on algebraic decoding of algebraic-geometric and cyclic codes › ~zhcheng ›...

Linköping Studies in Science and Technology. Dissertations.No. 419

On Algebraic Decoding ofAlgebraic-Geometric

and Cyclic Codes

Ralf Kötter

Department of Electrical EngineeringLinköping University, S-581 83 Linköping, Sweden

Linköping 1996

ISBN 91-7871-673-XISSN 0345-7524

Printed in Sweden by ??, Linköping 1996

Contents

1 Introduction 1

I Background . . . . . . . . . . . . . . . . . . . . . . . . . . 1

II Why are cyclic and algebraic-geometric codes interesting ? . 2

III Outline of the thesis . . . . . . . . . . . . . . . . . . . . . . 3

IV Historical notes . . . . . . . . . . . . . . . . . . . . . . . . 5

2 Error-locating pairs for cyclic codes� 13

I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 14

II Error-locating pairs . . . . . . . . . . . . . . . . . . . . . . 14

A An error-locating procedure . . . . . . . . . . . . . 14

B Error-locating functions . . . . . . . . . . . . . . . 18

III Error-correcting pairs . . . . . . . . . . . . . . . . . . . . . 20

IV Cyclic codes . . . . . . . . . . . . . . . . . . . . . . . . . . 22

A Notation . . . . . . . . . . . . . . . . . . . . . . . 22�This chapter is a joint work with I.Duursma published inIEEE Transactions on Infor-mation Theory, vol.IT-40, pp. 1108-1121, July 1994.

iii

B Decoding BCH-codes . . . . . . . . . . . . . . . . 24

C Recurrences . . . . . . . . . . . . . . . . . . . . . . 27

D Correcting more errors . . . . . . . . . . . . . . . . 30

V Pairs from MDS-codes . . . . . . . . . . . . . . . . . . . . 31

A A class of MDS-codes . . . . . . . . . . . . . . . . 31

B Construction of pairs . . . . . . . . . . . . . . . . . 32

VI Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . 34

A Short description of the Fundamental IterativeAlgorithm . . . . . . . . . . . . . . . . . . . . . . . 34

B Reducing complexity . . . . . . . . . . . . . . . . . 36

VII More on pairs . . . . . . . . . . . . . . . . . . . . . . . . . 39

A Error-location by hyperplanes . . . . . . . . . . . . 39

B Generalized Hamming weight . . . . . . . . . . . . 41

VIII Cyclic codes of length less than 63 . . . . . . . . . . . . . . 42

IX Sequences of codes . . . . . . . . . . . . . . . . . . . . . . 46

X Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 48

3 A fast parallel implementation of a Berlekamp-Massey algorithmfor algebraic-geometric codesy 53

I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 54

II Algebraic-geometric codes . . . . . . . . . . . . . . . . . . 56

III The syndrome matrix . . . . . . . . . . . . . . . . . . . . . 61ysubmitted toIEEE Transactions on Information Theory

iv

IV The algorithm . . . . . . . . . . . . . . . . . . . . . . . . . 65

V Majority voting . . . . . . . . . . . . . . . . . . . . . . . . 74

VI Implementation . . . . . . . . . . . . . . . . . . . . . . . . 80

VII Error-erasure decoding . . . . . . . . . . . . . . . . . . . . 86

VIII Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 94

4 Fast generalized minimum distance decoding of algebraic-geometricand Reed-Solomon codesz 99

I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 100

II An error-erasure-locating algorithm . . . . . . . . . . . . . 101

III Generalized-Minimum Distance decoding . . . . . . . . . . 105

IV The Fundamental Iterative Algorithm . . . . . . . . . . . . 108

V Reed-Solomon codes . . . . . . . . . . . . . . . . . . . . . 111

VI Algebraic-geometric codes . . . . . . . . . . . . . . . . . . 123

VII Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 141

5 A Forney type formula for the determination of error values forHermitian codes 147

I Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 148

II The main idea . . . . . . . . . . . . . . . . . . . . . . . . . 149

III Hermitian codes . . . . . . . . . . . . . . . . . . . . . . . . 151

IV Conclusions . . . . . . . . . . . . . . . . . . . . . . . . . . 159

6 Conclusions 163zto appear inIEEE Transactions on Information Theory

v

Chapter 1

Introduction

I Background

The development of coding theory stems from the need to establish reliabletransmission of information. A sender who tries to communicate a messageto a receiver is often faced with a transmission channel thatis subject todisturbances of various kinds. In many everyday life channels the signalthat is picked up by the receiver is not identical to the signal that was sentby the transmitter.

This situation is tackled by encoding the set of messages into a prescribedset of codewords that are as different as possible with respect to the distur-bances caused by the channel. As long as the corruption of thecodewordcaused by the channel is sufficiently small the receiver can still success-fully guess which codeword was sent. The receivers task of choosing thecodeword which is most similar to the received word is referred to as thedecoding problem.

The decoding problem has a trivial solution which implies that the receiversimply compares the received word with all possible codewords. The re-ceiver then can choose the codeword that best matches the received word.This may be a feasible strategy for codes with few codewords but becomes

1

2 Chapter 1. Introduction

very soon impractical with increasing code size. One of the crucial ques-tions in the assessment of a coding scheme is the availability of efficientalgorithms to handle the encoding and decoding problem. A powerful codethat cannot be decoded in an efficient manner may be mathematically in-teresting but is usually ruled out from engineering applications of codingtheory.

Many different coding principles have been developed that are suitable fordifferent channels. In this thesis we consider certain block codes, namelycyclic codes and algebraic-geometric (AG) codes. In particular, we focuson the development and investigation of efficient decoding algorithms forthese codes.

II Why are cyclic and algebraic-geometric codesinteresting ?

By a code we mean a finite subset of a metrical space as for example Eu-clidean space or Hamming space. The distortion caused by a channel is of-ten modelled as additive noise, which means that a channel adds a randomelement of the space in consideration to the transmitted codeword. Based onthe assumption that the norm of the added error is likely to besmall, the pri-mary goal of code construction can be described as the problem of packinga maximum number of spheres of a fixed diameter in the space of concern.The resulting code then corresponds to the centers of these spheres. Thispurely geometrical problem does not in principle impose anyalgebraic re-strictions on the code. However, a code that is not carrying any algebraicstructure can usually only be described by an exhaustive list of codewords.Moreover, the decoding problem can only be solved by performing the la-borious work of comparing the received word to all codewordson the list.In practical applications of coding theory, where the complexity of handlinga code is of crucial importance, this is usually not feasible.

In order to obtain codes that allow the development of efficient encodingand decoding algorithms we are forced to impose an algebraicstructure onthe code. The most important restriction on the codes that are investigated

III. Outline of the thesis 3

in this thesis is the fact that these codes are linear spaces.This restrictionallows the usage of the rich mathematical tool-box providedby linear alge-bra.

In the case of linear cyclic codes we moreover require that any cyclic shiftof a codeword also results in a codeword. This property of a code turnsout to yield a very strong algebraic structure. In particular, a linear cycliccode can be described as an ideal in a ring of polynomials overa finite field.Furthermore, it is possible to associate with every position in a codeword anelement of a finite field. One important implication of this correspondenceis that it is possible to derive a two step decoding algorithm. In the first stepthe algorithm determines the erroneous positions in the received word. Thesecond step (if necessary) consists of calculating the corresponding errorvalues. A second implication is that cyclic codes can be analyzed usingproperties of matrices ofVandermondetype. This turns out to be the mostimportant mathematical tool in the treatment of linear cyclic codes.

Codes from algebraic geometry are obtained by evaluating a space of func-tions in a fixed set of points. The beautiful idea in the construction of thesecodes is to choose the point set for evaluation from an algebraic curve. Thischoice allows usage of the very well developed mathematicalmachineryfrom algebraic geometry. Although the algebraic structureof the codesdiffers according to the curve in consideration, very powerful and generalmathematical tools, in particular the theorem ofRiemann-Roch, are readilyathand to treat these codes. The decoding of AG codes follows the mainidea of decoding cyclic codes, which separates the decodingproblem intotwo steps. The positions in a codeword are now associated with the pointson the curve.

III Outline of the thesis

This thesis is divided into 6 chapters. The core of the material is presentedin chapters 2,3,4,5. These chapters are, up to editorial changes, identicalwith the following scientific articles.

4 Chapter 1. Introduction� Iwan Duursma and Ralf Kötter, “Error-locating pairs for cyclic codes”,IEEE Transactions on Information Theory, vol. IT-40, pp. 1108-1121, July 1994.� Ralf Kötter, “A fast parallel implementation of a Berlekamp-Masseyalgorithm for algebraic-geometric codes”, submitted toIEEE Trans-actions on Information Theory.� Ralf Kötter, “Fast generalized minimum distance decoding of alge-braic geometric and Reed-Solomon codes”, to appear inIEEE Trans-actions on Information Theory.� Ralf Kötter, “A Forney type formula for the determination oferror val-ues for Hermitian codes”, Technical Report LiTH-ISY-R-1821,Linköping University, Jan. 1996, Linköping, Sweden.

In addition to the above four papers parts of the results of this thesis havebeen presented in [1][2][3][4] and [5].

Chapter 2 is a joint work with Iwan Duursma. The problem consideredis the decoding of cyclic codes. The chapter explains how many earlierdecoding procedures for cyclic codes can be derived in the framework oferror-locating pairs. Decoding procedures are derived forall but four binarycyclic codes of length less than 63.

In chapter 3 the problem of efficiently solving the key equation in the decod-ing of AG codes is addressed. A parallel Berlekamp-Massey type algorithmfor computing error-locating functions for one-point AG codes from non-singular, absolutely irreducible curves is derived.

Chapter 4 gives a fast generalized minimum-distance decoding algorithm inthe framework of error-locating pairs. The approach is in principle applica-ble to any linear code. Special attention is paid to Reed-Solomon (RS) andAG codes.

The 5th chapter treats the computation of error values for the special caseof Hermitian codes. The algorithm derived in this chapter isbased on ageneralization of Forney’s formula.

Finally in chapter 6 we summarize and give some concluding remarks.

IV. Historical notes 5

IV Historical notes

The development of cyclic codes was started by Prange [6] in 1957. Manyimportant discoveries concerning cyclic codes were made around 1960. TheBCH-codes, which are a subclass of cyclic codes, were discovered indepen-dently by Hocquenghem [7] and by Bose and Ray-Chaudhuri [8].Reed andSolomon gave a first description of RS codes [9] and Gorenstein and Zierlerobserved that RS codes may be seen as a subclass of the BCH codes. Theinterpretation of cyclic codes as ideals was investigated by Peterson [10]and Kasami [11].

Since then a large number of papers have been written that deal with thecharacterization of cyclic codes and the description of particular classes ofcodes. Due to the main interest of this thesis we focus on the developmentof decoding algorithms.

The decoding of cyclic codes very soon concentrated on the decoding of thevery important subclass of BCH codes. The first practical decoding proce-dure for binary BCH codes was given by Peterson [10]. Peterson’s algorithmwas generalized by Gorenstein and Zierler [12] to non-binary cyclic codes.Thus an efficient decoding algorithm up to half the designed minimum dis-tance of BCH codes was available around 1960. The algorithm is usuallyreferred to asalgebraic decoding. Numerous papers, dealing with imple-mentation aspects and refinements of this algorithm, have appeared sincethen. We mention the work of Forney [13] and Chien [14] which derived anumber of simplifications. A significant contribution was Berlekamp’s dis-covery of an algorithm that solves the key equation of algebraic decoding inan iterative fashion [15]. This algorithm was rederived andreinterpreted asa shift-register design problem by Massey in [16].

A number of algorithms have been developed that are similar to Peterson’salgorithm in the sense that they follow the idea of decoding by error lo-cation. Sugiyama, Kasahara, Hirasawa, and Namekawa employed the Eu-clidean algorithm in [17](1975). Berlekamp and Welch (1983) derived adecoding algorithm using interpolation techniques [18]. Many authors haveimproved the above algorithms in various ways so that today the decodingof BCH codes is very well investigated. Still the decoding ofcyclic codesin general remains an unsolved problem. The concept oferror-correcting


pairs, introduced by Pellikaan in 1992 [19], and the ideas of Feng and Rao[20] and Duursma [21] on majority coset decoding ( both ideaswere in-spired by decoding procedures for AG codes ) seem at this point the mostpromising approach for future research.

AG codes were discovered by V.D. Goppa in 1977 [22]. Goppa’s discoveryopened a wide range of research problems connected with construction, de-scription and generalization of AG codes as well as the application of AGcodes as component codes in various code constructions. As in the case ofcyclic codes we focus on the development of decoding algorithms. How-ever we have to mention a result by Tsfasman, Vladut, and Zink [23]. Theyproved, for sufficiently large alphabets (i.e.q � 49, q is a square number)the existence ofq-ary code sequences with asymptotic rate exceeding theVarshomov-Gilbert existence bound for codes. This fact is even more re-markable as the construction of these codes requires only polynomial com-plexity. (For a precise formulation of this see [24]).

Around 1989 the decoding problem was attacked in two different ways byJustesen, Larsen, Jensen, Havemose, and Høholt [25] and by Porter [26].The two approaches can be seen as generalizations of Peterson’s decodingalgorithm for BCH codes and the Euclidean algorithm for the decoding ofclassical Goppa codes, respectively. The essence of the algorithm by Juste-sen et al., which was formulated for plane irreducible curves, was translatedinto a formal algebraic geometric language by Skorabogatovand Vladut[27] and is usually referred to as thebasic algorithm. Porters algorithm wasfurther developed by Ehrhard [28] and Porter, Shen, and Pellikaan [29].

The algorithms proposed by Justesen et al. and Porter had a substantial gapin the error correction capability in as much as the number ofguaranteedcorrectable errors was bounded byb(d� g� 1)=2 , whered is the designeddistance of the code andg the genus of the curve used for code construction.This gap to the error correction capability of the code was decreased in [27]for the algorithm proposed by Justesen et al.. The corresponding algorithmis referred to as themodified algorithm. An extension of this algorithm isfound in Duursma’s work [30]. A similar modification in orderto improvePorters algorithm was given in [29].

In 1989 Pellikaan [31] proved for sufficiently large alphabets the existenceof an effective decoding algorithm that consists of a numberof applications

IV. Historical notes 7

of the basic algorithm with different but fixed start parameters. At least oneof the decoding algorithms is then guaranteed to correct anyerror patternof weight at most half the minimum distance of the code. However, noeffective method for the determination of these start parameters is known inthe general case.

In 1993 Feng and Rao gave an effective decoding algorithm that achievederror correction up to the half the designed minimum distance [20]. Theidea of their approach is to iteratively determine more and more informa-tion about the error vector. The algorithm, which was formulated for planeirreducible curves, was extended and reformulated in an algebraic geometriclanguage by Duursma [21].

Around the same time as Feng and Rao formulated their algorithm Ehrhard[32] gave an algorithm that achieves error correction up to half the designedminimum distance if the designed minimum distance is sufficiently large.The main idea of Ehrhard’s algorithm is to iteratively determine the param-eters of a basic algorithm for the particular error pattern in question. Theprecise relation (if any) between Ehrhard’s algorithm and the algorithm ofFeng and Rao is still not determined.

The computationally efficient solution of the decoding problem has been anactive research area accompanying the development of the different decod-ing algorithms. The fundamental work in this area was done byJustesen,Larsen, Jensen, and Høholt [33]. They applied a modified two-dimensionalBerlekamp-Massey algorithm proposed by Sakata [34] to the decoding ofcodes on plane irreducible curves. The ideas of Feng and Rao were in-corporated into this approach in a series of papers that dealwith similaralgorithms and refinements of these algorithms. A referencelist of thesepapers can be found in the introduction of chapter 3.

The reader that is interested in further details on the different decoding al-gorithms is referred to the excellent survey paper by Pellikaan and Høholt[35] and, of course, the original references.

Bibliography

[1] R. Kötter, “An unified description of an error locating procedure forlinear codes”, Proc. of the International Workshop on Algebraic andCombinatorial Coding Theory, Voneshta Voda, Bulgaria 1992.

[2] I.M. Duursma and R. Kötter, “ Error-Locating Pairs for Cyclic Codes”,Proc. Sixth Joint Swedish-Russian Int. Workshop on Inform.Theory,pp. 123-127, Mölle, Sweden, Aug. 1993.

[3] R. Kötter, “A New Efficient Error-Erasure Location Scheme in GMDDecoding”, Proc. ISIT-93, San Antonio, p.33, 1993.

[4] R. Kötter, “A fast parallel Berlekamp-Massey type algorithm forHermitian codes”, Proc. IV International Workshop on Algebraicand Combinatorial Coding Theory, pp.125-129, Novgorod, Russia,September 1994.

[5] R.Kötter, “ Efficient Minimum Distance Decoding of Algebraic-Geometric Codes”, In Proc. ISIT-94, Trondheim, Norway, p.151, June1994.

[6] E. Prange, “Cyclic error correcting codes in two symbols”, AFCRC-TN-57-103, Air Force Cambridge Research Center, Cambridge,Mass., Sept 1957.

[7] A. Hocquenghem, “Codes Correcteurs D’erreurs”, Chiffres 2, pp.147-156,1959.

[8] R.C. Bose and D.K. Ray-Chaudhuri, “On a class of error-correctingbinary group codes”,Inform. and Contr., vol 3, pp. 68-79, 1960.

9


[9] I.S. Reed and G. Solomon, “Polynomial codes over certainfinitefields”, J. Soc. Indust. Appl. Math., vol 8, pp.300-304, 1960.

[10] W.W. Peterson, “Encoding and error-correction procedures for theBose-Chaudhuri codes”,IRE Trans. Inform. Theory, vol. 6, pp.459-470, 1960.

[11] T. Kasami, “Systematic codes using binary shift register sequences”,J. Process. Soc. JAPAN, vol.1 pp.198-200, 1960.

[12] D.C. Gorenstein and N. Zierler, “A class of error-correcting codes inpm symbols”,J. Soc. Indust. Appl. Math., vol. 9, pp.207-214, 1960.

[13] G.D. Forney, “On decoding BCH-codes”,IEEE Trans. Inform. Theory,vol.IT-11, pp.549-557, 1965.

[14] R.T. Chien, “Cyclic decoding procedures for Bose-Chaudhuri-Hocquenghem codes”,IEEE Trans. Inform. Theory, vol.IT-10, pp.357-363, 1964.

[15] E.R. Berlekamp, ‘Algebraic Coding Theory, McGraw-Hill, New York,1968.

[16] J.L. Massey, “Shift-register synthesis and BCH decoding”, IEEETrans. Inform. Theory, vol.IT-17, pp.122-127, 1969.

[17] Y. Sugiyama, M. Kasahara, S. Hirasawa, and T. Namekawa,“Amethod for solving key equation for decoding Goppa codes”,Inf. andContr., vol. 27, pp.87-99, 1975.

[18] L. Welch and E.R. Berlekamp, “Error correction for algebraic blockcodes”, presented at theIEEE Int. Symp. Inform. Theory, St. Jovites1983.

[19] R. Pellikaan, “On the decoding by error location and thenumber ofdependent error positions”,Discrete Math.vol. 106/107, pp. 369-381,1992

[20] G.-L. Feng and T.R.N. Rao, “Decoding Algebraic-Geometric Codesup to the Designed Minimum Distance”,IEEE Trans. on InformationTheory, vol. IT-39, pp.37-45, Jan. 1993.

BIBLIOGRAPHY 11

[21] I.M. Duursma, “Majority Coset Decoding”,IEEE Trans. on Informa-tion Theory, vol. IT-39, pp.1067-1071, May 1993.

[22] V.D. Goppa, “Codes Associated with Divisors”,Probl. Inform. Trans-mission, vol 13, pp.22-26,1977.

[23] M.A. Tsfasman, S.G. Vladut, and T. Zink, “Modular curves, Shimuracurves and Goppa codes better than the Varshomov-Gilbert bound”,Math. Nachrichten, vol 109, pp.21-28, 1982.

[24] M. A. Tsfasman, S. G. Vladut,Algebraic-Geometric Codes, KluwerAcademic Publishers, Dordrecht/Boston/London, 1991.

[25] J. Justesen, K.J. Larsen, H.E. Jensen, A. Havemose, andT. Høholdt,“Construction and decoding of a class of algebraic geometric codes”,IEEE Trans. Inform. Theory, vol.IT-35, pp.811-821, 1989.

[26] S.C. Porter, “Decoding codes arising from Goppa’s construction onalgebraic curves”, Ph.D. thesis, Yale Univ., Dec. 1988.

[27] A.N. Skorobogatov and S.G. Vladut, “On the Decoding of Algebraic-Geometric Codes”,IEEE Trans. on Information Theory, vol. IT-36,pp.1051-1060, Nov. 1990.

[28] D. Ehrhard, “Decoding algebraic-geometric codes by solving a keyequation”, Proceedings AGCT-3, Luminy 1991, Lect. Notes Math. vol1518, pp. 18-25, 1992.

[29] S.C. Porter, B.-Z. Shen, and R. Pellikaan, “Decoding geometric Goppacodes using an extra place”,IEEE Trans. on Information Theory, vol.IT-38, pp.1663-1676, Nov. 1993.

[30] I.M. Duursma, “Algebraic decoding using special divisors”, IEEETrans. on Information Theory, vol. IT-39, pp.694-698, March 1993.

[31] R. Pellikaan, “On a decoding algorithm for codes on maximal curves”,IEEE Trans. on Information Theory, vol. IT-35, pp.1228-1232, Nov.1989.

[32] D. Ehrhard, “Achieving the designed error capacity in decodingalgebraic-geometric codes”,IEEE Trans. on Information Theory, vol.IT-39, pp.743-751, May 1993.


[33] J. Justesen, K.J. Larsen, H. Elbrønd Jensen, and T. Høholt, “Fast De-coding of Codes from Algebraic Plane Curves”,IEEE Trans. on Infor-mation Theory, vol. IT-38, pp.111-119, Jan. 1992.

[34] S. Sakata, “Finding a Minimal Set of Linear Recurring Relations Ca-pable of Generating a given Finite two-dimensional Array”,J. Sym-bolic Computation, vol. 5 pp. 321-337, 1988.

[35] T. Høholt and Ruud Pellikaan, “On the Decoding of Algebraic-Geometric Codes”, preprint,1995, to appear inIEEE Trans. on Infor-mation Theoryspecial issue on algebraic geometric codes.

Chapter 2

Error-locating pairs for cycliccodes�

Abstract A general decoding method for linear codes is in-vestigated for cyclic codes. The decoding consists of solvingtwo systems of linear equations. All but four binary cycliccodes of length less than63 can so be decoded up to their actualdistance. A new family of codes is given for which the decod-ing needs onlyO(n2) operations.

Index Terms — Algebraic decoding, cyclic code, error-locatingpair, MDS-code, QR-code.

�This chapter is a joint work with I.Duursma published inIEEE Transactions on Infor-mation Theory, vol.IT-40, pp. 1108-1121, July 1994.

13

14 Chapter 2. Error-locating pairs for cyclic codes

I Introduction

The most successful methods for decoding of linear codes separate the de-coding into the location of the error positions and the determination of theerror values. Particular examples are the decoding of cyclic codes up to theBCH-bound and the basic algorithm for the decoding of algebraic-geometriccodes. The methods allow a unified description that applies to any linearcode. This was noticed by Pellikaan [17], who used it to describe the de-coding of AG-codes. Independently but later, Kötter [12] gave a similardescription. The location of the error positions is done with the help of anerror-locating pairof vector spaces. To decode a particular linear code onehas to assign such a pair to the code. We investigate how this can be donefor cyclic codes. For a given error-locating pair, the decoding itself can beperformed by solving two systems of linear equations.

We first recall the unified description. It applies to any linear code. Thus, itis presented with a minimum of assumptions and notation and the proofs canremain short. Section III investigates the determination of the error values.The later sections restrict to cyclic codes. In Sections IV and V we suggestgeneral formats for error-locating pairs. Section VI treats complexity as-pects of the decoding procedure. Section VII shows how in certain cases itis possible to extend the error-correction capability of error-correcting pairs.Section VIII gives pairs to decode all but four binary cycliccodes of lengthless than63 up to their actual distance. In the last section, some sequencesof codes are given with corresponding error-locating pairs.

II Error-locating pairs

A An error-locating procedure

Then-tuples defined over a fieldF form a vector space denoted byF n . Fortwo vectorsu = (u0; u1; : : : ; un�1) andv = (v0; v1; : : : ; vn�1), we define aproductu�v = (u0v0; u1v1; : : : ; un�1vn�1). For two subspacesU; V � F n ,

II. Error-locating pairs 15

letU �V denote the set of vectorsfu�v : u 2 U;v 2 V g. For a linear codeC we denote the dimension byk(C) and the minimum Hamming distancebyd(C), or byk andd respectively when no confusion arises. The followingdefinition is crucial to treat the problem of error localization.

Definition 2.1 (t-error-locating pair) LetU; V andC be linear codesof lengthn over the fieldF. We call(U; V ) a t-error-locating pair forC ifthe following conditions hold U � V � C?; (2.1)k(U) > t; (2.2)d(V ?) > t: (2.3)

Using this definition we will derive at-error-locating procedure based onthe following central observation.

Theorem 2.1 Let(U; V ) be at-error-locating pair for the codeC. Lety = + e be a word inF n with 2 C ande a vector of weight at mostt.There exists a non-zero vectoru 2 U such thatn�1Xi=0 yiuivi = 0; for all v 2 V: (2.4)

Moreover, any solutionu 2 U of (2.4) satisfiese � u = 0 (2.5)

Proof. In (2.4) we may replacey by e by condition (2.1) and the factthatyi = i + ei. Thus any vectoru 2 U with property (2.5) is a solutionto (2.4). Condition (2.2) guarantees the existence of a non-zero vector. Thisis because we impose at mostt linear conditions onU . To prove (2.5), wenote that (2.4) has the equivalent formulationy � u 2 V ?:Again replacingy by e and using weight(e)� t and condition (2.3) we find(2.5). 222


Assume we are given an error-locating pair(U; V ) and a received wordy.We have to find a solutionu 2 U to the homogeneous system of linearequations (2.4), which then by property (2.5) locates possible error positionswith zeros. We will give the matrix defining this system. Let diag(y) denotethen�nmatrix which has the elements ofy on its main diagonal and whichis zero everywhere else. Equation (2.4) can thus be written as:v � diag(y) � uT = 0; for all v 2 V:Obviously, it is enough to consider a set of basis vectors inV , forming agenerator matrixGV for V and we obtainGV � diag(y) � uT = 0:To make this equation solvable with methods of linear algebra we replaceuby u = �GU , whereGU is a generator matrix forU and� is an element ofF k(U) . Thus the key equation (2.4) can be rephrased asS(y) � �T = 0; (2.6)

where S(y) = GV � diag(y) �GTU :Any solution� for (2.6) gives a solutionu = �GU for (2.4) which now lo-cates possible error positions with zeros. Thus we have described at-error-locating procedure provided we have at-error-locating pair. The problemof error-location is now to find the spacesU andV that satisfy conditions(2.1)-(2.3) for a maximal value oft.

Example 2.1 LetF7 be the finite field with seven elements representedas the ring of integers modulo 7. LetC be a code of length7 overF7 withparity check matrixHC = 0BB� 1 1 1 1 1 1 10 1 2 3 4 5 60 1 4 2 2 4 10 1 1 6 1 6 6 1CCA :

II. Error-locating pairs 17

The codeC is an extended Reed-Solomon code with minimum Hammingdistance 5 and thus two error correcting. Let the codesU andV be definedby generator matricesGU = 0� 1 1 1 1 1 1 10 1 2 3 4 5 60 1 4 2 2 4 1 1A GV = � 1 1 1 1 1 1 10 1 2 3 4 5 6 � :It is straightforward to verify that conditions(2:1) � (2:3) are satisfied fort � 2. Let a vectory = + e with 2 C ande = (0; 3; 0; 0; 1; 0; 0) bereceived. MatrixS(y) equalsS( ) + S(e). Condition (2.1) guarantees thatS( ) = 0, and we find S(y) = � 4 0 50 5 4 � :A solution� to the key equation (2.6) is given by� = (4; 2; 1). This corre-sponds to a vectoru = �GU = (4; 0; 5; 5; 0; 4; 3) which is error-locating.

Remark 2.1 We are completely free in choosing bases forU andV ,i.e. in choosing the matricesGU andGV , without affecting the space ofsolutions to the key equation. Nevertheless the choice ofGU andGV deter-mines the structure of the matrixS(y). We will point out how this affectsthe computational complexity of solving (2.6) at a later stage.

Remark 2.2 Given aparticular error vectore, it is clear from theproof of Theorem 2.1 that the following conditions are sufficient to obtainu 2 Un0 with property (2.5):C � U � V ?; (2.7)9u 2 Un0 : e � u = 0; (2.8)8u 2 Un0 : e � u 2 V ? ) e � u = 0: (2.9)

Conditions (2.1) and (2.7) can both be phrased asn�1Xi=0 iuivi = 0; for all 2 C;u 2 U;v 2 V:Thus (2.7) is equivalent to (2.1). Conditions (2.8) and (2.9) are weaker thanconditions (2.2) and (2.3) respectively due to the fact thatthey are formu-lated for a particular error pattern. We will have to refer tothe weaker con-ditions in some cases where the conditions in Definition 2.1 are too strong.


B Error-locating functions

Theorem 2.1 in the previous subsection gives a possibility to determine theerror positions as zeros of a wordu 2 U . This describes the general case.In some known algorithms, in particular for BCH-codes and AG-codes, anerror-locating wordu is associated in a natural way with an error-locatingfunction. We will need this connection to make some properties ofu and thecorresponding error-locating function more transparent.Also the relationwith functions is helpful in actually finding pairs(U; V ) because many codeshave a clearer description in terms of functions. The rest ofthe section isdevoted to this relation.We have derived two sets of sufficient conditions for an error-locating pair.A pair with (2.1)-(2.3) locates all error patterns of a givenweight. Such apair is hard to find in general. Conditions (2.7)-(2.9) are weaker. They areformulated for a particular error pattern however and the verification for alarge class of error patterns becomes cumbersome. We formulate a third setof conditions that can be seen as a compromise. The conditions depend onthepositionsof the errors but not on the particular error values.

Lemma 2.1 For an error vectore, let E (E) be the subspace ofF nconsisting of all vectors that have zero components in the error (non-error)positions. The following conditions are sufficient to locate the error posi-tions with the pair(U; V ): C � U � V ?U \ E 6= 0V ? \ E = 0:

Proof. The conditions imply (2.7)-(2.9). 222The conditions of the lemma can be expressed in terms of functions. Weneed the following.

Notation 2.1 For a fieldF let S be theF-algebra ofn-tuples definedover F with component-wise multiplication and addition. LetR be an

II. Error-locating pairs 19F-algebra with no zero-divisors such that there exists a surjective homo-morphismEv : R �! S, with kernelI.For a codeC � S, let L(C) � R denote aF-vector space such that therestriction ofEv toL(C) is aF-vector space isomorphism fromL(C) toC.In particularL(C) \ I = (0).

Remark 2.3 R will be identified with a ring of functions.Ev is thenthe evaluation mapping, that means the evaluation off 2 R in a set ofpoints.Ev induces naturally anF-algebra isomorphism betweenR=I andS.

Example 2.2 (Example 2.1 continued) In the situation of Example 2.1,we can identifyR with F7 [x℄, the ring of polynomials inx with coefficientsfrom F7 . Ev is the map that evaluates polynomials in pointsf0; 1; 2; 3; 4; 5,6g and thusI � R is generated byx7 � x. The codesC;U andV can bedefined as the images of the vector spaces of polynomials of degree at most2; 2; and1 respectively. Thus the vectoru = (4; 0; 5; 5; 0; 4; 3) in Example2.1 is the image of the polynomialx2 + 2x+ 4 = (x� 1)(x� 4).

Example 2.3 For cyclic codes we takeR = F [x℄. Let � 2 F be aprimitive n-th root of unity.Ev is the evaluation map that evaluates poly-nomials in pointsf1; �; �2; : : : ; �n�1g, i.e.Ev(x) = (1; �; �2; : : : ; �n�1):The idealI � R is generated byxn�1. We obtain the algebra isomorphismEv : F [x℄=(xn � 1) ��! S. For cyclic codes this differs from the well-known vector space isomorphismId : F [x℄=(xn � 1) ��! S, that identifiesideals inF [x℄=(xn � 1) with cyclic codes inS. For example:Ev(1 + x) = (1 + 1; 1 + �; 1 + �2; : : : ; 1 + �n�1);Id(1 + x) = (1; 1; 0; 0; : : : ; 0; 0):

Example 2.4 For AG-codes an evaluation mapEv occurs in their def-inition [8].


Now, let an algebra-homomorphismEv : R �! S be given as in Notation2.1. The following lemma is just a reformulation of Lemma 2.1in terms ofvector spaces of functions.

Lemma 2.2 LetL(U); L(V ?) andL(C) map to the codesU; V ? andC after evaluation. Let the maps be bijective as in Notation 2.1. For anerror vectore, let J (J) be the ideal inR consisting of all elements thatevaluate to zero at the error (non-error) positions. The following conditionsare sufficient to locate the error positions with the pair(U; V ):L(C) � L(U) � L(V ?) + I;L(U) \ J 6= (0);L(V ?) \ J = (0):

Proof. Immediate from Lemma 2.1. 222The question arises whether an error-locating procedure can be formulatedin terms of error-locating functions. This is indeed the case. The decod-ing procedures for BCH-codes [2, p.248] or AG-codes [11, 22]use thisapproach.L(C); L(U) andL(V ?) have here a natural interpretation.

III Error-correcting pairs

The previous section shows how an error-locating pair(U; V ) can be usedto locate the error positions in a received word. This is the most importantpart of the decoding. Therefore error-locating pairs will play a major role inwhat follows. The key idea is that for a received wordy, a vectoru can beobtained such thatu has zeros at the error positions.

Remark 2.4 The error vectore satisfies the conditionsy� e 2 C;e � u = 0:Thuse can be obtained by solving a system of linear equations.

III. Error-correcting pairs 21

In general the vectoru may have zeros at non-erroneous positions too. Forthe determination of the error values it is important that the set of zeros isnot too large.

Lemma 2.3 For a codeC with error-locating pair (U; V ), let u 2Un0 locate the error positions of the error vectore, that ise � u = 0: Theerror values are uniquely determined byu if and only if8 2 C : � u = 0 ) = 0: (2.10)

Proof. Assume we can writey in two different ways asy = e1 + 1 =e2 + 2, where 1; 2 2 C ande1 � u = e2 � u = 0. It follows that(e1 � e2) � u = 0; with e1 � e2 = 2 � 1 2 C:Condition (2.10) impliese1 = e2. If this condition fails, say � u = 0 for 6= 0, we find the two different solutionse; e� . 222Lemma 2.3 is the basis for the definition of at-error-correcting pair in [17].See also [12].

Definition 2.2 (t-error- correcting pair) Let (U; V ) be at-error-locatingpair for the codeC as in Definition 2.1. We call(U; V ) a t-error-correctingpair for the codeC if in addition to the conditions (2.1),(2.2) and (2.3) thefollowing is satisfied d(C) + d(U) > n; (2.11)

wheren denotes the code length ofC.

Remark 2.5 The definition is justified by the lemma since condition(2.11) implies8 2 C; 8u 2 U : � u = 0 ) = 0 _ u = 0; (2.12)

which implies (2.10). In some cases we will prefer to use the weaker condi-tion (2.12).


Remark 2.6 Recall that a pair(U; V ) needs to satisfyC � U � V ? tobe error-locating for a codeC. By the lemma, an error-locating pair will beerror-correcting if it satisfies(C n 0) � (U n 0) � (V ? n 0):

Remark 2.7 In terms of functions a pair(U; V ) needs to satisfyL(C)�L(U) � L(V ?) + I to be error-locating. By Lemma 2.3 it will be error-correcting if it satisfies L(C) � L(U) � L(V ?):Here we use the fact thatR has no zero-divisors and thatL(V ?) \ I =(0). Let hL(C) � L(U)i denote the linear space spanned by all functionsin L(C) � L(U). The following conditions are then sufficient to guaranteeerror-correction with a pair(U; V ):L(U) \ J 6= (0); (2.13)hL(C) � L(U)i \ J = (0): (2.14)

The dilemma in algebraic decoding is obvious. For (2.13) we wantL(U) tobe big and for (2.14) we wanthL(C) � L(U)i that meansL(U) to be small.

IV Cyclic codes

A Notation

From now on we restrict our attention to the class of cyclic codes. A cycliccodeC � F n is usually identified with an ideal in the ringF [x℄=(xn � 1)generated by a polynomialg(x), which dividesxn � 1. A codeword =( 0; 1; : : : ; n�1) 2 C is interpreted as a polynomial by the relation (x) = 0 + 1x1 + : : :+ n�1xn�1; with g(x)j (x):The code is determined by the zeros ofg(x). We assume(charF; n) = 1, sothatxn � 1 hasn different zeros. Let the extensionF of F contain then-th

IV. Cyclic codes 23

roots of unity and let� 2 F be a primitiven-th root of unity. Letmi(x) bethe minimal polynomial of�i overF. If g(x) equals lcmfmi(x) : �i 2 Rgthen we callR a defining setfor C. If R is the maximal defining set forC we callR complete. By abuse of standard notation we will describe thedefining set by the exponents occurring inR. With R = fi1; i2; : : : ; ilg thematrix M(R) = 0BBB� (�i1)0 (�i1)1 : : : (�i1)n�1(�i2)0 (�i2)1 : : : (�i2)n�1

......

. . ....(�il)0 (�il)1 : : : (�il)n�1 1CCCA

is a parity-check matrix for a codeC � F n. The codeC is obtained as the

subfield subcode ofC, that meansC = C \ F n . In order to distinguishcodes over fieldsF andF we use the notationC=F andC=F respectively.

Definition 2.3 LetR be adefining setof a cyclic codeC=F. C is thendefined as C = f 2 F n :M(R) T = 0g:We also like to refer to a matrixM(R) as a generator matrix to describethe codesU andV in an error-locating pair(U; V ). To distinguish betweenthe use ofM(R) as a parity-check matrix or as a generator matrix, we callR a defining set in the former case and agenerating setin the latter case.As it will be seen the notation of generating sets is very convenient to de-scribe error-locating pairs for cyclic codes. We formally have the followingdefinition.

Definition 2.4 Let I be agenerating setof a cyclic codeU=F . U isthen defined as U = fu 2 F n : u = �M(I);� 2 F jIjg:In the following, generating sets for the codesU andV will be denotedby I andJ respectively. We stress that both codes are defined over thelarge fieldF . Thus, their dimensions follow immediately ask(U) = jIj and

24 Chapter 2. Error-locating pairs for cyclic codesk(V ) = jJ j. Let I = fi1; : : : ; ilg, wherei1 < : : : < il. We defineI as thesmallest set of consecutive integers containingI, i.e.I = fi1; i1 + 1; : : : ; il � 1; ilg:The following reformulation of the BCH-bound is obvious.

Lemma 2.4 The minimum distance of a cyclic code of lengthn withgenerating setI is bounded below byd � n� jIj+ 1:We will freely use the following observations. Leta(i) = (1; �i; �2i; : : : ; �(n�1)i):We have a(i) ? a(j) , i+ j 6� 0 (mod n):Let b + R = fb + i (mod n) : i 2 Rg. The codes with defining setsR and b + R are equivalent, for( ; n) = 1. Also let I + J = fi + j(mod n) : i 2 I; j 2 Jg: Let U; V andW be cyclic codes with generatingsetsI; J andI + J respectively. ThenU � V is a subset ofW .

B Decoding BCH-codes

Theorem 2.1 provides a way to construct a decoding algorithmfor a par-ticular linear code. The bottle-neck in the construction isthe search for anerror-correcting pair(U; V ). As we shall see, there exists an obvious choicewhich enables us to decode up to the BCH-bound. We can do better how-ever by using a correspondence between the pair of cyclic codes(U; V ) andthe pair of defining sets(A;B) in the lemma below.

IV. Cyclic codes 25

Lemma 2.5 (Roos-bound)(Theorem 3 [13]) IfA is a defining setfor a cyclic code with minimum distancedA and if the setB is such thatjBj � jBj + dA � 2; then the code with defining setA + B has minimumdistanced � jBj+ dA � 1:

Proof. After replacingA andB by sets of zeros see [13]. 222Corollary 2.1 Let 1 and 2 satisfy( 1; n) = ( 2; n) = 1. In Lemma

2.5, the same bound on the distance holds for a code with defining set 1A+ 2B.

Proof. First it is immediate from the proof in [13] that the constantsplay no essential role and can be taken equal to one. Also, we may restrictto the case 2 = 1 by passing to an equivalent code. The lemma can now beapplied with the sets 1A andB. 222The following theorem relies on the lemma and provides a possibility to finderror-locating pairs for a large class of cyclic codes.

Theorem 2.2 Let s < t. Let the generating setsI; J andK satisfyjIj = t+ 1;jJ j = t� s; jJ j = t� s;jKj = s+ 1; jKj � t:Let ( 1; n) = ( 2; n) = ( 3; n) = 1. Then the codeC=F with definingsetR = b + 1I + 2J + 3K has at-error-locating pair (U; V ), whereU=F is defined by the generating setb + 1I andV=F by the generating set 2J + 3K. For the distance of the codeC we havejIj � 2t ) d(C) � 2t+ 1:The pair(U; V ) is t-error-correcting wheneverjIj � d(C):


Proof. The verification of conditions (2.1) and (2.2) is straightforward.The distanced(V ?) can be estimated with the lemma. We use it withA = J; dA = t� s+ 1 andB = K; jBj � (s+ 1) + (t� s+ 1)� 2;and apply the corollary. It follows thatd(V ?) � (s+1)+(t� s+1)� 1 =t + 1 and (2.3) holds. The distanced(C) follows with another applicationof the lemma, this time withA = 2J + 3K; dA � t+ 1 andB = b �11 + I; jBj � (t + 1) + (t+ 1)� 2:Using the corollary we see thatd(C) � (t + 1) + (t + 1) � 1 = 2t + 1.For the last statement, combination ofd(U) � n� jIj+1 (Lemma 2.4) andd(C) > jIj � 1 yields condition (2.11). 222

Example 2.5 (Example 1 [6]) LetC be the binary cyclic code of type[39; 15℄ defined byR � f1; 3g. In particularR � f1; 2; 3; 4; 5; 6; 8; 9; 10; 11; 12g:The BCH-bound yieldsd � 7 (the Hartmann-Tzeng bound or the Roosbound do not improve on this). The actual distance equals10 ([19],[13]). Inthe theorem we may chooseI = f1; 2; 3; 8; 9g; J = f0; 1; 2; 3g; K = f0gwith t = 4 ands = 0. SincejIj > 2t, the theorem does not yield a betterestimate for the distanced(C). Using the knowledge that the distance isequal to10, we see thatjIj � d(C) and that the4-error-locating pair(U; V )is actually4-error-correcting. The codeC corresponds to entry 45 in Table1.

A procedure to decode up to the Hartmann-Tzeng bound and in some casesup to the Roos bound is presented in [5]. We recall the two bounds, fol-lowing [5], and show that the procedure is a special case of Theorem 2.2.Let the defining set for a cyclic codeC containb + 1I� + 2J�, with I� =f1; 2; : : : ; d0�1g andJ� = fj1; j2; : : : ; js+1g, for j1 < j2 < : : : < js+1 andjs+1 � j1 � s < d0 � 1. Also, let( 1; n) = ( 2; n) = 1. Thend(C) � dRoos = d0 + s:

IV. Cyclic codes 27

The bound is a special case of Lemma 2.5. With the further restrictionss+ 1 � d0 � 1; (2.15)js+1 � j1 < (d0 + s� 1)=2: (2.16)

the procedure in [5] decodes up todRoos. Note that the Hartmann-Tzengbound corresponds tojh = h; h = 1; 2; : : : ; s + 1 and in this case the re-strictions can always be fulfilled.

Corollary 2.2 (Theorem 4 and Theorem 5 [5]) In decoding up to theRoos-bound, we may assume thats is such thatdRoos is odd and we writed0 + s = 2t+ 1. Let the generating setsI; J;K be defined asI = f0; 1; 2; : : : ; tg;J = f1; 2; : : : ; t� sg;K = fj1; j2; : : : ; js+1g:The codeC with defining setR = b + 1I + 1J + 2K has distanced(C) � 2t + 1. A t-error-correcting pair is given by(U; V ), whereUhas generating setb+ 1I andV has generating set 1J + 2K.

Proof. The restriction (2.15) can be written ass < t. In particular thesetJ is well-defined. The restriction (2.16) yieldsjKj � 1 < t. Thus allconditions of the theorem are fulfilled. 222C Recurrences

Some error-locating pairs in Theorem 2.2 do not satisfy the conditionjIj �d(C). In that case an error-locating wordu 2 U is obtained but it is notimmediately clear whether the error values are uniquely determined or not.To investigate this we use the following lemma.

Lemma 2.6 Let the vectore have support in a setA and letR containjAj consecutive integers. Let the syndromesSi = he; a(i)i; i 2 R; (2.17)


be known. Then the set of equations (2.17) determinese uniquely.

Proof. By the BCH-bound the difference of two solutions fore hasweight at leastjAj + 1 or zero. Hence, two solutions with support inA areidentical. An efficient way to solve fore is given by Forney’s algorithm [19,p.297]. 222Recall from the computational scheme that in solving (2.4) foru 2 U n0 weactually find a vector� solving the key equation (2.6). WithI = fi1; : : : ; ilgas generating set forU the generator matrix ofU is given byGU = M(I).We are in the situation of Example 2.3 and for� = (�i1 ; : : : ; �il) we haveu = �GU = Ev(�) for the polynomial� = �ilX il + : : :+ �i2X i2 + �i1X i1: (2.18)

Having found an error-locating polynomial�, the zeros ofu are obtainedas the zeros of� by e.g. a Chien search. We denote this set withA. Thefollowing lemma provides a method to obtain a consecutive syndrome setof sizejAj.

Lemma 2.7 Let the polynomial� (2.18) have the support ofe amongits zeros. Then �ilSil+j + : : :+ �i2Si2+j + �i1Si1+j = 0; (2.19)

for all integersj.Proof. �ilSil+j + : : :+ �i1Si1+j= h e ; �ila(il + j) + : : :+ �i1a(i1 + j) i= h e ; (�ila(il) + : : :+ �i1a(i1)) � a(j) i= h e ; u � a(j) i = h e � u ; a(j) i = 0: 222

IV. Cyclic codes 29

Example 2.6 We consider the binary cyclic codeC of type [45; 15℄with R � f1; 3; 7; 15g. It corresponds to entry 84 in Table 1. We haveR � f1; 2; 3; 4; 11; 12; 13; 14; 15; 16; 17; 28; 29; 30; 31g:The BCH-bound givesd � 8, while the actual distanced = 9 and fourerrors can be corrected. The choiceI = f1; 11; 12; 13; 14g; J = f0; 1; 2; 3g;defines an error-locating pair(U; V ) by Theorem 2.2. We can thereforecompute � = �14X14 + �13X13 + �12X12 + �11X11 + �1X;such that the error positions are zeros of�. We may assume that there arefour errors and therefore that�1 6= 0. Using (2.19) withj = 17 we findS18.The syndromeS5 is then obtained withj = 4. By thenS1; S2; : : : ; S20 areall known and Lemma 2.6 applies.

Remark 2.8 When using recurrences of type (2.19) we need to knowwhich syndromes have a nonzero coefficient. In general therecan be zerocoefficients and these cases have to be treated separately. As in the example,one may be able to show that some coefficients cannot be zero. The proce-dure is described in [6], but there zero coefficients are not considered. Thus,the procedure as described in [6] may fail for the entries 17,84 and 121 inTable 1.

Example 2.7 We consider the codeC of Example 2.6. The procedurein [6] corresponds to the choicesI = f11; 12; 13; 14; 28g; J = f0; 1; 2; 3g:This defines an error-locating pair. In the case of four errors there will bea unique error-locating polynomial. The polynomialX28 �X13 has fifteenzeros among the45-th roots of unity. The zeros support a two-dimensionalsubcode ofC and the error values are not uniquely determined from theerror positions. In fact, the unknown syndromesfS5; S10; S20; S40; S35; S25gcannot be obtained from the known syndromes with a recurrence S15+j =Sj.


D Correcting more errors

Theorem 2.2 gives an error-correcting pair(U; V ) to correct errors up tothe BCH-bound and in some cases beyond. To achieve the error-correctioncapability of some cyclic codes we recall a well-known ’trick’. Consideringbinary cyclic codes,S0 has value either0 or 1.

Remark 2.9 Let the binary cyclic codeC have distanced(C) � 2t +1. A t-error-correcting algorithm for the even weight subcode becomes at-error-correcting algorithm for the code itself when used twice with twodifferent values ofS0.

Example 2.8 We consider the cyclic code of length33 with definingsetR = f1; 3g. The complete defining set contains the setf�4;�3;�2;�1; 1,2; 3; 4g. The actual distance is equal to10 and the even weight subcode canbe decoded up to this distance with the pair(U; V ) defined with generatingsetsI = f0; 1; 2; 3; 4g andJ = f�3;�2;�1; 0g.Feng and Tzeng [5] showed how the trick can be applied with reduced com-plexity. We recall briefly their argument applied to error-correcting pairs.In many cases we find error-correcting pairs, such thatS0 occurs just oncein the key matrixS(y) (2.6). Without loss of generality we can assumethatS0 occurs in the last column. Lett be the maximal number of errorsthat we want to decode. If less thant errors have occurred we can find anerror-locating polynomial� from the leftmost columns, i.e. with vanishingcoefficient at the last column. We only need to knowS0 if we cannot findsuch a solution. But then by assumption preciselyt errors have occurredwhich meansS0 is equal tot (mod 2).

Example 2.9 We consider the[31; 16; 7℄ binary cyclic code with defin-ing setR = f1; 5; 7g. An error-correcting pair is described by generatormatricesGV =M(f1; 2; 0g) andGU =M(f7; 8; 18; 0g). The key equationis then given by 0� S8 S9 S19 S1S9 S10 S20 S2S7 S8 S18 S0 1A0BB� �7�8�18�0 1CCA = 0:

V. Pairs from MDS-codes 31

If less than 3 errors occurred, we will find a vector� with �0 = 0 whichlocates the error positions. If we cannot find such a vector weassume threeerrors to have occurred and this meansS0 is equal to 1. So wheneverS0 isneeded in order to calculate the error-locator polynomial,we know its value.

V Pairs from MDS-codes

A A class of MDS-codes

In this section we assume that the fieldF is finite of orderq. Also let(n; q) =1. As in the previous section letF � F contain then-th roots of unity.

Theorem 2.3 LetC andA denote two cyclic codes overF of lengthn.Let their defining sets be given byRC = f1; ql; q2l; : : : ; qrlg; and RA = f1; ql; q2l; : : : ; qslg;for l; r; s > 0 with r < s. Thend(C) = minf jRCj+ 1; d(A) g:In particular the codeC is MDS forjRC j < d(A).

Proof. Clearlyd(C) � jRC j + 1 by the Singleton bound. It suffices toprove for a word 2 C of weight wt( ) � jRC j that 2 A. The columnsin M(RC) corresponding to the support of are dependent. Thus the sub-matrix of M(RC) formed by these columns has row-rank less thanjRC j.The submatrix ofM(RA) formed by columns at the support of has a lin-ear relation among its topjRC j rows, because this is just the correspondingsubmatrix ofM(RC). Taking coefficients and rows to the powerql yields arelation on lower rows and it is seen that the two submatriceshave the samerow-space, which implies 2 A. 222

Remark 2.10 The conclusion and the proof of the theorem remain thesame when zero is added to the defining setsRC andRA


Example 2.10 The codeC overF = GF (211) of lengthn = 23 withdefining setRC = f0; 1; 4; : : : ; 4rg is MDS for r � 5, due to the fact that acode with defining setRA = f0; 1; 4; : : : ; 410g has minimum distance8.

B Construction of pairs

For at-error-correcting BCH-codeC with defining setR � f1; 2; : : : ; 2tgwe have by Theorem 2.2 at-error-correcting pair(U; V ). The codesU andV have generating setsI = f0; 1; : : : ; tg andJ = f1; 2; : : : ; tg respectively.More general, we have

Proposition 2.1 Let the codesU andV be MDS of dimensionk(U) =t + 1 andk(V ) = t respectively. A codeC with C ? U � V has distanced(C) � 2t+ 1. Moreover it has thet-error-correcting pair(U; V ).Proof. Theorem 5 in [13] yields thatd(C) � 2t + 1. The conditions

(2.1)–(2.3) and (2.11) for an error-correcting pair followimmediately . 222Remark 2.11 In case the codeU is not MDS, but otherwise the con-

ditions onU andV are satisfied the pair(U; V ) in the lemma is stillt-error-locating for a codeC with C ? U � V .

We give two applications of MDS codes obtained with Theorem 2.3. In bothcases,U andV are chosen such that the conditionC ? U � V leads to asmall defining set forC. Furthermore the key-equation (2.6) can be solvedwith complexityO(t2) in both cases. Here the complexity is estimated bythe number of required multiplications in the fieldF .

Theorem 2.4 (first conjugacy format) Let the codesU=F and V=Fhave generating setsI = f1; ql; q2l; : : : ; qtlg andJ = f0; ql; q2l; : : :, q(t�1)lg,for t � 2. Let t = tl be maximal such that bothU andV are MDS of di-mensionk(U) = t + 1 andk(V ) = t respectively. For2 � t � tl, a codeC=F with RC � f1; 2; ql + 1; q2l + 1; : : : ; q(t�1)l + 1g

V. Pairs from MDS-codes 33

has thet-error-correcting pair(U; V ). The key equation (2.6) can be solvedwith complexityO(t2).

Proof. The value oftl can be obtained with Theorem 2.3. It is straightforward to verify that the complete defining setR for C satisfiesR � I + Jand thusC ? U � V . We may use Proposition 2.1. For the solving of thekey equation see Section VI. 222

Theorem 2.5 (second conjugacy format) Let the codesU=F andV=F have generating setsI = f0; 1; q2l; q4l; : : : ; q(2t�2)lg and J = f0; ql,q3l; : : :, q(2t�3)lg, for t � 2. Let t = tl be maximal such that bothU andV are MDS of dimensionk(U) = t + 1 and k(V ) = t respectively. For2 � t � tl, a codeC=F withRC � f0; 1; ql + 1; q3l + 1; : : : ; q(2t�3)l + 1ghas thet-error-correcting pair(U; V ). The key equation (2.6) can be solvedwith complexityO(t2).

Proof. As in Theorem 2.4. 222Example 2.11 We consider codes of lengthn = 23 overGF (211). LetU andV be as in Theorem 2.5 withq = 2; l = 1; t = 3, or I = f0; 1; 4; 16g

andJ = f0; 2; 8g. By Example 2.10 bothU andV are MDS and we havefound a3-error-correcting pair for the even weight subcodeC of the binaryGolay code, sinceRC � f0; 1; 3; 9g.

Lemma 2.8 (recurrences) If a pair (U; V ) is t-error-locating and thegenerating setsI andJ are of a conjugacy format, then the syndromesSi =he; a(i)i can be determined fori = qsl + 1; for s � 1; first format (Theorem 2.4):i = q(2s�1)l + 1 for s � 1; second format (Theorem 2.5):


Proof. The cases < t is obvious. Fors � t we use induction. For bothformats we may assume that the error-locating wordu = Pi2I �ia(i) hasnon-zero coordinate�1 ata(1). We have, for the first format,0 = he � u; a(qsl)i= he;u � a(qsl)i= �1he; a(qsl + 1)i+ known terms:Similarly for the second format. 222

Example 2.12 We consider codes of lengthn = 39 overGF (212).Let U andV be as in Theorem 2.4 withq = 2; l = 1; t = 4, or I =f1; 2; 4; 8; 16g andJ = f0; 2; 4; 8g. The codeV is MDS and we have founda4-error-locating pair for the binary codeC with RC � f1; 3; 5; 9g. It is oftype [39; 15; 10℄. By the lemma we can determine syndromes correspond-ing to the checks17 and65 � 26 (mod 39) and the error values can bedetermined by Lemma 2.6.

VI Complexity

A Short description of the Fundamental IterativeAlgorithm

In their paper [5], Feng and Tzeng proposed a fundamental iterative algo-rithm (FIA). For a matrixA =k Ai;j k, it gives the minimal set of dependentleading columns. It basically solves an arbitrary homogeneous system oflinear equations and contains the Berlekamp-Massey algorithm as a specialcase. The algorithm is not required to make our decoding procedure work,but it seems to be a key algorithm in treating complexity aspects. We recallit in a form that allows us to complete the proof of Theorem 2.4and Theo-rem 2.5.Whenever it is necessary for reasons of dimension, we extenda vector witha suitable number of zeros. Let the matrixA(a;b) be the submatrix ofA con-sisting of the elements in the firsta rows and the firstb columns ofA. For a

VI. Complexity 35

fixed b, we consider column vectors� with non-zero coordinate at positionb that solve the equation A(a;b)� = 0:Let a = a(b) be maximal such that a solution exists and let� = �(b) be sucha solution. To assure that a solution exists we use the convention A(0;b) =0T . For thesea and�, let�(b) be defined as�(b) = bXk=1 Aa+1;k�k;or as�(b) = 0 whenA�(b) = 0. For givenf (�(b);�(b); a(b)) gb<i the ideaof the FIA is now to calculate�(i) with help of the�(b), b < i. Starting withany vector� of lengthi and�i unequal to zero, this is achieved by subtract-ing suitable scalar multiples of the known�(b) from � thereby obtaining anew�. More precisely, whenever� solvesA(j;i)� = 0;d = iXk=1 Aj+1;k�k 6= 0;and there exists a triple(�(b);�(b); j), we construct� � � d�(b)�(b);which now solves A(j+1;i)� = 0:Finally we will obtain the triple(�(i);�(i); a(i)). Constructing triples in theabove way leads to a vector� which solves the systemA� = 0. For detailsand proofs see [5].

Let us assume thatA is a Hankel matrix. By starting the calculation of�(i)with a particular choice for�, namely a shifted version of�(i�1) with zeroin the lowest position, we get the well-known Berlekamp-Massey algorithm.The calculations of mostd are not necessary — they are zero or alreadyknown by the structure of Hankel matrices. This is the crucial point in


saving complexity. In the next section we will show how to apply the FIAto matricesS(y) obtained with Theorem 2.4 and Theorem 2.5. It turns outthat solving the linear systems described by these matricesis achieved withbasically the same complexity as used for the Berlekamp-Massey algorithm.

B Reducing complexity

In general, the complexity of the procedure described in Section II equalsO(n3). This is due to the fact that only matrix inversions and multiplica-tions are involved. We found two possibilities to improve onthe number ofcomputations. One approach uses regular structures of the matrix S(y) andthe other approach reduces the size of the field that containsthe entries ofS(y).In the case of the conjugacy format, the matrixS(y) has a highly regularstructure. We explicitly treat the first conjugacy format. For the secondconjugacy format similar considerations hold. We write thegenerating setsdefiningU andV for the first conjugacy format in the following orderedform J = fql(t�1); ql(t�2); ql(t�3); : : : ; qlg; I = f1; ql; q2l; : : : ; qtlg;excluding the zero inJ . We recall the definition ofSi given in Lemma 2.6.Si = he; a(i)i; i 2 R:ObviouslySi = hy; a(i)i holds for alli 2 R.

Lemma 2.9 With generator matrices forU and V corresponding tothe above ordering, the entries inS(y) satisfyS(y)j;i = (S(y)j+1;i�1)ql; j = 1; :::; t� 2 ; i = 2; :::; t+ 1:

Proof. The entryS(y)j;i is equal to the syndromeSh(j;i) withh(j; i) = ql(t�j) + ql(i�1):We see thath(j; i) is equal toqlh(j+1; i�1). The vectory was assumed tobe defined over a fieldF of cardinalityq. HenceSqlh = Shql and the lemmafollows. 222

VI. Complexity 37

We see from Lemma 2.9 that the format ofS(y) is very similar to a Hankelmatrix. Thus to findS(y) we only have to calculate the entries in the firstrow and the last column. The other entries are found using thelemma. Thisstructure is now used in finding the space of solutions to the key equationin the same way as in the Berlekamp-Massey algorithm. Recallthat thecomplexity gain in using the Berlekamp-Massey algorithm was due to thefact that given a vector�(b), which solves equationA(a;b)� = 0;we find a vector� that solves equationA(a�1;b+1)� = 0as a shifted version of�(b) with zero in the lowest position.

Proposition 2.2 LetS(y) be the(t� 1)� (t+ 1)-matrix of Lemma 2.9.Solving S(y)� = 0for � can be done with complexityO(t2).

Proof. Consider a typical step in the FIA. Given a solution�(i�1) tothe equationS(y)(a;i�1)� = 0, we also have a solution to the equationS(y)(a�1;i)� = 0. The latter solution is obtained by taking all elementsin �(i�1) to theql-power and shifting them by one position. Using normalbases for the field, raising a number to theql-th power can be performed bya cyclic shift, not requiring computational complexity. Whenever possible,we now perform an update of�. This is done by performing the followingoperation � � � d�(b)�(b) with d = (�(i�1))ql;and the calculation of a newd. The whole step requires at mostO(t) opera-tions and we find a solution toS(y)(a;i). Thus in every complexity demand-ing step, starting from a solution to the systemS(y)(a;b) we find a solutionto the systemS(y)(a0;b0) such thata0 + b0 is equal toa+ b+ 1. On the otherhanda0 + b0 is bounded by2t which is the sum of the number of rows andthe number of columns inS(y). So we have to perform at most2t times acalculation requiringO(t) operations. The proposition follows. 222


Remark 2.12 (on the proof of Theorem 2.4 and Theorem 2.5)To complete the proof of Theorem 2.4, we have to add a row toS(y) ofLemma 2.9. This row caused by the zero inJ does not fit into the quasiHankel format. This causes one additional step in the FIA with complexityO(t).Theorem 2.5 requires not only an additional row but also an additionalcolumn. We add this column as the rightmost column ofS(y). The FIAneeds at mostO(t) operations for every position in this column. In bothcases the overall complexity is still ruled byO(t2).

Example 2.13 The quadratic residue code of length 41 is a good ex-ample for the second conjugacy format. We findI = f1; 23; 37; 31; 0g andJ = f8; 20; 9; 0gwith ql = 23. By the results of section 3 we can setS0 = 0whenever it is needed. An error-locating polynomial is found by solving thesystem 0BB� S85+1 S82(83+1) S84(8+1) S85(8+1) S85S83+1 S82(8+1) S83(8+1) S83(83+1) S83S8+1 S8(8+1) S8(83+1) S8(85+1) S8S1 S82 S84 S86 S0 1CCA� = 0:We see that the submatrixS(y)(3;4) has a quasi Hankel structure which canbe utilized to solve the system.

In considering cyclic codes of lengthn, in most cases codesU andV willbe defined over the smallest fieldF containing ann-th root of unity. In somecases howeverU andV can be taken to be codes defined over a fieldbF � F .This implies thatS(y) has entries frombF rather than fromF which allowsus to perform these operations faster.

Example 2.14 Letn = 15. LetC be the double error-correcting BCH-code withRC = f1; 2; 3; 4; 6; 8; 9; 12g. To show how the choice ofI andJinfluences the decoding, we notice two possible choices. First we see thatwe can chooseJ = f1; 2g and I = f0; 1; 2g and this would correspondto the usual decoding as a subcode of a RS-code. A different choice isI = f2; 8; 0g andJ = f1; 4; 0g. This choice corresponds to cyclotomiccosets with respect toGF (4). S0 is only needed if two errors occurredwhich givesS0 = 0. S(y) will be a matrix overGF (4) and all calculationswill only involve computations overGF (4).

VII. More on pairs 39

VII More on pairs

A Error-location by hyperplanes

In some cases we have a pair that does not satisfy condition (2.3). If the pairdoes satisfy the weaker condition (2.9), all solutions to the key equation arestill error-locating. Example 2.18 treats such a situation. The situation be-comes quite different when also condition (2.9) fails. The following propo-sition states an important property of the solution space tothe key equation(2.4).

Proposition 2.3 For a given codeC, let the pair(U; V ) satisfy condi-tions (2.1),(2.2) and letW 6= 0, withW = (e � U) \ V ?:Then, fory 2 e + C, the key equation (2.4)n�1Xi=0 yiuivi = 0; for all v 2 V;has at leastm = k(W ) + 1 independent solutionsu1; : : : ;um 2 U . Also,there exist�1; : : : ; �m such thate � (�1u1 + : : :+ �mum) = 0: (2.20)

Proof. We may replacey in (2.4) withe. Clearlyu 2 U is a solutionwhenevere � u 2 V ?. In other words the space of solutions is the inverseimage ofW under the linear mapU �! e � U , u 7�! e � u. The maphas non-trivial kernel by condition (2.2), which proves (2.20). The vectorse � u1; : : : ; e � um are all inW and hence are dependent. 222With the vectorsfu1; : : : ;umg we associate then points(u1i; : : : ; umi), i =1; : : : ; n in affinem-space. By the proposition all points corresponding toerror positions are contained in a hyperplane through the originH : �1X1 + : : :+ �mXm = 0:The most interesting situation is that condition (2.3) fails by one. In thatcase we can apply the following proposition.


Proposition 2.4 For a given codeC, let the pair(U; V ) satisfy condi-tions (2.1),(2.2) and letd(V ?) be equal tot. If the key equation (2.4) has aone-dimensional solution space spanned byu1 2 U thene � u1 = 0is satisfied. If (2.4) has at least two independent solutionsu1;u2 2 U thenthe error points either lie in affine 2-space on a line throughthe origin ex-cluding the origin or they coincide with the origin.

Proof. If the solution space is one-dimensional then by Proposition 2.3k(W ) is equal to zero and condition (2.9) is satisfied. Otherwisek(W ) isnot greater than one because the support ofW coincides with the supportof e andd(W ) is equal tot. LetU(y) denote the space spanned byu1 andu2. If W is contained ine � U(y) then by Proposition 2.3 the error pointslie on a line through the origin. At least one ofu1 andu2 is unequal to zeroat all error positions so the origin can be excluded. IfW is not contained ine � U(y) both vectorsu1 andu2 satisfy condition (2.9) and the error pointscoincide with the origin. 222

Remark 2.13 In the above proposition we are looking for lines in aff-ine space containing at leastt points. There can be no more thann=t suchlines. Thus solving for error values can be done in parallel,not affecting thetime complexity. The computational complexity in this caseis affected by afactorn=t.

Example 2.15 We consider the binary cyclic codeC of type [31; 11,11℄ with R = f1; 3; 5; 11g. The complete defining set containsf1; 2; 3; 4; 5; 6; 8; 9; 10; 11; 12; 13g:We chooseI = f1; 2; 3; 8; 9; 10g andJ = f0; 1; 2; 3g. Conditions (2.1),(2.2) and (2.11) are satisfied witht = 5, but d(V ?) = 5 and condition(2.3) is not satisfied. We only havek(W ) � 1. We may obtain two in-dependent solutionsu1 andu2 to the key equation. Following the remarkthis gives 31 points in the affine plane. The linear combination of u1 andu2 that locates the error positions corresponds to a line passing throughthe origin and additional five of the 31 points oru1 andu2 are both error-locating. The code corresponds to entry 19 in Table 1 of Section VIII. En-tries 47,119,124,137,140, 144,146 proceed likewise.

VII. More on pairs 41

B Generalized Hamming weight

Assume now that conditions (2.1)-(2.3) are satisfied for a pair (U; V ) butcondition (2.11) for error correction is not. LetU(y) denote the solutionsof the key equation for a received wordy. Any u 2 U(y) locates theerror positions. Combination of several solutions reducesthe possible errorpatterns. We use the concept of generalized Hamming weight [26].

Proposition 2.5 Let (U; V ) be at-error-locating pair for the codeCas in Definition 2.1. Combination ofk(U) � t independent error-locatingvectorsu 2 U(y) determines the error values uniquely if the following issatisfied: d(U; k(U)� t) + d(C) > n;whered(U; i) denotes thei-th generalized Hamming weight ofU andn de-notes the code length ofC.

Proof. Immediate from the definition of generalized Hamming weight.222Example 2.16 We consider binary Reed-Muller codes of lengthn =2m, for m > 3. See [15] for the definition and the main properties. The

codeC = R(m � 3; m) has distanced(C) = 8. The dual code is thesecond order Reed-Muller code,C? = R(2; m). For the decoding ofCwe setU = V = R(1; m). In particularU � V � C?. Furthermorek(U) = m + 1 > 3 andd(V ?) = d(R(m� 2; m)) = 4 > 3. Thus the pair(U; V ) satisfies Definition 2.1 and is3-error-locating for the codeC. For acodewordu 2 U (u+ 1) � R(m� 4; m) � Cholds. Thus the zero set ofu supports a subcode ofC and the pair(U; V ) isnot 3-error-correcting. However we can reduce the possible error positionsby combiningk(U)� 3 = m� 2 independent solutions to the key equation.We haved(U; i) = 2m � 2m�i and the combination reduces the number ofpossible error positions to four.After puncturing, the codeC is cyclic and the pair(U; V ) is defined withI = J = f0; 1; 2; 4; : : : ; 2m�1g. In this case there may appear only threepossible error positions, the fourth coinciding with the punctured position.


VIII Cyclic codes of length less than 63

Table 1 gives error-correcting pairs for binary cyclic codes which have error-correction capability exceeding the error-correction capability given by theBCH bound. We use the same numbering for codes as in [13]. Equivalentcodes and subcodes with the same error correction capability are includedin the table as remark. In four cases (no. 92,123,132,146) westay one shortof the actual error-correction capability. All other pairsallow decoding upto half the actual minimum distance of the code.To check conditions (2.1) and (2.2) of Definition 2.1 is straightforward. Inall but four cases (no. 85,106,107,137), the codeV is MDS. This followseither immediately using the BCH-bound or with Theorem 2.3.Thus, alsocondition (2.3) is easily verified in these cases. In the cases 85 and 137, thedistanced(V ?) is obtained with the Hartmann-Tzeng bound and Theorem2.3 respectively. Cases 106 and 107 are treated in Example 2.18 and Exam-ple 2.19 respectively.Usage of hyperplanes (Proposition 2.4) or usage of the unknown syndromeS0 is indicated as remark. The remark FT indicates that the sameerror-cor-recting pair is given by Feng and Tzeng in [6].To show that the pairs are error-correcting we use either theBCH-bound toshow that condition (2.11) is satisfied or we use recurrencesto determineunknown syndromes until we can apply Lemma 2.6. Whenever we use theconjugacy format, Lemma 2.8 provides us with a possibility to determinesome unknown syndromes.Cases that require other recurrences are listed in Table 2. For brevity weintroduce the following notation.�i 6= 0 : R(j)! Si+j means that we useequation (2.19) in Lemma 2.7,�ilSil+j + : : :+ �i2Si2+j + �i1Si1+j = 0;with the indicatedj and thatSi+j will be the only unknown in the equation.Thus it can be obtained provided�i 6= 0. Recurrences separated by a commacan be computed in parallel. In Examples 2.17-2.20 the numbers in bracketsrefer to the numbering of the codes in the table.

Example 2.17 (26) The codes of type[33; 11; 11℄ defined withR =f1; 3, 11g andR = f3; 5; 11g are equivalent. The given pairs are also equiv-alent. The codesU andV in the latter pair however have generator matrices

VIII. Cyclic codes of length less than 63 43

no. n k d R J I d(V ?) Remark3 17 9 5 {1} {-1,+1} {-3,0,+3} 3 GF (16)

{0,8} {1,8,13} 3

8 21 9 8 {0,1,3,7} {0,1,2} {0,1,2,6} 4 FT9 7 8 {1,3,7,9} {0,1,2} {1,2,6,7} 4 no.10;FT

11 23 12 7 {1} {2,8,0} {1,4,16,0} 4 no.12,S0=1

13 31 21 5 {1,5} {1,4} {0,1,4} 3 no.1517 16 7 {1,5,7} {0,1,2} {0,7,8,18} 4 no.18,FT,S0=119 11 11 {1,3,5,11} {0; : : : ;3} {1,2,3,8,9,10} 5 no.21;H,Ex.2.15

25 33 13 10 {1,3} {-2; : : : ;+2} {-2 ; : : : ;+2} 5 GF (32),S0=0,126 11 11 {1,3,11} {0,10,20,30,40} {1,2,11,15,24,25} 6 no.27;FT

{-2; : : : ;2} {-13,-12,-11,+11,+12,+13}

6 GF (32),no.27,Ex.2.17

36 35 16 7 {1,5,7} {0,3,6} {1,2,4,5} 4 no.37,38,39;FT40 7 14 {0,1,3,5} {0; : : : ;5} {31 ; : : : ;34,0,1,8} 7 FT

41 39 26 6 {0,1} {0,1} {0,1,4} 3 no.44;FT,S0=045 15 10 {1,3} {0,2,4,8} {1,2,4,8,16} 5 no.46,Ex.2.12

{0; : : : ;3} {1,2,3,8,9} 5 FT,Ex.2.547 13 12 {1,3,13} {0; : : : ;3} {1,2,3,8,9,10} 5 no.48;H

49 41 21 9 {1} {8,20,9,0} {1,23,37,31,0} 5 no.50

51 43 29 6 {1} {1,2} {0,20,40} 3 FT52 15 13 {1,3} {-6; : : : ;-1} {0 ; : : : ;6} 7 S0=0,1

73 45 23 7 {1,5,21} {0,1,2} {31,32,33,38} 4 no.74;FT83 16 10 {0,1,3,7} {0; : : : ;3} {-2 ; : : : ;1,11} 5 no.87,88;FT84 15 9 {1,3,7,15} {0; : : : ;3} {1,11; : : : ;14} 5 no.87,89;Ex.2.685 15 10 {1,7,9,15} {0,1,2,13,14,15} {13; : : : ;17} 5 no.86,FT90 9 12 {1,5,7,9,15} {13; : : : ;17} {0,1,2,13,14,15} 6 no.91;

92 47 24 11 {1} {3,27,8,0} {1,9,34,24,0} 5 no.93,S0=0

96 51 35 5 {1,9} {0,1} {1,8,15} 3 no.97,101,105;FT{0,8} {1,8,13} 3 no.97,101,105;

98 34 6 {0,1,5} {0,1} {0,1,4} 3 no.104;FT106 27 8 {1,3,9} {0,2,8} {0,1,4,16} 3 no.109,111,115; S0=1,-

Ex.2.18107 27 9 {1,5,9} {0,2,7,8,13} {0,2,7,8,13} 5 no.110,113,116; S0=0,-

Ex.2.19108 27 9 {1,3,19} {-4; : : : ;-1} {0 ; : : : ;4} 5 no.114,117;S0=0,1119 19 14 {1,3,5,9} {0; : : : ;4} {0 ; : : : ;4,12,6} 6 no.120,S0=0,H121 17 12 {1,3,9,17,19} {-4; : : : ;0} {0 ; : : : ;4,19} 6 no.125,S0,FT122 17 14 {1,3,5,17,19} {-4; : : : ;1} {0 ; : : : ;6} 7 S0=0,1123 17 14 {1,5,9,17,19} {13; : : : ;17} {0 ; : : : ;4,19} 6 no.126;Ex.2.20

Table 1: Error-correcting pairs for binary cyclic codes of length lessthan 63.


no. n k d R J I d(V ?) Remark124 17 16 {1,3,5,9,17} {0; : : : ;5} {0 ; : : : ;5,12,13} 7 no.127,H,S0=1128 11 15 {1,3,5,11,19} {-7; : : : ;-1} {0 ; : : : ;7} 8 no.130,S0=0,1132 8 24 {0,1,3,5,9,11,17} {0,. . . ,8} {0,. . . ,10} 10 H135 55 35 5 {1} {0,9} {7,8,9} 3 FT

{7,13} {1,49,36} 3136 34 8 {0,1} {0,7,13} {0,1,49,36} 4137 30 10 {0,1,11} {0,7,13,32} {0,1,49,36,4} 4 H138 25 11 {1,5} {0,7,16,13,14} {1,18,49,2,36,43} 6 no.139140 21 15 {1,5,11} {0,7,16,13,14,32} {0,1,18,49,2,36,43,4} 7no.141;H,S0=1

144 57 21 14 {1,3} {0,2,4,8,16} {0,-1,-2,-4,-8,-16, 32} 6 no.145; H,S0=0,1146 19 16 {1,3,19} {0,2,4,8,16} {0,-1,-2,-4,-8,-16, 32} 6 no.147; H,S0=0,1

Table 1 continued: Error-correcting pairs for binary cyclic codes oflength less than 63.

no. condition recurrence syndromes17 �18 6= 0 R(25)!S12 ,R(28)!S15 ; R(24)!S11 S3; S15;S11�18 = 0 ^ �8 6= 0 R(7)!S15 ,R(9)!S17 ,R(18)!S26 S15; S3; S1126 �24 6= 0 R(16)!S7 S7�1 6= 0 R(6)!S7 S7�25 6= 0 R(1)!S26 S7�2 6= 0 R(24)!S26 S773 �38 6= 0 R(33)!S26 S783 �0 6= 0 R(5)!S5 ,R(18)!S18 S5; S9�0 = 0 ^ �11 6= 0 R(25)!S36 ; R(10)!S21 ;R(44)!S10 S9; S21; S590 �15 6= 0 R(27)!S42 S21�15 = 0 ^ �14 6= 0 R(28)!S42 S21�15 = 0^�14 = 0^�13 6= 0 R(29)!S42 S2196 �1 6= 0 R(13)!S14 ;R(2)!S3;R(40)!S41 � S5;S3;S11

106 �1 6= 0 R(48)!S49 ;R(9)!S10 ,R(43)!S44 S19;S5,S11107 �7 6= 0 R(5)!S12 ;R(16)!S23 S3;S11�7 = 0 ^ �8 6= 0 R(16)!S24 ; R(3)!S11 S3;S11121 �0 6= 0 R(14)!S14 ,R(23)!S23 S5,S11�0 = 0 ^ �19 6= 0 R(46)!S14 ;R(4)!S23 S5;S11123 �0 6= 0 R(31)!S31 ,R(48)!S48 S11,S3�0 = 0 ^ �19 6= 0 R(12)!S31 ;R(29)!S48 S11;S3136 �1 6= 0 R(32)!S33 ;R(28)!S29 ; R(19)!S20 S11;S3;S5137 �1 6= 0 R(28)!S29 ; R(19)!S20 S3;S5� This entry was incomplete in the article that was published in IEEE Transactions on Information Theory

Table 2. Recurrences for the error-correcting pairs from Table 1.

VIII. Cyclic codes of length less than 63 45GU andGV respectively that are defined overGF (32). With this choice ofGU andGV the key equation (2.6) can be solved over the fieldGF (32).Example 2.18 (106) The codeC is of type[51; 27; 8℄withR � f1; 3; 9g.

The pair(U; V ) is defined withI = f2; 8; 12; 0g andJ = f1; 4; 0g. We needS0 only when three errors occurred and may then setS0 = 1 (see section3). For the error-location all conditions except (2.3) are obviously satisfied.In fact d(V ?) = 3 and condition (2.3) does not hold fort = 3. We provethe weaker condition (2.9):(e � U) \ V ? = 0. Words of weight threein V ?=GF (256) are in the code with defining setR = f1; 4; 16; 13; 0g byTheorem 2.3. Butf1; 4g + f0; 12g � R, which implies by Theorem 5 in[13] that the support of a word of weight three must be of the formf�; ��; �2�g;for � a 51-th root of unity and� a primitive third root of unity. Up tomultiplication with a scalar the values at these positions are (1; �; �2). Butthe values ofu 2 U at these positions are a linear combination of(1; 1; 1)and(1; �2; �) and (2.9) is satisfied.In [6] the pairI = f0; 2; 8; 12g andJ =f0; 1; 4g is given without the above verification.

Example 2.19 (107) The codeC is of type[51; 27; 9℄withR � f1; 5; 9g.The pair(U; V ) is defined withI = J = f8; 13; 2; 7; 0g. We needS0 onlywhen four errors occurred and may then setS0 = 0 (see section 3). Forthe error-location we prove (2.3):d(V ?) > 4. A word 2 V ? satisfies thechecksf8;13;2;0g and by Theorem 2.3 also checksf8;13;2;16; 26; 4; 32;1;0gif it is of weight four or less. Thusd(V ?) � 4. Let have non-zero values( 1; 2; 3; 4). At the same support we have codewords with values( 1 1, 1 2; 1 3; 1 4) and( 21; 22; 23; 24). Thus 1 = 2 = 3 = 4. Example 32in [13] shows that a binary code withR � f1; 7g has no words of weightfour, usingR � f0; 3g + f1; 2; 4g. The error-correction follows with therecurrences in Table 2.

Example 2.20 (123) There is an extended choice forU andV , namelyI = f0; 1; 2; 3; 4; 19; 36g andJ = f13; 14; 15; 16; 17; 32; 49g. Assume sixerrors have occurred and we find a space of polynomials with�36 equal to


zero. Then we can apply the hyperplane method and the given recurrences.If there is no such solution then the error positions do not support a code-word inV ? and the solution with�36 6= 0 is error-locating. An error-locatorof the form�2X2+�19X19+�36X36 can occur and then the zero set supportsan eight dimensional subcode ofC. Solutions of another form determine theerror values uniquely:�0 6= 0 : R(31)! S31; R(48)! S48:�1 6= 0 : R(30)! S31; R(47)! S48:�3 6= 0 : R(34)! S37; R(0)! S3:�4 6= 0 : R(33)! S37; R(50)! S3:IX Sequences of codes

In a certain range of the minimum distance, the conjugacy formats of Sec-tion V allow the construction of sequences of cyclic codes with the samedesigned distance and redundancy as BCH-codes.

Proposition 2.6 Let n be equal to2m � 1, m = 2l + 1. For a bi-nary cyclic codeC with defining setRC � f1; 2l + 1; 2l�1 + 1g we have a3-error-correcting pair(U; V ) with generating setsI = f0; 1; 22l; 24lg andJ = f0; 2l; 23lg.

Proof. The code is defined in [15, Ch.9 §11]. There it is also provedthat the distanced = 7. For the even weight subcode we may writeR �f0; 1; 2l+1; 23l+1g. Thus we find the formats of Theorem 2.5, except thatthe codeU is not MDS. In fact the codesU andV are equivalent to codeswith generating setsI 0 = 4 � I = f0; 4; 2; 1g andJ 0 = 4 � 2l � J = f0; 2; 1g,which shows that conditions (2.1)-(2.3) and (2.11) are fulfilled. SinceS0occurs only once in the key matrixS(y), by the results of Section IV wecan assume thatS0 � 3 (mod 2). 222

Remark 2.14 (QR-codes) It is clear from Table 1, that the secondconjugacy format yields good pairs for the smaller binary QR-codes. The

IX. Sequences of codes 47

conjugacy formats require defining sets of sizet, while the BCH-format re-quires sets of size2t (the largest set of consecutive quadratic residues is ingeneral not formed by the residuesf1; 2; : : : ; 2tg and the usual argumentthat onlyf1; 3; : : : ; 2t � 1g need to be in the defining set does not apply).With a uniform distribution of the quadratic residues, the conjugacy formatsshould correct about twice the number of errors of the BCH-format. Calcu-lations for codes of length less than 1024 agree with this. For example, forthe codes of lengthn = 863 andn = 887, we apply Theorems 2.4 and 2.5with q = 2. They yield pairs to correctt = 10 (l = 57) andt = 7 (l = 62)errors forn = 863 andt = 8 (l = 182) and t = 11 (l = 206) errors forn = 887. For both values ofn, the BCH-format correctst = 4 errors. Also,it is clear that both the BCH-format and the conjugacy formats have a capa-bility that is of order log(n) for large codelengthn. This is way below thesquare root bound.

In addition to the sequences of codes satisfying the conjugacy format, wegive the following sequences.

Proposition 2.7 Let C be a binary cyclic code of lengthn where 3does not dividen. LetRC contain the setf�1; 1g. Then a 2-error-correctingpair (U; V ) is given through generating setsI = f�3; 0; 3g and J =f�1; 1g.

Proof. The complete defining setR for C satisfiesR � I + J . 3 doesnot divide the length and it follows thatU andV are both MDS. The prooffollows from Proposition 2.1. 222

Example 2.21 (Zetterberg codes [24]) Letn be equal to22m+1. TheZetterberg codeC with defining setRC = f1g has the2-error-correctingpair (U; V ) given in Proposition 2.7.

Example 2.22 (Melas codes [25]) Let n be equal to2m � 1 and letmbe odd. The Melas codeC with defining setRC = f1;�1g has the2-error-correcting pair(U; V ) given in Proposition 2.7.


The following sequence of reversible codes contains as members binarycodes of type[73; 37;� 11℄ and[85; 45;� 11℄.

Proposition 2.8 Let C be a binary cyclic code of lengthn where 3does not dividen. LetRC contain the setf�7;�5;�1; 1; 5; 7g. Then a 5-error-correcting pair(U; V ) is given through generating setsI = f�4;�2;�1; 1,2; 4g andJ = f�6;�3;�0; 3; 6g.

Proof. Use Theorem 2.2. 222X Conclusions

In this paper we have presented algebraic decoding algorithms for linearcyclic codes. For binary codes of length less than 63, the full error-correctioncapability of the code is achieved in all but four cases. The decoding proce-dures depend heavily on the idea oferror-correcting pairswhich was firstdeveloped by Pellikaan in [17]. This idea unifies to a certainextent alge-braic decoding techniques, and, as is shown in Section IV, former resultsobtained by Feng and Tzeng in [5] have a clear interpretation. As is shownin Section V, error-correcting pairs from MDS-codes are very often the keyto the decoding of certain classes of cyclic codes. So the decoding of classi-cal BCH-codes employs RS-codes in the corresponding error-locating pairs.We have derived a new class of MDS-codes which are used to describe anew family of codes. This new family resembles in many ways the classicalBCH-codes and contains members like the[23; 12; 7℄ Golay code and the[41; 21; 9℄ QR-code. In correspondence with BCH-codes an efficient decod-ing procedure for the new family is derived which uses a Berlekamp Masseytype algorithm. Thus the decoding of codes in this family needs onlyO(n2)operations.

Bibliography

[1] E.R. Berlekamp,Algebraic coding theory.New York: McGraw-Hill,1968.

[2] R.E. Blahut,Theory and practice of error control codes.Reading, Ma.:Addison-Wesley, 1983.

[3] P. Bours, J.C.M. Janssen, M. van Asperdt, and H.C.A. van Tilborg,“Algebraic decoding beyondeBCH of some binary cyclic codes, whene > eBCH ,” IEEE Trans. Inform. Theory, vol.IT-36, pp.214-222, 1990.

[4] M. Elia, “Algebraic decoding of the (23,12,7) Golay code,” IEEETrans. Inform. Theory, vol.IT-33, pp.150-151, 1987.

[5] G.L. Feng and K.K. Tzeng, “A generalization of the Berlekamp-Massey algorithm for multisequence shift-register synthesis with ap-plications to decoding cyclic codes,”IEEE Trans. Inform. Theory,vol.IT-37, pp.1274-1287, 1991.

[6] G.L. Feng and K.K. Tzeng, “Decoding Cyclic and BCH codes upto Actual Minimum Distance Using Nonrecurrent Syndrome Depen-dence Relations,”IEEE Trans. Inform. Theory, vol.IT-37, pp.1716-1723, 1991.

[7] G.L. Feng and K.K. Tzeng, “A new procedure for decoding cyclic andBCH codes up to actual minimum distance,”Proc. IEEE Int. Sym. Info.Th., p.95, San Antonio,1993.

[8] V.D. Goppa, “Codes on algebraic curves,”Soviet Math. Dokl., vol. 24,pp.170-172, 1981.

49


[9] C.R.P. Hartmann and K.K. Tzeng, “Generalizations of theBCHbound,”Inform. Contr., vol.20, pp.289-498, 1972.

[10] C.R.P. Hartmann and K.K. Tzeng, “Decoding beyond the BCH boundusing multiple sets of syndrome sequences,”IEEE Trans. Inform. The-ory, vol.IT-20, pp.292-295, 1974.

[11] J. Justesen, K.J. Larsen, H.E. Jensen, A. Havemose, andT. Høholdt,“Construction and decoding of a class of algebraic geometric codes,”IEEE Trans. Inform. Theory, vol.IT-35, pp.811-821, 1989.

[12] R. Kötter, “An unified description of an error locating procedure forlinear codes”, Proceedings of the international workshop on Algebraicand Combinatorial Coding Theory, Voneshta Voda, Bulgaria 1992.

[13] J.H. van Lint and R.M. Wilson, “On the minimum distance of cycliccodes,”IEEE Trans. Inform. Theory, vol.IT-32, pp.23-40, 1986.

[14] J.H. van Lint,Introduction to Coding Theory.New York: Springer-Verlag, 1982.

[15] F.J. MacWilliams and N.J.A. Slone,The Theory of Error-CorrectingCodes.Amsterdam: North-Holland, 1977.

[16] J.L. Massey, “Shift-register synthesis and BCH decoding,” IEEETrans. Infor. Theory, vol.IT-15, pp.122-127, 1969.

[17] R. Pellikaan, “On decoding linear codes by error correcting pairs,”Eindhoven University of Technology, preprint, 1988.

[18] R. Pellikaan, “On the decoding by error location and thenumber ofdependent error positions,”Discrete Math.vol. 106/107, pp. 369-381,1992

[19] W.W. Peterson and E.J. Weldon Jr.,Error-correcting codes.Cam-bridge, MA: M.I.T. Press, 1971.

[20] C. Roos, “A new lower bound for the minimum distance of a cycliccode,”IEEE Trans. Inform. Theory, vol.IT-29, pp.330-332, 1983.

BIBLIOGRAPHY 51

[21] C. Roos, “A generalization of the BCH bound for cyclic codes, in-cluding the Hartmann-Tzeng bound,”J. Comb. Theory, Ser. A, vol.33,pp.229-232, 1982.

[22] A.N. Skorobogatov and S.G. Vladut, “On the decoding of algebraic-geometric codes,”IEEE Trans. Inform. Theory, vol.IT-36, pp.1051-1060, 1990.

[23] P. Stevens, “Extension of the BCH decoding algorithm todecode bi-nary cyclic codes up to their maximum error-correction capacity,”IEEE Trans. Inform. Theory, vol.IT-34, pp.1332-1340, 1988.

[24] L. H. Zetterberg, “Cyclic codes from irreducible polynomials for cor-rection of multiple errors,”IEEE Trans. Inform. Theory, vol.IT-8,pp.13-20, 1962.

[25] C. M. Melas, “A cyclic code for double error correction,” IBM J. Res.Devel.,4, pp.364-366, 1960.

[26] V. K. Wei, “Generalized Hamming weights for linear codes,” IEEETrans. Inform. Theory, vol.IT-37, pp.1412-1418, 1991.

Chapter 3

A fast parallel implementation ofa Berlekamp-Massey algorithmfor algebraic-geometric codes�

Abstract We obtain a parallel Berlekamp-Massey type al-gorithm for determining error-locating functions for the class ofone-point algebraic-geometric codes. The proposed algorithmhas a regular and simple structure and is suitable for VLSI im-plementation. We give an outline for an implementation, whichuses as main blocks copies of a modified one-dimensionalBerlekamp-Massey algorithm, where is the size of the firstnon-gap in the function space associated with the code. Sucha parallel implementation determines an error locating functionin timeO(n2) wheren is the length of the algebraic geometriccode.

Index Terms — algebraic geometric codes, decoding,Berlekamp-Massey algorithm.

�submitted toIEEE Transactions on Information Theory

53

54 Chapter 3. A fast parallel implementation of a BMA for AG codes

I Introduction

The decoding problem in coding theory consists of finding a codeword in agiven code that has minimum Hamming distance to a given received wordy. One successful strategy to accomplish this task is decoding by error loca-tion. This means that the problem is separated into the two problems of firstdetermining the support of the error vector and then determining the corre-sponding error values. Decoding by error location is the common principleof most decoding algorithms for algebraic geometric (AG) codes. The mainproblem in making AG codes practical is to find a way of performing therequired computations in a fast and efficient way.

A computationally efficient algorithm for decoding of AG codes was firstdescribed by Justesen et al. in [1]. The approach is based on atwo dimen-sional Berlekamp-Massey type algorithm introduced by Sakata in [2]. In [3]Sakata et al. extended the algorithm to allow efficient decoding up to halfthe designed minimum distance. The algorithm in [3] treats in detail codesfrom Hermitian curves and needs a complexity, counted as thenumber ofmultiplication in the field of concern, that is upper boundedby a termAn7=3for a large enough constantA. Heren denotes the length of the code froman Hermitian curve and the constantA is independent of the length of thecode.

In addition to [1][3] there is a considerable literature on the computationallyefficient decoding of AG codes available [4][5][6][7][8][9][10][11] [12].The algorithms presented in these papers yield a decoding complexity whichis essentially upper bounded by a termB n2 for a large enough constantB.Again,n denotes the length of the AG code, the constantB is independentof the length of the code and is the first non-gap in the non-gap sequenceof the space associated with the AG code.

With exception of [11] hardware implementation issues are rarelytreated in the above references. The main goal and achievement of thepresent paper is the development of an algorithm that is fastandthat can beefficiently implemented. The development of such an algorithm is crucialto make AG codes competitive when compared to non-binary BCHcodesor concatenated code constructions. In this context one hasto consider notonly computational complexity but also steering logic overhead and space

I. Introduction 55

requirements in a hardware implementation. In particular,a parallel, simpleand regular implementation of the decoding algorithm is essential in orderto make AG codes a reasonable option in engineering applications.

We propose an algorithm that offers such convenient features in a hardwareimplementation, while maintaining essentially the same computational bur-den as the algorithms mentioned above. A parallel implementation performsone run of the algorithm as fast as a one-dimensional Berlekamp-Massey al-gorithm (BMA) used for example in the decoding of Reed-Solomon (RS)codes. This is due to the fact that the basic building blocks of a parallelimplementation of the presented algorithm are just modifiedimplementa-tions of a one-dimensional BMA. Using a serial implementation of theseone-dimensional BMA the running time of our algorithm isO(n2), whereas a time unit we use the time required for a multiplication ina finite field.We outline a parallel architecture for VLSI implementationthat is based onBlahut’s implementation of a one dimensional BMA [15]. Using a parallelimplementation of the one-dimensional BMA it is possible tofurther speedup the algorithm. We achieve this running time while maintaining the spacecomplexityO( n), measured in terms of registers and arithmetical units. Itis convenient to compare the cost of using algebraic geometric codes in anapplication to the costs of using an RS code. In the proposed parallel imple-mentation the time requirement for an algebraic geometric code correctingterrors and defined over a curve of genusg is essentially the same as the timerequirements of a Reed- Solomon code correctingt + 2g errors. The spacerequirement is times as large. For codes on Hermitian curves, equalsn 13 . This has to be seen in the light of the Hermitian code being timeslonger than an extended Reed Solomon code over the same alphabet.

We also give an algorithm for efficient error-erasure decoding. The maindifference to the case of error-only decoding is a differentinitialization ofthe algorithm.

Given a nontrivial error-locating function it is known how to calculate theerror values to complete the decoding of an AG code. In order to keep thepaper short we concentrate on the problem of finding error-locating func-tions. For a treatment of the problem of finding error values in order tocomplete the decoding the reader is referred to e.g. [1][10][14].

When dealing with computational complexity, we prefer in the present pa-per to count the number of binary operations that are required to perform all


necessary multiplications in the finite field of concern. Whenever a state-ment in this paper concerns complexity, we assume that the finite fields ofconcern have characteristic two. Using this complexity measure the algo-rithm from [3] requires a complexity in the orderO((log2(q))2n7=3) whereqdenotes the size of the code alphabet. For a thorough treatment of complex-ity issues in connection with VLSI implementations we referto Mastrovito[16].

In contrast to computational complexity, the time complexity is measured inthe time required for a multiplication in a finite field. We usethis time unitindependently of the size of the field of concern. This is reasonable whenwe assume the use of parallel multiplier architectures and when we neglectthe length of the critical path in a VLSI multiplier implementation [16].

II Algebraic-geometric codes

Let Fq be the finite field withq elements and letX be a nonsingular, projec-tive, absolutely irreducible curve overFq with genusg. A rational functionf on X is characterized by the divisor of zeros and poles off , denotedby (f). For a given divisorG, L(G) is defined as the space of all rationalfunctions satisfying L(G) = ff : (f) +G � 0)g:Let D be a divisor obtained as the sum ofn distinct Fq -rational pointsPi; i = 0 : : : n� 1 such that the supports ofG andD are disjoint. There aretwo different ways of defining an AG code. ThefunctionalcodeCL(D;G)is defined asCL(D;G) = f(f(P0); f(P1); : : : ; f(Pn�1)) : f 2 L(G)gand theresidualcodeC(D;G) is defined asC(D;G) = (CL(D;G))?:The term residual code originates from the fact thatC(D;G) can be ob-tained by taking residues of differentials onX in pointsPi. The parameters

II. Algebraic-geometric codes 57

of C(D;G) can be found in e.g [17] as lengthn = deg(D), dimensionk(C) = n � deg(G) + g � 1 and designed minimum Hamming distanced�(C) = deg(G)� 2g + 2 for n > deg(G) > 2g � 2.

Let l(G) denote the dimension ofL(G). The main tool for investigating AGcodes is the Riemann-Roch theorem, which yields thatl(G) � deg(G)� g + 1with equality ifdeg(G) > 2g � 2.

We will only consider the case of so called one-point codes, which meansthatG is a multiple of aFq -rational pointP1. This is advantageous in an im-plementation, because the spaceL(mP1) has a relatively regular structurecompared to spaces associated with arbitrary divisorsG. We briefly recallthe main ideas of Sakatas algorithm [2] when it is applied to the efficientdecoding of AG codes, cf. [1][3][4][5][6][10].

The set of functions, that have poles only at a certain pointP1, forms a ring.For simplicity we assume in this section, that this ring is generated overFqby two functions 1; 2 with respective pole ordersv1; v2; v1 < v2 at P1.The valuev1 is crucial for complexity considerations and we denote it by .

Let a vectory of lengthn be given such thaty = +e; 2 C(D;G) wheree is an error vector with Hamming weightt < d�(C)=2. The syndromessi;j are defined as si;j = n�1Xl=0 el i1(Pl) j2(Pl):It is clear from the definition of the codeC(D;mP1) that we can calculatesi;j from the vectory if iv1 + jv2 is less than or equal tom. Let f be afunction of the form f = X(i;j):iv1+jv2�w fi;j i1 j2;which has pole orderw at P1. f is called an error-locating function iffevaluates to zero in the error positions, i.e. the equationf(Pl)el = 0 holds


for all l. The main observation that allows the determination of an error-locating functionf is thatf gives a linear recurrence on the two dimensionalarray of syndromessi;j, cf.[18],X(i;j):iv1+jv2�w fi;jsi+i0;j+j0 = 0 8i0; j0 � 0: (3.1)

In [18] it is shown that we can determine an error-locating function from theknown syndromes provided that the weight of the error vectoris less than(m�3g+1)=2 = (d�(C)�g)=2. In order to achieve the full error correctioncapability of the code, we need to know all syndromessi;j with iv1+jv2 lessthan or equal tom + g. Feng and Rao [19] and Duursma [20] showed howto obtain thesi;j with iv1 + jv2 > m from the knownsi;j, provided that theerror vector has weight less thandFR(C)=2, wheredFR(C) � d�(C)denotes the Feng Rao distance of the codeC(D;mP1), cf. [21]. Theirresult leads to an algorithm, which allows determination ofan error-locatingfunctionf for any error vector of weight at most(dFR(C)�1)=2. Once anerror-locating function (i.e. a set of possible error positions) has been foundwe can find the error vectore by an erasure decoding algorithm. Given anerror-locating function this step requires a complexity atmost in the orderof O((log2(q))2n2) cf. [1][10][14], which is also the complexity required tocalculate syndromes from the received word.

The overall complexity of a decoding algorithm for AG codes is usuallydominated by the complexity of the algorithm used for the calculation of theerror-locating function. Feng and Rao used Gaussian elimination to solvethe set of linear equations (3.1) resulting in a complexityO((log2(q))2n3).Our algorithm requires a computational complexityO((log2(q))2 n2), whichis essentially the complexity required by any of the the algorithms proposedfor efficient decoding of AG codes. However, our algorithm offers in addi-tion to this computational complexity a simple and easily parallelized struc-ture. In order to be able to compare our algorithm with Sakatatype algo-rithms we describe the operations required to perform a typical iteration stepin the modified Sakata algorithm. For a detailed treatment and the requiredmodifications of the algorithm we refer to [1][2][10][22] and [23].

At the starting point of a typical iteration of Sakatas algorithm we havetwo collections of functionsFu andGu with the following properties. The

II. Algebraic-geometric codes 59

functionsf 2 Fu satisfy equations (3.1) for all numbers(i0; j0) such thati0v1+ j0v2+w is less than or equal tou. The setGu consists of functionsg,that failed to satisfy the equations of (3.1) in an earlier step of the algorithm.The goal of one iteration step is to construct correspondingsetsFu+1 andGu+1. This is accomplished by performing the following operations.


1. For anyf 2 Fu check whetherf is also an element inFu+1.2. Given the pole orders of functions inFu andGu, the pole order of

functions inFu+1 is calculated according to a number of differentcases described in [2]. The corresponding functionsf 0 2 Fu+1 arethen constructed by selecting suitable pairs of functions(f; g), f 2 Fuandg 2 Gu and combining them in a proper way. This implies anoperation of the formf 0 a1 b2f + Æ a01 b02 gwhere the numbersa; b; a0; b0; Æ are determined by the different casesdescribed in [2].

3. The elements ofGu+1 are chosen among the elements ofGu and thefunctions ofFu such that certain requirements associated with the setFu+1 are satisfied.

One of the key problems in finding an efficient way of implementing Sakatasalgorithm is that in step 2 of an iteration a functionf 2 Fu, (g 2 Gu) may beused for the construction of several different functions inFu+1. Moreover,the pair of functionsf andg that are needed to construct a functionf 0 2Fu+1 is impossible to predict a priori. We quote the following statementfrom [24] which points out just this difficulty in a software implementationof the algorithm from [3]:

‘At any point q we unfortunately need access to every polyno-mial in the auxiliary setG andF when we want to construct apolynomial for the newF -set. ... . For the sake of hardware-implementation it would be nice if we do not have to use thepolynomials inF andG more than once when we construct thenewF -set.’

It is just this difficulty that we overcome in our algorithm byusing two setsof functions that maintain a constant size throughout the algorithm. Asimilar idea was used by Sakata in [12] to develop a parallel algorithm in theframework of his algorithm. The most important features of our algorithmare listed below.

III. The syndrome matrix 61� The algorithm is easily parallelized where the main buildingblocks of an implementation are modified implementations of aone-dimensional BMA . Thus the time required for one run of thealgorithm is essentially equal to the time required by a BMA for RScodes.� The different cases of Sakatas algorithm are reduced to one condition.� No selection procedure for pairs of functions is needed. Thepair offunctions used to construct a new function is in every iteration stepdetermineda priori.� No additional multiplication of functions with monomials of the form a b ( a1 0 b20) is required.

III The syndrome matrix

Our algorithm is best described using a matrix notation. We translate thelinear conditions, that are imposed on an error-locating function by equation(3.1), into a matrix language, cf. [7][8]. We start by characterizing someproperties of the spaceL(mP1), that are needed to fix a suitable basis ofL(mP1).Let oj be a non-negative integer such thatl(ojP1) 6= l((oj � 1)P1). Thismeans that there exists a function�oj with a pole of orderoj at P1. Thenumberoj is called a non-gap ofP1. The constant function has no poles sothato0 = 0 and�0 = 1. As a consequence of the Riemann-Roch Theoremthe non-gaps satisfy0 = o0 < o1 < o2 < � � � < og�1 < 2g; oi = i+ g; for i � g:�o1 is a non-constant function of lowest pole order atP1 and it follows that equalso1. P1 is called aWeierstrass point, if is less thang + 1. It isclear that whenoi andoj are non-gaps thenoi + oj is also a non-gap. Theset of integersi 2Z such thatl(iP1) = l((i � 1)P1) holds is denoted byG. The following definition gives a basis ofL(mP1) that is suitable forthe proposed algorithm. Functions that are elements inL(mP1) are alwaysassumed to be expanded in this basis.


Definition 3.1 A standardbasisB(m) = f1; � ; : : : ; �mg for L(mP1)has the property that if�j is an element ofB(m) and l is the least positivenon-gap inB(m) such thatj � l is a non-gap then�j = �l�j�l:The most important consequence of Definition 3.1 is that for any�l 2 B(m)with l � m � the function� �l, too, is an element ofB(m). In otherwordsB(m) is closed under multiplication with� as long as this is con-sistent with the maximal pole orderm. In order to get a structurally niceformulation of the algorithm in section IV, we formally define �i = 0 ifi 2 G, cf. [7][8]. We can uniquely express any functionf 2 L(mP1) asf = mXi=0 fi�i; fi = 0 8 i 2 G;and can thus identify vectorsf = (f0; f1; : : : ; fm) with functions. We willfreely use this identification and say e.g. that a functionf solves a linearsystem of equations if the corresponding coefficient vectordoes.

Example 3.1 We consider the Klein quartic curve overF23 �= F2 [�℄=h�3 + � + 1i given by the equationX : X3Y + Y 3Z = Z3X:X has genusg = 3 and contains 24F23 -rational pointsPi. We choose thepointP1 = (0 : 1 : 0) and construct the space of functionsL(13P1). Theintersection divisors of the coordinate functions are(X) = 3(0 : 0 : 1) + (0 : 1 : 0)(Y ) = 3(1 : 0 : 0) + (0 : 0 : 1)(Z) = 3(0 : 1 : 0) + (1 : 0 : 0):The functions�3 = Y=Z, �5 = XY=Z2 and�7 = Y 3=Z2X have poleorder3; 5; 7 at P1, respectively. Moreover�3; �5; �7 generate the ring offunctions with poles inP1. The gaps are(1; 2; 4) and equals 3. A standardbasis forL(13P1) is given as1; �3; �5; �23; �7; �3�5; �33; �3�7; �23�5; �43; �23�7:

III. The syndrome matrix 63

The codeC(D; 13P1) has length 23, dimension 12 and minimum distance9.

For later use we note the following relations for functions onX , which caneasily be verified:�25 = �10 + �3; �27 = �14 + �7; �5�7 = �12:Using these relations we find�i�j=8<: 0 i 2 f1; 2; 4g _ j 2 f1; 2; 4g�i+j+�i+j�7 i 62 f1; 2; 4g ^ j 62 f1; 2; 4g ^ i � j 6� 0 mod3�i+j otherwise. 222As before let a vectory of lengthn be given such thaty = + e; 2C(D;mP1). We define the entries of a semi-infinite matrixS = kSi;jk,0 � i; j by the equationSi;j = n�1Xl=0 el�i(Pl)�j(Pl): (3.2)

The linear conditions, that the matrixS imposes on a vector� in a systemof linear equationsS�T = 0, are in fact just a reformulation of the linearconditions described by the recursions of equation (3.1). Thus any solutionto the equationS�T = 0 corresponds to the coefficient vector of an error-locating function.

Example 3.2 (Example 3.1 continued) We consider the setup of Ex-ample 3.1. For a received vectory let the following entries inS be calcu-lated.S0;0 = �4; S3;0 = �; S5;0 = �3; S6;0 = �6; S7;0 = 1; S8;0 = �6;S9;0 = 0; S10;0 = �5; S11;0 = �2; S12;0 = �4; S13;0 = �5:The syndromesSi;0, i � 13 correspond to an error vector of weight 4 witherrors at points(1 : � : 1), (1 : �2 : 1), (�2 : �4 : 1), (�2 : �5 : 1)


and corresponding error values�, 1, 1, �2. We can calculate the knownpart of the matrixS with help of the following relations, which are a directconsequence of the relations among functions�i given in Example 3.1,Si;j=8<: 0 i 2 f1; 2; 4g _ j 2 f1; 2; 4gSi+j;0+Si+j�7;0 i 62 f1; 2; 4g ^ j 62 f1; 2; 4g ^ i�j 6�0 mod3Si+j;0 otherwise:Our knowledge of the matrixS can be expressed as follows:

S=0BBBBBBBBBBBBBBBBBBBBBBBBB�

�4 0 0 � 0 �3 �6 1 �6 0 �5 �2 �4 �5 � � �0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0� 0 0 �6 0 �6 0 �5 �2 �4 �5 ? ? ?0 0 0 0 0 0 0 0 0 0 0 0 0 0�3 0 0 �6 0 �6 �2 �4 � ? ? ? ? ?�6 0 0 0 0 �2 �4 �5 ? ? ? ? ? ?1 0 0 �5 0 �4 �5 ? ? ? ? ? ? ?�6 0 0 �2 0 � ? ? ? ? ? ? ? ?0 0 0 �4 0 ? ? ? ? ? ? ? ? ?�5 0 0 �5 0 ? ? ? ? ? ? ? ? ?�2 0 0 ? 0 ? ? ? ? ? ? ? ? ?�4 0 0 ? 0 ? ? ? ? ? ? ? ? ?�5 0 0 ? 0 ? ? ? ? ? ? ? ? ?...

. . .

1CCCCCCCCCCCCCCCCCCCCCCCCCA:222

Our goal is to calculate an error-locating function with lowcomplexity fromthe matrixS. An algorithm for accomplishing this task is given in sectionIV, where we assume for clarity that all entries inS are known. This isreasonable because the entries of matrixS that are unknown when startingthe algorithm can be determined whenever they are needed to continue thealgorithm [19][20]. The inclusion of a procedure to determine the unknownentries inS in our algorithm is postponed to section V.

IV. The algorithm 65

IV The algorithm

We denote byS(a;b) the submatrix ofS consisting of the elements in thea+1first rows in theb + 1 first columns ofS, i.e.: S(a;b) = kSi;jk, 0 � i � a,0 � j � b.Suppose we are given a function� 2 L(bP1) n L((b � 1)P1) that solvesthe system of linear equationsS(a�1;b)�T = 0; bXi=0 �iSa;i = � 6= 0:We then say that the function� gives a discrepancy with value� at position(a; b). If a function� 2 L(bP1) nL((b� 1)P1) solves the linear system ofequationsS�T = 0, we formally say that� gives a discrepancy in position(1; b).The idea of the proposed algorithm is to iteratively find nonzero functions�that solve an equationS(a;b)�T = 0 for increasing numbersr = a + b. Thefollowing lemma provides a possibility to combine partial solutions.

Lemma 3.1 Let a function� give a discrepancy with value� in position(a; b). Moreover, suppose we are given a function� that gives a discrepancywith value1 in position(a; b0), b0 � b. Then the function�0 = �� givesa discrepancy in position(a0; b) with a0 > a.

Proof. Clearly the equationsbXi=0 Sj;i�0i = 0; 0 � j < ahold. Moreover, we havebXi=0 Sa;i�0i = bXi=0 Sa;i�i �� b0Xi=0 Sa;i�i = �� = 0: 222


The following lemma is one of the keys to a Berlekamp-Massey type algo-rithm for saving computational complexity.

Lemma 3.2 Suppose we are given a function� that gives a discrepancywith value� in position(a; b). Then the function� � gives a discrepancyin position(a0; b+ ) with value�0 anda0 = � > a� a� 2 Ga� otherwise.

Moreover, ifa� 62 G holds we have�0 = �.

Proof. With equation (3.2) and� = Pbl=0 �l�l the assumption of thelemma implies n�1Xj=0 ej�(Pj)�i(Pj) = 0 for i < a:This means thatn�1Xj=0 ej(� (Pj)�(Pj))�i(Pj) = 0 for i < a� :If a� 62 G holds then the relation�a = � �a� is satisfied. The equationn�1Xj=0 ej�(Pj)�a(Pj) = �is rewritten as n�1Xj=0 ej(� (Pj)�(Pj))�a� (Pj) = �:Thus the claim�0 = � holds ifa� 62 G. 222Lemma 3.1 and 3.2 can now be combined to give the basic induction step inthe proposed algorithm.


Lemma 3.3 Let � and� be two functions that give discrepancies in po-sitions(a; b) and (a0; b0) with values� and 1. Moreover, let the numbersa; b; a0; b0 satisfy the relationsa0 + b0 < a+ b anda0 � a (mod ). We canconstruct a function�0 that gives a discrepancy in position(a00; b00) wherea00 + b00 > a+ b by letting�0 = ( � ��(a0�a)= � a � a0�(a�a0)= � �� a0 < a : (3.3)

Proof. We first consider the case whena is less than or equal toa0.The multiplication of function� with �(a0�a)= implies, by Lemma3:2, that�(a0�a)= � gives a discrepancy in position(a; b0 + (a0 � a)). On the otherhand,b > (b0+(a0�a)) holds by assumption and we can invoke Lemma 3.1,which proves the claim. The proof of the casea0 < a is similar. �(a�a0)= �gives a discrepancy in position(a0; b + (a � a0)) which has value�. Theconditionb + (a � a0) > b0, needed in order to invoke Lemma 3.1, holdsagain by assumption. 222Lemma 3.2 suggests a partitioning of functions� into equivalence classes,where two functions are in the same equivalence class if their pole order atP1 is equal modulo . On the other hand Lemma, 3.3 motivates a partition-ing of functions� into equivalence classes. Here two functions are in thesame equivalence class if they give discrepancies in rows with indices thatare equivalent modulo . We formally define two sets of functions�(r;i) and�(r;i).

Definition 3.2 A collection of functions�(r;i) and�(r;i) of pole orderb(r;i)� andb(r;i)� is called valid at pole orderr if the following conditions hold.� The functions�(r;i) give discrepancies at positions(a; b(r;i)� ) whereb(r;i)� is minimal such thatb(r;i)� 62 G, b(r;i)� � i mod anda+b(r;i)� > r.


Moreover, we define numbersa(r;i)� , j(r;i) and�(r+1;i) asa(r;i)� = r + 1� b(r;i)�j(r;i) = a(r;i)� mod �(r+1;i) = 8>><>>: b(r;i)�Xl=0 �(r;i)l Sa(r;i)� ;l a(r;i)� 62 G0 a(r;i)� 2 G:� The functions�(r;j) give discrepancies with value1 at position(a(r;j)� ; b(r;j)� ) wherea(r;j)� is maximal such thata(r;j)� � j mod anda(r;j)� + b(r;j)� � r. If no such function exists we define�(r;j) = 0 anda(r;j)� as a(r;j)� = maxl2G fl : l � j mod g:The relevance of the above definition of�(r;i) for the decoding of AG codesbecomes clear in the following lemma.

Lemma 3.4 Let for a code of typeC(D;mP1) an error vectore ofHamming weightt < (m � 2g + 2)=2 = d�(C)=2 be given. The spaceof error-locating functions has a basis�li �(m+2g+ �1;i) whereli � 0 and0 � i < . Moreover, the error-locating function of lowest pole order atP1 is given as the function of lowest pole order in the setf�(m+g;i)g �1i=0 .

Proof. We first prove the second statement of the lemma. To this end,let f be the function of lowest pole order inf�(m+g;i)g �1i=0 . As a conse-quence of the Riemann-Roch Theorem the pole order of this function is lessthant+ g + 1 andf solves the equationS(m�t;t+g)f = 0. We have to provethatf is error-locating. To this end, letM(a) be the(a+1)�n matrix withelementsMi;j = �i(Pj), 0 � i � a, 0 � j � n� 1. Matrix S(m�t;t+g) canbe decomposed intoS(m�t;t+g) =M(m� t)diag(e)M(t + g)Twherediag(e) is the diagonal matrix with the vectore on its main diag-onal. The expression diag(e)M(t + g)T f is now identified as the column


vector obtained by the component-wise multiplication of the vectoreT and(f(P0); f(P1); : : : ; f(Pn�1))T . On the other hand, it is a codeword in thecode with parity check matrixM(m � t). This code is an AG code of typeC(D; (m� t)P1) and has minimum distancem� t�2g+2, which by as-sumption is greater thant. It follows that the component-wise product of thevectore and(f(P0); f(P1); : : : ; f(Pn�1)) is the all zero word and thereforef is error-locating.

The first statement is proved by a similar argument. For an error vector ofweightt the maximum pole order of a function�(r;i) equalst + 2g � 1 + for any r � 0. This is a consequence of the the Riemann-Roch Theoremand the fact that there may not exist a function of pole ordert+ 2g � 1 thathas the error positions as zeros. However, there is always such a functionof pole ordert + 2g � 1 + . Having bounded the maximal pole order ofall �(r;i) in this way, the proof proceeds as before. The statement thatthespace of error-locating functions has a basis�li �(m+2g+ �1;i) whereli � 0and0 � i � follows from the definition of the functions�(m+2g+ �1;i).222Lemma 3.2 and Definition 3.2 are the two cornerstones in the proposedalgorithm. Given a collection of functions�(r;i) and�(r;j) we can find acollection of�(r+1;i) and�(r+1;j) by pairing together suitable�(r;i) and�(r;j)and applying Lemma 3.3, where the numbersi andj are chosen such thata(r;i)� � a(r;j)� mod . For any0 � i < and 0 � j < there existfunctions�(r;i) and�(r;j). It follows that we can make all necessary pairings.The important observation, in order to get a parallel algorithm, is that notwo pairs of functions have a function in common. Lemma 3.3 then yieldsfunctions�(r+1;i) directly and functions�(r+1;j) are given as either�(r;j) ora scalar multiple of�(r;i).In order to get a concise notation we associate to the functions �(r;i) and�(r;j) polynomials inonevariablez by letting��(r;i)(z) = b(r;i)�Xl=0 �(r;i)l zb(r;i)� �l; ��(r;i)(z) = zr+1�(a(r;i)� +b(r;i)� ) b(r;i)�Xl=0 �(r;i)l zb(r;i)� �l:We reformulate end extend Lemma 3.3 using these polynomials.


Lemma 3.5 Let two functions�(r;i), and �(r;j) with associated valuesa(r;i)� , a(r;j)� and�(r+1;i) be given such that the relationa(r;i)� � a(r;j)� mod holds. From the corresponding polynomials��(r;i)(z), and��(r;j)(z) we canfind ��(r+1;i)(z) and��(r+1;j)(z) as��(r+1;i)(z) = ��(r;i)(z)��(r+1;i)��(r;i)(z) (3.4)

and��(r+1;j)(z) = � (�(r+1;i))�1z��(r;i)(z) (�(r+1;i) 6= 0) ^ (a(r;j)� < a(r;i)� )z��(r;j)(z) otherwise.(3.5)

Proof. We must show that the polynomial��(r+1;i)(z) does indeed cor-respond to a function�(r+1;i). Lemma 3.3 gives a possibility to combinefunctions�(r;i) and�(r;i). We use the notation of Lemma 3.3 and identify�(r;i), �(r;j) and�(r+1;i) with �, � and�0. The pole-order difference of� and�(a0�a)= � in the casea�a0 equals the difference of pole-orders of�(a�a0)= �and� in the casea0 < a. This difference is in both cases equal toa + b �(a0 + b0). Let � be the pole order of� or �(a�a0)= � respectively in the twocases of Lemma 3.3. Thus for the coefficients of the vector expansions of�0, � and� we have�0��l = �b�l for l = 0; 1; : : : ; a+ b� (a0 + b0)� 1and�0��l = �b�l��b0�l for l = a+ b� (a0+ b0); a+ b� (a0+ b0)� 1; : : : ; �:In this expression any coefficient with negative index is assumed to be zero.We now express this relation for polynomials in one variablez. To thefunctions�, � and�0 we associate polynomials��(z) = bXl=0 �lzb�l; ��(z) = b0Xl=0 �lzb0�l; ��0(z) = �Xl=0 �lz��l:The component-wise updating rule can now be written as��0(z) = ��(z)��za+b�(a0+b0)��(z):


The definition of ��(r;i)(z) already incorporates the multiplication withza+b�(a0+b0), which equalszr+1�a0+b0 as for the corresponding function�(r;i)(z) we havea(r;i)� + b(r;i)� = r+1. Lemma 3.3 implies that the function�0 gives a discrepancy at a position(a; �) with a + � > r + 1. Moreover,the conditions� 62 G and� � i mod hold. In order to prove equation(3.4) we have to show that� is the least number which allows such a so-lution and that consequently��(r+1;i) can be chosen as��0. We only have toconsider the casea(r;i)� > a(r;j)� and�(r+1;i) 6= 0, as in all other cases wehaveb(r;i)� = b(r+1;i)� . The constructed polynomial�0 corresponds to a func-tion that gives a discrepancy in position(a00; r + 1� a(r;j)� ), where we havea00 > a(r;j)� . Assume there exists a function�00 with maximal pole order� 0with b(r;i)� < � 0 < r + 1 � a(r;j)� that satisfies the required conditions for�(r+1;i). We then could construct a function�00 + ��(�0�b(r;i)� )= �(r;i) whichfor a suitable choice of the constant� has pole order less than� 0 and whichgives a discrepancy at position(r + 1 � � 0; < � 0). This contradicts thedefinition of�(r;j).Equation (3.5) follows from the fact that the only two possible candidates for�(r+1;j) are�(r;j) or a scalar multiple of�(r;i). Moreover, the multiplicationwith z required in the corresponding polynomial��(r;j) is performed. 222Let numbersli be defined asli = minfl : (l � i mod ) ^ (l 62 G)g. Westate the main algorithm as a set of recursive equations.

Algorithm 3.1

Initialization:��(�1;i)(z) = 1; a(�1;i)� = �li; 0 � i < ; (3.6)��(�1;j)(z) = 0; a(�1;j)� = lj � ; 0 � j < ; (3.7)


Iteration step:j(r;i) = a(r;i)� mod (3.8)�(r+1;i) = 8>><>>: 0 a(r;i)� 2 Gr+1�a(r;i)�Xh=0 ��(r;i)h Sa(r;i)� ;r+1�a(r;i)� �h otherwise(3.9)Æ(r;i) = ( 1 (�(r+1;i) 6= 0) ^ (a(r;j(r;i))� < a(r;i)� )0 otherwise

(3.10)

(3.11)� ��(r+1;i)(z)��(r+1;j(r;i))(z) �=� 1 ��(r+1;i)Æ(r;i)�(r+1;i)�1z (1� Æ(r;i))z �� (r;i)(z)��(r;j(r;i))(z) �The quotientÆ(r;i)=�(r+1;i) is understood to equal zero if�(r+1;i)equals zero.a(r+1;i)� = (1� Æ(r;i))a(r;i)� + Æ(r;i)a(r;j(r;i))� + 1 (3.12)a(r+1;j(r;i))� = (1� Æ(r;i))a(r;j(r;i))� + Æ(r;i)a(r;i)� : (3.13)

Theorem 3.1 The set of recursive equations in Algorithm 3.1 can be usedto calculate a collection of polynomials��(s;i)(z); 0 � i < and ��(s;j)(z),0 � j < for anys � 0. The corresponding functions�(s;i) and�(s;j) arevalid at pole orders.

Proof. The main part of the proof follows directly from Lemma 3.5.Æ(r;i) is a steering variable used to distinguish the two cases of equation (3.5).Equations (3.12) and (3.13) follow from the proof of Lemma 3.5. The ini-tialization of the algorithm is consistent with Definition 3.2. 222Algorithm 3.1 has some interesting properties. The calculations of the polynomials��(s;i) in iteration steps + 1 are independent of each other andcan be performed in parallel. Given similar processing units capable ofperforming the calculations in equations (3.8) to (3.13), we obtain all poly-nomials��(s;i) in s + 1 iterations. The complexity, that is required by any


Table 3.1: Table of intermediate results during one run of Algorithm3.1r a(r;i)� a(r;j)� ��(r;i) ��(r;j) �(r+1;i)

-1 [0,-5,-7] [-3,4,2] [1; 1; 1℄ [0; 0; 0℄ [�4; 0; 0℄0 [-2,-4,-6] [0,4,2] [1; 1; 1℄ [z�3; 0; 0℄ [0; 0; 0℄1 [-1,-3,-5] [0,4,2] [1; 1; 1℄ [z2�3; 0; 0℄ [0; 0; 0℄2 [0,-2,-4] [0,4,2] [1; 1; 1℄ [z3�3; 0; 0℄ [�; 0; 0℄3 [1,-1,-3] [0,4,2] [1+z3�4; 1; 1℄ [z4�3; 0; 0℄ [0; 0; 0℄4 [2,0,-2] [0,4,2] [1+z3�4; 1; 1℄ [z5�3; 0; 0℄ [0; �3; 0℄5 [3,1,-1] [0,4,2] [1+z3�4; 1+z5�6; 1℄ [z6�3; 0; 0℄ [�; 0; 0℄6 [1,2,0] [3,4,2] [1+z3�4+z6�4; 1+z5�6; 1℄ [z�6+z4�3; 0; 0℄ [0; 0; 1℄7 [2,3,1] [3,4,2] [1 + z3�4 + z6�4; 1+ z5�6;1 + z�6+z4�3℄ [z2�6+z5�3; 0; 0℄ [0; �2; 0℄8 [3,4,2] [3,4,2] [1+z3�4+z6�4; 1+z2�+z5�; 1+z�6+z4�3℄ [z3�6+z6�3; 0; 0℄ [�2; 0; 0℄9 [4,5,3] [3,4,2] [1+z3�2+z6; 1+z2�+z5�; 1+z�6+z4�3℄ [z4�6+z7�3; 0; 0℄ [0; �; �3℄10 [5,3,4] [3,4,5] [1+z3�2+z6; 1+z2�+z5�; 1+z�6+z4�5+z7�6℄ [z5�6+ z8�3; 0;z�6 + z3 + z6℄ [�6; �6; 0℄11 [6,4,5] [3,4,5] [1+z�5+z3+z6�2;1+z2�+z5�6+z8�2;1+z�6+z4�5+z7�6℄ [z6�6+ z9�3; 0;z2�6 + z4 + z7℄ [�6; 0; �4℄12 [4,5,6] [6,4,5] [1+z�5+z3+z6�3+z9�2;1+z2�+z5�6+z8�2;1+z�6+z2�3+z4+z7�3℄ [z�+�6z2+z4�+z7�3; 0;z3�6+z5+z8℄ [0; 1; �5℄13 [5,6,7] [6,4,5] [1+z�5+z3+z6�3+z9�2;1+z2�+z3�6+z5�2+z8�6;1+z2�6+z4�2+z7�3℄ [z2�+�6z3+z5�+z8�3; 0;z4�6+z6+z9℄ [?; ?; ?℄Example 3.3 (Example 3.1,3.2 continued) We consider the setup of

Example 3.1 and 3.2 and let Algorithm 3.1 operate on the matrix S, thatis given in example 3.2. The intermediate results during thecalculationof polynomials��(13;i), i = 0; 1; 2 are given in table IV. The example iscontinued in section V where we determine the values ofSa;b with a + b �14, that are necessary to continue the algorithm. 222


processing unit in one iteration step, is in the orderO((log2(q))2s). Due tothe fact that we have to performs iterations in processing units we find thatthe overall complexity, in order to find all polynomials�(s;i), is not greaterthanO((log2(q))2 s2). In a parallel implementation the time requirementsare determined by the time requirements for one of the processing units.Provided that these units work in a serial fashion the time requirements arein the orderO(s2) and thus essentially the same as for a serially imple-mented one-dimensional BMA designed to corrects errors in a codewordof an RS code. Any parallelization of the underlying architecture of the one-dimensionalBMA helps speeding up the algorithm. We outline an implementation forcodes on Hermitian curves in section VI, where also a more detailed treat-ment of complexity issues can be found.

V Majority voting

The set of recursive equations provided in Algorithm 3.1 allows the determi-nation of functions�(r;i) for all r � 0 presumed that we know the completematrix S. However, this is not the case as we only know entriesSa;b witha + b � m. In [19] Feng and Rao give a procedure to iteratively determineSa;b for a + b > m from the known part ofS, if the weight of the errorvector does not exceed the error correction capability of the code. One keyobservation in this algorithm is that allSa;b with a+ b = m+w;w � 1 canbe expressed in the formSa;b = m+wXi=0 "(a;b)i Si;0 (3.14)

where the coefficients"(a;b)i are known and determined by the underlyingcurve (cf. Example 3.2). Moreover, we have the following lemma.

Lemma 3.6 LetB(m)= f1; � ; : : : ; �mg be a standard basis forL(m).B(m) can be chosen in such a way thatSa;b = Sa+b;0 + a+b�1Xi=0 "(a;b)i Si;0 (3.15)

V. Majority voting 75

holds fora+ b � m and all numbersa; b 62 G.

Proof. Any function of pole order at mostm, and thus in particular theproduct�a�b, can be expanded in the basisB(m), i.e.�a�b = "(a;b)a+b �a+b + a+b�1Xi=0 "(a;b)i �i: (3.16)

We have to show that we can choose the functions�i in such a way that"(a;b)a+b equals one or equivalently that the expression�a�b � �a+b has a poleorder atP1 that is less thana + b for all non-gapsa andb. Equation (3.15)follows then directly from the definition of the syndromes inequation (3.2).Let t be a fixed local parameter atP1 that means a function with a simplezero atP1, cf.[25, ch.2]. It is known [25, ch.2] that the functions�i, i 62 Gcan uniquely be written ast�iui whereui is a rational function that hasneither a zero nor a pole atP1. We choose the basis in such a way that allfunctionsui evaluate to one atP1. This choice does not conflict with thedefining properties of a standard basis. Now we can write�a�b � �a+b ast�(a+b)(uaub�ua+b). Clearly the expression(uaub�ua+b) evaluates to zeroatP1 and can therefore be written astlu0, wherel is a positive integer andu0 a function with neither zeros nor poles atP1. Thus the pole order atP1of the expression�a�b � �a+b is less thana + b and the claim is proved.222In the light of Lemma 3.6 we from now on can assume that the coefficients"(a;b)a+b equal one in equation (3.14). We will explicitly treat the case whenw in equation (3.14) equals1. The casesw > 1 are iteratively treated in acompletely similar fashion.

The second key observation is the fact that the rank ofS equals the weightt of the error vector. To see this, letM be a matrix with entries defined asMi;j = �i(Pj). S can be described asS = Mdiag(e)MT , where diag(e)is a diagonal matrix which contains the vectore on its main diagonal. Therank ofS equalst, as we have rank(M) = n and rank(diag(e)) = t.In order to describe the procedure of Feng and Rao we use the notion ofa matrix discrepancy. We say thatS has a matrix discrepancy at position

76 Chapter 3. A fast parallel implementation of a BMA for AG codes(a; b) if the following three conditions are satisfied

rank(S(a;b)) = rank(S(a�1;b)) + 1= rank(S(a;b�1)) + 1= rank(S(a�1;b�1)) + 1:Lemma 3.7 The rank ofS(a;b) equals the number of matrix discrepancies

at positions(a0; b0), a0 � a, b0 � b. Moreover, any column and row ofScontains at most one matrix discrepancy.

Proof. The rank ofS(a;b) is equal to the number of rows (columns) inS(a;b) that contain a matrix discrepancy. This follows from the observationthat any fixed row (column) does not contain a matrix discrepancy if andonly if it is a linear combination of the previous rows (columns). It followsthat the number of columns and rows that hold a matrix discrepancy is equalfor any matrixS(a0;b0) with a0 � a; b0 � b. This in turn implies that any rowand any column contains only one matrix discrepancy. 222Discrepancies that are given by functions in Algorithm 3.1 and matrix dis-crepancies are related in the following lemma.

Lemma 3.8 Let two polynomials��(r;i)(z) and ��(r;j)(z) withj � a(r;i)� mod and�(r+1;i) 6= 0 be given. ThenS hasmaxf0; �1(a(r;i)� � a(r;j)� )gmatrix discrepancies in positions(a(r;i)� � l ; r + 1� a(r;i)� + l ) for l = 0; 1; : : : ; �1(a(r;i)� � a(r;j)� )� 1:

(3.17)Moreover,S has no matrix discrepancies in positions(a; r + 1 � a), a �a(r;i)� mod outside the positions given in equation (3.17).

Proof. We first consider the general situation that a function� gives adiscrepancy at position(a; b). This implies on the one hand that thea-th rowof S(a;b) is not a linear combination of the rows ofS(a�1;b), on the other hand


theb-th column ofS(a�1;b) is linear dependent on the columns ofS(a�1;b�1)with a relation described by�. Thus we haverank(S(a;b)) = rank(S(a�1;b)) + 1 = rank(S(a�1;b�1)) + 1:We note that the relationrank(S(a;b)) = rank(S(a�1;b)) + 1 implies thatS(a;b) has a matrix discrepancy in thea-th row.

Now by the definition of�(r;i) we can not have a matrix discrepancy in po-sitions(a; r + 1 � a), a � a(r;i)� , a > a(r;i)� . In positions(a; r + 1 � a),a � a(r;i)� , a � a(r;i)� , a 62 G we have a function which gives a discrepancy,namely�l �(r;i). Thus it follows that the rows inS pointed out by thesediscrepancies contain matrix discrepancies. Moreover, wehave matrix dis-crepancies in positions(a; r+ 1� a), a � a(r;i)� , a(r;j)� < a � a(r;i)� , becauseall other positions of matrix discrepancies in thea-th row are contradictedby the definition ofa(r;j)� . The definition of�(r;j) now implies that we havematrix discrepancies in positions(a;< r + 1 � a), a � a(r;i)� , a < a(r;j)� .Because every row can hold at most one matrix discrepancy theclaim of thelemma is proved. 222Assume that Algorithm 3.1 has run up to iteration stepm. In order to con-tinue the algorithm we need to know the entriesSa;b of S with a+b = m+1.The strategy in determiningSm+1;0 and thus allSa;b with a+b = m+1 is tominimize the rank ofS or, equivalently, the number of matrix discrepanciesin positions(a; b) with a + b = m + 1. Lemma 3.8 provides the necessarytool for doing this. It is proved in [19][20] that indeed morethan half ofthe matrix discrepancies that may appear in the matrixS at positions(a; b)with a + b = m + 1 can be removed. This is done by choosingSm+1;0in such a way that most of the discrepancy values given by functions�(r;i)are forced to zero. The proposed procedure starts by choosing an estimateSm+1;0 = 0, which according to equation (3.14) at the same time inducesallother estimatesSa;b with a + b = m + 1. For all i such thata(r;i)� 62 G wethen calculate numbers

�(m+1;i) = Sa(m;i)� ;m+1�a(m;i)� + m+1�a(m;i)�Xh=1 ��(m;i)h Sa(m;i)� ;m+1�a(m;i)� �h: (3.18)


We remark that the constant term in polynomials��(r;i)(z) always equals 1when Algorithm 3.1 is properly initialized. Comparing equation (3.18) withthe calculation of�(r;i) in equation (3.9) and using the expansion ofSa;bin syndromesSr;0; 0 � r � a + b given in equation (3.14) we can write�(m+1;i) as �(m+1;i) = �(m+1;i) � Sm+1;0:It follows that�(m+1;i) equals�(m+1;i) + Sm+1;0 and we invoke a majorityscheme to determineSm+1;0 such that most�(m+1;i) equal zero, where wecount each�(m+1;i) with multiplicity maxf0; a(m;i)� � a(m;j)� g according toLemma 3.8. We formalize the procedure in the following algorithm.

Algorithm 3.2

1. Calculate�(m+1;i) for all i wherea(m;i)� 62 G and letD be the set ofnumbers�(m+1;i).

2. Find the elementS 2 D with greatest associated valueXi:�(m+1;i)=Smaxf0; a(r;i)� � a(r;j(r;i))� g:3. CalculateSm+1;0 and�(r;i) asSm+1;0 = �S; �(r;i) = �(m+1;i) + Sm+1;0:Theorem 3.2 Let all entriesSa;b in S with a+ b � m and a collection of

polynomials��(m;i) and��(m;j) with associated valuesa(m;i)� ; a(m;j)� be given.Algorithm 3.2 can be used to determineSm+1;0 and�(m+1;i) if the conditiont < (m� 2g + 2)=2 = d�(C)=2 holds.

Proof. The relation�(m+1;i) = �(m+1;i)+Sm+1;0 together with Lemma3.8 yields that, in order to avoid matrix discrepancies in positions(a;m+1�a), a � a(m+1;i) mod , we must chooseSm+1;0 as��(m+1;i). The secondstep of the algorithm can be described as choosing the unknown Sm+1;0 insuch a way that the observed rank ofS is minimized given that we knowall Sa;b with a + b � m and are free to chooseSm+1;0. For a proof thatthis strategy uniquely determinesSm+1;0 we refer to [19]. In the third stepSm+1;0 and�(r;i) are explicitly calculated. 222


Remark 3.1 A proof of Theorem 3.2 that does not rely on the resultsof [19] is postponed to section VII, where the proof of a similar theorem isgiven that covers the case of error-erasure decoding and contains Theorem3.2 as special case.

Theorem 3.2 opens the possibility to calculate the set�(r;i) for arbitraryr � 0 using Algorithm 3.1, as we iteratively can determine any entry in Swhen it is needed. In order to do this we have to replace equation (3.9) inAlgorithm 3.1 with Algorithm 3.2. The complexity of the majority votingalgorithm is mainly determined by finding the maximum in a setof at most elements. This does not affect the overall complexity of thealgorithm,which is still upper bounded byO((log2(q))2 m2).

Example 3.4 (Example 3.1,3.2,3.3 continued) We continue the algo-rithm of example 3.3. In example 3.3 we could not determine the num-bers�(14;i) as we did not know the syndromeS14;0. According to Algo-rithm 3.2 we assume thatS14;0 equals zero. The only syndromeSa;b witha + b = 14 that is nonzero under this assumption isS7;7, which equalsS7;0 = 1. With polynomials��(13;i) as given in table IV we calculate thenumbers�(14;0) = �, �(14;1) = � and�(14;2) = �. Thus there is only oneelement in the setD in Algorithm 3.2 and its associated valueXi:�(14;i)=�maxf0; a(14;i)� � a(14;j(14;i)� gequals(5� 5) + (6 � 6) + (7 � 4) = 3. It follows thatS14;0 equals� and�(14;0) = �(14;1) = �(14;2) = 0. We can add the following rows to table IVr a(r;i)� a(r;j)� �(r;i) �(r;j) �(r+1;i)13 [�; �; �℄ [�; �; �℄ [�; �; �℄ [�; �; �℄ [0; 0; 0℄14 [6; 7; 8℄ [6; 4; 5℄ [1+z�5+z3+z6�3+z9�2;1+z2�+z3�6+z5�2+z8�6;1+z2�6+z4�2+z7�3℄ [z3�+�6z4+z6�+z9�3; 0;z5�6+z7+z10℄ [?; ?; ?℄

In a similar fashion we determineS15;0 and the polynomials�(15;i), which


correspond to functions�(15;i), as��(15;0) = 1+�5z+�5z3+�2z4+�6z6+z9�(15;0) = �9+�5�8+�5�6+�2�5+�6�3+1��(15;1) = 1+�z2+�6z3+�2z5+�6z8�(15;1) = �8+��6+�6�5+�2�3+�6��(15;2) = 1+�6z2+�2z4+z7�(15;2) = �7+�6�5+�2�3+1:The functions�(15;i), i = 0; 1; 2 are error-locating and their common zeroset are precisely the error points.

VI Implementation

The equation-set of Algorithm 3.1 is surprisingly similar to the equation-setof a one-dimensional BMA. This makes it possible to design animplemen-tation based on copies of a modified one dimensional BMA. For exempli-fication we choose the serial implementation of a BMA proposed by Blahut.For details on this implementation see [15, p.189]. It should be observed,however, that to a certain extent any implementation of a one-dimensionalBMA can serve as a building block and that parallel implementations of aBMA further reduce the time requirements of the algorithm.

As remarked in sections IV and V the implementation of the algorithms ofTheorems 3.1 and 3.2 differ because the underlying curves are different.Here we exemplify the implementation for Hermitian curves over a field ofcharacteristic2. The modifications needed for other curves are discussed atthe end of this section.

The Hermitian curveH overFq2 may be described by the equationH : Xq+1 = ZY q + ZqY: (3.19)H has genusg = (q�1)q2 , contains one point at infinityP1 = (0 : 1 : 0)and q3 affine pointsPi. Using the notationx = X=Z and y = Y=Z it

VI. Implementation 81

is known [26], that a basis forL(mP1) is given by functionsxiyj whereiq + j(q + 1) � m and0 � i; 0 � j < q. We can define functions�l in thefollowing way�l = � xiyj xiyj 2 L(lP1) n L((l � 1)P1); j < q0 L(lP1) = L((l � 1)P1):For Hermitian curves the number equalsq. In the rest of this section wewill write in a statement if it is valid for any algebraic curve andq if thevalue is specific for Hermitian curves.

It is desirable to avoid using the complete matrixS. This is possible as onlythe entriesSa;0 and knowledge of the curveH is needed for reconstructingthe desired part ofS at every step of the algorithm. For Hermitian curveswe have the following lemma.

Lemma 3.9 Let the curveH be defined by the equationH : Xq+1 =ZY q + ZqY . The entriesSa;b of the matrixS satisfy the relationsSa;b = 8<: 0 (a 2 G) _ (b 2 G)Sa+b;0 (a modq) + (b modq) < qSa+b;0 � Sa+b�q2+1;0 otherwise.

Proof. In cases(a 2 G) or (b 2 G) this follows from the fact that�a = 0 or �b = 0. In the other cases the functions�a and�b satisfy�a = x(a�(q+1)(a modq))=qy(a modq)and �b = x(b�(q+1)(b modq))=qy(b modq):If the condition(a modq)+(b modq) < q holds, we have�a�b = �a+b andthe second case follows. If the condition(a modq) + (b modq) � q holds,�a�b equals�a�b = x(a+b�(q+1)((a modq)+(b modq))=qy(a modq)+(b modq)and the exponent ofy lies in the rangeq; q + 1; : : : ; 2(q � 1). Using thedefining equation ofH in the affine form,yq = xq+1 � y, we reduce theexponent ofy, which yields the relation�a�b = �a+b � �a+b�q2+1. Thethird case follows from this observation. 222


m.................................................... r r rrnrr rl r� - - .? 66

. .6��0 ��1 ��2 �(r+1;i)��b(r;i)Sr+1;0 Sr;0 Sr�q2+2;0

Figure 3.1: Outline for a shift register circuit to calculate �(r;i).We define aq-periodic sequenceh(a; b) in the following wayh(a; b) = � 0 (a modq) + (b modq) < q1 otherwise.

The calculation of�(r+1;i) in Theorem 3.1 can now be rewritten as�(r+1;i) = r+1�a(r;i)�Xl=0 ��(r;i)l (Sr+1�l;0 � h(a(r;i)� ; b(r;i)� � l)Sr�q2+2�l;0): (3.20)

We note that not all the quantitiesSr�q2+2�l;0 are defined. However, ifr �q2 + 2 � l becomes negative eitherh(a(r;i)� ; b(r;i)� � l) or ��(r;i)l equals zero.Equation (3.20) can be realized in the shift register circuit outlined in figure3.1, where the switch is steered by the sequenceh(a(r;i)� ; b(r;i)� � l); l =0; 1; : : : ; b(r;i)� .

The same circuit is used for calculating�(r+1;i) in Theorem 3.2. The onlydifference to the calculation of�(r+1;i) is that initiallySr+1;0 is set to zero.

The equation set of Algorithm 3.1 shows a second main difference to a one-dimensional BMA. The polynomials��(r;j) used in the(r + 1)th iterationfor updating��(r;i) change in the next iteration according to the definition ofj(r;i). However they change in a very regular way as becomes clear inthefollowing lemma.


Lemma 3.10 The numbersj(r;i) satisfy the relationj(r+1;i) = j(r;(i+1) mod )Proof. j(r;i) is defined asa(r;i)� mod . From equation (3.12) we havea(r+1;i)� � a(r;i)� + 1 mod . The lemma follows. 222

Lemma 3.10 implies that the updating polynomials��(r;j) are passed cycli-cally between the processing units for calculating��(r;i). Figure 3.2 gives theoutline of a circuit that can be used to calculate the polynomials ��(2`�1;i).In this outline knowledge ofSa;0 for 0 � a � 2` � 1 is presumed. Thesyndrome register in the implementation has length2` + 1 and is initiallyloaded with the sequencefS0;0; 0; S2`�1;0; S2`�2;0; : : : ; S1;0g. The registersfor the coefficients of��(r;i) have length and are loaded with a single one inthe leftmost position. The registers for the coefficients of��(r;j) have length` + 1 and are loaded with zeros. For simplicity we assume that the lengthof all registers is sufficient to hold all coefficients of the polynomials��(r;i)and��(r;j). A typical iteration starts by calculating all�(r+1;i). This requires` clock cycles. During the following clock cycles the updating of��(r;i) isperformed. At the same time, according to Lemma 3.10, the contents of the��(r;j) registers are replaced cyclically. The multiplication of��(r;j) respec-tively ��(r;i) by z is realized simultaneously as the��(r;j) registers have length`+1. A similar trick applied to the syndrome register of length2`+1 yieldsthat after2` clock cycles the contents of all registers are in the proper stateto start the next iteration.

In order to include the majority voting algorithm of Theorem3.2 the circuitof figure 3.2 has to be modified as shown in figure 3.3. We want to determinepolynomials��(2`�1;i) with initial knowledge ofSa;0, 0 � a � m wherem <2`�1. We initialize the syndrome register with all knownSa;0 and additional2`�m zeros i.e. the sequencefS0;0,0,0,: : :,0,Sm;0,Sm�1;0,: : :,S1;0g. Duringthe firstm iterations the circuit works just as the circuit in figure 3.2. In the(m+1)th iteration the set of�(m+1;i) is calculated automatically and fed toa majority voting device which calculates and storesSm+1;0. The�(m+1;i)are then modified according to the equation�(m+1;i) = �(m+1;i) + Sm+1;0to equal�(m+1;i) and the updating is performed as before. Moreover, thecorrect value ofSm+1;0 is supplied for the calculation of�(m+2;i) when it isneeded and subsequently fed to the syndrome register.


....................................................l ..........................

..........................l��rr

m m

66� � 66� � 66� �rrn r rrr r r r

rr rr r r

rrr

r r� - -�

�� ?� ��6� �.

6 6? 6. .� �6

. . . . . . . . . .

. . . . . . . . . .

PP PP PP .

6?��(�;�) register + 1 stages

��(�;�) register stages

syndrome register2`+ 1 stages

�(�;�)

Figure 3.2: Outline for an implementation of a Berlekamp-Masseytype algorithm for codes on Hermitian curves

Remark 3.2 The register lengths of the implementations outlined inFigures 3.2 and 3.3 are chosen in order to simplify the timingof the circuit.On the other hand the syndromesSa;0 are known to be zero for alla 2 G.At the expense of a more complicated timing the syndrome register canbe made shorter in order to avoid these expendable syndromes. Similarconsiderations allow the use of shorter registers for the coefficients of thepolynomials��(r;i) and��(r;j).The outlined circuits describe an implementation for codeson Hermitiancurves. The differences in implementation for codes from other curves are


....................................................i ..........................

..........................i��qqj66� � 66� �

j jq q q q qq qq q qqq

q qq qq

�� qq q qq q q q q qq q� - - �� ?� ��6� �

.

6 6? 6. . . . . . . . . .

. . . . . . . . . .

PP PP PP .

6 ?.

66� �

�- 6 �-

. .� �6� � � ---""

��(�;�) register + 1 stages��(�;�) register stages�(�;�)syndrome register2`+ 1 stages

votin

gm

ajority

Figure 3.3: Outline for an implementation of a Berlekamp-Masseytype algorithm for codes on Hermitian curves with included majorityvoting

relatively minor. We have a different initialization of thea(�1;i)� anda(�1;i)�due to a different set of gapsG. The implementation is affected through thenumber of parallel processing units. A more substantial difference is foundin the number of relations that is needed to describe the matrix S given theentriesSa;0, a � 0. In the case of codes on Hermitian curves we only haveone nontrivial relation given in Lemma 3.9. In the general case we have atmost ( � 1)=2 (usually much less) different relations between the entriesin Sa;b.


VII Error-erasure decoding

Let a vectory = +e 2 F nq , 2 C(D;mP1) be given, wheree is a vectorof weight at mostt + �. Moreover, we assume knowledge of a setR of �positions iny such that the weight ofe outsideR is at mostt. The positionsin R are called erasure positions. The problem of error-erasuredecodingconsists of finding the error vectore of minimal weight outsideR. It hasimportant applications in concatenated coding schemes andsoft decodingalgorithms for block codes. It is well known that a unique minimum weighterror vectore exists if the relation2t+� < d(C(D;mP1)) is satisfied. Weassume that the values in erasure positions ofy are all defined. If this is notthe case, which might occur in certain applications, we set the correspondingvalues to zero. For AG codes it is natural to introduce an erasure divisorRdefined asR =Pi2R Pi.Again our goal is to find in an efficient way nontrivial functions that locateerrors. Let a matrixS be defined as before. All functions considered arestill expanded in the standard basis of Definition 3.1.

Lemmata 3.1-3.3 hold without further requirements on the functions� and�. Especially if functions� and� in Lemma 3.3 have a common zero setR the constructed function�0 also has zeros inR. As these three lemmataformulate the fundamental observations for Theorem 3.1 we can constructa similar theorem for the case of error-erasure decoding. The followingdefinition of functions�(r;i) and�(r;i) replaces in this case Definition 3.2.

Definition 3.3 A collection of functions�(r;i) and�(r;i) of pole orderb(r;i)�and b(r;i)� is called valid at pole orderr for a set of erasure positionsR, ifthe following conditions hold.� �(r;i)(Pi) = 0 and�(r;i)(Pi) = 0 for all i 2 R.� The functions�(r;i) give discrepancies at positions(a; b(r;i)� ) whereb(r;i)� is minimal such thatb(r;i)� � i mod anda+b(r;i)� > r. Moreover,

VII. Error-erasure decoding 87

we define numbersa(r;i)� , j(r;i) and�(r+1;i) asa(r;i)� = r + 1� b(r;i)�j(r;i) = a(r;i)� mod �(r+1;i) = 8>><>>: b(r;i)�Xl=0 �(r;i)l Sa(r;i)� ;l a(r;i)� 62 G0 a(r;i)� 2 G :� The functions�(r;j) give discrepancies at positions(a(r;j)� ; b(r;j)� ) withvalue1 wherea(r;j)� is maximal such thata(r;j)� � j mod anda(r;j)� +b(r;j)� � r. If no such function exists we define�(r;j) = 0 anda(r;j)� asa(r;j)� = maxl2G fl : l � j mod g:

Lemma 3.11 Let e be an error vector of weightt < (m � 2g + 2 ��)=2 outside positionsR. The space of error-erasure-locating functionshas a basis�li �(m+2g+ �1;i) whereli � 0 and0 � i < . Moreover, theerror-erasure-locating function with lowest pole order atP1 is given as thefunction of lowest pole order in the setf�(m+g;i)g �1i=0 .

Proof. After replacing�(r;i) with �(r;i) and some obvious modifica-tions, the proof is identical to the proof of Lemma 3.4 and therefore omitted.222To functions�(r;i) and�(r;j) we again associate polynomials in one variablein the same way as we did for�(r;i) and�(r;j). The similarity of all involveddefinitions and lemmata in the case of error-only and error-erasure decodingsuggests that essentially the same algorithm as in Theorem 3.1 can be usedto determine error-erasure-locating functions. In order to guarantee thatfunctions�(r;i) and �(r;j) have zeros in the erasure positions, we have toinitialize the algorithm with functions that have zeroes inthe points ofR.To this end, let�(i) be the nontrivial function of lowest pole orderb(i) suchthat �(i) 2 L(mP1 � R), b(i) � i mod . Without loss of generality we


assume that the coefficient�b(i) in the vector expansion of�(i) equals one.The polynomial��(i)(z) is then defined as��(i)(z) = b(i)Xl=0 ��(i)l zb(i)�l:Let r0 be defined as the minimum over the valuesb(i), 0 � i < . We recallthat numbersli were defined asli = minfl : (l � i mod )^ (l 62 G)g. Thefollowing set of recursive equations states an algorithm for the calculationof an error-erasure-locating function.

Algorithm 3.3

Initialization:��(r0�1;i)(z) = ��(i)(z); a(r0�1;i)� = r0 � b(i); 0 � i < ;��(r0�1;j)(z) = 0; a(r0�1;j)� = lj � ; 0 � j < ;Iteration step:j(r;i) = a(r;i)� mod �(r+1;i) = 8>><>>: 0 a(r;i)� 2 Gr+1�a(r;i)�Xh=0 ��(r;i)h Sa(r;i)� ;r+1�a(r;i)� �h otherwiseÆ(r;i) = ( 1 (�(r+1;i) 6= 0) ^ (a(r;j(r;i))� < a(r;i)� )0 otherwise� ��(r+1;i)(z)��(r+1;j(r;i))(z) �=� 1 ��(r+1;i)Æ(r;i)�(r+1;i)�1z (1� Æ(r;i))z �� (r;i)(z)��(r;j(r;i))(z) �

The quotientÆ(r;i)=�(r+1;i) is understood to equal zero if�(r+1;i)equals zero.a(r+1;i)� = (1� Æ(r;i))a(r;i)� + Æ(r;i)a(r;j(r;i))� + 1a(r+1;j(r;i))� = (1� Æ(r;i))a(r;j(r;i))� + Æ(r;i)a(r;i)� :


Theorem 3.3 The set of recursive equations in Algorithm 3.3 can be usedto calculate a collection of��(s;i)(z); 0 � i < and��(s;j)(z); 0 � j < foranys � r0. The corresponding functions�(s;i) and�(s;j) are valid at poleorders for a set of erasuresR.

Proof. Lemma 3.5 including its proof remains valid after replacingevery� and� with � and �. The essence of the theorem relies only onthis modified form of Lemma 3.5. The initialization is consistent with thedefinition of functions�(r;i) and�(r;j). 222An implementation of a BMA for error-erasure decoding does not differfrom an implementation of error-only decoding given in figure 3.2. The onlydifference is the initialization of the algorithm. It follows immediately thatthe required complexity is the same as in the case of error-only decoding. Inorder to estimate the complexity for the determination of anerror-erasure-locating function, we need an algorithm to find the required functions�(i).

Proposition 3.1 Let a divisor of erasuresR = Pi1 + Pi2 + � � �+ Pi� begiven. We can find functions�(i) with associated valuesb(i), 0 � i < as�(i) = �(�;i) and b(i) = b(�;i), where�(�;i) and b(�;i) are calculated by thefollowing set of recursive equations.�(0;i) = �li ; b(0;i)� = li�(r+1) = �min0�i< fb(r;i)� j�(r;i)(Pir+1) 6= 0g� mod � (r+1) = �(r;�(r+1))�(r;�(r+1))(Pir+1)�(r+1;i) = � (� � � (Pir+1))�(r;i) i = �(r+1)�(r;i) � �(r;i)(Pir+1)� (r+1) otherwiseb(r+1;i)� = ( b(r;i)� + i = �(r+1)b(r;i)� otherwise

Proof. Let Rl equalPi1 + Pi2 + � � � + Pi� andR0 equal0. The proofworks by induction. Obviously the claim is true forR0. Suppose that it


is true for a divisorRi. From the construction of functions�(r+1;i) followsthat the functions�(r+1;i) havePir+1 andPi1 ; : : : ; Pir as zeros. Moreover,the pole orders of all functions�(r+1;i) equal the pole orders of functions�(r;i) except for the case thati equals�(r+1). In this case there does notexist a function of pole orderb(r;i) which has the required zero inPir+1.Finally �(r+1) is always defined as otherwiseL(mP1�Rr) would be equaltoL(mP1 �Rr+1) for all m > 0, which is not possible. 222The equation set of Proposition 3.1 requires in every iteration the evaluationof functions in a certain erasure point and the subsequent updating of functions. The complexity for these operations isO((log2(q))2 �) and wehave to perform� iteration steps. Thus the total complexity for the algorithmof Proposition 3.1 is in the orderO((log2(q))2 �2). The operations can beperformed in parallel working devices which results in a time required tofind functions�(i) in the orderO(�2).So far, the treatment of error-erasure decoding is a straight forward adop-tion of the theorems and proofs of the error-only case. In order to include amajority voting scheme, which is necessary to achieve the full error-erasurecorrection capability of the code, the content of Theorem 3.2 and the setupleading to this Theorem can be directly translated to error-erasure decoding,but the proof can not. This is because the proof of Theorem 3.2relies on themaximal possible rank of matrixS. In the case of error-erasure decoding itis not the rank of matrixS but the number of errors outside the set of erasurepositions that is to be minimized. We reformulate Algorithm3.2 and The-orem 3.2 for the case of error-erasure decoding and give a proof that doesnot rely on the rank ofS. Although the essence of the proof relies on ideasfrom [19] and [20] it is formulated in the framework of our algorithm andthe resulting theorem is slightly stronger than the corresponding theoremsof [19] and [20]. The theorem contains Theorem 3.2 as a special case for atrivial divisor of erasuresR = 0.

Algorithm 3.4

1. Calculate�(m+1;i) for all i wherea(m;i)� 62 G and letD be the set ofnumbers�(m+1;i) for thosei.


2. Find the elementS 2 D with greatest associated valueXi:�(m+1;i)=Smaxf0; a(m;i)� � a(m;j(m;i))� g:3. CalculateSm+1;0 and�(r;i) asSm+1;0 = �S; �(r;i) = �(m+1;i) � STheorem 3.4 Let all entriesSa;b in S witha+b � m be given and let, for

an erasure position setR of size�, a collection of functions�(m;i) and�(m;j)with associated valuesa(m;i)� ; a(m;j)� be given. For an error vector of weightt outsideR, Algorithm 3.4 can be used to determineSm+1;0 and�(m+1;i)provided the condition2t < d�(D;mP1)� �+ �1Xi=0 maxf0; a(m;j(m;i))� � a(m;i)� gholds.

Proof. LetE be the divisor of errors,E = XPi:i2supp(e)nRPi; deg(E) � t:Our primary goal is to determine the function of least pole order in the spaceof error-erasure-locating functionsL(mP1 � E � R). By the Riemann-Roch theorem there existdeg(E) + � + g nonnegative numbersl such thatL(lP1 � E �R) equalsL((l� 1)P1 �E �R). The set of these numbersis calledE + R gaps atP1 or simplyE + R gaps and we denote it byB.B contains the set ofR gaps, i.e. alll such thatL(lP1 � R) = L((l �1)P1 � R). We have anR + E gap at pole orderl if and only if thereexist a function� 2 L(mP1 � R) that gives a discrepancy at position(a < 1; l) and there does not exist a function of lower pole orderl0 thatgives a discrepancy at position(a; l0). Conversely, given a function� 2L(mP1 � R), which gives a discrepancy at a position(a; l), we know thatthere must exist anR + E gap for somel0 � l, which is not anR gap.This observation holds independently for all different positions(a; l), where


we encountered a discrepancy. The idea of the theorem is to choose theunknownSm+1;0 in such a way that the number ofR+E gaps is minimizedas this minimizes the degree ofE. Assume we have run Algorithm 3.3 upto r = m and we thus know the set of numbersa(m;i)� anda(m;j)� . Let � bethe number ofE + R gaps that are notR gaps and that we encountered sofar. We can calculate� in two different ways as� = �1Xj=0 a(m;j)� � a(r0�1;j)� and � = �1Xj=0 b(m;j)� � b(r0�1;j)� :From the above equations and using the relationa(m;j)� + b(m;j)� = m+1 weobtain that2� = �1Xj=0 m+ 1� a(m;j)� � b(r0�1;j)� + a(m;j)� � a(r0�1;j)� ; �1Xi=0 a(m;i)� � a(m;j(m;i))� = m+ 1� �1Xj=0 b(r0�1;j)� + a(r0�1;j)� � 2�;or �1Xi=0 maxf0; a(m;i)� � a(m;j(m;i))� g = (3.21)m+ 1� �1Xj=0b(r0�1;j)� + a(r0�1;j)� � 2� + �1Xi=0 maxf0; a(m;j(m;i))� � a(m;i)� g:From the two relations �1Xj=0 a(r0�1;j)� + j = g � 1 �1Xj=0 b(r0�1;j)� � j = g + �


we deduce that the right hand side of equation (3.21) equalsd�(D;mP1)� 2� � �+ �1Xi=0 maxf0; a(m;j(m;i))� � a(m;i)� g:The left hand side of (3.21) equals the number of positions(a; b)with a+b =m+1, which, depending on the choice ofSm+1;0, may give rise to anE+Rgap. On the other hand we know that the number ofE + R gaps is atmostt + � + g and we already have encountered� + � + g gaps. So whendeterminingSm+1;0 not more thant � � new gaps can be encountered. Inorder to meet the assumption on the weight of the error vectoroutsideR wehave to chooseSm+1;0 in such a way that less than half of the candidates forE + R gaps really will give gaps. This means we can by majority votingdetermineSm+1;0. In particular the assumption of the Theorem implies thatthe set ofE +R gap candidates has at least one element. 222We conclude from theorems 3.4 and 3.3 that an implementationof a BMAfor error-erasure decoding algorithm with included majority voting does notdiffer from an implementation of error-only decoding.

Remark 3.3 The termd�(D;mP1)� 2� � �+ �1Xi=0 maxf0; a(m;j(m;i))� � a(m;i)� g (3.22)

in Theorem 3.4 indicates that in certain cases the determination of Sm+1;0and�(m+1;i) is possible even when the weight of the error vector outside theerasure set exceeds the designed error correction capability d�(D;mP1)��. In the error-only case it is possible to bound expression (3.22) frombelow which leads to a bound on the minimum distance that in certain casesis larger than the designed minimum distanced�(D;mP1). This improvedbound on the minimum distance is called the Feng-Rao distance. For adetailed treatment of this topic we refer to Pellikaan and Kirfel [21].


VIII Conclusions

In this paper we have proposed an efficient algorithm to calculate error-locating functions for the class of one point AG codesC(D;mP1). Thealgorithm is described by a recursive set of equations and works for botherror only and error-erasure decoding. In the latter case a different initial-ization of the algorithm is necessary. The complexity of thealgorithm is inthe order ofO((log2(q))2 m2) binary operations, where the alphabetFq ofthe code is a finite field of characteristic 2 and is the size of the first non-gap in the space of functions associated with the code. The main result ofthis paper is an error-locating algorithm, which is convenient for implemen-tation. Furthermore the structure of the algorithm naturally suggests a paral-lel implementation, which does not require more memory thana sequentialimplementation. The algorithm requires a running time thatis essentiallyequal to the running time required by the BMA for an RS code. These twoobservations are important in order to make AG codes a competitive andreasonable alternative to RS codes in many applications.

Bibliography

[1] J. Justesen, K.J. Larsen, H. Elbrønd Jensen, and T. Høholt, “Fast De-coding of Codes from Algebraic Plane Curves”,IEEE Trans. on Infor-mation Theory, vol. IT-38, pp.111-119, 1992.


[3] S. Sakata, J. Justesen, Y. Madelung, H. Elbrønd Jensen, and T. Høholt,“Fast Decoding of AG-codes up to the Designed Minimum Distance”,Mathematical Institute, T.U.D. Mat-Report no. 1993- submitted toIEEE Trans. on Information Theory.

[4] S. Sakata, J. Justesen, Y. Madelung, H. Elbrønd Jensen, and T. Høholt,“A Fast Decoding Method of AG-codes from Miura-Kamiya CurvesCab up to Half the Feng-Rao Bound”,Finite Fields and their Applica-tions, Vol. 1, No. 1, Jan. 1995.

[5] S. Sakata, J. Justesen, Y. Madelung, H. Elbrønd Jensen, and T. Høholt,“Fast decoding of algebraic geometric codes up to the designed min-imum distance”,Proc. 6th Joint Swedish-Russian Workshop on Infor-mation Theory,pp.114-117, Mölle, Sweden, Aug. 1993.

[6] C. Dahl Jensen, “Fast decoding of codes from algebraic geometry”,IEEE Trans. on Information Theory, vol. IT-40, pp.223-230, Jan. 1994.

[7] D. Leonard, “Error-locator ideals for algebraic-geometric codes”,IEEE Trans. on Information Theory, vol. IT-41, pp.819-825, May1995.

95


[8] G.-L. Feng, V. Wei, T.R.N. Rao, and K.K. Tzeng, “Simplified un-derstanding and efficient decoding of a class of algebraic-geometriccodes”,IEEE Trans. on Information Theory, vol. IT-40, pp.981-1002,July 1994.

[9] M. O’Sullivan, “Decoding of codes defined by a single point on acurve,” submitted toIEEE Trans. on Information Theory, special is-sue on AG codes.

[10] S. Sakata, H. Elbrønd Jensen, and T. Høholt, “ GeneralizedBerlekamp-Massey decoding of algebraic geometric codes upto halfthe Feng-Rao bound”, to appear inIEEE Trans. on Information Theory

[11] R. Kötter, “A fast parallel Berlekamp-Massey type algorithm for Her-mitian codes”, Proceedings,Algebraic and Combinatorial CodingTheory, ACCT4, pp. 125-128 Novgorod, Russia, Sept. 1994.

[12] S. Sakata, “Fast erasure-and-error decoding of any onepoint AG codeup to the Feng-Rao bound”, preprint March 1995.

[13] R. Kötter, “A fast parallel implementation of a Berlekamp-Massey al-gorithm for algebraic-geometric codes”, Technical reportLiTH-ISY-R-1716, Linköping University, Sweden, Jan. 1995

[14] R. Kötter, “Fast Generalized Minimum Distance Decoding of Alge-braic Geometric and Reed Solomon Codes”, preprint Linköping Uni-versity, Sweden, 1993, to appear inIEEE Trans. on Information The-ory.

[15] R.E. Blahut,Theory and practice of error control codes, Reading, Ma.:Addison-Wesley, 1983.

[16] E.D. Mastrovito, VLSI Architectures for Computations in GaloisFields, Ph.D. Thesis, Linköping University, Sweden, 1991.

[17] J.H. van Lint and G. van der Geer,Introduction to Coding Theory andAlgebraic Geometry, Birkhäuser Verlag, Basel,Boston,Berlin, 1988.

[18] J. Justesen, K.J. Larsen, H.E. Jensen, A. Havemose, andT. Høholdt,“Construction and decoding of a class of algebraic geometric codes,”IEEE Trans. Inform. Theory, vol.IT-35, pp.811-821, 1989.

BIBLIOGRAPHY 97

[19] G.-L. Feng and T.R.N. Rao, “Decoding Algebraic-Geometric Codesup to the Designed Minimum Distance”,IEEE Trans. on InformationTheory, vol. IT-39, pp.37-45, 1993.

[20] I.M. Duursma, “Majority Coset Decoding”,IEEE Trans. on Informa-tion Theory, vol. IT-39, pp.1067-1070 May 1993.

[21] C. Kirfel and R. Pellikaan, “The minimum distance of codes in anarray coming from telescopic semigroups”, submitted toIEEE Trans.on Information Theoryspecial issue on AG codes.

[22] S. Sakata, “Extension of the Berlekamp-Massey algorithm to N di-mensions”,Information and Computation, vol. 84, pp.207-239,1990.

[23] Y. Madelung, “Implementation of a Decoding Algorithm for AG-Codes from the Hermitian Curve”, Technical report IT-93-137, Insti-tute of Circuit Theory and Telecommunication, Technical Universityof Denmark, Lyngby, Denmark, ISSN 0105-8541.

[24] Y. Madelung, “A fast computer program for correcting all errors up tohalf the minimum distance of codes from Hermitian curves”,Proc. 6thJoint Swedish-Russian Workshop on Information Theory,pp.118-122,Mölle, Sweden, Aug. 1993.

[25] M. A. Tsfasman, S. G. Vladut,Algebraic-Geometric Codes, KluwerAcademic Publishers, Dordrecht/Boston/London, 1991.

[26] H. Stichtenoth, “A note on Hermitian curves overGF (q2)”, IEEETrans. Inform. Theory, vol.IT-34, pp.1345-1348, 1988.

Chapter 4

Fast generalized minimumdistance decoding ofalgebraic-geometric andReed-Solomon codes�

Abstract Generalized Minimum Distance (GMD) decod-ing is a standard soft decoding method for block codes. We de-rive an efficient general GMD decoding scheme for linear blockcodes in the framework of error-correcting pairs. Special at-tention is paid to Reed-Solomon (RS) codes and one-point al-gebraic geometric (AG) codes. For RS codes of lengthn andminimum Hamming distanced, the GMD decoding complexityturns out to be in the orderO(nd), where complexity is countedas the number of multiplications in the field of concern. For AGcodes, the GMD decoding complexity is highly dependent onthe curve in consideration. It is shown that we can find all rele-vant error-erasure-locating functions with complexityO(o1nd),whereo1 is the size of the first non-gap in the function space as-sociated with the code. A full GMD decoding procedure for aone-point AG code can be performed with complexityO(dn2).Index Terms — GMD decoding, Reed-Solomon codes, alge-braic geometric codes, efficient algorithms�to appear inIEEE Transactions on Information Theory

99

100 Chapter 4. Fast GMD decoding of AG and RS codes

I Introduction

The always returning task in applications of coding theory is to find themost likely word in a code, given a received word that is knownto be adistorted code word. In many practical situations it is possible to utilizeadditional information about the reliability of the positions in the receivedword. Algorithms that make use of such side information haveimportantapplications in concatenated schemes, where a so called outer code over alarge alphabet is concatenated with an inner code that is often a binary codeor a code in Euclidean space. Here the decoding of the inner code providesthe reliability information as the weight of the error vector that corrupted thecorresponding inner code word. Generalized Minimum Distance (GMD)decoding of block codes, introduced by Forney in [1], gives apossibility toutilize reliability information on positions of the received word. Efficientschemes to perform such a GMD decoding procedure were proposed bySorger [2], Araki, Takada and Morii [3], Berlekamp [4], Taipale and Seo[5], and Kötter [6][7]. However, the approaches of [2][3][4] and [5] arerestricted to Reed-Solomon (RS) codes. The required complexity, countedas the number of multiplications in the field of concern, of these approachesis in the orderO(nd), wheren denotes the length of the RS-code andd theminimum Hamming distance. This is to be compared with earlier schemesrequiring a computational complexity in the orderO(nd2).The approach proposed here is not restricted to RS codes but provides ascheme that is in principal applicable to any linear code. The basic idearelies on the concept oferror-correcting pairswhich was introduced byPellikan in [8]. The complexity of this approach is highly dependent on thestructure of the code. In the case of RS codes the complexity lies in theorderO(nd). For AG codes the determination of all error-erasure-locatingfunctions requires complexityO(o1nd), whereo1 is the size of the first non-gap in the function space associated with the code. The goal of our paperis to first give the general description of this scheme and then to investigatein detail how this scheme applies to two prominent classes oflinear codes,namely RS codes and AG codes. In particular, we focus on efficiently com-bining the general idea of fast GMD decoding with Berlekamp-Massey typealgorithms that are used in the decoding of RS and AG codes.

The outline of the paper is as follows. In section II, III and IV we give the

II. An error-erasure-locating algorithm 101

basic ideas of an efficient GMD decoding scheme . Sections V and VI treatRS and AG codes respectively.

II An error-erasure-locating algorithm

Let Fq denote the finite field withq elements andF nq the vector space of alln-tuplesu = fu0; u1; : : : ; un�1g overFq . As a convention in this paper allvector and matrix indices are counted starting from zero. A linear codeCoverFq is a linear subspace ofF nq with dimensionk(C) and minimum Ham-ming distanced(C) between any two different words inC. With respect tothe standard inner product(u;v) = n�1Xi=0 uivi u;v 2 F nq ;we have the dual linear space toC which is denoted byC?. A generatormatrix ofC is denoted byGC and a parity check matrix byHC .

For two vectorsu = (u0; u1; : : : ; un�1) andv = (v0; v1; : : : ; vn�1), wedefine a component-wise productu � v = (u0v0; u1v1; : : : ; un�1vn�1). Fortwo subspacesU; V � F nq let U � V denote the set of vectorsfu � v : u 2U;v 2 V g.In the standard decoding situation we are given a vectory = + e and wewant to find the codeword 2 C such that the Hamming weight of the errorvectore is minimized. Following the main idea of algebraic decoding, weconsider a two step algorithm which first tries to find the nonzeropositionsin e and in a second step determines the error values in these positions. Thefollowing definition, which is equivalent to Definition 1 in [9], is central forthe error-location problem.

Definition 4.1 (t-error-locating pair) LetU; V andC be linear codesof lengthn over the fieldFq . We call(U; V ) a t-error-locating pair forC ifthe following conditions hold C � U � V; (4.1)k(U) > t; (4.2)d(V ) > t: (4.3)


Our first goal will be to find a vectoru 2 U such thatu � e = 0. Clearlyu then indicates possible error positions with zeros. Letdiag(e) denote then � n matrix which has the elements ofe on its main diagonal and whichis zero everywhere else. The starting point of our paper is the followingtheorem from [10], compare also [8][9].

Theorem 4.1 Let(U; V ) be at-error-locating pair for the codeC. Lety = + e be a word inF nq with 2 C ande a vector of weight at mostt.Any solution� to the system of linear equations defined byHV � diag(y) �GTU�T = 0: (4.4)

gives a vectoru = �GU which satisfiesu � e = 0:Moreover, there exists a nontrivial such�.

Proof. With y = + e we can rewrite equation (4.4) asHV � diag( ) �GTU�T +HV � diag(e) �GTU�T = 0:By condition (4.1) the first term on the left hand side of this equation isequal to the zero vector for all�. Thus the solution space to (4.4) dependsonly on the error vectore. For any� that solves (4.4) we have a vectoru = (�GU) such that u � e 2 V:Clearly the Hamming weight ofu � e can not exceedt which by condition(4.3) implies u � e = 0:To show the existence of a nontrivial solution�, we observe that any nonzerovectoru, that is zero in all error positions, gives rise to a nontrivial� whichsolves (4.4). To find such anu we have to impose at mostt linearly inde-pendent conditions onU . Thus the existence of a nontrivial vectoru withthe error-locating property is guaranteed by condition (4.2). 222

II. An error-erasure-locating algorithm 103

In many practical applications of codes we have access to additional infor-mation concerning the reliability of the positions in a received vector. Wecan utilize this information by presuming that errors have occurred in the� least reliable positions. We call these positionserasure positions. Let avectory and a setR, containing precisely the erasure positions, be given.The goal of error-erasure decoding is to find the codeword = y � e thatminimizes the Hamming weight of the error vectore outsidethe setR. Theidea of error-erasure decoding relies on the well known factthat we cancorrect any combination of� erasures andt errors as long as the condition2t+ � < d(C) is satisfied.

Here we assume that estimates exist for all erasure positions, otherwise wemay setyi = 0 for all i 2 R. Again our goal is to find a vectoru such thatu � e = 0, but in addition we now require also that the linear conditionsui = 0 hold for all i 2 R.

Definition 4.2 ((t; �)-error-erasure-locating pair) Let U; V andC be linear codes of lengthn over the fieldFq . We call(U; V ) a (t; �)-error-erasure-locating pair forC if the following conditions holdC � U � V; (4.5)k(U) > t+ �; (4.6)d(V ) > t: (4.7)

Corollary 4.1 (to Theorem 4.1) Let(U; V ) be a(t; �)-error-erasure-locating pair for the codeC. Let y = + e be a given word inF nq with 2 C and letR be a set of erasure positions withjRj � �. Let the vectore have weight at mostt outside the erasure positions. Then any solution�that solves the system of linear equations defined byHV � diag(y) �GTU�T = 0; (4.8)

and, withu = �GU , ui = 0 for all i 2 R (4.9)

gives a vectoru which satisfiesu � e = 0:


Proof. To satisfy condition (4.9) letW be the the subspace ofU thatconsists of all vectors inU which have zero components inR. Clearlyk(W ) is greater thant + � � jRj and therefore greater thant. (W;V ) is at-error-locating pair forC. The theorem gives the corollary. 222

Remark 4.1 The existence of a(t; �)-error-erasure-locating pair(U; V )for a codeC does in general not imply the existence of a(t�1; �+2)-error-erasure-locating pair forC. However, we can consider the codeC 0 thatis obtained by puncturingC in one erasure position. Let(U 0; V 0) be theerror-erasure-locating pair that is obtained from the pair(U; V ) by punc-turing the same position as inC 0. Provided thatd(V ) is larger than 1,(U 0; V 0) is a (t � 1; � + 1)-error-erasure-locating pair forC 0, because wehaved(V 0) � d(V ) � 1 > t � 1 andk(U 0) = k(U) > (t � 1) + (� + 1)and condition (4.5) clearly is satisfied. In this sense a(t; �)-error-erasure-locating pair(U; V ) for a codeC provides an error-erasure location schemefor t� 1 errors and�+ 2 erasures, where one of the erased positions corre-sponds to the punctured position.

From Theorem 4.1 and the Corollary 4.1 we find the set of possible errorpositions which we denote byE. The second step is to find the error values.The error vector satisfies the two sets of linear conditionsHC(yT � eT ) = 0e � u = 0:The error values can be found solving a system of linear equations, if the setof possible error positions is not too large. Not too large means that we canalways find the error values ifjEj < d(C); (4.10)

because in that case the system of linear equations has maximal possiblerank jEj.We call an error-erasure-locating pair of codes which allows determinationof the error values anerror-erasure-correcting-pair. The size ofE doesnot exceedn� d(U). This fact, together with condition (4.10), justifies thefollowing definition, cf. also [8][9].

III. Generalized-Minimum Distance decoding 105

Definition 4.3 ((t; �)-error-erasure-correcting pair) Let (U; V ) be a(t; �)-error-erasure-locating pair for the codeC. We call (U; V ) a t-error-correcting pair for the codeC if in addition to the conditions (4.5),(4.6) and(4.7) the following inequality is satisfiedd(C) + d(U) > n; (4.11)

wheren denotes the code length ofC.

Remark 4.2 The definition of an error-erasure-correcting pair is ratherstrong but fully sufficient for the codes considered in this paper. For a morethorough treatment of the subject the reader is referred to [9], where weakerconditions for error correction are formulated.

Remark 4.3 The problem of error correction of linear codes comesactually down to finding ant-error-correcting pair that maximizest for agiven codeC. Having found such a pair the decoding can be performed bysolving linear equations and matrix multiplications. The matrix dimensionsof all involved matrices are less than or equal ton. Thus the complexity ofsuch a procedure is of orderO(n3). For many prominent classes of codes,such as BCH-codes [11, p.248] and AG codes [17], there are natural choicesfor the pair(U; V ).III Generalized-Minimum Distance decoding

In addition to the vectory, let some kind of reliability information on thepositions be given. GMD decoding, proposed by Forney in [12], gives thepossibility to utilize the reliability information in an algebraic decoding al-gorithm. For a description of this algorithm we assume that the reliabilityinformation induces a complete ordering on positions. In Forneys GMDprocedure,dd2e decoding attempts are performed, where an increasing num-ber of least reliable positions are declared erasure. More precisely, thei-thdecoding attempt employs an error-erasure-locating algorithm, where the2ileast reliable positions iny are treated as erasure. These decoding attemptsresult in a list of tentative code words, and we choose from this list the code


word that is most reliable. A number of different criteria toguarantee suc-cessful GMD decoding is investigated in [13]. For a performance analysis ofGMD decoding we refer to [13], because the main interest of this paper con-cerns the efficiency of algorithms. We only note that the criteria, formulatedin [13], take into account whether an error occurred or not, so knowledge ofthe errorpositionsis enough to choose the most likely candidate from thelist of tentative codewords.

Let a sequencefRigli=0 of erasure position sets withjRij = �i andRi �Ri+1 be given. From the previous section we see that all we need, inorderto make a GMD procedure work, is a corresponding set of(ti; �i)-error-erasure-correcting pairs. From Remark 4.3 we see that such an ad hocscheme requiresO(dn3) operations due to the fact that we employ at mostdd2e independent decoding attempts, each requiring a complexity O(n3).One of the results of this paper is that we can do better by introducing arelation between the error-erasure-locating pairs for different numbers oferasures. Explicitly, if a sequence of error-erasure correcting pairs, satisfy-ing the desired relation, exists we can find the set of error-erasure-locatingvectors for increasing sets of erasure positions with essentially the samecomplexity as required by one error-erasure-locating algorithm.

Let fUi; Vigli=0 be a collection of(ti; �i)-error-erasure-locating pairs. WeassumeUi � Ui+1 andVi � Vi+1. In fact, given a codeC, it suffices toclaim this for the spacesUi because we then define theVi as the spacesspanned by all vectors inC � Ui. Without loss of generality we assume thatthe generator matrixGUi+1 containsGUi in the firstk(Ui) rows. In the sameway the parity check matrixHVi is contained in the firstn � k(Vi) rows ofHVi�1 . The corresponding set of key equations (4.8) is�i�T = 0; � 2 F k(Ui )q where�i = HVidiag(y)GTUi: (4.12)

Each key equation has a space of solutions which we denote by�i�i = f� : �i�T = 0g:The idea is now to obtain in one step all spaces�i together with the corre-sponding spaces Wi = fu : u = �GUi ;� 2 �ig: (4.13)

III. Generalized-Minimum Distance decoding 107

In a second step we will find the subspaces ofWi which are zero in thedesired erasure positions so as to satisfy condition (4.9) of Corollary 4.1.

We define a matrix~� by ~� = HV0diag(y)GTUl (4.14)

and denote the sub-matrix of~� consisting of the elements in the firsta + 1rows and firstb + 1 columns as~�(a;b). This definition of~�(a;b) is chosen inorder to make the numbersa; b consistent with the row and column indicesof ~�. The following relation holds by the nested property of codesUi andVi and the choice of matricesGUl andHV0~�(n�k(Vi)�1;k(Ui)�1) = �i: (4.15)

Thus the necessary information for all decoding attempts iscontained in~�.The efficiency of the proposed procedure originates from thefact that wecan find the solution spaces�i of all key equations (4.12) by dealing withonly one matrix~�. In the next section we will describe an efficient algorithmto accomplish this.

Lemma 4.1 The vector spacesWi satisfyWi � Wi+1; for all i < lProof. Consider a vector� that solves�i�T = 0. We see from equa-

tion (4.15) that the same vector� extended byk(Ui+1) � k(Ui) zeros alsosolves�i+1�T = 0. Thus we have for alli < l that�i is contained in�i+1,where vectors in�i are extended by a suitable number of zeros. The lemmafollows now from equation (4.13). 222

Remark 4.4 From Lemma 4.1 we obtain a generator matrixGWl forWl which contains generator matrices forWi; i � l in the leading rows.By simple row operations, we obtainGWl in such a form that for alli thereexists a row vector that belongs toWi and has zeros in positionsRi. Thisvector is then the proper error-erasure-locating vector from the(ti; �i)-error-erasure-locating pair. ObtainingGWl in this form requiresO(d2n) opera-tions due to the fact that we have to perform at mostO(d2) row operations.


In the general case, the described approach results in an efficient proce-dure for obtaining the error-erasure-locating vectors in an GMD-decodingscheme based on algebraic decoding. Nevertheless there areinherent re-strictions. It is by no means clear whether, for a certain codeC, a sequenceof (ti; �i)-error-erasure-correcting pairs with the desired nested propertiesexists such that2ti + �i is reasonably close tod(C) for each pair in thesequence. Assuming we have found such a sequence we are confrontedwith the next problem, namely that the sets of possible errorpositions inthe general case might contain more positions than the weight of the corre-sponding error pattern. Moreover, we have at this stage of the algorithm noindication whether the erasure positions really were erroneous. On the otherhand, checking the criteria for GMD-decoding investigatedin [13] requiresperfect knowledge of error positions in order to decide on the most likelycodeword from the list of tentative codewords. In this situation there aretwo possible strategies. Applying the first strategy we could simply acceptthe uncertainty in error positions and make a decision basedon the zero setsfound. This is feasible, if we know that not too many non errorpositionsare among the possible error positions. The other strategy implies that wecomplete the decoding procedures by finding the error vectors that corre-spond to the sets of possible error positions. In this setup we obtain a listof tentative error vectors and we can pick the most likely onefrom this list.If we choose the second alternative we can be sure to realize the decodingcapability of the GMD procedure, but we also increase complexity. In eithercase the finding of the error-erasure-locating vectors has to be performed,and the described procedure helps in reducing computational complexity.We will return to these problems in Sections V and VI where we restrictourselves to RS and AG codes.

IV The Fundamental Iterative Algorithm

Equation (4.12) in the previous section provides us with a set of key equa-tions for different numbers of set erasures. These equations can be solved byany standard method from linear algebra. An especially convenient form ofGaussian elimination is the Fundamental Iterative Algorithm (FIA) whichwas formulated by Feng and Tzeng in [14]. We recall here a slightly modi-fied form of this algorithm that is suited for our situation. For a givenM�N

IV. The Fundamental Iterative Algorithm 109

matrixA,A =k Ai;j k; i = 0; 1; : : : ;M � 1; j = 0; 1; : : : ; N � 1;the FIA gives a minimal set of linearly dependent leading columns. It basi-cally solves an arbitrary homogeneous system of linear equations and con-tains the Berlekamp-Massey algorithm (BMA) as a special case. We recalla brief description of the basic idea. Details and proofs canbe found in [14].Whenever it is necessary for reasons of dimension we extend avector witha suitable number of zeros. Again let the matrixA(a;b) be the sub-matrix ofA consisting of the elements in the firsta+1 rows in the firstb+1 columnsof A. For a fixedb we consider column vectors� with non-zero coordinateat theb-th position that solve the equationA(a;b)� = 0:Let a = a(b) be maximal such that a solution exists and let� = �(b) besuch a solution. For thesea and� let �(b) be defined as�(b) = bXk=0 Aa+1;k�k;or as�(b) = 0 whenA�(b) = 0. If �(b) 6= 0 we say that we have a discrep-ancy at position(a(b) + 1; b). For a given sequencef (�(b);�(b); a(b)) gb<ithe idea of the FIA is now to calculate�(i) with help of the�(b), b < i.Starting with any vector� of length i + 1 and�i unequal to zero, this isachieved by subtracting suitable scalar multiples of the known�(b) from�,thereby obtaining a new�. More precisely, whenever� solvesA(j;i)� = 0;with Æ = iXk=0 Aj+1;k�k 6= 0and there already exists a discrepancy at position(j + 1; b); b < i we usethe triple(�(b);�(b); j) to construct a new� by the rule� � � Æ�(b)�(b):


This new� satisfies A(j+1;i)� = 0:Finally we will obtain the triple(�(i);�(i); a(i)). Repeating this process weeventually find the desired� that solvesA� = 0. We emphasize the factthat we can freely choose the starting vector to investigatethe i-th columnwith the only restriction that thei-th component is unequal to zero. This isthe key to an efficient algorithm of Berlekamp-Massey type. If we, due tothe structure of the matrix, can find a good starting vector, that saves someoperations, this will lead to faster algorithms. This is thebasic observationthat will be utilized for RS and AG-codes in sectionV andV I.

In the previous section we considered the task of solving simultaneouslysystems of linear equations that were defined in equation (4.15) by sub-matrices of~�. The FIA produces in one run the solution spaces for all�j.The only modification to the original algorithm is that now weare not onlyinterested in the first combination of linearly dependent columns but in allsuch relations. Having found the first solution that solves amatrix�j for aminimal j we simply consider the next column in~�. After a complete runof the FIA we thus have for alli; 0 � i < N triples(�(i);�(i); a(i)) wherea(i) is given either as the maximala such that~�(a;i) has a solution or asn� k(Vj)� 1 if k(Uj�1) � i < k(Uj) and�j�(i) = 0.

Proposition 4.1 Let a matrix~� be given with sub-matrices�j = ~�(n�k(Vj)�1;k(Uj)�1);describing systems of linear equations. The solution spaces�j for all �j arefound by the FIA in one run where a set of vectors generating�j is given by�j = h�(i) : a(i) � n� k(Vj)� 1i:

Proof. Follows from the construction of the triples(�(i);�(i); a(i)) andthe proof of Lemma 4.1. 222We summarize our results obtained so far in the following theorem.

V. Reed-Solomon codes 111

Theorem 4.2 Let a linear codeC together with a sequence of(ti; �i)-error-erasure-locating pairsf(Ui; Vi)gli=0 be given. For a vectory = + ewith 2 C let a sequencefRigli=0 of erasure position sets withjRij = �iandRi � Ri+1 be given. If the pairs(Ui; Vi) satisfyUi � Ui+1and Vi � Vi+1then we can find the corresponding error-erasure-locating vectors from allpairs (Ui; Vi) with complexityO(n3).

Proof. Using equation (4.14) we can calculate matrix~� from the vec-tor y with complexityO(n3). Applying the FIA to~� requires complexityO(n3). The theorem follows then from Proposition 4.1 and Remark 4.4. 222V Reed-Solomon codes

We recall one of the standard descriptions of RS codes overFq . Let � bea primitive element inFq andFq [x℄ be the ring of polynomials inx withcoefficients fromFq . The RS codeC of lengthn = q � 1, dimensionk(C)and minimum distanced(C) = n� k + 1 is defined asC = f(f(�0); f(�1); : : : ; f(�q�2)) : deg(f) < k; f 2 Fq [x℄g:Theith position in a codeword ofC is naturally associated with�i 2 Fq .We assume thatd(C) is odd and define� as� = d(C)� 12 :A sequence of(ti; �i)-error-erasure-locating pairs is described in the follow-ing proposition.


Proposition 4.2 LetC be the RS code of lengthn, dimensionk and dis-tance2� + 1. LetUi andVi be the RS codes of lengthn with dimensions�+1+i andk+�+i, respectively, fori = 0; 1; : : : ; � . Then the pairs(Ui; Vi)give a sequence of(ti; �i)-error-erasure-correcting pairs withUi � Ui+1andVi � Vi+1 such that ti = � � i (4.16)�i = 2i: (4.17)

Proof. For every pair(Ui; Vi) we check conditions (4.5)-(4.7) for error-erasure correction.C andUi consist of the evaluation vectors of polynomi-als of highest degreek�1 and�+i respectively. The component-wise prod-uct of vectors in condition (4.5) corresponds to the usual product of polyno-mials before evaluating them in theq�1 points�j; 0 � j < q�1. ThusVi isobtained by the evaluation of polynomials of degree at most(k�1)+(�+i)and it follows thatVi is the RS code of dimensionk + � + i. This shows(4.5). For a pair(Ui; Vi) we havek(Ui) = � + i+ 1 andd(Vi) = � � i+ 1,and we see that conditions (4.6) and (4.7) are satisfied withti equal to� � iand�i equal to2i. The nested property of codesUi andVi is obvious fromthe construction of pairs(Ui; Vi). Finally, in order to check condition (4.11),we note thatd(Ui) + d(C) equalsn+ � � i + 1 > n. 222With the above proposition we directly can apply the resultsof the previ-ous sections to RS codes. In particular, the requirements inorder to ap-ply Theorem 4.2 are satisfied. However, we can do better by combining aBerlekamp-Massey type algorithm with the idea of a fast GMD decodingscheme. The way this is done is described in the rest of this section.

For an RS code with distance2�+1 letSi be the usual syndrome componentderived from a vectorySi = n�1Xj=0 yj�j�i for i = 1; 2; : : : ; 2�:Using generator and parity check matrices for RS codes defined asfGCgi;j = �ij; i = 0; : : : ; k � 1; j = 0; : : : ; n� 1fHCgi;j = �(i+1)j; i = 0; : : : ; n� k � 1; j = 0; : : : ; n� 1;


we can work out expression (4.14) for~�. ~� has the usual Hankel structurei.e. ~�i;j = Si+j+1 for 0 � i + j < 2�:We see that the interesting part of~� is as a triangular matrix with2� columnsand rows. Comparing this definition of~� to equation (4.14) we have entriesin ~� even for row-indices exceedingn � k(V0) � 1. That does not changethe solution spaces�i but is preferable for the description of a decodingalgorithm for RS codes.

When dealing with Hankel matrices, it is convenient to identify vectors�with polynomials�(x) such that� is interpreted as the coefficient vectorof a polynomial�(x). We say that a polynomial�(x) solves a linear equa-tion if the coefficient vector� does. We point out that our notation slightlydiffers from the one that is used in most books on the subject.Instead oferror-locators of the form

Q(1 � �ix) [11, p.168] we use error-locatingpolynomials of the form

Q(x � �i), which appears to be more natural inconnection with error-locating-pairs. When applied to Hankel matrices ina suitable form, the FIA leads to the well known BMA describedin e.g.[11]. There the BMA is formulated as an iterative procedure for the con-struction of an autoregressive filter. The output of the BMA are two polyno-mials�(x) andB(x) which describe recursive relations on the syndromesS1; S2; : : : ; S2� . �(x) is the feedback-connection polynomial of least de-gree that generates the sequence of syndromes, whereasB(x) describes thefeedback-connection polynomial with least degree, less than the degree of�, thatgenerated the largest initial sequence of the syndromes. A detailed descrip-tion of the BMA can be found in [11]. According to our notation, let �(x)and�(x) be the reciprocal polynomials to�(x) andB(x), respectively. Therecurrence properties of�(x) andB(x) are translated to the following prop-erties of�(x) and�(x).� �(x) is the polynomial of minimal degreel such that the system of

equations ~�(2��l�1;l)�T = 0is satisfied.

114 Chapter 4. Fast GMD decoding of AG and RS codes� The polynomial�(x) of degreeb < deg(�) solves for a maximalathe system of equations ~�(a;b)�T = 0:

Two additional properties of the polynomials�(x) and�(x) are formulatedin the following two lemmata as they are not explicitly proved in [11].

Lemma 4.2 Let a be maximal such that the polynomial�(x) solves thesystem of equations ~�(a;b)�T = 0:For thisa the relation a = deg(�)� 2holds.

Proof. The lemma is essentially a reformulation of Lemma 7.4.3 from[11, p.181], which states that the length of the shift register described by�(x) equalsr � LB, whereLB is the length of the shift register describedby B(x) andB(x) generated the sequence of syndromesS1; S2; : : : ; Sr�1but notS1; S2; : : : ; Sr. In our notation this is expressed in the two equationsdeg(�) = r � deg(�) and a+ 1 + deg(�) = r � 1;which combined prove the lemma. 222

Lemma 4.3 The polynomials�(x) and�(x) do not have a common fac-tor.

Proof. The lemma follows from the iterative construction of�(x).There exists a polynomial��(x), with degree less than the degree of�,such that �(x) = A(x)�(x) + Æ��(x)holds for some polynomialA(x) and some nonzero constantÆ. A commonfactor of�(x) and�(x) would also be a factor of��(x). We can in a similarway trace back all operations of the BMA and find that all intermediatepolynomials would contain this common factor. This contradicts the factthat the BMA is started with the constant polynomial. 222


Let a syndrome polynomialS(x) be defined asS(x) = 2��1Xl=0 S2��lxl:We define two polynomials�(x) and�(x) as�(x) = S(x)�(x) modx2��(x) = S(x)�(x) modx2� :If we have a polynomial�(x), that is zero at all error positions, and the cor-responding associated polynomial�(x), the error values in these positionsare given by a reformulation of Forneys formula [11, p.184]ei = ( ��i(2�+1)�(�i)�0(�i) for all i s.th.�(�i) = 00 otherwise,

(4.18)

where�0(x) denotes the formal derivative of�(x). The derivation of thisformula is essentially the same as the proof of Theorem 7.5.2. in [11, p.184]and therefore omitted.

The results of section III would now suggest to first determine a proper basisof the spaces�i and then, corresponding to accumulated erasure positions,in a second step to impose successively linear conditions onthe spaces�i.For RS codes it is simpler to combine the two steps. LetR be a set of era-sure positions in a wordy. We need the notation of polynomials�(R)(x),�(R)(x) and associated polynomials�(R)(x) and�(R)(x), that play a sim-ilar roll for error-erasure decoding as�(x) and�(x) and their associatedpolynomials for error-only decoding. The polynomials should satisfy thefollowing properties.� The greatest common divisor of�(R)(x) and�(R)(x) equalsYij2R(x� �ij): (4.19)

116 Chapter 4. Fast GMD decoding of AG and RS codes� �(R)(x) is the polynomial of minimal degreel such that property(4.19) and the systems of equations~�(2��1�l;l)�T = 0 (4.20)

is satisfied.� The polynomial�(R)(x) satisfies property (4.19) and solves the sys-tem of equations ~�(a;b)�T = 0 (4.21)

for a maximala < 2� � 1� deg(�(R)) such that~�(a+1;b)�T 6= 0: (4.22)� The polynomials�(x)(R) and�(x)(R) satisfy�(R)(x) = S(x)�(R)(x) modx2� (4.23)�(R)(x) = S(x)�(R)(x) modx2� : (4.24)

We note that the polynomials�(x), �(x), �(x) and�(x) satisfy properties(4.19)-(4.24) for the empty set of erasure positions. We areinterested ina nested sequence of sets of erasure positions. Thus letfRjg2�j=0 be a se-quence of erasure position sets withR0 = fg andRj = Rj�1 [ fijg. Forpolynomials�(Rj)(x) and�(Rj)(x), that solve equations~�(2��1�l;l)�T = 0and~�(a;b)�T = 0, we define a numbers(j) ass(j) = (2� � 1� l)� a: (4.25)

It follows from Lemma 4.2 thats(0) equalsd(C)�2deg(�). Whenevers(j) isnon-positive, we can add an arbitrary multiple of�(Rj)(x) to �(Rj)(x) withneither changing the degree of�(Rj )(x) nor the system of equations solvedby �(Rj)(x). In our case, we use this degree of freedom in order to prescribecertain zeros of�(Rj)(x). The following recursive set of equations describesan algorithm to iteratively determine the relevant polynomials�(Rj)(x) and�(Rj )(x).


Algorithm 4.1Initialization: �(R0)(x) = �(x); �(R0)(x) = �(x);�(R0)(x) = �(x); �(R0)(x) = �(x);s(0) = d(C)� 2deg(�):Iteration step:Æ(j) = � 1 (�(Rj)(�ij+1) = 0) _ ((s(j) � 0) ^ (�(Rj)(�ij+1) 6= 0))0 otherwise:� �(Rj+1)(x) �(Rj+1)(x)�(Rj+1)(x) �(Rj+1)(x) � = � 0 11 0 �Æ(j) � (4.26)� (1� Æ(j))(x� �ij+1) Æ(j)(x� �ij+1)�(Rj)(�ij+1) ��(Rj )(�ij+1) � � �(Rj)(x) �(Rj )(x)�(Rj)(x) �(Rj)(x) �s(j+1) = s(j) + 2Æ(j) � 1

Theorem 4.3 Let a wordy = + e, y 2 F nq , 2 C and a nested

sequence of erasure position setsfRjg2�j=0 be given. Moreover, let polyno-

mials �(R0)(x), �(R0)(x), �(R0)(x), �(R0)(x) be given, as provided by theBMA. Algorithm 4.1 calculates the polynomials�(Rj)(x) and�(Rj )(x) forall 0 � j � 2� with complexityO(d2). If the weight of the vectore out-side the erasure setRj is less than(d(C)� jRjj)=2 then�(Rj)(x) is error-locating.

Proof. We have to prove that the polynomials, constructed in Algo-rithm 4.1, satisfy properties (4.19)-(4.24). For the emptyset of erasuresR0we can verify this from the properties of the BMA. Due to the inductive na-ture of the algorithm, we assume that properties (4.19)-(4.24) are satisfiedfor polynomials�(Rj)(x), �(Rj)(x), �(Rj )(x), �(Rj)(x) and thats(j) satisfiesequation (4.25). It suffices to prove that�(Rj+1)(x), �(Rj+1)(x), �(Rj+1)(x),�(Rj+1)(x) ands(j+1) satisfy properties (4.19)-(4.25). From the construction


it is clear that�(Rj+1)(x) and�(Rj+1)(x) both have a root at�ij+1 . Moreover,they are both nonzero functions with greatest common divisorYij2Rj+1(x� �ij);which follows from equation (4.26) and property (4.19) for polynomials�(Rj)(x) and�(Rj)(x). To prove properties (4.20) and (4.21), we distinguishthe following events:

1. �(Rj )(�ij+1) = 0In this caseÆ(j) equals 1 and�(Rj+1)(x) is a scalar multiple of�(Rj)(x)and thus of minimal degree satisfying property (4.20). Moreover,�(Rj)(�ij+1) 6= 0 holds, and the maximala such that property (4.21)holds for an erasure setRj+1 is less than the corresponding numberfor an erasure setRj. From the structure of Hankel matrices, it fol-lows that�(Rj+1)(x), as calculated in the algorithm, satisfies (4.21).In this cases(j+1) equalss(j) � 1 according to equation (4.25).

2. �(Rj )(�ij+1) 6= 0 ^ �(Rj)(�ij+1) 6= 0 ^ s(j) � 0The situation is almost the same as in case 1. We only note thatthedegree of�(Rj)(x) is less than the degree of�(Rj)(x) as otherwises(j) can not be less than or equal to zero.�(Rj+1)(x) is obtained by asuitable linear combination of�(Rj )(x) and�(Rj)(x) and has degreeequal to the degree of�(Rj)(x).

3. �(Rj )(�ij+1) 6= 0 ^ s(j) > 0If s(j) is greater than zero we need to increase the degree of�(Rj)(x) inorder to find�(Rj+1)(x). To see this, note that the existence of a poly-nomial �(Rj+1)(x) of the same degree as�(Rj )(x) would admit theconstruction of a polynomial that solves the equation~�(2��1�deg(�);l)�T=0 for l < deg(�(Rj)). The constructed polynomial would contradictthe definition of�(Rj)(x) ands(j).The polynomial�(Rj+1)(x) can now be constructed as a suitable linearcombination of�(Rj)(x) and�(Rj)(x) such that�(Rj+1)(�ij+1) equals


zero.�(Rj+1)(x) of some degreeb0 constructed in that way solves theequation~�(a;b0)�T = 0 for the samea as�(Rj)(x), though the degreeof �(Rj+1)(x) need not be equal to the degree of�(Rj)(x). Thus thefunction�(Rj+1)(x) satisfies property (4.21). In this cases(j+1) equalss(j) + 1 according to equation (4.25).


4. �(Rj )(�ij+1) 6= 0 ^ �(Rj)(�ij+1) = 0 ^ s(j) < 0The case is similar to case 3. We only need to show that the degreeof polynomial�(Rj+1)(x) is greater than the degree of�(Rj )(x). As-sume the degree would be equal. As in case 3, we can construct apolynomial�0(x) which solves the equation~�(2��1�deg(�);l)�T = 0for l < deg(�(Rj)(x)) and which is nonzero in the point�ij+1. Fora suitable choice of a polynomialA(x) we can construct a polyno-mial A(x)�(Rj)(x) + �0(x) which either contradicts the definition of�(Rj)(x) or �(Rj)(x).

The four cases cover all possible situations because the case(�(Rj)(�ij+1) =0) ^ (�(Rj)(�ij+1) = 0) can not occur. It can be checked directly that Al-gorithm 4.1 performs precisely the operations required in the four cases.The error-locating property follows either from the results of section III orimmediately, as the constructed polynomials�(Rj)(x) are scalar multiplesof the error-erasure-locating functions found in the standard BMA for theerror-erasure case. The functions�(Rj )(x) and�(Rj)(x) satisfy properties(4.23) and (4.24) due to the fact that the definition of�(Rj)(x) and�(Rj)(x)describes a ring homomorphism fromFq [x℄ to the ring of polynomials mod-ulo the ideal generated byx2� . It thus suffices to notice that�(Rj)(x) and�(Rj)(x) are subject to the same operations as�(Rj)(x) and�(Rj )(x). Fi-nally, we note that every iteration step requires two linearcombinations ofpolynomials of degree less thand and two multiplications of polynomials ofdegree less thand with a linear factor. The complexity of an iteration stepis thus in the orderO(d) and we have to perform at mostd iteration steps. Itfollows that we can find all relevant polynomials with complexity O(d2). 222

Remark 4.5 Theorem 4.3 shows that we can find all error-erasurelocating polynomials together with their associated polynomials with com-plexityO(d2). If the error vector has weight less than��jRjj=2 outside theerasure positions,�(Rj ) is error-locating. Thus we can apply Forney’s for-mula (4.18). In particular we can determine the support of the error vectorfound in thejth decoding attempt as the zero set of�(Rj)(x) minus the zeroset of�(Rj )(x). If the jth decoding attempt fails then�(Rj)(x) has less thandeg(�(Rj)) roots inFq . The determination of the zero sets of these polyno-mials is a crucial operation. The standard technique to do this is to test all


elements ofFq , which requires for each polynomial a complexity propor-tional tond. Thus the complexity for finding all relevant zero sets usingthistechnique is proportional tond2. This is just the complexity required by aGMD decoding procedure usingdd2e independent decoding attempts eachof complexityO(nd). We circumvent this large complexity by translatingall operations performed in Algorithm 4.1 to vector operations, where thevectors�, �, � and� are the evaluation vectors of the corresponding poly-nomials in the points�i, 0 � i � n � 1. Multiplication of a polynomialwith x is thus translated to the component-wise multiplication ofan evalua-tion vector with the vector(�0; �1; : : : ; �n�1). Performing the operations ofAlgorithm 4.1 with vectors does not increase the number of required opera-tions. As every vector operation requires complexityO(n) instead ofO(d),the complexity required by Algorithm 4.1, performed on vectors, isO(dn).Given an RS-codeC, a received vectory = + e, and an ordering of posi-tions iny according to some reliability information, a fast GMD decodingalgorithm thus implies the following steps:

Algorithm 4.2

1. Calculation of the syndromesSi for 1 � i � 2� .

2. Application of the BMA to the syndrome array to find polynomials�(x); �(x); �(x) and�(x).3. Evaluation of polynomials�(x); �(x); �(x) and�(x) in q � 1 points.

4. Application of Algorithm 4.1 to find the set of polynomials�(Ri)(x)and�(Ri)(x), alternatively their evaluation vectors�(Ri) and�(Ri),i = 0; 2; : : : ; 2� .

5. Determination of the best estimate for the codeword based on thezero sets of polynomials�(Ri)(x) and�(Ri)(x).

6. Completion of the decoding by finding the error values.

We summarize the results of this section in the following theorem.


Theorem 4.4 Let an RS codeC of lengthn and minimum Hamming dis-tanced be given. For a given wordy = + e; 2 C, let a reliability infor-mation on the positions iny be given. We can perform a GMD-decoding ofthe wordy with complexityO(nd).

Proof. We estimate the complexity of every step in the GMD decod-ing algorithm 4.2. Finding all the syndromes can be done withcomplexityO(nd). The BMA requires at mostO(d2) operations in order to find polyno-mials�(x) and�(x) together with their associated polynomials [11, p.180].The evaluation of these polynomials needs complexityO(nd). Algorithm4.1, together with Remark 4.5, yields that the complexity required to findthe zero sets of�(Ri)(x) and�(Ri)(x) lies in the orderO(nd). At this pointwe can decide upon the support of the most probable error positions, whichrequiresO(nd) operations. We complete the decoding using Forneys for-mula. To this end we have to calculate�(Ri)0(�l) =Yj 6=l(�l � �j)for any found error positionl, wherej runs through the zero set of�(Ri)(x)with exception ofl. This calculation demands at mostd� 2 multiplicationsfor any of the at mostd�1 error positions and thus requires a computationalcomplexity in the orderO(d2). The theorem follows, as the complexity ofall steps is upper bounded byO(nd). 222

Remark 4.6 The above theorem remains valid with minor obvious mod-ifications when considering codes that are derived from RS codes, such asBCH codes and generalized RS codes.

Remark 4.7 It is worth mentioning that steps 1,2,3 and 6 or equiva-lent steps have to be performed by a decoding procedure that corrects onlyerrors. The additional complexity required for the use of reliability infor-mation is thus the complexity required by steps 4 and 5. Step 5is commonto all GMD decoding schemes and lower bounds the asymptotic complexityof such schemes. This step includes calculation of the generalized distancefrom the received vector to every vector on the list of tentative codewords.This calculation impliesO(n) operations for any of thedd2e possible so-lutions. Therefore complexityO(nd) is asymptotically optimal for GMDschemes as was remarked by Sorger in [2].

VI. Algebraic-geometric codes 123

VI Algebraic-geometric codes

Algebraic-geometric codes, which were first introduced by Goppa in [15],can be seen as a generalization of RS codes. For a brief introduction intothe topic we refer to the book of van Lindt and van de Geer [16],wherestandard terminology for the treatment of AG codes is defined. Let X bea nonsingular, absolutely irreducible, projective curve over Fq with genusg and letD be the divisor obtained as the sum ofn distinct rational pointsPi; i = 0 : : : n�1, onX . A rational functionf onX may be characterized,up to multiplication with a constant, by a divisor of zeros and poles offwhich is denoted by(f). For a divisorG let L(G) denote the space ofrational functionsf onX that satisfyL(G) = ff : (f) +G � 0g: (4.27)

Let l(G) denote the dimension ofL(G). From the Riemann-Roch theoremwe have the relation l(G) � deg(G)� g + 1;with equality ifdeg(G) > 2g � 2. The algebraic geometricfunctionalcodeCL(D;G) is defined asCL(D;G) = f(f(P0); f(P1); : : : ; f(Pn�1)) : f 2 L(G)g:Estimates of the parameters ofCL(D;G) can be found in e.g [16] as lengthn = deg(D), minimum distanced(CL) � n � deg(G) and dimensionk(CL) = l(G)� l(G�D) � deg(G)� g + 1 for deg(G) < n.

TheresidualcodeC(D;G) may be defined asC(D;G) = (CL(D;G))?and has parametersn = deg(D), designed minimum distanced�(C) =deg(G)�2g+2 andk(C) � n�deg(G)+g�1 for deg(G) > 2g�2, cf.[16]. The designed minimum distance of the code is also simply denoted asd when no confusion can arise.

We will only consider the case thatG is a multiple of a distinguished rationalpointP1 that is not in the support ofD, i.e. G = mP1. We assume thatd(C(D;mP1))� g is odd and define� as� = d(C(D;G))� g � 12 :


The parameter� reflects the guaranteed error correction capability of theso called basic decoding algorithm [17]. Efficient schemes for decodingerrors up to half the designed distance were given by Feng andRao [18],Duursma [19], and Ehrhard [20]. The following proposition describes a se-quence of error-erasure locating pairs for AG codes, that realizes the GMDerror correction capability of the basic algorithm. The approach will laterbe extended to guarantee error-erasure-location up to the designed minimumdistance.

Proposition 4.3 LetC be the codeC(D;mP1) with D = P0 + P1 +: : : + Pn�1. Let Ui and Vi be the AG codesCL(D; (� + g + i)P1) andC(D; (m� � � g � i)P1) respectively. The pairs(Ui; Vi); i = 0; 1; : : : �give a sequence of(ti; �i)-error-erasure-correcting pairs withUi � Ui+1andVi � Vi+1 such that ti � � � i; (4.28)�i � 2i: (4.29)

Proof. The proof follows the proof of Proposition 4.2. Conditions(4.6), (4.7) and (4.11) can be checked with the above estimates on minimumdistances and dimensions of AG codes. To prove that (4.5) holds we provethe equivalent statement Ui � V ?i � C?:The spacesUi andV ?i are obtained as evaluation of function spacesL((� +g + i)P1) andL((m � (� + g + i))P1). Thus, the product of a functionf 2 L((� + g + i)P1) andg 2 L((m � (� + g + i))P1) is a function inL(mP1), which corresponds to a codeword inC?. 222The above proposition gives the possibility to directly usethe general setupdescribed in section III for the GMD decoding of AG codes. It followsfrom Theorem 4.2 that we can determine all error-erasure-locating functionswith complexityO(n3). We can do even better, however, by combining fastdecoding procedures, that were first proposed by Justesen atal. in [21],with our scheme in the same way as we used a BMA for RS codes. Therestof this section will treat this approach and deals with the question how to


combine the output of such a BMA for AG codes in order to get an efficientGMD decoding procedure. For the BMA itself, applied to AG codes, thereader is referred to [23].

A BMA type algorithm for AG codes requires the introduction of someadditional structure to the matrix~�. The rows of the generator matricesGUiand parity check matricesHVi are obtained by evaluating basis functionsof spacesL(lP1) for suitablel. The choice of basis functions forL(lP1)naturally influences the structure of the matrix~�. In order to fix a basis forL(lP1) that permits a Berlekamp-Massey type algorithm, we recall someproperties of vector spacesL(lP1).Let oj be a non-negative integer such thatL(ojP1) 6= L((oj � 1)P1). Thenumberoj is called a non-gap atP1 or simply a non-gap, which meansthat there exists a function�oj with a pole of orderoj atP1. The constantfunction has no poles and it follows thato0 = 0 and�0 = 1. The set ofnon-negative integersl such thatL(lP1) = L((l � 1)P1) is called the gapsequence atP1 and denoted byG. As a consequence of the Riemann-RochTheorem the non-gaps satisfy0 = o0 < o1 < o2 < � � � < og�1 < 2gand oi = i + g; for i � g:The value ofo1 is crucial for complexity considerations.P1 is called aWeierstrass point, if o1 is less thang + 1. It is clear that whenoi andojare non-gaps thenoi + oj is also a non-gap. This property of the non-gapsallows choosing a basisf1; �o1; �o2 : : :g for L(lP1) such that�oj+o1 equals�o1�oj if oj is a non-gap. In other words we assume the basis to be closedunder multiplication with�o1 as long as this is consistent with the maxi-mal pole orderl. We introduce virtual basis functions�i = 0 for i 2 G.This streamlines notations as we can mimic a very regular structure of thespacesL(lP1). A functionf in L(lP1) can be thought of as uniquely beingexpanded as lXi=0 fi�i; fi = 0 8i 2 G: (4.30)


For a vectory = + e, 2 C(D;mP1) we define syndromesSy(i; j) asSy(i; j) = n�1Xl=0 yl�i(Pl)�j(Pl): (4.31)

It is clear from the definition of the codeC(D;mP1) thatSy(i; j) equalsSe(i; j) if i + j � m holds. With the chosen basis for the spacesL(lP1),the matrix~� has entries~�i;j = Se(i; j) for i+ j � m: (4.32)

The entriesSe(i; j) for i + j > m are unknown except for the case thatior j is a gap in which caseSe(i; j) equals zero. The entries of~� satisfy theproperty ~�i;j = ~�i�o1;j+o1; if (i� o1 62 G) _ (j 62 G); (4.33)

which can be seen from equation (4.31) and the fact that�i = �i�o1�o1 and�j+o1 = �j�o1. Relation (4.33), which resembles the defining relation ofHankel matrices, is the key to a Berlekamp-Massey type algorithm. Suchan algorithm was first derived by Justesen et al. in [21], based on an algo-rithm proposed by Sakata in [22]. Here we invoke an algorithmsuggestedin [23], which is different from the algorithm proposed in [21], though itnaturally relies on similar observations. The following lemma, which is es-sentially equal to Lemma 2 from [23] constitutes one of the cornerstones ofthis algorithm and it will be needed in some subsequent proofs. Similar tothe case of RS codes, where we identified vectors with polynomials, herewe identify vectors� with functions� such that the vector� is the coeffi-cient vector for the expansion of� according to (4.30). We will say that afunction� solves a system of linear equations if the corresponding vector�is a solution.

Lemma 4.4 Let a function� solve the system of linear equations~�(a;j)� = 0: (4.34)

Then the function�0 = �o1� solves~�(a�o1 ;j+o1)� = 0:


Proof. With equations (4.31), (4.32) and� = Pjl=0 �l�l equation(4.34) implies n�1Xj=0 yj�(Pj)�i(Pj) = 0 for i � a:Due to the structure of the chosen basis we haven�1Xj=0 yj�(Pj)�o1(Pj)�i(Pj) = 0 for i � a� o1from which the lemma follows. 222Here we do not intend to give a description of the algorithm from [23]. Forour purposes it is sufficient to note that given a matrix~� it calculates two setsof functionsf�(i;m)go1�1i=0 andf�(j;m)go1�1j=0 together with associated numbersa(m;i)� anda(m;j)� such that the following properties are satisfied.

Property 1 �(i;m) is a function of least pole orderl � i modo1 that solvesthe system of equations ~�(m�l;l)�T = 0:The numbera(m;i)� equalsm� l + 1.

Property 2 A function�(j;m) of pole orderb solves the system of equations~�(a�1;b)�T = 0; bXl=0 ~�a;l�l = � 6= 0such thata is the greatest number smaller thanm � b that satisfiesa � j modo1. The numbera(m;j)� equalsa. If no such function existsthen�(j;m) is set to zero.

The interpretation of functions�(i;m) and�(j;m) is analogous to the roll thatpolynomials� and� play in the BMA for RS codes. The functions�(i;m)solve a system of linear equations that describes multi-dimensional recur-rence relations on the known syndromes, whereas the functions�(j;m) failed


to satisfy a recurrence relation at an earlier step of the algorithm. The func-tion �(i;m) of lowest pole order is in fact the error-locating function pro-posed by the basic algorithm, which directly follows from Proposition 4.3.The main difference to a one-dimensional BMA is the fact thattwo sets offunctions each of sizeo1 are considered. The numbersa(m;i)� anda(m;j)� char-acterize the state of the algorithm by indicating which system of equationsis solved by the corresponding function.

LetR be a set of erasure positions. We want to determine sets of functionsfor error-erasure decoding that are similar to functions�(i;m) and�(j;m).More precisely, our goal is to find sets of functionsf�(i;m;R)go1�1i=0 ; f�(j;m;R)go1�1j=0and corresponding numbersa(m;i;R)� anda(m;j;R)� that satisfy the followingproperties.

Property 1’ �(i;m;R) is a function of least pole orderl � i modo1 thatsolves the system of equations~�(m�l;l)�T = 0�(i;m;R)(Pl) = 0 8 l 2 R:The numbera(m;i;R)� equalsm� l + 1.

Property 2’ A function�(j;m;R) of any pole orderb solves the system ofequations ~�(a�1;b)�T = 0; bXl=0 ~�a;l�l = � 6= 0�(j;m;R)(Pl) = 0 8 l 2 R;such thata is the greatest number smaller thanm � b that satisfiesa � j modo1. The numbera(m;j;R)� equalsa. If no such functionexists then�(j;m;R) is set to zero.

The function�(i;m;R) of lowest pole order is just the error-erasure-locatingfunction that is obtained from the basic algorithm for the set of erasure po-sitionsR, cf. Proposition 4.3 .


In the general setup of section III we could find the error-erasure-locatingvectors for nested sets of erasures from the spaces�i. In the case of AGcodes we can bypass the spaces�i, as we did for RS codes, and find thefunctions�(i;m;R) and�(j;m;R) directly from the functions�(i;m) and�(j;m).LetRl � Rl+1 be the set of erasure positionsfi1; i2; : : : ; ilg. The follow-ing algorithm gives the basic iteration step to find functions�(i;m;Rl+1) and�(i;m;Rl+1) from the functions�(i;m;Rl) and�(j;m;Rl).

Algorithm 4.3

1. Input: Functions�(i;m;Rl) and�(j;m;Rl), numbersa(m;i;Rl)� , a(m;j;Rl)�and the new erasure positionil+1 = Rl+1 n Rl.

2. Find the function� among the functions�(i;m;Rl) and�(j;m;Rl) whichsolves the equation ~�(a;b)� = 0for a maximala such that�(Pil+1) 6= 0. If two such functions exist let� be the one of lower pole order.

3. Construct the functions�(i;m;Rl+1),�(j;m;Rl+1) according to�(i;m;Rl+1) = � (�o1 � �o1(Pil+1))� �(i;m;Rl) = ��(Pil+1)�(i;m;Rl) � �(i;m;Rl)(Pil+1)� otherwise,

and�(j;m;Rl+1) = � (�o1 � �o1(Pil+1))� �(j;m;Rl) = ��(Pil+1)�(j;m;Rl) � �(j;m;Rl)(Pil+1)� otherwise.

4. The numbersa(m;i;Rl+1)� anda(m;j;Rl+1)� are modified according toa(i;m;Rl+1)� = ( a(i;m;Rl)� � o1 �(i;m;Rl) = �a(i;m;Rl)� otherwise;and a(j;m;Rl+1)� = ( a(j;m;Rl)� � o1 �(j;m;Rl) = �a(j;m;Rl)� otherwise.


Proof. We have to show that the calculated functions�(i;m;Rl+1)and�(j;m;Rl+1) satisfy the required properties 1’ and 2’ for an erasure setRl+1. Step 3 of the algorithm ensures that they have zeros in points indi-cated by the setRl+1. With exception of the function that was chosen as�, the functions�(i;m;Rl+1) and�(j;m;Rl+1) satisfy also the required proper-ties for�(i;m;Rl) and�(j;m;Rl) which proves the validity of the algorithm forthese functions.

We distinguish the two cases that� is a function�(j;m;Rl) or �(i;m;Rl), re-spectively. Assume first that� equals�(j;m;Rl). Then there does not exist afunction�(j;m;Rl+1) that solves the system of equations~�(a(j;m;Rl)� ;b)�T = (0; 0; : : : ; 0;� 6= 0)T ; �(j;m;Rl+1)(Pil+1) = 0;because this would contradict the definition of�. It follows thata(j;m;Rl+1)�equalsa(j;m;Rl)� � o1 as we havea(j;m;Rl+1)� � a(j;m;Rl)� modo1. Thus thefunction �(j;m;Rl+1) may be chosen as(�o1 � �o1(Pil+1))�(j;m;Rl), whichguarantees property 2’.

If � equals�(i;m;Rl) then the pole order of�(i;m;Rl+1) equals the pole orderof �(i;m;Rl) pluso1 for a similar reason. Thus�(j;m;Rl+1), chosen as(�o1 ��o1(Pil+1))�(j;m;Rl+1), satisfies the required property 1’. 222We estimate the complexity of Algorithm 4.3. There are all together2o1functions to be considered. Step 2 and 3 involve the evaluation of the func-tions in a certain point, which requires complexityO(o1d). The set of num-bersa(i;m;Rl)� anda(j;m;Rl)� is then sufficient to choose the function�. Theconstruction of2o1 functions in step 3 also requires complexityO(o1d).This implies that Algorithm 4.3 requires a complexityO(o1d).The setR0 denotes the empty set of erasure positions. For the empty setof erasure positions, the properties 1,2 and 1’,2’ coincide. Thus the algo-rithm from [23] provides functions�(i;m;R0) and�(j;m;R0) directly. We haveto performd iterations of Algorithm 4.3 in order to successively include allerasure positions. Thus the overall complexity to find the set of all interest-ing error-erasure-locating functions from functions�(i;m;R0) and�(j;m;R0) isin the orderO(o1d2).


Remark 4.8 In correspondence to Remark 4.5, we note that Algo-rithm 4.3 might as well be performed on vectors which are the evaluation ofthe functions�(i;m;Rl) and�(j;m;Rl) in pointsPl, 0 � l � n� 1. Using thissetup, we do not have to evaluate the set of possible error-erasure-locatingfunctions for different sets of erasures later on in order toget the informa-tion about possible error positions. The multiplication ofa function with�o1 now corresponds to component-wise multiplication of the evaluationvectors. The number of updates in Algorithm 4.3 is still proportional too1,whereas the evaluation of functions becomes trivial. Everyupdate is per-formed with vectors of lengthn so that the computational complexity ofoneiteration step described by Algorithm 4.3 is in the orderO(o1n).We summarize the results obtained so far in the following theorem.

Theorem 4.5 Let an AG code of typeC = C(D;mP1) be given. Fora given wordy = + e; 2 C, let the syndromesSy(i; j) for i + j � mand a reliability information on the positions iny be given. We can findall tentative error-erasure-locating functions of minimal pole order for aGMD-decoding scheme, that realizes the error correction capability of thebasic algorithm, with complexityO(o1d2).

Proof. The theorem is a consequence of Algorithm 4.3. The func-tions�(i;m) and�(j;m) can be calculated with complexityO(o1d2), which isproved in [23]. These functions are the starting point for the iterative deter-mination of the functions�(i;m;Rl) and�(j;m;Rl) with Algorithm 4.3. Each ofthe less thand iteration step of algorithm 4.3 requires complexityO(o1d),which results in an overall complexityO(o1d2). 222Theorem 4.5 guarantees the error-erasure-locating property of functions�(i;m;R) only up to the error correction capability of the basic algorithm.However, many error-erasure patterns of higher weight are located by thissetup, cf. [25][24, Remark 4.6]. In order toguaranteeerror-erasure-locationup to the full correction capability of the code, we can employ the majorityvoting scheme proposed by Feng and Rao in [18]. The idea of this scheme isto iteratively determine syndromesSe(i; j) with i+ j > m. The main diffi-culty when applying this scheme is that the iterative determination of more


than one unknown syndrome is a nonlinear operation in the known syn-dromes. This implies that we can not treat the decoding attempts for nestedsets of erasures in parallel by dealing with nested vector spaces. We haveto treat the decoding attempts separately from now on. However, we canutilize the sets of functions�(i;m;Rl) and�(j;m;Rl) obtained so far. The func-tions�(i;m;Rl) give recursions on the known syndromes. They also providethe possibility to determine a tentative value of a syndromes Se(i; j) withi + j = m + 1, that is consistent with the recursion described by�(i;m;Rl).In this way it is possible to determine a similar tentative syndrome value foreach found recursion on the known syndromes. Under the assumption thatthe weight of the error vector does not exceed the error correction capabil-ity of the code, Feng and Rao showed that, when counted properly, most ofthese tentative syndrome values are correct in the sense that they correspondto the syndrome value calculated from the unknown error vector. For detailson the majority voting scheme the reader is referred to [18].A fast algorithmthat uses such a majority scheme in the context of error-erasure decoding isfound in [23]. The algorithm formulated there works in an iterative fashionfor a given set of erasure positions. An iteration determines, from two setsof function of type�(i;m;R) and�(j;m;R), the value of the syndromeSe(i; j)with i+ j = m+1 and two new sets of functions�(i;m+1;R) and�(i;m+1;R).Every iteration step requires a complexityO(o1d), [23]. For details of thisalgorithm the reader is referred to [23].

The question arises how many additional syndromes we have todetermineuntil we can rely on the found recursions. To this end we assume that weiteratively could determine for any erasure set the syndromesSe(i; j) withi + j � m + g. These syndromes may be different for different sets oferasures. On the other hand knowing these syndromes is equivalent to de-coding a code with a larger minimum distance. We can think of the codeC(D; (m + g)P1) being decoded up to the error correction capability ofthe basic algorithm and we can apply Theorem 4.5, which yields that weindeed find the required tentative error-erasure-locatingfunction of lowestpole order. We summarize the situation in the following theorem.

Theorem 4.6 Let an AG code of typeC = C(D;mP1) be given that isderived from a curve of genusg > 0 . For a given wordy = + e; 2 C,let the syndromesSy(i; j) for i + j � m and a reliability information on


the positions iny be given. We can find all tentative error-erasure-locatingfunctions of minimal pole order for a GMD-decoding scheme, that guaran-tees the full error correction capability of the code, with complexity in theorder ofO(o1gd2).

Proof. From the proof of Theorem 4.5 it follows that we can find func-tions�(i;m;Rl) and�(j;m;Rl) with complexityO(o1d2). The determination ofsyndromesSe(a; b) for m < a + b � m + g and functions�(i;m+g;Rl) and�(j;m+g;Rl) requires for a particular set of erasure positionsg iterations of thealgorithm formulated in [23], where each iteration requires a complexity oforderO(o1d) cf. [23]. We have at mostd sets of erasure positionsRl. Thestatement of the theorem follows.

Remark 4.9 Given a vectory = + e, 2 C(D;mP1) aparticular erasure setRl does not always lead to an error-erasure-locatingfunction�(i;m+g;Rl), which locates the support of an error vectore such thatej�(i;m+g;Rl)(Pj) is zero for allj andy� e is a codeword inC(D;mP1).The majority voting scheme of Feng and Rao often provides thepossibilityto identify such erasure sets at an early stage of the algorithm. The typical(but not general) situation is that, at a certain step of the algorithm, we willrun out of votes to determine a new syndrome. If this situation occurs wecan disregard of such an erasure set, which decreases the complexity of thealgorithm.

Error values

In the previous section, an algorithm is given to determine,for differentsets of erasure positions, a tentative error-erasure-locating function. In or-der to complete a GMD decoding, we need to determine the support of thecorresponding error vector. We have to find a list of possibleerror vectorsassociated with the set of tentative error erasure-locating functions. The ap-proach proposed here is similar to the approach first proposed by Justesenet al. in [21] for codes from certain plane curves.

Let us for a moment assume that we know for an error vectore all syn-dromesSe(i; 0) for 0 � i < n + 2g. The vector of syndromes is the im-age of a linear map fromF nq to F n+2gq that sendse to TeT whereT is the

134 Chapter 4. Fast GMD decoding of AG and RS codes(n+ 2g)� n matrix with entriesTi;j = �i(Pj). The matrixT has rankn asa consequence of the fact that the vector spaceL((n+ 2g� 1)P1)=L((n+2g � 1)P1 � D) has dimensionn. Thus the syndrome vector is in one toone correspondence with the vectore. We can find the corresponding errorvector with the inverse mappingT�1 from the set ofn syndromesSe(i; 0)such that theith row ofT is not a linear combination of proceeding rows ofT . The matrix describingT�1 is then a knownn � n matrix, and we canfind the error vectore with computational complexity in the orderO(n2) inthe general case. For many interesting families of curves, this complexitycan be significantly decreased by using fast transform techniques, see e.g.[21] for codes on Hermitian curves.

The problem of finding the error vectore is thus reduced to finding thecorresponding set of syndromes. These syndromes can be determined in aniterative fashion. To this end, we assume that we know for some numberw > m all syndromesSe(i; j) with i + j < w. Given an error-erasure-locating function� we show how to obtain all syndromesSe(i; j) with i +j = w. Repeating this process for increasing values ofw clearly givesan iterative algorithm to determine all interesting syndromes. We need thefollowing lemma.

Lemma 4.5 Let for an error vectore all syndromesSe(i; j) with i+ j <w and one syndromeSe(a; b) with a+ b = w be given. Then we can find allsyndromesSe(i; j) with i+ j = w with complexity in the orderO(o1g).

Proof. Any syndromeSe(i; j) with i + j = w can be expressed as alinear combination Se(i; j) = wXk=0 a(i;j)k Se(k; 0);which is a consequence of equation (4.31) and the fact that the function�i�jcan be expressed as �i�j = wXk=0 a(i;j)k �k: (4.35)

The coefficientsa(i;j)k are known in advance. The question arises how manyof the coefficientsa(i;j)k are nonzero. Due to the choice of the functions�i,

VI. Algebraic-geometric codes 135�i contains a factor�lio1 such thati0 = i�lio1 is a non-gap andi�(li+1)o1 is

a gap, i.e.�i = �lio1�i0. Similarly, the function�j has the form�j = �ljo1�j0.We consider the equation�i0�j0 = i0+j0Xk=0 a(i0;j0)k �k: (4.36)

The maximal pole order of a function�i, which does not contain�o1 asa factor, is2g � 1 + o1. It follows that�i0�j0 is an element of the spaceL(2(2g�1+o1)P1) and equation (4.36) has at mostl(2(2g�1+o1)P1) =3g + 2o1 � 1 coefficients. Equation (4.35) is then obtained by multiplying(4.36) with�li+ljo1 .

From equation (4.33) we know that we have to determine at mosto1 differentsyndromesSe(i; j) with i+ j = w. Each determination of such a syndromeinvolves a linear equation with at most3g + 2o1 � 1 coefficients. It followsthat the number ofFq -multiplications in order to find allSe(i; j) with i+j =w is at mosto1(3g + 2o1 � 1) and the lemma follows. 222

Remark 4.10 Lemma 4.5 is a rather conservative estimate on the re-quired complexity. In many interesting cases, such as codeson Hermitiancurves, this complexity is much less due to additional conditions that wecan impose on the functions�i. In the case of codes on Hermitian curves,we could e.g. replaceO(o1g) in Lemma 4.5 withO(1), cf.[23].

Given an error-erasure-locating function� =Xi�0 �i�i;the following relation holds for all non-negativejXi�0 �iSe(j; i) = 0; (4.37)

which is a consequence of the fact thatel�(Pl) is equal to zero for alll.Now let for somew all Se(j; i) with j + i � w � 1 and an error-erasure-locating function� be given. Let�l be the term with highest pole order in


the expansion of�. We rewrite equation (4.37) asSe(j; l) = � 1�l l�1Xi=0 �iSe(j; i): (4.38)

Providedj is a non-gap, in which case equation (4.38) is nontrivial, wecandetermine a syndromeSe(j; l) with j + l = w from syndromesSe(j; i)with j + i < w. The numberj is always a non-gap ifw � l is larger than2g � 2. This situation is always given in a GMD decoding scheme, wherethe minimalw equalsm + 1 for the basic algorithm andm + g + 1 for analgorithm employing the majority voting scheme of Feng and Rao.

Equation (4.38) and Lemma 4.5 together yield the following Lemma.

Lemma 4.6 Let for an error vectore the syndromesSe(j; i) with j+ i �m + g and an error-locating function� be given. We can determine theset of syndromesSe(i; 0) for 0 � i < n + 2g and the corresponding errorvectore with complexityO(n(n+ o1g).

Proof. Equation (4.38) and the proof of Lemma 4.5 give an iterative al-gorithm to determine the required syndromes. Every iteration step requiresO(d) multiplications of elements inFq in order to compute equation (4.38)andO(o1g) Fq -multiplications in order to apply Lemma 4.5. We have toperformO(n � d) iterations which leads toO((n� d)(d + o1g)) multipli-cations in order to calculateSe(i; 0) for 0 � i < n + 2g. The error vectoreis found by the inverse mapT�1, which requiresO(n2) Fq -multiplications.The statement of the lemma follows. 222

Remark 4.11 Lemma 4.6 allows us to find an error vectore providedthat � is error-locating in the sense that there exist a vectore such thatel�(Pl) equals zero for alll ande�y is a codeword inC(D;mP1). How-ever, we can not always guarantee this error-locating property of �. Onthe other hand if� is not error-locating we still can iteratively determine aset of syndromes which then points out a feasible error vector (of usuallyhigh weight). In a GMD decoding scheme context, where we havea listof tentative error-erasure-locating functions, which arenot necessarily allerror-locating, the above transformation procedure stillleads to a list of ten-tative error vectors such thate� y 2 C(D;mP1) for any vectore on thelist.


Theorem 4.7 Let an AG code of typeC = C(D;mP1) with lengthnand minimum distanced be given. For a given wordy = + e; 2 C, let areliability information on the positions iny be given. A GMD decoding ofthe wordy, that guarantees the full error correction capability of the code,can be performed with complexity not exceedingO(dn(n+ o1g)).

Proof. The first step in the proposed decoding procedure consists ofcalculating the syndromesSe(j; i) with j + i � m. We can determine thesesyndromes iteratively from equation (4.31) and Lemma 4.5 which requiresa complexityO((d+g)(n+o1g). From Theorem 4.6 it follows that we thencan find all tentative error-erasure-locating functions with complexity in theorderO(o1gd2). Given the set of tentative error-erasure locating functionswe have to find the corresponding error vectors. From Lemma 4.6 and Re-mark 4.11 it follows that we can find a list of at mostdd=2e feasible errorvectors with complexityO(dn(n+o1g)). Thus the complexity in every stepis upper bounded byO(dn(n+ o1g)) and the theorem follows. 222An example - Hermitian Codes

Codes on Hermitian curves are one of the best investigated classes of AGcodes. The curves are defined overFq2 and can be described by the homo-geneous equation [27]H : Y qZ + Y Zq = Xq+1:H is a nonsingular, plane curve with genusg = q(q � 1)=2. It has one pointat infinity P1 = (0 : 1 : 0) andq3 other rational points overFq2 . Let x andy be defined as the rational functionsXZ and YZ . With D chosen as the sumof theq3 affine points, it suffices to consider the affine equation of the curveH : yq + y = xq+1: (4.39)

It is shown in [27] that the vector spaceL(mP1) has a basisL(mP1) = hxiyj : i � 0; 0 � j < q; qi+ (q + 1)j � mi: (4.40)

In particular it follows that the non-gap sequence is equal to0; q; q + 1; 2q; 2q + 1; 2q + 2; 3q; : : : ; (q � 1)q + q � 1; q2; q2 + 1; : : : :


The first non gapo1 is therefore equal toq and�o1 is equal tox. Fromequation (4.40) also follows that we can choose�i as�i = � 0 i is a gapy(i modq)x(i�(q+1)(i modq))=q otherwise.

Given a vectory = +e, syndromesSe(i; j) are defined by equation (4.31).For the chosen functions�i the content of Lemma 4.5 is reduced to thefollowing simple lemma, which we cite from [23].

Lemma 4.7 (Lemma 8 from [23]) Let the curveH be defined by theequationH : Xq+1 = ZY q + ZqY . The syndromesSa;b satisfy the rela-tions Sa;b = 8<: 0 (a 2 G) _ (b 2 G)Sa+b;0 (a modq) + (b modq) < qSa+b;0 � Sa+b�q2+1;0 otherwise.

Proof. This is a direct consequence of the affine equation of the curveH. For a full proof see [23].

We illustrate the error-localization procedure of an efficient GMD decodingprocedure in the following example.

Example 4.1 LetX be the Hermitian curveX : x5 = y4 + yoverF16 �= Z2[z℄=(z4+ z+1). Let� be a root ofz4+ z+1. We investigatethe codeC(D; 18P1) with D as the sum of 64 affineF16 -rational pointsPl = (xl; yl). C(D; 18P1) has dimensionk = 51 and designed minimumdistanced = 8. The error correction capability that is guaranteed by thebasic algorithm corresponds to a distance equal to two. Let avectory = + e; 2 C(D; 18P1) be given such that five errors have occurred inpoints

error point error value error point error value(�5; �3) � (�; �9) �4(0; �5) � (�3; �2) �:(�9; �2) �3


We can calculate syndromesSe(i; 0) according to equation (4.31) for0 �i � 18 asS0;0 = �14 S1;0 = 0 S2;0 = 0 S3;0 = 0 S4;0 = �5S5;0 = �6 S6;0 = 0 S7;0 = 0 S8;0 = �8 S9;0 = �5S10;0 = �4 S11;0 = 0 S12;0 = �12 S13;0 = �10 S14;0 = �13S15;0 = �5 S16;0 = �11 S17;0 = �9 S18;0 = �10Using Lemma 4.7, we then can calculate any syndromeSe(i; j) with i +j � 18. Thus we know all syndromes occurring in matrix~� as defined inequation (4.32). This matrix reads

~�=0BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB�

�14 0 0 0 �5 �6 0 0 �8 �5 �4 0 �12 �10 �13 �5 �11 �9 �100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0�5 0 0 0 �8 �5 0 0 �12 �10 �13 0 �11 �9 �10 ? ? ? ?�6 0 0 0 �5 �4 0 0 �10 �13 �5 0 �9 �10 ? ? ? ? ?0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 00 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0�8 0 0 0 �12 �10 0 0 �11 �9 �10 0 ? ? ? ? ? ? ?�5 0 0 0 �10 �13 0 0 �9 �10 ? 0 ? ? ? ? ? ? ?�4 0 0 0 �13 �5 0 0 �10 ? ? 0 ? ? ? ? ? ? ?0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0�12 0 0 0 �11 �9 0 0 ? ? ? 0 ? ? ? ? ? ? ?�10 0 0 0 �9 �10 0 0 ? ? ? 0 ? ? ? ? ? ? ?�13 0 0 0 �10 ? 0 0 ? ? ? 0 ? ? ? ? ? ? ?�5 0 0 0 ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ?�11 0 0 0 ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ?�9 0 0 0 ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ?�10 0 0 0 ? ? 0 0 ? ? ? 0 ? ? ? ? ? ? ?

1CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCA:

We apply the BMA proposed in [23] to the matrix~� in order to obtain thefunctions�(i;18) and�(j;18). The functions are listed below.i �(i;18) a(18;i)�0 �12+�13x+�7x2+�13xy+x3 71 �9+�8x+�4y+�5x2+xy+�7x3+x2y 62 �4+�12x+�13x2+�12xy+y2 93 �8x+�x2+�3xy+�5x3+y3 4

140 Chapter 4. Fast GMD decoding of AG and RS codesi �(i;18) a(18;i)�0 �2+�9x+y+�2x2 81 �2+x+�10y+�2x2+�10xy 92 0 �3 0 �It is straight forward to verify that the functions�(i;18) and�(j;18) satisfy therequired properties. Starting from these functions, we have to iterativelydetermine functions�(i;18;Rl) and�(i;18;Rl). To this end, we assume that thepointPj1 = (�5; �3) indicated the least reliable position iny and we thuschoose the first erasure position setR1 = fj1g. Applying Algorithm 4:3,we find that the function� equals�(1;18), and we calculate the followingtables.i �(i;18;R1) a(18;i;R1)�0 �6 + �6y + �6x+ �11xy + �9x2 + �3x3 71 � + �10y + �2xy + �3x2 + �3x2y + �10x3 62 � + �7y + �3y2 + �7x+ �9xy + �7x2 93 �2 + �3y3 + �10y + �12x + �7xy + �10x2 + �8x3 4j �(j;18;R1) a(18;j;R1)�0 �3 + �7y + �8x+ �4xy + �3x2 81 �7 + y + �x + �5xy + �9x2 + �10x2y + �2x3 52 0 �3 0 �We assume that the second least reliable position is indicated byPj2 =(�;�9) and thus we haveR2 = fj1; j2g. Because the function�(2;18;R1)hasPj2 as zero, we have to choose� as�(0;18;R1). In the following iterationof Algorithm 4:3 we find the following tables.i �(i;18;R2) a(18;i;R2)�0 �2 + �12y + �5x + �11xy + x3 71 �10 + �5y + �14x + �11xy + �7x2 + x2y + �7x3 62 �13 + �4y + y2 + �4x + �6xy + �4x2 93 �4y + y3 + �14x + �xy + �x2 + �5x3 4

VII. Conclusions 141

j �(j;18;R2) a(18;j;R2)�0 �8y + �4 + �x+ �13xy + �5x2 + �4x2y + �3x3 41 � + �9y + �10x+ �14xy + �3x2 + �4x2y + �11x3 52 0 �3 0 �In a similar way such tables are found for erasure position setsRi with ilarger than 2. Here we only consider the branches corresponding to era-sure setsRj, j = 0; 1; 2. It is a remarkable fact that the function�(2;18;R1)is error-locating, that means evaluates to zero at all five error points. Thisunderlines the error correction capabilities of the basic algorithm. Besides�(2;18;R1), the functions�(i;18;R2), i = 0; 1; 2 are also error-locating. A sub-sequent application of the majority voting of Feng and Rao runs out of votesfor the error-only case and yields�(2;18;R1) as tentative error-locating func-tion for erasure setsR1 andR2.VII Conclusions

The decoding scheme proposed in section III gives a general efficient pro-cedure for GMD decoding of linear codes. Provided a sequenceof error-erasure-locating pairs exists, the general procedure findsall error-erasure-locating vectors with a complexity in the orderO(n3) wheren is the lengthof the code. In the case of RS codes, the procedure is performed by in-troducing two additional steps in a decoding procedure thatcorrects errorsonly. One of these steps concerns the iterative solution of asystem of linearequations, and the other is the check for the most likely error vector, com-mon to all GMD decoding schemes. Due to the regular structureof all linearequations involved, we have given an algorithm that accomplishes the GMDdecoding problem for RS codes requiring complexityO(nd), whered is theminimum Hamming distance of the code. This has to be comparedwithearlier GMD decoding schemes that do not utilize the dependence structurebetween the different decoding attempts. The complexity ofsuch schemesis given byO(nd2), due to the fact that we employO(d) decoding attemptseach requiring complexityO(nd).


The complexity of the algorithm applied to algebraic geometric codes ishighly dependent of the chosen curve. We consider nonsingular,absolutelyirreducible, projective curves and a class of so calledone-pointcodes. Wecan find all tentative error-locating functions, in a setup that guarantees theerror correction capability of the basic algorithm, with complexityO(o1nd),whereo1 is the first non-gap of the function space associated with thecode.The inclusion of the majority voting scheme of Feng and Rao [18], in orderto guarantee the full GMD decoding capability of the code, can be donewith complexityO(o1gd2). However, it has been observed by Høholt andPellikaan in [24, Remark 4.6], that the performance of the basic algorithm isclose to the performance of an algorithm that guarantees theerror correctioncapability up to half the designed minimum distance, see also [25]. Thisobservation suggests that it very often may be sufficient to use the setup ofthe basic algorithm in an application.

The list of tentative error-erasure-locating functions provides some infor-mation about the error positions of the corresponding tentative error values.However, in contrast to the case of RS codes we can not determine the exacterror positions from this list. This is, on the one hand, due to the fact thatan error-erasure-locating functions may have more zeros than the weight ofthe corresponding error vector suggests, and on the other hand we are lack-ing an efficient Forney formula to check whether an erased position in thereceived word is erroneous.

For any particular set of erased positions, we can determinethe error vectorcorresponding to an error-erasure-locating function withcomplexityO(n(n + o1g)). Thus, using the setup of the basic algorithm and if wedecide on the most likely error vector based on the zero sets of the corre-sponding error-locating functions, a soft decision decoding of an AG codecan be performed with complexityO(o1n2). In order to guarantee the fullerror correction capability of a GMD decoding scheme, we have to find atentative error vector for any tentative error-erasure-locating function. Sucha scheme would require complexityO(dn(n+o1g)). This compares with thecomplexity required by decoding attempts that do not use thedependencystructure proposed in section III. Such an approach requiresO(o1nd2) oper-ations due to the fact that we employdd2e decoding attempts, each requiringcomplexityO(o1nd), [23].

Bibliography

[1] G.D. Forney Jr., “Generalized Minimum Distance Decoding”, IEEETrans. on Information Theory, vol IT-12, pp.125-131, April 1966.

[2] U. Sorger, “A new Reed-Solomon Decoding algorithm basedon New-ton’s interpolation”IEEE Trans. Inform. Theory, vol.IT-39, pp.358-365, March 1993.

[3] K. Araki, M. Takada, and M. Mori, “The Generalized Syndrome Poly-nomial and its Application to the Efficient Decoding of Reed-SolomonCodes Based on GMD Criterion”, Proc. ISIT-93, San Antonio, p.34,1993.

[4] E. Berlekamp, “Bounded Distance+1 Soft Decision Reed-SolomonDecoding”, preprint, Jan. 1993.

[5] D.J. Taipale and M.J. Seo, “An Efficient Soft-Decision Reed-Solomon Decoding Algorithm”,IEEE Trans. Inform. Theory, vol.IT-40, pp.1130-1140, July 1994.

[6] R. Kötter, “A New Efficient Error-Erasure Location Scheme in GMDDecoding”, Proc. ISIT-93, San Antonio, p.33, 1993.

[7] R. Kötter, “Efficient Generalized Minimum Distance Decoding of Al-gebraic Geometric Codes”, Proc. ISIT-94, Trondheim, p.151, 1994.

[8] R. Pellikaan, “On decoding by error location and dependent sets oferror positions”,Discrete Mathematics106/107 (1992), pp.369-381,North-Holland.

143


[9] I.M. Duursma and R. Kötter, “Error-Locating Pairs for Cyclic Codes”,IEEE Trans. Inform. Theory, vol.IT-40, pp.1108-1121, July 1994.

[10] R. Kötter, “An unified description of an error locating procedure forlinear codes”, Proc. of the international workshop on Algebraic andCombinatorial Coding Theory, Voneshta Voda, Bulgaria, June 1992.


[12] G.D. Forney, Concatenated Codes, M.I.T. Press, Cambridge,Mass.,1966

[13] R. Lucas, “A comparison of Different Metrics for GMD Decoding”,University of Ulm, Germany, Department of Information Technology,ITUU Technical Report No. ITUU-TR-1995/01, Feb. 1995.

[14] G.L. Feng and K.K. Tzeng, “A generalization of the Berlekamp-Massey algorithm for multisequence shift-register synthesis with ap-plications to decoding cyclic codes”,IEEE Trans. Inform. Theory,vol.IT-37, pp.1274-1287, Sept. 1991.

[15] V.D. Goppa, “Codes Associated with Divisors”,Probl. Inform. Trans-mission, vol 13, pp.22-26,1977.

[16] J.H. van Lint and G. van der Geer,Introduction to Coding Theory andAlgebraic Geometry, Birkhäuser Verlag, Basel,Boston,Berlin, 1988.


[18] G.-L. Feng and T.R.N. Rao, “Decoding Algebraic-Geometric Codesup to the Designed Minimum Distance”,IEEE Trans. on InformationTheory, vol. IT-39, pp.37-45, Jan. 1993.

[19] I.M. Duursma, “Majority Coset Decoding”,IEEE Trans. on Informa-tion Theory, vol. IT-39, pp.1067-1071, May 1993.

[20] D. Ehrhard, “Achieving the designed error capacity in decodingalgebraic-geometric codes”,IEEE Trans. on Information Theory, vol.IT-39, pp.743-751, May 1993.

BIBLIOGRAPHY 145



[23] R. Kötter, “A Fast Parallel Implementation of a Berlekamp-MasseyAlgorithm for Algebraic-Geometric Codes”, Technical Report LiTH-ISY-R-1716, Linköping University, Jan. 1995, Linköping, Sweden.

[24] T. Høholt and Ruud Pellikaan, “On the Decoding of Algebraic-Geometric Codes”, preprint,1995, to appear inIEEE Trans. on Infor-mation Theoryspecial issue on algebraic geometric codes.

[25] H. Elbrønd Jensen, T. Høholt, and J. Justesen, “On the number of cor-rectable errors for some AG codes”,IEEE Trans. on Information The-ory, vol. IT-39, pp.681-684, March 1993.

[26] S. Sakata, “Extension of the Berlekamp-Massey algorithm to N di-mensions”,Information and Computation, vol. 84, pp.207-239,1990.

[27] H. Stichtenoth, “A note on Hermitian curves overGF (q2)”, IEEETrans. Inform. Theory, vol.IT-34, pp.1345-1348, Nov. 1988.

Chapter 5

A Forney type formula for thedetermination of error values forHermitian codes

Abstract A generalization of Forney’s algorithm to one-pointcodes on Hermitian curves is derived. The proposed algorithmuses as input the set of known syndromes and an error-locatingfunction� together with the set of zeros of�. For an Hermi-tian code defined over an alphabetFq2 , the number of requiredFq2 multiplications, in order to determine all error values, islessthan10(t+g)2. This makes the algorithm especially well suitedfor high-rate codes, where the code length is large comparedtothe number of correctable errors.

Index Terms — Hermitian codes, error values, Forney’s for-mula, efficient algorithms

147

148 Chapter 5. A Forney type formula for Hermitian codes

I Introduction

The decoding problem in coding theory can be described as finding thecodeword in a codeC at minimum Hamming distance from a received wordy, which is the corrupted version of a codeword inC. The most success-ful approach to the problem of decoding an algebraic geometric (AG) codestems from algebraic decoding. The strategy of algebraic decoding is to firstcalculate the set of erroneous positions iny followed by the determination ofthe corresponding error values. Usually the set of error positions is indicatedby the zero set of an error-locating function�. Justesen et al. showed in [5]that an error-locating function gives a recursion satisfiedby the syndromes,which allows determination of�. Fast and efficient methods to calculate thefunction � and thus the set of possibly erroneous positions for AG codeswere first given by Justesen et al. in [7]. Using results of Feng and Rao [9]the algorithm was extended by e.g. Sakata et al. in [6]. A parallel versionof a similar algorithm was given by Kötter in [8]. When considering an AGcode over a finite fieldFq , the complexity of such an algorithm, counted asthe number of multiplications overFq , is in the orderO( d2), whered isthe minimum distance of the code and is an invariant of the underlyingcurve. The standard approach to the second step in algebraicdecoding ofAG codes, namely determining the error values, uses the recursion relationssatisfied by� in order to determine a syndrome vector that completely de-scribes the error vector. Once a sufficient set of syndromes is known we canfind the error vector by a suitable linear transformation, see e.g. [7]. Forlow rate codes this method is very convenient. However, for high rate codesthere are a couple of drawbacks. The number of syndromes thatare to be de-termined is for high rate codes close ton, which makes the determination oferror values often the most complex step in a decoding algorithm. Anotherdrawback is that we always have to determine a complete set ofsyndromes.If few errors have occurred or if a systematic encoding procedure is used,it would be preferable to determine only the interesting error values and todisregard the others. For Reed-Solomon (RS) codes these drawbacks areovercome with the use of a formula derived by Forney in [1]. The goalof the present paper is to derive a generalization if Forney’s formula to thecase of Hermitian codes. Once an error-locating function� together withits zero set is known, the complexity of the proposed algorithm, for Her-mitian codes, is bounded above by10(t + g)2, wheret denotes the number

II. The main idea 149

of errors andg is the genus of the Hermitian curve. This complexity, forhigh rate codes of large length, is less than the complexity required by theapproach described in [7].

II The main idea

Let Fq denote the finite field withq elements. A linear codeC of lengthn overFq is a subspace ofF nq . The minimum Hamming distance and thedimension ofC are denotedd(C) and k(C). A linear code may be de-scribed by an(n � k(C)) � n parity check matrixH with column vectorsh0;h1;: : :;hn�1 such thatC = f 2 F nq j HT = 0g:Throughout the paper the components of vectors and matricesare indexedstarting from index0. The inner product of two vectorsa andb is denoted(a;b) = Pn�1i=0 aibi, and the Hamming weight of a vectora is denoted byw(a). Let a vectory = + e; 2 C be given. The syndromes of y isdefined ass = yHT . Clearly the syndromes only depends on the errorvectore. Let a setI = fi1; i2; : : : ; ijIjg � f0; 1; : : : ; n � 1g be given suchthat the support ofe is a subset ofI. The following simple lemma allowsdetermination of the error values in the positions indicated by I.

Lemma 5.1 Let a vector�(j) 2 F n�kq be given such that(�(j);hl) = � 0 l 2 I n fijg6= 0 l = ijholds. The error value in positionij 2 I is given aseij = (�(j); s)(�(j);hij) :

Proof. The lemma follows from the equation chain(�(j); s) = (�(j); eHT ) = (�(j);Xi2I eihi) = eij (�(j);hij ): 222


In the light of Lemma 5.1 efficient determination of error values comesdown to efficient calculation of vectors�(j) for all ij 2 I. For a generallinear code this is achieved by solving the system of equationseHT = s,supp(e) � I. For structured codes, as e.g. RS and AG codes, we canemploy Lemma 5.1 in a more direct form. The result of the following ex-ample is the well known Forney formula [1] to determine errorvalues forRS codes. The derivation of Forney’s formula given here reveals the mainidea behind the reasoning applied to the case of Hermitian codes in the nextsection.

Example 5.1 (RS codes) Let � be a primitive element inFq . An RScodeC of lengthn = q � 1, dimensionk = n � r and minimum distanced = r+ 1 may be described by anr� n parity check matrixH with Hi;j =�ij, i = 0; : : : ; r � 1; j = 0; : : : ; n � 1. Given a vectory = + e; 2 C,such thatw(e) = t is less than(r+1)=2, the first step in algebraic decodingis to calculate an error-locating function�(x) = Yl2supp(e)(x� �l);which points out the set of error positionsI, cf. [2, ch.7]. From�(x) wecan easily obtain the vectors�(j) as coefficient vectors of the polynomi-als �(j)(x) = �(x)=(x � �ij ). The inner product(�(j);hij) then equals�(j)(�ij), which in turn equals�0(�ij), where�0(x) denotes the formalderivative of�(x). We define an error-evaluator polynomial!(x) of degreet� 1 with coefficients!i = t�1�iXj=0 sj�j+i+1; i = 0; 1; : : : ; t� 1: (5.1)

From the relation�(x) = (x��ij)�(j)(x) it follows that�l = �(j)l�1��ij�(j)land we can rewrite equation (5.1) as!i = t�1�iXl=0 sl�(j)l+i � �ij t�1�(i+1)Xl=0 sl�(j)l+(i+1) i = 0; 1; : : : ; t� 1:From these equations one can easily derive the following expression(�(j); s) = t�1Xl=0 sl�(j)l = !0 + �ij(!1 + �ij(!2 + : : :))) = !(�ij):

III. Hermitian codes 151

It follows from Lemma 5.1 that the error valueeij is given aseij = (�(j); s)(�(j);hij) = !(�ij)�(j)(�ij) = !(�ij)�0(�ij) :III Hermitian codes

Codes on Hermitian curves are one of the most thoroughly investigatedclasses of AG codes. The curves are defined overFq2 and can be describedby the equation [3] H : Y qZ + Y Zq = Xq+1:H is a nonsingular, plane curve with genusg = q(q�1)2 , one point at infinityP1 = (0 : 1 : 0), and q3 other pointsPi = (xi : yi : 1), that havecoordinates inFq2 . The vector space of rational functions onH that havea pole of multiplicity at mostm in P1 is denotedL(mP1). Let x andybe defined as the rational functionsXZ and YZ . A functionf 2 Fq2 [x; y℄ canbe interpreted as either a polynomial in the indeterminatesx andy or as arational function onH in indeterminatesX; Y andZ. Whenf is interpretedas a rational function, it will often be characterized by a divisor(f) of zerosand poles off . Functionsx andy have poles of orderq andq + 1 only atP1, and thus the vector spaceL(mP1) has a basis [3]L(mP1) = hxaybja � 0; 0 � b < q; qa+ (q + 1)b � mi: (5.2)

An Hermitian codeC(m) of lengthn = q3 overFq2 may be defined asC(m) = f 2 Fnq2 j n�1Xi=0 f(Pi) i = 0 8 f 2 L(mP1)g: (5.3)

We assume thatm is less thann. ThenC(m) has dimension at leastn �m � 1 + g and minimum Hamming distance at leastm � 2g + 2, see e.g.[4]. The rows of a parity check matrixH for C are obtained by evaluatingmonomialsxayb; a � 0; 0 � b < q; qa+ (q + 1)b � m in pointsPi.Given a wordy = + e, 2 C(m), we define syndromesSa;b asSa;b = n�1Xl=0 elxal ybl : (5.4)


Clearly, we can calculateSa;b for a � 0; 0 � b < q; qa + (q + 1)b � mby replacingel with yl in (5.4). As in the case of RS codes the first stepin algebraic decoding of codes from Hermitian curves is to calculate anerror-locating function� 2 Fq2 [x; y℄ of least pole order atP1 [5]. Efficientschemes to accomplish this are e.g. given in [6] and [8]. These schemesemploy the majority voting scheme of Feng and Rao [9] or an equivalentscheme and determine syndromesSa;b for a � 0; 0 � b < q; qa+(q+1)b �m + g. We note that, for an error vector of weightt, � has at mostt + 1nonzero coefficients and pole order at mostt + g, cf.[10].

After this step of the decoding algorithm we have the following data at ourdisposal.� An error-locating function� 2 Fq2 [x; y℄.� The set of possible error positionsI indicated as a set of zeros of a

polynomial�.� SyndromesSa;b for a � 0; 0 � b < q; qa+ (q + 1)b � m+ g.

As in the case of RS codes we are confronted with the task of determiningfunctions�(j) 2 Fq2 [x; y℄ the zero position sets of which are a superset ofI n fijg. Moreover we need this function in a suitable form i.e.�(j)(x; y) = X(a;b)2Z20;b<q �(j)a;bxayb;whereZ0 denotes the set of non-negative integers. In contrast to thecase ofRS codes this is not a straightforward task for AG codes. The main diffi-culty is the fact that for AG codes the zero set of� is neither in one to onecorrespondence with the factors of� nor does it suggest any factorization of�. In order to obtain the set of functions�(j) starting from�, we formulatesome simple geometric properties ofH in the following lemma.

Lemma 5.2 LetH : Y qZ + Y Zq = Xq+1 be the Hermitian curve overFq2 with rational pointsPi = (xi : yi : 1) andP1 = (0 : 1 : 0).


1. The tangent lineLi : Y + yqiZ � xqiX at Pi intersectsH only atPiwith multiplicityq + 1

2. The lineX � xiZ intersectsH in pointsPj = (xi : yj : 1) and inP1with multiplicity one whereyj runs through theq different solutionsfor y of the equationyq + y = xq+1i .

3. The product of tangent lines at pointsPi with the samexi = x is equalto Yi:xi=xLi = Y q + Y Zq�1 � xqXZq�1 � xXq + xq+1Zq:

Proof. The first two statements are easily verified directly. For state-ment two see also [3]. In order to prove the third statement weconsider therational function(x� xi)q+1 = xq+1 � xqix� xixq + xq+1i which coincidesonH with the rational functionyq + y� xqix� xixq + xq+1i . The associateddivisor of this function is(q + 1) Xi:xi=xPi � q(q + 1)P1which, as a consequence of statement one and two, is equal to the divisor ofthe function Yi:xi=x y + yqi � xqix:This proves that the product

Qi:xi=x y + yqi � xqix coincides onH with therational functionyq+y�xqx�xxq+xq+1. The function

Qi:xi=x y+yqi�xqix,considered as element ofFq2 [x; y℄, has degreeq in the indeterminatey andthe termyq occurs with coefficient1. It follows that we haveYi:xi=x y + yqi � xqix = yq + y � xqx� xxq + xq+1:The third statement is just the homogeneous equivalent of this equation.222The following lemma states the main observation for the construction of thefunctions�(j).


Lemma 5.3 Let a function� 2 Fq2 [x; y℄ be given that has a zero positionsetI including a zero of multiplicityl � q + 1 at a pointPij , ij 2 I. Thefunction�� constructed as�� = �(yq + y � xqijx� xijxq + xq+1ij )(y + yqij � xqijx)has a polynomial representation inFq2 [x; y℄. Moreover, after reducing thepowers ofy modulo the affine equation of the curve,yq = xq+1 � y, �� hasthe form �� = (x� xij )l�(j); (5.5)

such that the zero position set of the function�(j) 2 Fq2 [x; y℄ is a supersetof I n fijg and�(j)(xij ; yij) 6= 0.

Proof. By Lemma 5.2(y+yqij�xqijx) is a factor of(yq�y�xqijx�xijxq+xq+1ij ), which implies that�� can be represented as polynomial inFq2 [x; y℄.The divisor of zeros and poles of� equals(lPij +A� (l+ deg(A))P1) forsome effective divisorA. This implies that the divisor of�� equalsl((x �xij )) + B � (deg(B)P1) for an effective divisorB such thatB � A alsois effective. From the construction of the function�� we know, thatB�(deg(B)P1) is the divisor of a rational function�(j). Any function withonly poles atP1 has an unique representation as a polynomial inx andysuch that the highest occurring power ofy is q � 1. Equation (5.5) followsnow from the unique representation of�� and�(j). 222Lemma 5.3 implicitly outlines an algorithm to calculate therequired func-tions �(j). We want to estimate the complexity of this algorithm. As acomplexity measure we choose the number of multiplicationsoverFq2 , thefield of definition of the code. In order to carefully count thenumber ofFq2 -multiplications we formulate the algorithm explicitly.


Algorithm 5.1

Input: The error-locating function�, together with its zero position setI � supp(e).Construction of the �(j): For all ij 2 I perform the following steps:

1. Calculate the polynomial~� = �(yq + y � xqijx� xijxq + xq+1ij ) = 2q�1Xl=0 ~�l(x)yl:2. Calculate the polynomial�� = ~�=(y � (xqijx� yqij)) = 2q�2Xl=0 ��l(x)yl;

where polynomials��i(x) are calculated recursively as��l�1(x) = ~�l(x) + (xqijx� yqij)��l(x) (5.6)

3. Calculate the polynomial� = �� modyq � (xq+1 � y) =Xl �l(y)xl4. Calculate the polynomial� = �=(x� xij ) =Xl �l(y)xl

where polynomials�l(y) are calculated recursively as�l�1(y) = �l(y) + xij�l(y): (5.7)

5. If �(xij ; yij) equals zero then let� be equal to� and go to step4. Otherwise let�(j) = �.


Lemma 5.4 Given the error-locating function� of lowest pole order to-gether with its zero position setI, Algorithm 5.1 calculates the polynomi-als �(j) and the numbers�(j)(xij ; yij) for all ij 2 I. The number ofFq2 -multiplications required by Algorithm 5.1 is less than(t+ g)(9(t+ g)� g).

Proof. The claim that Algorithm 5.1 calculates the functions�(j) fol-lows directly from Lemma 5.3. The recursive equations (5.6)and (5.7) arejust a reformulation of the standard division algorithm. Weonly have toprove the claim concerning the number of multiplications. We estimate thenumber of multiplicationsMl required by stepl of the algorithm for a fixedij 2 I. The polynomial� does not have more thant + 1 nonzero coeffi-cients so step 1 does not require more than3(t + 1) � M1 multiplications.Step 2 needs a careful investigation. In particular we need to bound thedegree of the polynomials��l(x). To this end let a numbera be defined asa = b(t+g)=q if t � g and as thea satisfyinga(a+1) � 2t < (a+1)(a+2)if t < g. Note thata as a function oft is non-decreasing. We can thus dis-tinguish the two casest < g and t � g also bya � q � 2 respectivelya > q � 2. The numbera provides a bound on the degree of polynomial�(x; 0). The degrees of polynomials~�i satisfy the inequality

deg(~�l) � a+ q � l;which in turn implies

deg(��l) � a+ q � l � 1:In step 2 of the algorithm every polynomial��l, l = 1; 2; : : : ; 2q � 2, has tobe multiplied with a factor(xqijx � yqij ) and the number of multiplicationscan thus be estimated asM2 � 2minfa+q;2q�2gXl=1 (a + q � l � 1) + 1 = 2minfa+q;2q�2gXl=1 a + q � l= � (a + q)(a+ q � 1) a � q � 22((2q � 2)(a+ q)� (q � 1)(2q � 1) a > q � 2We consider the two cases separately. Ifa > q � 2 or equivalentlyt � gholds, we findM2 � 2(2qa+q�1�2a) � 2(2(t+g)�1+q�2b((t+g)=q)) < 4(t+g):


In the casea � q � 2, we haveM2 � a(a+1)+q2�q+2a(q�1) � 4(t+g)+(2a(q�1)�2t�2g) <4(t+g);where the last inequality follows from the fact that2t > a(a + 1) and thefact that(2a(q � 1)� a(a+ 1)� q(q � 1)) is negative forq > 1. Step 3 ofthe algorithm does not require any multiplications. In the light of equation(5.7) the number of multiplications required in step 4 is bounded above bythe number of nonzero coefficients in the polynomial�. � has pole orderat mostt + g + q2 � q � 1 = t + 3g � 1 which implies that� has at mostt + 2g nonzero coefficients. It follows thatM4 is less thant + 2g. Theevaluation of� in a pointPij , required in step 5 of the algorithm, can bedone witht + 2g multiplications, i.e.M5 � t + 2g. In the worst case thenumber of multiplications is obtained if� has its maximal number oft + gdifferent zeros at pointsPi as in this case we have to perform steps 1-4 forall t + g zeroes. Thus the number of multiplications is upper boundedby(t+ g)(M1+M2+M4+M5) < (t+ g)(9(t+ g)� g), which proves thelemma. 222We summarize the main results of this paper in the following theorem.

Theorem 5.1 Let a vectory = e + , 2 C(m) be given such thatthe Hamming weight ofe does not exceed half the minimum distance of thecodeC(m). Moreover, let the error-locating function� of lowest pole ordertogether with its zero position setI � supp(e) and syndromesSa;b fora � 0; 0 � b < q; qa+ (q + 1)b � m + g be given. The error valueseij inpositions, indicated byI, are given aseij = P(a;b) �(j)a;bSa;b�(j)(xij ; yij) ;where the functions�(j) are calculated by algorithm 5.1. The number ofrequired multiplications overFq2 in order to determine the error vectore isless than10(t+ g)2.

Proof. Most of the claim is a direct consequence of Lemmata 5.1 and5.3. The function� does not have a zero of multiplicity larger thanq + 1 in


any pointPi as a consequence of the assumption that� has minimal possiblepole order. Thus the coefficient vector of�(j) satisfies the properties that arerequired in Lemma 5.3 for the vector�(j). Moreover,(�(j);hij) equals�(j)(xij ; yij). Having determined the set of functions�(ij) in Algorithm 5.3,we have to show that the given syndromes are sufficient to calculate the sumX(a;b) �(j)a;bSa;b: (5.8)

The pole order of the functions�(ij) is less thant + 3g. This follows fromthe facts that the pole order of� is at mostt + g and the pole order of thefunction (yq � y � xqix� xixq + xq+1i )(xqix + y + yqi )(x� xi)in P1 is q2 � q � 1 = 2g � 1. The assumption on the weight of the errorvector implies2t + 3g � 2 < m + g, which impliest + 3g < m + g fort � 1. The number of multiplications required to calculate the sum (5.8) isat mostt + 2g and we have to calculate this sum at mostt + g times. Thisobservation together with Lemma 5.4 proves the theorem. 222

Remark 5.1 In order to determine the zero set of�, the followingstrategy can be used. We first determine the univariate polynomials�(xi; y)for theq2 possible values ofxi 2 Fq2 . This step requires at mostq2t multi-plications because� has at mostt+ 1 nonzero coefficients and we need notmultiply the constant term in�. Every polynomial�(xi; y) of degreeq � 1has to be evaluated forq values ofyi which requiresq(q�1) multiplications.Thus the total number of multiplications required to calculate the zero setof � is upper bounded by a termq2t + q2q(q � 1) = q2(t + 2g). Usingfast transformation techniques this complexity can usually be significantlydecreased. However, the efficiency of such techniques is dependent on theprime factorization ofq2 � 1.

Remark 5.2 In [11] Leonard derives a different generalization of For-ney’s formula, where he utilizes the theory of Grobner basesapplied to theideal of error-locating functions. The approach is applicable to any curve asit does not use particular geometric properties of the curvein consideration.A complexity analysis of this approach remains to be done.

IV. Conclusions 159

IV Conclusions

We have proposed an algorithm for calculating error values for Hermitiancodes. The algorithm can be interpreted as a generalizationof Forney’sformula for RS codes. The algorithm calculates the desired error valuesfrom the set of known syndromes and the error-locating function �. Thecomplexity for calculating all error values is less than10(t + g)2 in termsof multiplications over the field used for the definition of the code, wheret denotes the number of errors, andg is the genus of the Hermitian curveused in the code construction. This complexity is for long (n � 215), highrate Hermitian codes less than than the complexity of an algorithm relyingon the inverse transform of a complete vector of syndromes.

Bibliography

[1] G.D. Forney, “On Decoding BCH Codes”,IEEE Trans. on InformationTheory,vol. IT-11, pp.549-557, 1965.


[3] H. Stichtenoth, “A note on Hermitian curves overGF (q2)”, IEEETrans. Inform. Theory, vol.IT-34, pp.1345-1348, Nov. 1988.

[4] J.H. van Lint, and G. van der Geer,Introduction to Coding Theory andAlgebraic Geometry, Birkhäuser Verlag, Basel, Boston, Berlin, 1988.

[5] J. Justesen, K.J. Larsen, H.E. Jensen, A. Havemose, and T. Høholdt,“Construction and decoding of a class of algebraic geometric codes”,IEEE Trans. Inform. Theory, vol.IT-35, pp.811-821, July 1989.

[6] S. Sakata J. Justesen, Y. Madelung, H. Elbrond Jensen, and T. Høholt,“A Fast Decoding Method of AG Codes from Miura-Kamiya CurvesCab up to Half the Feng-Rao Bound”,Finite Fields and their Applica-tions, vol. 1, pp.83-101, 1995.


[8] R. Kötter, “A Fast Parallel Implementation of a Berlekamp-MasseyAlgorithm for Algebraic-Geometric Codes”, Technical Report LiTH-ISY-R-1716, Linköping University, Jan. 1995, Linköping, Sweden.

161


[9] G.-L. Feng, and T.R.N. Rao, “Decoding Algebraic-Geometric Codesup to the Designed Minimum Distance”,IEEE Trans. on InformationTheory, vol. IT-39, pp.37-45, Jan. 1993.


[11] D. Leonard, “A generalized Forney formula for AG codes”, submittedto IEEE Trans. Inform. Theory.

Chapter 6

Conclusions

Algebraic decoding is subject to a permanent evolution leading towards al-gorithms that successively better and better match the requirements of prac-tical data transmission systems. The present thesis can be seen as part ofthis evolution process.

Classical algebraic coding theory is to a large extent concentrated on thedecoding of BCH codes. For those codes, some very well investigated andperfected decoding algorithms are available. With exception of some out-standing codes, such as the binary Golay code, comparably little attentionhas been paid to decoding algorithms for other codes. In thiscontext, theresults of our work on cyclic codes have two interesting aspects. On a spe-cific level, simple algebraic decoding algorithms are givenfor a number ofvery good cyclic codes including the quadratic residue codeof length 41 andsequences of codes such as the Zetterberg and Melas codes. Onthe otherhand, the decoding procedures derived in chapter 2 underline the importantrole that MDS codes play in algebraic decoding. It is just thediscovery of anew type of cyclic MDS codes that allows the derivation of a large numberof decoding algorithms for cyclic binary codes, which can not be treated asBCH-codes.

Although it is known that the parameters of AG codes are, in a certain range,superior to any other known code family, they face some very well devel-oped and powerful competitors in practical applications, such as RS codes,

163

164 Chapter 6. Conclusions

non-binary BCH codes, and codes from concatenated constructions. Fora specific application the requirements such as e.g. available complexity,maximal delay and performance, can often be traded against each other. Thechoice of coding scheme is to a large extent determined by thecomplexityand delay of the corresponding decoding algorithm. A computationally ef-ficient algorithm for the decoding of AG codes is known, but the algorithmis still not refined enough to be considered practical for a wide range ofapplications.

The results of this thesis contribute to the evolution and refinement processof decoding algorithms for AG codes in a number of ways. The range ofproblems addressed covers implementation aspects of a decoding algorithmas well as the development of a computationally efficient soft decoding al-gorithm and the determination of error values. Our main results on thesetopics can be phrased as follows.� The structure of a Berlekamp-Massey type algorithm that is used for

the decoding of one-point AG codes allows a simple and parallel im-plementation. The space requirements of such an implementationdo not increase compared to serial implementations of the algorithm.The time requirements are comparable to the time requirements of adecoding algorithm for an RS code correcting2g more errors, whereg is the genus of curve used for the construction of the AG code.� Soft decoding of AG codes in the framework of Forney’s GMD de-coding procedure can be efficiently performed using nested sequencesof error-locating pairs. The main conclusion of our resultsis that, atleast for RS, BCH and AG codes, the order of complexity for softdecoding is not necessarily greater than for hard decoding.� Forney’s formula for the determination of error values in the case ofRS codes can be generalized to Hermitian codes. For large codelengths and high rate codes, the proposed procedure improves oncomplexity compared to earlier schemes.

A more detailed assessment of the above results in comparison to earlierresults is found in the concluding sections of chapters 3,4 and 5.

on algebraic decoding of algebraic-geometric and cyclic codes › ~zhcheng ›...

Documents