Codes to the Berlekamp-Massey Algorithm. Maria Bras-Amorós, Michael E. O'Sullivan. The Claude Shannon Institute Workshop on. Coding and Cryptography.
From the Euclidean Algorithm for Solving a Key Equation for Dual Reed–Solomon Codes to the Berlekamp-Massey Algorithm Maria Bras-Amoros, ´ Michael E. O’Sullivan
The Claude Shannon Institute Workshop on Coding and Cryptography Cork, May 18, 2009
1 / 32
Contents
1
Extended Euclidean algorithm (revisited)
2
Key equations for Reed-Solomon codes (revisited)
3
Extended Euclidean algorithm for the new key equation
4
From the Euclidean to the Berlekamp-Massey algorithm
5
Other research directions
2 / 32
´ Bezout’s Theorem
´ Bezout’s Theorem Given a, b ∈ Fq [x] there exist f , g ∈ Fq [x] such that f a + gb = gcd(a, b) Extended Euclidean Algorithm Let r−2 = a, r−1 = b and, for i > 0 let the Euclidean division of ri−2 by ri−1 be ri−2 = qi ri−1 + ri . Define f−2 = 1, g−2 = 0, f−1 = 0, g−1 = 1, and for i > 0 fi = fi−2 − qi fi−1
gi = gi−2 − qi gi−1
then for all i > 0 f i a + g i b = ri
3 / 32
Extended Euclidean algorithm The extended Euclidean algorithm can be expressed in matrix form as ALGORITHM: Initialize: „
r−1 r−2
f−1 f−2
g−1 g−2
«
=
„
b a
0 1
1 0
«
1 0
«„
while deg(ri ) > 0: qi = Quotient(ri−2 , ri−1 ) „
ri ri−1
fi fi−1
gi gi−1
«
=
„
−qi 1
ri−1 ri−2
fi−1 fi−2
gi−1 gi−2
«
end while
Return ri−1
4 / 32
Extended Euclidean algorithm Remark deg(fi ) > deg(fi−1 ) while deg(ri ) < deg(ri−1 ) deg(gi ) > deg(gi−1 ) (except maybe in the initial steps); „ « „ « ri fi r−1 f−1 2 det = (−1)i+1 det = (−1)i+1 b, so ri−1 fi−1 r−2 f−2 1
fi ri−1 = (−1)i b + fi−1 ri , and, since deg ri < deg ri−1 and deg fi > deg fi−1 , then LT(fi ) = (−1)i LT(b)/LT(ri−1 ) deg fi = deg b − deg ri−1 „ « „ fi gi f−1 3 det = (−1)i+1 det fi−1 gi−1 f−2
g−1 g−2
«
= (−1)i , so
fi gi−1 − fi−1 gi = (−1)i ´ and the intermediate Bezout coefficients are coprime at each step. 5 / 32
Extended Euclidean alg. with monic remainders
Definition For all i > „ Ri ˜i R
−1 define the matrices « „ Fi Gi 1/LC(ri ) = ˜i ˜i G 0 F
0 (−1)i LC(ri )
«„
ri
fi
ri−1
fi−1
gi gi−1
«
Lemma For all i > 0, „ « Ri ˜i R
Fi F˜i
Gi ˜i G
=
„
˜ i−1 − Qi Ri−1 ) 1/LC(R 0
0 ˜ i−1 − Qi Ri−1 ) −LC(R
«„
−Qi 1
1 0
«„
Ri−1 ˜ i−1 R
Fi−1 ˜i−1 F
Gi−1 ˜ i−1 G
«
,
˜ i−1 by Ri−1 . where Qi is the quotient of R
6 / 32
Extended Euclidean alg. with monic remainders The extended Euclidean algorithm for the new matrices is ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
1
=
LC(b) 0
0 −LC(b)
!„
b a
0 1
1 0
«
−Qi 1
1 0
«„
while deg(Ri ) > 0: ˜ Qi = Quotient(R i−1 , Ri−1 ) „
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
0
=@
1
˜ LC(R i−1 −Qi Ri−1 ) 0
0 ˜ −LC(R i−1 − Qi Ri−1 )
1 A
„
Ri−1 ˜ R i−1
Fi−1 ˜ F i−1
Gi−1 ˜ G i−1
end while
Return Ri−1 (a constant multiple of ri−1 )
7 / 32
Extended Euclidean alg. with monic remainders The extended Euclidean algorithm for the new matrices is ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
1
LC(b) 0
=
0 −LC(b)
!„
b a
0 1
1 0
«
−Qi 1
1 0
«„
while deg(Ri ) > 0: ˜ Qi = Quotient(R i−1 , Ri−1 ) „
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
0
=@
1
˜ LC(R i−1 −Qi Ri−1 ) 0
0 ˜ −LC(R i−1 − Qi Ri−1 )
1 A
„
Ri−1 ˜ R i−1
Fi−1 ˜ F i−1
Gi−1 ˜ G i−1
end while
Return Ri−1 (a constant multiple of ri−1 )
(0)
If Qi = Qi „
−Qi 1
1 0
«
(l)
(1)
+ Qi x + · · · + Qi x l then
=
„
1 0
(0) −Qi
1
«„
1 0
(1)
−Qi x 1
«
...
„
1 0
(l)
−Qi x l 1
«„
0 1
1 0
«
. 7 / 32
Extended Euclidean alg. with monic remainders The extended Euclidean algorithm for the new matrices is ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
1
LC(b) 0
=
0 −LC(b)
!„
b a
0 1
1 0
«
while deg(Ri ) > 0: ˜ Qi = Quotient(R i−1 , Ri−1 ) „
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
=
1 1 0 ˜ LC(R A i−1 −Qi Ri−1 ) ˜ 0 −LC(R − Qi Ri−1 ) i−1 !„ «„ (l) l Ri−1 Fi−1 0 1 x 1 −Q i ... ˜ ˜ 1 0 R F 0 1 i−1 i−1 0 @
1 0
(0)
−Qi 1 «
!
1 0
(1)
−Qi 1
x
!
Gi−1 ˜ G
i−1
end while
Return Ri−1 (a constant multiple of ri−1 )
(0)
If Qi = Qi „
−Qi 1
1 0
«
(l)
(1)
+ Qi x + · · · + Qi x l then
=
„
1 0
(0)
−Qi 1
«„
1 0
(1)
−Qi x 1
«
...
„
1 0
(l)
−Qi x l 1
«„
0 1
1 0
«
. 7 / 32
...
Extended Euclidean alg. with monic remainders The extended Euclidean algorithm for the new matrices is ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
1
=
LC(b) 0
0 −LC(b)
!„
b a
0 1
1 0
«
while deg(Ri ) > 0: ˜ Qi = Quotient(R i−1 , Ri−1 ) „
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
=
0
1 1 0 ˜ LC(R A i−1 −Qi Ri−1 ) ˜ 0 −LC(R − Qi Ri−1 ) i−1 !„ «„ (l) l Ri−1 Fi−1 0 1 1 −Q x i ... ˜ ˜ 1 0 R F 0 1 i−1 i−1 @
1 0
(0)
−Qi 1 «
!
1 0
(1)
−Qi 1
x
!
Gi−1 ˜ G
i−1
end while
Return Ri−1 (a constant multiple of ri−1 )
9 LC(b) = they all are the LC of the left-most, top-most ˜ i−1 − Qi Ri−1 ) LC(R element in the previous matrix ; (j) Qi
7 / 32
...
Extended Euclidean alg. with monic remainders Splitting the matrix multiplications we get ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
b/LC(b) −LC(b)a
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
0 1
0 −LC(b)
1/LC(b) 0
«
while deg(Ri ) > 0: „
Ri+1 ˜ R i+1
«„
1 0
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
˜
!„
˜ ): while deg(Ri ) > deg(R i „
Ri+1 ˜ R
i+1
Fi+1 ˜ F
i+1
Gi+1 ˜ G
«
«
„
i+1
=
1 0
−LC(Ri )x (deg(Ri )−deg(Ri )) 1
Ri ˜ R
i
Fi ˜ F
i
Gi ˜ G
i
«
end while „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
=
1/LC(Ri ) 0
0 −LC(Ri )
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end while
8 / 32
Extended Euclidean alg. with monic remainders
We introduced a bunch of intermediate matrices „ « Ri Fi Gi ˜i ˜i F ˜i G R Not all of them satisfy „
Ri ˜i R
Fi ˜i F
Gi ˜i G
«
=
„
1/LC(ri ) 0
0 (−1) LC(ri ) i
«„
ri
fi
ri−1
fi−1
gi gi−1
«
But all of them satisfy Fi a + Gi b = Ri , ˜ib = R ˜i. F˜i a + G
9 / 32
Extended Euclidean alg. with monic remainders The same algorithm can be expressed as ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
−LC(b)a b/LC(b)
0 1/LC(b)
−LC(b) 0
«
while deg(Ri ) > 0: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
x −p 1/µ
„
1/µ 0
0 −µ
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
−µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else
i+1
end if end while µ = LC(Ri ) „ Ri+1 Fi+1 ˜ ˜ R F i+1
i+1
Gi+1 ˜ G i+1
«
=
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
« 10 / 32
Reed-Solomon Codes Primal Reed-Solomon Code Consider F a finite field of size q = p m , α a primitive element in F, n = q − 1. the identification u = (u0 , u1 , . . . , un−1 ) ↔ u(x) = u0 + u1 x + · · · + un−1 x n−1 (denote u(α) = u0 + u1 α + · · · + un−1 αn−1 ) The Reed-Solomon code of dimension k C ∗ (k) is the cyclic code with generator polynomial (x − α)(x − α2 ) · · · (x − αn−k ). It has generator and parity check matrices 0
B B B G∗ (k) = B B @
1 1 1 .. . 1
1 α α2 .. . αk −1
1 α2 α4 .. . α(k −1)2
... ... ... .. . ...
1 n−1
α α2(n−1) .. . α(k −1)(n−1)
1
C C C C, C A
0
B B B H ∗ (k) = B B B @
1 1 1 .. . 1
α α2 α3 .. . αn−k
α2 α4 α6 .. . α(n−k )2
... ... ... .. . ...
αn−1 α2(n−1) α3(n−1) .. . α(n−k )(n−1)
1
C C C C. C C A 11 / 32
Primal and dual Reed-Solomon Codes Primal Reed-Solomon Code The Reed-Solomon code of dimension k C ∗ (k) is the cyclic code with generator polynomial (x − α)(x − α2 ) · · · (x − αn−k ). It has generator and parity check matrices 0
B B B G∗ (k) = B B @
1 1 1 .. . 1
1 α α2 .. . αk −1
1 α2 α4 .. . α(k −1)2
... ... ... .. . ...
1 αn−1 2(n−1) α .. . α(k −1)(n−1)
0
1
B C B C B C ∗ C , H (k) = B B C B A @
1 1 1 .. . 1
α α2 α3 .. . n−k α
α2 α4 α6 .. . α(n−k )2
... ... ... .. . ...
αn−1 α2(n−1) α3(n−1) .. . α(n−k )(n−1)
1
C C C C. C C A
Dual Reed-Solomon Code The dual Reed-Solomon code of dimension k C(k) is the cyclic code with generator polynomial (x − α−(k +1) ) · · · (x − α−(n−1) )(x − 1). It has generator and parity check matrices 0
B B B G(k) = B B B @
1 1 1 .. . 1
α α2 α3 .. . αk
α2 α4 α6 .. . α2k
... ... ... .. . ...
αn−1 α2(n−1) α3(n−1) .. . k (n−1) α
1
0 C B C B C C , H(k) = B B C B C @ A
1 1 1 .. . 1
1 α α2 .. .
1 α2 α4 .. .
αn−k −1
α(n−k −1)2
... ... ... .. . ...
1 αn−1 α2(n−1) .. . α(n−k −1)(n−1)
1
C C C C. C A 12 / 32
Primal and dual Reed-Solomon Codes Properties Both codes have minimum distance d = n − k + 1 C(k)⊥ = C ∗ (n − k) If i is a vector of dimension k and
then c c(αi )
c
=
(c0 , c1 , . . . , cn−1 ) = iG(k) ∈ C(k),
c∗
=
∗ (c0∗ , c1∗ , . . . , cn−1 ) = iG∗ (k) ∈ C ∗ (k),
=
(c0∗ ,
αc1∗ ,
α2 c2∗ ,
...
∗ αn−1 cn−1 ),
= =
c0∗ + c0∗ +
αc1∗ αi + c1∗ αi+1 +
α2 c2∗ α2i + c2∗ α2(i+1) +
... ...
∗ +αn−1 cn−1 α(n−1)i ∗ (n−1)(i+1) +cn−1 α
c(αi ) = c ∗ (αi+1 )
13 / 32
Correction of RS codes: key polynomials Suppose c ∗ ∈ C ∗ (k) is the transmitted word, e ∗ is the error added to c ∗ with t = |e ∗ | 6 d −1 , and u ∗ = c ∗ + e ∗ is the received word. 2 Correction of RS codes Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q ∗ Ω = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x) i
j
14 / 32
Correction of RS codes: key polynomials Suppose c ∗ ∈ C ∗ (k) is the transmitted word, e ∗ is the error added to c ∗ with t = |e ∗ | 6 d −1 , and u ∗ = c ∗ + e ∗ is the received word. 2 Correction of RS codes Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q ∗ Ω = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x) i
j
Error location Λ∗ (α−i ) = 0 Error evaluation (Forney) ∗
−i
) . ei∗ = − ΛΩ′∗(α (α−i )
14 / 32
Correction of RS codes: key polynomials Suppose c ∗ ∈ C ∗ (k) is the transmitted word, e ∗ is the error added to c ∗ with t = |e ∗ | 6 d −1 , and u ∗ = c ∗ + e ∗ is the received word. 2 Correction of RS codes Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q ∗ Ω = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x) i
j
Error location Λ∗ (α−i ) = 0 Error evaluation (Forney) ∗
−i
) . ei∗ = − ΛΩ′∗(α (α−i )
Syndrome polynomial S ∗ = e ∗ (α) + e ∗ (α2 )x + · · · + e ∗ (αn )x n−1 Truncated syndrome polynomial ¯ ∗ = e ∗ (α) + · · · + e ∗ (αn−k )x n−k −1 S 14 / 32
Correction of RS codes: key equations Key equation Λ∗ S ∗ = (1 − x n )Ω∗ Truncated key equation (Berlekamp) ¯ ∗ = Ω∗ mod x n−k Λ∗ S
15 / 32
Correction of RS codes: key equations Key equation Λ∗ S ∗ = (1 − x n )Ω∗ Truncated key equation (Berlekamp) ¯ ∗ = Ω∗ mod x n−k Λ∗ S
´ Bezout-like presentation ∗ ¯ ∗ + m(x) x n−k = Ω∗ S Λ |{z} |{z} |{z} | {z } | {z } fi
a (known)
gi
b (known)
ri
15 / 32
Correction of RS codes: key equations Key equation Λ∗ S ∗ = (1 − x n )Ω∗ Truncated key equation (Berlekamp) ¯ ∗ = Ω∗ mod x n−k Λ∗ S
´ Bezout-like presentation ∗ ¯ ∗ + m(x) x n−k = Ω∗ S Λ |{z} |{z} |{z} | {z } | {z } fi
a (known)
gi
b (known)
ri
Sugiyama et al’s algorithm solves this by means of the ext. Euclidean algorithm. The bound on the degree of Ω∗ states the end of the algorithm. Coprimality of Λ∗ and Ω∗ guarantees unicity.
15 / 32
Correction of RS codes: key polynomials Suppose c ∈ C(k) is the transmitted word, e is the error added to c with t = |e| 6 d −1 , and u = c + e is the received word. 2 Correction of RS codes
Correction of DUAL RS codes
Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q Ω∗ = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x) i
j
Error location Λ∗ (α−i ) = 0 Error evaluation (Forney) ∗
−i
) ei∗ = − ΛΩ′∗(α . (α−i )
Syndrome polynomial S ∗ = e∗ (α) + e∗ (α2 )x + · · · + e∗ (αn )x n−1
Truncated syndrome polynomial ¯ ∗ = e∗ (α) + · · · + e∗ (αn−k )x n−k −1 S 16 / 32
Correction of RS codes: key polynomials Suppose c ∈ C(k) is the transmitted word, e is the error added to c with t = |e| 6 d −1 , and u = c + e is the received word. 2 Correction of RS codes
Correction of DUAL RS codes
Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q Ω∗ = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x)
Error locator polynomial Q Λ = ei 6=0 (x − αi ) Error evaluator polynomial P Q Ω = ei 6=0 ei ej 6=0,j6=i (x − αi )
i
j
Error location Λ∗ (α−i ) = 0 Error evaluation (Forney) ∗
−i
) ei∗ = − ΛΩ′∗(α . (α−i )
Syndrome polynomial S ∗ = e∗ (α) + e∗ (α2 )x + · · · + e∗ (αn )x n−1
Truncated syndrome polynomial ¯ ∗ = e∗ (α) + · · · + e∗ (αn−k )x n−k −1 S 16 / 32
Correction of RS codes: key polynomials Suppose c ∈ C(k) is the transmitted word, e is the error added to c with t = |e| 6 d −1 , and u = c + e is the received word. 2 Correction of RS codes
Correction of DUAL RS codes
Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q Ω∗ = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x)
Error locator polynomial Q Λ = ei 6=0 (x − αi ) Error evaluator polynomial P Q Ω = ei 6=0 ei ej 6=0,j6=i (x − αi )
Error location Λ∗ (α−i ) = 0 Error evaluation (Forney)
Error location Λ(αi ) = 0 Error evaluation (Forney)
i
∗
j
−i
) ei∗ = − ΛΩ′∗(α . (α−i )
ei =
Ω(αi ) Λ′ (αi )
Syndrome polynomial S ∗ = e∗ (α) + e∗ (α2 )x + · · · + e∗ (αn )x n−1
Truncated syndrome polynomial ¯ ∗ = e∗ (α) + · · · + e∗ (αn−k )x n−k −1 S 16 / 32
Correction of RS codes: key polynomials Suppose c ∈ C(k) is the transmitted word, e is the error added to c with t = |e| 6 d −1 , and u = c + e is the received word. 2 Correction of RS codes
Correction of DUAL RS codes
Error locator polynomial Q Λ∗ = e∗ 6=0 (1 − αi x) i Error evaluator polynomial P Q Ω∗ = e∗ 6=0 ei∗ αi e∗ 6=0,j6=i (1 − αi x)
Error locator polynomial Q Λ = ei 6=0 (x − αi ) Error evaluator polynomial P Q Ω = ei 6=0 ei ej 6=0,j6=i (x − αi )
Error location Λ∗ (α−i ) = 0 Error evaluation (Forney)
Error location Λ(αi ) = 0 Error evaluation (Forney)
i
∗
j
−i
) ei∗ = − ΛΩ′∗(α . (α−i )
ei =
Ω(αi ) Λ′ (αi )
Syndrome polynomial
Syndrome polynomial
S ∗ = e∗ (α) + e∗ (α2 )x + · · · + e∗ (αn )x n−1
S = e(αn−1 ) + e(αn−2 )x + · · · + e(1)x n−1
Truncated syndrome polynomial
Truncated syndrome polynomial
¯ ∗ = e∗ (α) + · · · + e∗ (αn−k )x n−k −1 S
¯ = e(αn−k −1 )x k + · · · + e(1)x n−1 . S 16 / 32
Correction of RS codes: key polynomials
If e and e ∗ are such that e(αi ) = e ∗ (αi+1 ) then Λ
=
x t Λ∗ (1/x)
Ω
=
x t−1 Ω∗ (1/x)
S
=
x n−1 S ∗ (1/x)
¯ S
=
¯ ∗ (1/x). x n−1 S
17 / 32
Correction of RS codes: key equations Key equation Λ∗ S ∗ = (1 − x n )Ω∗ Truncated key equation (Berlekamp) ¯ ∗ = Ω∗ mod x n−k Λ∗ S
Key equation ΛS = (x n − 1)Ω Truncated key equation ¯ − (x n − 1)Ω)< n − d/2 deg(ΛS
´ Bezout-like presentation ∗ ¯ ∗ + m(x) x n−k = Ω∗ Λ S |{z} |{z} |{z} | {z } | {z } fi
a (known)
gi
b (known)
ri
Sugiyama et al’s algorithm solves this by means of the ext. Euclidean algorithm. The bound on the degree of Ω∗ states the end of the algorithm. Coprimality of Λ∗ and Ω∗ guarantees unicity. 18 / 32
Correction of RS codes: key equations Key equation Λ∗ S ∗ = (1 − x n )Ω∗ Truncated key equation (Berlekamp) ¯ ∗ = Ω∗ mod x n−k Λ∗ S
Key equation ΛS = (x n − 1)Ω Truncated key equation ¯ − (x n − 1)Ω)< n − d/2 deg(ΛS
´ Bezout-like presentation ∗ ¯ ∗ + m(x) x n−k = Ω∗ Λ S |{z} |{z} |{z} | {z } | {z }
´ Bezout-like presentation ¯ Λ Ω (x n − 1) = m(x) S |{z} |{z} − |{z} | {z } | {z }
fi
a (known)
gi
b (known)
ri
fi
a (known)
gi
−b (known)
ri
Sugiyama et al’s algorithm solves this by means of the ext. Euclidean algorithm. The bound on the degree of Ω∗ states the end of the algorithm. Coprimality of Λ∗ and Ω∗ guarantees unicity. 18 / 32
Correction of RS codes: key equations Key equation Λ∗ S ∗ = (1 − x n )Ω∗ Truncated key equation (Berlekamp) ¯ ∗ = Ω∗ mod x n−k Λ∗ S
Key equation ΛS = (x n − 1)Ω Truncated key equation ¯ − (x n − 1)Ω)< n − d/2 deg(ΛS
´ Bezout-like presentation ∗ ¯ ∗ + m(x) x n−k = Ω∗ Λ S |{z} |{z} |{z} | {z } | {z }
´ Bezout-like presentation ¯ Λ Ω (x n − 1) = m(x) S |{z} |{z} − |{z} | {z } | {z }
Sugiyama et al’s algorithm solves this by means of the ext. Euclidean algorithm.
Goal: solve this by means of the ext. Euclidean algorithm
The bound on the degree of Ω∗ states the end of the algorithm.
The key equation itself states the end of the algorithm
Coprimality of Λ∗ and Ω∗ guarantees unicity.
Coprimality of Λ and Ω guarantees unicity.
fi
a (known)
gi
b (known)
ri
fi
a (known)
gi
−b (known)
ri
18 / 32
Correction of RS codes: key equations
Lemma Suppose that at most d −1 errors occurred. Then Λ and Ω are the unique 2 polynomials λ, ω satisfying the following properties. ¯ − ω(x n − 1)) < n − d/2 1 deg (λS 2
deg(λ) 6 d/2
3
λ, ω are coprime
4
λ is monic
19 / 32
Extended Euclidean alg. for the dual key equation ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
¯ S xn − 1
1 0
0 −1
«
while deg(Ri ) > n − d /2: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
x −p 1/µ
i+1
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else −µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end if end while Return Fi , Gi
20 / 32
Extended Euclidean alg. for the dual key equation ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
¯ S xn − 1
1 0
0 −1
«
while deg(Ri ) > n − d /2: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
x −p 1/µ
i+1
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else −µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end if end while Return Fi , Gi
1
¯ − Gi (x n − 1)) = deg(Ri ) < n − d/2 deg(Fi S 20 / 32
Extended Euclidean alg. for the dual key equation ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
¯ S xn − 1
1 0
0 −1
«
while deg(Ri ) > n − d /2: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
x −p 1/µ
i+1
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else −µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end if end while Return Fi , Gi
2
deg(Fi ) = n − deg(Ri−1 ) 6 n − (n − d/2) = d/2 20 / 32
Extended Euclidean alg. for the dual key equation ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
¯ S xn − 1
1 0
0 −1
«
while deg(Ri ) > n − d /2: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
x −p 1/µ
i+1
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else −µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end if end while Return Fi , Gi
3
Fi , Gi coprime. Indeed, det
„
Fi ˜i F
Gi ˜i G
«
˜ i ) + Gi (F ˜i ) = 1 = −1 ⇒ Fi (−G 20 / 32
Extended Euclidean alg. for the dual key equation ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
¯ S xn − 1
1 0
0 −1
«
while deg(Ri ) > n − d /2: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
x −p 1/µ
i+1
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else −µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end if end while Return Fi , Gi
4
Fi is monic. Indeed, det
„
Ri ˜i R
Fi ˜i F
«
˜ i ) + Ri (−F ˜i ) = 1 = −1 ⇒ Fi (R 20 / 32
Extended Euclidean alg. for the dual key equation ALGORITHM: Initialize: „
R−1 ˜ R −1
F−1 ˜ F −1
G−1 ˜ G −1
«
=
„
¯ S xn − 1
1 0
0 −1
«
while deg(Ri ) > n − d /2: µ = LC(Ri ) ˜) p = deg(Ri ) − deg(R i if p > 0 or µ = 0 then „
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G
«
=
„
1 0
„
Ri+1 ˜ R i+1
Fi+1 ˜ F i+1
Gi+1 ˜ G i+1
«
=
„
x −p 1/µ
i+1
−µx p 1
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
else −µ 0
«„
Ri ˜ R i
Fi ˜ F i
Gi ˜ G i
«
end if end while Return Fi , Gi
Theorem: If t 6
d −1 2
then the algorithm outputs Λ and Ω. 20 / 32
From Euclidean to Berlekamp-Massey ˜ i ) is that we need to The only reason to keep the polynomials Ri (and R compute their leading coefficients (the µ’s). Lemma ¯ LC(Ri ) = LC(Fi S) Proof. ¯ − Gi (x n − 1) = Fi S ¯ − x n Gi + Gi has On one hand, the remainder Ri = Fi S degree at most n − 1 for all i > 0. This means that all terms of x n Gi cancel ¯ and that the leading term of Ri must be either a term of Fi S ¯ with terms of Fi S ¯ and a term of Gi . or a term of Gi or a sum of a term of Fi S On the other hand, the algorithm only computes LC(Ri ) while deg(Ri ) > n − d/2. We want to see that in this case the leading term of Ri has degree strictly larger than that of Gi . Indeed, one can check that for i > 0, deg(Gi ) < deg(Fi ) and that all Fi ’s in the algorithm have degree at most d/2. So deg(Gi ) < deg(Fi ) 6 d/2 6 n − d/2 6 deg(Ri ).
21 / 32
From Euclidean to Berlekamp-Massey ALGORITHM: Initialize: ¯ d−1 = deg(S) d˜−1 = n « „ „ F−1 G−1 1 = ˜ ˜ 0 F G −1 −1
0 −1
«
while di > n − d /2: ¯ d) µ = Coefficient(Fi S, i p = di − d˜i if p > 0 or µ = 0 then „
Fi+1 Gi+1 ˜ ˜ F G i+1 i+1 di+1 = di − 1 ˜ ˜ di+1 = di
«
=
„
1 0
„
«
=
„
x −p 1/µ
−µx p 1
«„
Fi ˜ F i
Gi ˜ G i
«
else Fi+1 Gi+1 ˜ ˜ F G i+1 i+1 di+1 = d˜i − 1 d˜i+1 = di
−µ 0
«„
Fi ˜ F i
Gi ˜ G i
«
end if end while 22 / 32
From Euclidean to Berlekamp-Massey
This last algorithm is the Berlekamp-Massey algorithm that solves the linear recurrence t X Λj e(αi+j−1 ) = 0 j=0
for all i > 0. This recurrence is derived from Λ x nS−1 being a polynomial and thus having no terms of negative order in its expression as a Laurent series in 1/x, and from the equality „ « 1 e(α) e(α2 ) S = e(1) + + + · · · . xn − 1 x x x2
23 / 32
Moving back to primal Reed-Solomon codes Suppose c ∗ ∈ C ∗ (k) is the transmitted word, e ∗ is the error added to c ∗ and u ∗ = c ∗ + e ∗ is the received word. ∗ Then c = (c0∗ , αc1∗ , α2 c2∗ , . . . , αn−1 cn−1 ) ∈ C(k) and ∗ ∗ 2 ∗ n−1 ∗ e = (e0 , αe1 , α e2 , . . . , α en−1 ) has the same non-zero positions as e ∗ . ∗ Let u := c + e = (u0∗ , αu1∗ , α2 u2∗ , . . . , αn−1 un−1 ). The error values ei∗ added to ∗ ui can be computed from the error values ei added to ui by
ei∗ = ei /αi . Now we can use the previous algorithm with ¯ S
=
e(αn−k −1 )x k + e(αn−k −2 )x k +1 + · · · + e(1)x n−1
=
e ∗ (αn−k )x k + e ∗ (αn−k −1 )x k +1 + · · · + e ∗ (α)x n−1
=
u ∗ (αn−k )x k + u ∗ (αn−k −1 )x k +1 + · · · + u ∗ (α)x n−1 .
Once we have the error positions, we can compute the error values as ei∗ =
Ω(αi ) . αi Λ′ (αi ) 24 / 32
25 / 32
Other research directions: numerical semigroups
Definition A numerical semigroup is a subset Λ of N0 satisfying 0∈Λ Λ+Λ⊆Λ |N0 \ Λ| is finite (genus:=g:= |N0 \ Λ|)
26 / 32
Cash point Example The amounts of money one can obtain from a cash point (divided by 10)
27 / 32
Cash point amount
amount/10
0
0
10
impossible!
20 30
2 impossible! +
40
4
50
5
60
+
70
+
80
+
+
90
+
+
100
+
110 .. .
+ .. .
+
6 7 +
8 9 10
+
+
11 .. .
28 / 32
Counting
Let ng denote the number of numerical semigroups of genus g.
29 / 32
Counting
Let ng denote the number of numerical semigroups of genus g. n0 = 1, since the unique numerical semigroup of genus 0 is N0
29 / 32
Counting
Let ng denote the number of numerical semigroups of genus g. n0 = 1, since the unique numerical semigroup of genus 0 is N0 n1 = 1, since the unique numerical semigroup of genus 1 is N0 \ {1}
29 / 32
Counting
Let ng denote the number of numerical semigroups of genus g. n0 = 1, since the unique numerical semigroup of genus 0 is N0 n1 = 1, since the unique numerical semigroup of genus 1 is N0 \ {1} n2 = 2. Indeed the unique numerical semigroups of genus 2 are {0, 3, 4, 5, . . . }, {0, 2, 4, 5, . . . }.
29 / 32
Conjecture ng /ng−1 → φ
Conjecture 1
ng > ng−1 + ng−2
2
limg→∞
3
ng−1 +ng−2 ng
limg→∞ n
ng g−1
=1
=φ
At the moment it has not even been proved that ng is increasing.
30 / 32
Conjecture ng /ng−1 → φ g
ng
ng−1 + ng−2
ng−1 +ng−2 ng
ng ng−1
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
1 1 2 4 7 12 23 39 67 118 204 343 592 1001 1693 2857 4806 8045 13467 22464 37396 62194 103246 170963 282828 467224 770832 1270267 2091030 3437839 5646773 9266788 15195070 24896206 40761087 66687201 109032500 178158289 290939807 474851445 774614284 1262992840 2058356522 3353191846 5460401576 8888486816 14463633648 23527845502 38260496374 62200036752 101090300128
2 3 6 11 19 35 62 106 185 322 547 935 1593 2694 4550 7663 12851 21512 35931 59860 99590 165440 274209 453791 750052 1238056 2041099 3361297 5528869 9084612 14913561 24461858 40091276 65657293 107448288 175719701 287190789 469098096 765791252 1249465729 2037607124 3321349362 5411548368 8813593422 14348888392 23352120464 37991479150 61788341876 100460533126
1 0.75 0.857143 0.916667 0.826087 0.897436 0.925373 0.898305 0.906863 0.938776 0.923986 0.934066 0.940933 0.942947 0.946733 0.952517 0.954259 0.957621 0.960825 0.962472 0.964589 0.967695 0.969526 0.971249 0.973042 0.974642 0.976121 0.977735 0.979120 0.980341 0.981474 0.982554 0.983567 0.984556 0.985470 0.986312 0.987114 0.987884 0.988610 0.989290 0.989919 0.990504 0.991053 0.991574 0.992067 0.992531 0.992969 0.993381 0.993770
1 2 2 1.75 1.71429 1.91667 1.69565 1.71795 1.76119 1.72881 1.68137 1.72595 1.69088 1.69131 1.68754 1.68218 1.67395 1.67396 1.66808 1.66471 1.66312 1.66006 1.65588 1.65432 1.65197 1.64981 1.64792 1.64613 1.64409 1.64254 1.64108 1.63973 1.63844 1.63724 1.63605 1.63498 1.63399 1.63304 1.63213 1.63128 1.63048 1.62975 1.62906 1.62842 1.62781 1.62723 1.62669 1.62618 1.62570 1.62525
31 / 32
Conjecture ng /ng−1 → φ Behavior of
ng−1 +ng−2 ng
ng−1 +ng−2 ng
1
6q q
qq q q q qq q q q qq q q q q qq q q q qq q q q qq q q q q q q qq q q q qq q q q q q
q
50
0
Behavior of
g
ng ng−1
ng ng−1
6q q q q q q q q q q qq q q q qq q q q q qq q q q qq q q q qq q q q q qq q q q qq q q q qq
φ
q
0
50
g 32 / 32
