in a Gröbner basis of . We apply Theorem III.8 in order is generated by to compute the required basis. The module . Let and let . Then
of the key equation reTheorem V.7: The solution is, up quired for decoding the alternant code to equivalence, the minimal regular element of a Gröbner basis . for the solution module , under the term order
The remainder is reduced modulo and add it to the generating set. Now
for some then , and is minimal . In particular, is contained in , so the pair in satisfy the criteria of Theorem V.5. In any case, is minimal in . We have now proved the following theorem.
, so we denote it by
BYRNE AND FITZPATRICK: HAMMING METRIC DECODING OF ALTERNANT CODES OVER GALOIS RINGS
which is clearly reduced modulo , so we denote it by and add it to the generating set. We continue to find remainders of -polynomials with which we augment the generating set
and for resulting Gröbner basis is as follows:
,
. The
691
Then, for each and Moreover, there exists some such that or . and for each Proof: Clearly, since . On the other hand, , then , so that for each if , , and . Since in is nonempty it follows that the complement of and are distinct vectors. Definition VI.2: Let and let have , we denote by Gröbner basis . For each the set of th discrepancies of elements of with leading terms , that is, less than
The form of this basis has been predicted in Theorem V.3. The minimal regular element is , and where . The inverses of the roots of are given by the set
and correspond to the coefficients in , indicating that errors have ocand curred in positions and . The error magnitudes may be recovered by implementing a modified Forney procedure. VI. THE METHOD OF SOLUTION BY APPROXIMATIONS In this section, we give an iterative technique extending that of [9, Sec. IV] and so corresponding closely to a Berlekamp– denote the Massey type algorithm (see also [12]). Let module of solutions to the key equation modulo , i.e., We get a sequence of modules and since , we observe that the chain above is strictly decreasing. , we use the symbol to Given a polynomial in . Given an eldenote the coefficient attached to the term , the th discrepancy of is given by ement . If and in have th discrepancies and , respectively, such that for some then is contained in , having th discrepancy zero. We shall use this argument in the construction of from a Gröbner basis of . a Gröbner basis of and are contained in Note that since for each , is a type III module and its vector of minimal exponents has the form for some nonnegative integers Lemma VI.1: Let and
.
Theorem VI.3: Let and Let
have Gröbner basis
where, for each
, , , and we let , . Let . Then the following hold. and satisfying i) There exist if and only if . and satisfying ii) There exist if and only if . and Proof: Suppose there exist such that . Let be the corresponding element with th discrepancy . Then of (6) The sum tion of elements of . Let in
lies in , being a linear combina, and from (6) it must also be contained . Then
and thus
and element Then
. Conversely, suppose that satisfying and
Applying the division algorithm to we obtain satisfying
. Choose some .
and
692
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
Let
where and
If is defined by (8) and is on the left (resp., (resp., ), right) then Theorem VI.3 implies that is contained in a Gröbner basis for . Othso is defined by (9) and (resp., erwise, ), so that is contained in a . Thus, the elements of the new set Gröbner basis for can be relabeled so as to satisfy and , and hence forms a Gröbner . basis for
In particular
, let
Theorem VI.4: Let (7) are elements of
where
and let the set
satisfying
have Gröbner basis
as in Theorem VI.3. Then
and We claim that there exist , such that . Let and, for each , , , , where , and let are nonnegative integers. If then (7) implies with . that there is some nonzero then . The proof of ii) is Now, if similar. This theorem provides the framework for a decoding algorithm over . For any finite set of nonzero elements in and any term order , we denote by an ordered set of elements of satisfying for . In other words, the function returns the elements all of in nondecreasing order with respect to leading term. Now given a Gröbner basis
for
, we compute a Gröbner basis
for
with elements Gröbner basis of and
and constructed as above, is a satisfying for each .
We give the algorithm explicitly in Fig. 1. For the decoding . application we set We illustrate the procedure with the following example. Example VI.6: As in Example V.8, we consider the code and suppose that the vector
is received. Recall that the syndrome polynomial is given by
Here
has ordered Gröbner basis
and the corresponding values of there is no Clearly, for
are with
. so
as follows. . Find the th for each . , determine whether there is a with (recall that , by definition). In that case, set
• Let discrepancies • For each
For we may take and we may take and for . Thus,
, and
and so that
. Then set (8)
Otherwise, set (9) • Now define
.
The new discrepancies are first two basis elements are multiplied by
. Once again, the
BYRNE AND FITZPATRICK: HAMMING METRIC DECODING OF ALTERNANT CODES OVER GALOIS RINGS
693
and the new discrepancies are . The computation is similar to the previous case and we find
The final basis
is given by
and the minimal regular element is . , The inverses of the roots of and , correspond to the error locators and given by and indicate that errors have occurred in the second and sixth components of the error vector. VII. COMPLEXITY ISSUES We consider the computational complexity of Algorithm th disVI.5. At the th stage, we must compute the and update each of the elements crepancies of the th basis . For each , each th discrepancy
Fig. 1. Algorithm VI.5.
For , we may take and we may take and for , giving
, and
Thus, Now the discrepancies are find first
. In this case, we
Then, the total cost of determining the sequence of Gröbner requires at most bases
and then
Next, for
requires at most ring multiplications. We modify either by shifting once to form , in which case no multiplications are required, or by computing the linear for some combination with th discrepancy , where , for some , for some , and are in , and . Finding requires no more than checking an appropriate in until one is found satthrough the list of elements in , so the determination of is at a cost of isfying at most one division in . It is not hard to see that the elements of , constructed as outlined in Algorithm VI.5, satfor each , so computing the isfy requires at most multiplications updated element and one division in . At least one element in the basis (namely, the minimal element) is modified at no cost, so the total number is bounded above of ring operations required in computing by
, we may take so that
However, for
, there is no with
, and
so
operations in . For the specific application of decoding an alternant code for . Then for the Hamming metric, the relevant term order is , the sum requires at each operations. This can be seen as follows. Suppose most is on the left. If is on the left then
The new basis is and if
is on the right then
694
so computing pose now that then
and if
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 48, NO. 3, MARCH 2002
requires at most multiplications. Supis on the right. If is on the left
is on the right then
so again computing Thus, for the term order is computed in at most
requires at most , given the basis
multiplications. , the basis
operations and the total cost of implementing the algorithm is bounded above by
In any case, for a fixed ring , the complexity of Algorithm VI.5 is quadratic in the number of errors. ACKNOWLEDGMENT The authors wish to thank the referees, whose comments led to substantial improvements in the presentation of the paper. In particular, one of the referees made a suggestion which simplified the proof of Theorem III.10. REFERENCES [1] A. de Andrade, J. C. Interlando, and R. Palazzo, Jr., “On alternant codes over commutative rings,” in IEEE Int. Symp. Information Theory and Its Applications, vol. 1, Mexico, 1998, pp. 231–236. [2] W. W. Adams and P. Loustaunau, “An introduction to Gröbner bases,” Grad. Studies Math., vol. 3, 1994. [3] I. F. Blake, “Codes over certain rings,” Inform. Contr., vol. 20, pp. 396–404, 1972. [4] , “Codes over integer residue rings,” Inform. Contr., vol. 29, pp. 295–300, 1975.
[5] E. Byrne and P. Fitzpatrick, “Gröbner bases over Galois rings with an application to decoding alternant codes,” J. Symbolic Comput., to be published. [6] T. Becker and V. Weispfenning, Gröbner Bases: A Computational Approach to Commutative Algebra. New York: Springer-Verlag, 1993. [7] D. Cox, J. Little, and D. O’Shea, Ideals, Varieties, and Algorithms. New York: Springer-Verlag, 1992. [8] A. R. Calderbank and N. J. A. Sloane, “Modular and p-adic cyclic codes,” Des., Codes Cryptogr., vol. 6, pp. 21–35, 1995. [9] P. Fitzpatrick, “On the key equation,” IEEE Trans. Inform. Theory, vol. 41, pp. 1290–1302, Sept. 1995. , “On the scalar rational interpolation problem,” Math. Contr. Sig[10] nals Syst., vol. 9, pp. 352–369, 1996. , “Solving multivariable congruences by change of term order,” J. [11] Symb. Comput., vol. 24, pp. 505–510, 1997. [12] P. Fitzpatrick and S. M. Jennings, “Comparison of two algorithms for decoding alternant codes,” Applicable Alg. in Eng., Commun. and Comput., vol. 9, pp. 211–220, 1998. , “Errors and erasures decoding of BCH codes,” Proc. Inst. Elec. [13] Eng.–Commun., vol. 146, pp. 79–81, 1999. [14] G. D. Forney, Jr., “On decoding BCH codes,” IEEE Trans. Inform. Theory, vol. IT-11, pp. 549–557, Oct. 1965. [15] A. R. Hammons, V. Kumar, A. R. Calderbank, N. J. A. Sloane, and P. Solé, “The Z -linearity of Kerdock, Preparata, Goethals, and related codes,” IEEE Trans. Inform. Theory, vol. 40, pp. 301–318, Mar. 1994. [16] J. C. Interlando and R. Palazzo, Jr., “Multisequence generation and decoding of cyclic codes overZ ,” in Proc. IEEE Int. Symp. Information Theory, Whistler, BC, Canada, 1995, pp. 1–6. [17] J. C. Interlando, R. Palazzo, Jr., and M. Elia, “On the decoding of Reed–Solomon and BCH codes over integer residue rings,” IEEE Trans. Inform. Theory, vol. 43, pp. 1013–1021, May 1997. [18] P. Kanwar and S. R. Lopez-Permouth, “Cyclic codes over the integers modulo p ,” Finite Fields Their Appl., vol. 3, pp. 334–352, 1997. [19] W. Krull, “Algebraische Theorie der Ringe II,” Math. Ann., vol. 91, pp. 1–46, 1923. [20] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes. Amsterdam, The Netherlands: North Holland, 1977. [21] J. L. Massey, “Shift-register synthesis and BCH decoding,” IEEE Trans. Inform. Theory, vol. IT-15, pp. 122–127, Jan. 1969. [22] B. R. McDonald, Finite Rings With Identity. New York: Marcel Dekker, 1974. [23] G. H. Norton and A. Salagean-Mandache, “On the key equation over a commutative ring,” Des., Codes Cryptogr., to be published. [24] R. Raghavendran, “Finite associative rings,” Compositio Math., vol. 21, pp. 195–229, 1969. [25] J. A. Reeds and N. J. A. Sloane, “Shift-register synthesis modulo m,” SIAM J. Comput., vol. 14, pp. 505–513, 1985. [26] P. Shankar, “On BCH codes over arbitrary integer rings,” IEEE Trans. Inform. Theory, vol. IT-25, pp. 480–483, July 1979. [27] E. Spiegel, “Codes over Z ,” Inform. Contr., vol. 35, pp. 48–52, 1977. [28] , “Codes over Z , revisited,” Inform. Contr., vol. 37, pp. 100–104, 1978.
