- Email: [email protected]
3 An introduction to BCH codes and finite fields
An introduction to BCH codes and finite fields $1. Double-error-correcting BCH codes (I)
Hamming codes, we saw in Chapter 1, are single-error-correcting codes. The codes which in some sense generalize these to correct r errors are called Bose-Chaudhuri-Hocquenghem codes (or BCH codes for short), and we introduce them in this chapter. We shall also introduce one of the central themes in coding theory, namely the theory of finite fields. We begin by attempting to find a generalization of the Hamming codes which will correct two errors. The (binary) Hamming code of length n = 2" - 1 needed rn parity checks to correct one error. A good guess is that 2rn parity checks will be needed to correct two errors. So let's try to construct the parity check matrix H' of the double-error-correcting code, by adding rn more rows to the parity check matrix H of the Hamming code. As an example take rn = 4 , n = 15. Then H has as columns all nonzero 4-tuples: 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1 H=[ 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 ' 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 which we abbreviate to
1
H
=
[1,2,3,. . . , 14, 1.51,
(1)
where each entry i stands for the corresponding binary 4-tuple. We are going to add 4 more rows to H , say
Ch. 3. §I.
Double-error-correcting codes ( I )
81
where each f ( i ) is also a 4-tuple of 0's and 1's. The ith column of H' is
a column vector of length 8. How do we choose f ( i ) ? Suppose 2 errors occurred, in positions i and j . The syndrome (from Theorem 4 of Ch. l), is
s = Hi + Hj
We must choose f ( i ) so that the decoder can find i and j from S, i.e., can solve the simultaneous equations
for i and j , given zI and z2. But all of i, j , f ( i ) , f ( j ) , zI, zz are 4-tuples. In order to solve these equations we would like to be able to add, subtract, multiply and divide 4-tuples. In other words we want to make 4-tuples into a field. We next describe the construction of this field and then return to the problem of finding double-error-correcting codes Definition. A field is a set of elements in which it is possible to add, subtract, multiply and divide (except that division by 0 is not defined). Addition and multiplication must satisfy the commutative, associative, and distributive laws: for any a,p, y in the field
and furthermore elements 0, 1, -a, a-' (for all a ) must exist such that: o+a=a, 1a=a,
(-a)+a=O,
oa=o,
andif a f O ,
(a-')a=l.
A finite field contains a finite number of elements, this number being called the order of the field. Finite fields are called Galois fields after their discoverer.
82
BCH codes and finite fields
Ch. 3. 42.
§2. Construction of the field GF(16)
The 4-tuples of 0‘s and 1’s can clearly be added by vector addition, and in our case subtraction is the same as addition. Furthermore a,,a,u,a,+ a,a,azuz= 0. We must however define a multiplication. To do this we associate with each 4-tuple a polynomial in a: 4-tuple 0000
Polynomial 0 1
1000 0100 1100 0010 1010 000 1
a I+a az 1+az a3
...
...
I +a+a*+a’
1111
Multiplying two of these polynomials will often give a polynomial of degree greater than 3, i.e.. something which is not in our set of objects. E.g. 1101 . 1 0 0 1 t * ( l + a + a ’ ) ( l i a’)= I + a + a 4 + a h .
We want to reduce the answer to a polynomial of degree a 3 . To do this we agree that a will satisfy a certain fixed equation of degree 4; a suitable equation is T ( ( Y ) = 1 + a + a 4 = 0 or a 4 =I + a . Then a ’ = a + a 2 ,a h= a A +a , so 9
‘
I + a + a 4 + a h = I + a + I + a + ( Y * + ( Y ’a=* + a ’ .
This is equivalent to dividing by a 4+ a + 1 and keeping the remainder: a?
+I
a 4 + a ‘ + a Z ++ aI a4 +a+] a3+a’
= remainder
Thus the product 1101 times 1001 is
-
( I + ~ + ~ ~ ) ( I +I ~ +’ )~= + ~ ~ + ~ ~ = ( I + ~ ~ ) ~ ( ~ = a ’ + a ’ since . r r ( a ) = O
001 I
Ch. 3. 02.
Construction of the field GF(16)
83
Another way of describing this process is that we reduce a product of polynomials modulo ~ ( a ) : I + a + a 4 + a h= ( 1 + a 2 ) r ( a ) + ai = a'+ a' mod ~ ( a ) .
Similarly a4= I + a mod ~ ( a etc. ), Now if this multiplication is to have an inverse. which it must if our system is to be a field, d x ) must be irreducible over GF(2). Definition. A polynomial is irreducible over a field if it is not the product of two polynomials of lower degree in the field. Loosely speaking an irreducible polynomial is like a prime number: it has no nontrivial factors. Any polynomial can be written uniquely (apart from a constant factor) as the product of irreducible polynomials (just as any number can be written uniquely as the product of prime numbers). We shall see in a moment that x 4 + x + 1 is irreducible over GF(2). Theorem 1. If ~ ( x is ) irreducible, then every nonzero polvnotniul B ( a ) of degree S 3 has a unique inverse B(a1-I such thut B ( a ) . B ( a ) ' = 1 mod d a ) . Proof. Look at the products A ( a ) B ( a ) where A ( a ) runs through all, the polynomials I,a,a+l,a? ,.... a i + a 2 + a + 1
(5 1
of degree Q3. These products must all be distinct mod .rr(a).for if A l ( a ) B ( a )= A z ( a ) B ( a mod ) da)
~ ( aI ( A ) I ( a )- A 2 ( a ) ) B ( a ) and (since ~ ( a is) irreducible) either ~ ( aI Al(cu) ) - A 2 ( a ) or ~ ( aI B)( a ) . Because the degrees of A I ( a ) , A z ( a ) , B ( aare ) less than the degree of ~ ( athis ) can only happen if A l ( a )= A2 ( a ) .Thus all the products A ( a ) B ( a )are distinct. and \o they mu3t also be equal to (5) in some order. In particular for just one ,4(a).A ( a ) B ( a )= 1. and A ( a ) = B ( a ) I . Q.E.D.
then
Example. (i) To find the inverse of a, note that 1 = a +a'= a( l t a') SO a-I= I-ta'. (ii) To find the inverse of u t a 2 ,suppose it is u,, + u l a + uza' + u 3 a i .Then (a+ a 2 ) ( u C +, u l a + u 2 a 2+ u , a ' ) = I which implies
84
BCH codes and finite fields az+
a3
=
Ch. 3. $2.
1
+ a* = 0 a’ + = 0 a , + a* = 0 a,
a,+
a3
whose solution is a . = a , = a z = I , a? = 0. Therefore the inverse is 1 + a + a’. Logarithm tables (e.g., Fig. 3.1) make finding an inverse much easier, as will be explained below. Division. To find AIB, first find the inverse B - ’ = I/B and then use the rule
We must check that ~ ( x =) x 4 + x + 1 is irreducible. It has degree 4 and so, if not irreducible, contains a factor of degree 1 or 2. The only polynomials of degree 1 are x and x + I . Clearly x \ h ~ ( x ) .If x + 1 1 ~ ( x then ) T ( - I ) = 0. But T ( - 1 ) = 1 + 1 + 1 = 1 . ’ . x + IX.rr(x). What about a factor of degree 2? We can rule out x z + x and x’ + 1 = (x + I ) * . This only leaves x 2+ x + 1 , which we test by a division using detached coefficients: I1 I 1 1)10011 111 111 111 1 = remainder Therefore x4+ x + 1 is irreducible. Thus we have made the 16 4-tuples of 0’s and 1’s into a field. This is called the Galois field of order 16, abbreviated GF(24)or GF(16). The field elements can be written in several different ways, as shown in Fig. 3.1. We note that the nonzero elements of the field form a cyclic group of order 15 with generator a,where a” = 1 ; and that we have been fortunate enough to choose an irreducible polynomial ~ ( x which ) has a generator of this group as a zero (cyclic groups are defined on p. 96). a (or any other generator of this cyclic group) is called a primitive element of GF(z4). For example a, a’, a 4 are primitive but a’, a’ are not. A polynomial having a primitive element as a zero is called a primitive polynomial. Not all irreducible polynomials are primitive, e.g. x 4+ x’ + x z + x + 1 is irreducible, so could be used to generate the field, but is not a primitive polynomial. Any nonzero element y of GF(z4) can be written uniquely as a power of a, say y = a ’ for O c i S 1 4 .
Construction of the field GF(16)
Ch. 3. 82.
as a 4-tuple
as a polynomial
as a power of a
0000 I000
0
0 I a
0100 0010 0001 1100 01 10 001 1 1101 1010 0101 1110 0111 1111 1011 1001
1 a a2 a? I+a a +a2 a2+a3 I+a+a’ 1+az a+a3 I+a+a2
logarithm -m
0 1
2 3 4 5 6 7 8 9
aL a?
a4 a’ ah a’ ax
ay a a”
QI+aZ+a’
+
1 + a QIz+a3 I+a2+a3 1 +a’
10
a IZ
II 12
a l3 a l4
14
Fig. 3. I . GF(2“) generated by a4+ a
13
+I
=0
(Of course a’ = a’‘= 1.) Then i is called the logarithm (or sometimes the index) of y. It is convenient to say that 0 = a -. It is helpful to think of the first representation (columns I and 2 of Fig. 3.1) as resembling the representation of a complex number z in rectangular coordinates:
z
=x
+ iy,
and the second (columns 3 and 4) as the representation in polar coordinates:
z
=
rele,
The rectangular representation is best for addition, while the polar representation is best for multiplication. Indeed, to multiply two field elements, take logarithms and add, remembering that a” = 1. (So that the logarithms are manipulated mod 15.) Example: To multiply 01 1 1 and 1 1 11: element 0111 1111
log 11
+ 12 23
But a15= I , so the answer is 01 1 1 . 1 11 1 = a*’= To find a reciprocal: (lO1O)-’=(an)-’=a~X=a”~X=a’=
= a x= 1010.
1101.
Ch. 3. 83.
BCH codes and finite fields
86
To find a square root: (01 10)1/' = (&5)1/'
= (&'0)1/2
= & 10 =
1 110.
We shall see in Chapter 4 that any finite field can be constructed in exactly the same way, and has the property that the multiplicative group of nonzero elements is cyclic, with a primitive element ds generator. We shall also see that the number of elements in a finite field is a prime power, and that there is essentially only one field with a given number of elements. In particular, if we take ~ ( x to ) be a primitive irreducible polynomial over GF(2) of degree m, we get the field GF(2") of all 2" binary m-tuples.
§3. Double-error-correcting BCH codes (11)
Now that our new field GF(16) makes it possible to do arithmetic with 4-tuples, let's return to the problem of designing the double-error-correcting BCH code of length 15. How should we choose f ( i ) in Equation (4) so that these equations can be solved (in GF(16))? A bad choice would be f(i) = ci, where c is a constant. For then (4) becomes i+j=zl
c(i + j ) = zz which are redundant and can't be solved. Another bad choice is f(i) = i', for i' + j' = (i + j)' (mod 2), and (4) becomes i+j=zl
( i + j)' = zz
which are also redundant. A good choice is f(i) = i 3 , for then (4) becomes i+j=zlfO
i 3+ j' = zz
which we can solve. We have
z z = i J + j J-- (i + j ) ( i ' + ij + j ' )
= zl(zf
+ ij)
From (6), (7), i and j are the roots of x2+
ZIX
+
(?+
2:)
=0
(21
+ 0).
Ch. 3. §3.
Double-error-correcting codes ( / I )
87
Note that if there are no errors, 2 , = z2 = 0; while if there is a single error at location i, z2= i3 = 2:. Thus we have:
Decoding scheme f o r double-error-correcting BCH code. Receive y, calculate the syndrome S = Hy"=
(:I)say. Then
(i! If zI = z2 = 0, decide that no errors occurred. (ii) If zI # 0, zz = z:, correct a single error at location i = zI. (iii) If z , # 0, z2 # z:. form the quadratic (8). If this has 2 distinct roots i and j . correct errors at these locations. (iv) If (8) has no roots, or if zI = 0, z2 # 0, detect that at least 3 errors occurred. Let us repeat that i , j . z , , z2 are all elements of GF( l6), and that (8) is to be solved in this field. (Unfortunately the usual formula for solving a quadratic equation doesn't work in GF(2"). One way of finding the roots is by trying each element of the field in turn, and another method will be described in 47 of Ch. 9). The parity check matrix. Now let us rearrange the matrix H so that the first row is in the order 1, a, a 2 ,a'. . . ; i.e., our matrix is 1 a' a 4 a' a x a9 a l l a12 all a14\, H=( (9) 1 a3 aY aIZ I ah aY a12 I al a '
*I4
This has the important advantage, as we shall see in Ch. 7. of making the srde cyclic. Notice that not all powers of a appear in the second row: this is bec:ti!sq (r.' is not a primitive element (since (az)'=r I). Expanding this in binary we obtain
H=(
)
1 0 0 0 1 0 0 I 1 0 I 0 1 1 I 0 1 0 0 1 1 0 1 0 1 1 1 1 0 0 0 0 l 0 0 1 l 0 l 0 l l 1 1 0 0 0 0 1 0 0 1 1 (i i 0 1 1 1 ! 10001100011ooTj-r 0 0 0 1 1 0 0 0 1 1 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 I 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1
Example of decoding procedure. First let's suppose two errors occurred, say in places 6, 8 (i.e. in the columns (a6, a?),( a x a .').) Then z , = 1001 = a14, z2= 0100 = a,and (z2/zI) + zf = a'+ a" = 1001 = aI4.Thus the equation ( 8 ) for i, j is x ?+ a I 4 x t a("= (x + a")(x+ a? and indeed the roots give the locations of the errors.
BCH codes and finite fields
88
Ch. 3. 44.
On the other hand, suppose three errors occurred, in places 0, 1, 3 say. Then z , = 1101 = a 7 ,zz = 1100 = a4,and Equation (8) is x z + a 7 x + a<.
By trying each element in turn the decoder finds that this equation has no zeros in the field, and so decides that at least three errors occurred. Nothing in our construction depends on the length being 15, and plainly we can use any field GF(2") to get a double-error-correcting BCH code of length 2" - 1. The parity check matrix is
where each entry is to be replaced by the corresponding binary m-tuple. The decoding scheme given above shows that this code does indeed correct double errors. We return to these codes, and construct t-error-correcting BCH codes, in Chapters 7 and 9. Problems. ( 1 ) Find the locations of the errors if the syndrome is S = (1001 01 10)" or (0101 1 1 1 (2) If the received vector is 11000. . . 0, what was transmitted? 04. Computing in a finite field
Since elements of GF(2") are represented by 4-tuples of 0's and I's, they are easy to manipulate using digital circuits or in a binary computer. In this section we give a brief description of some circuits for carrying out computations in GF(24). ( A similar description could be given for any field GF(2").) For further information see Bartee and Schneider [72], Peterson and Weldon [1040, Ch. 71, and Beriekamp [113, Chs. 1-51. Good references for shift registers are Gill [485], Golomb [523], and Kautz [750]. The basic building blocks are:
Storage element (or flip-flop), Binary adder* (output is 1 iff an odd number of contains a 0 or a 1 . inputs are 1). Also called an EXCLUSIVE-OR gate. Binary multiplier (output is 1 iff all inputs are 1 ) . Also called an A N D gate.
33+
"Strictly speaking this should be called a half-adder. since there is no carry.
Ch. 3. 04.
Computing in a finite field
89
Thus an element of GF(Z4) generated by a 4 +a + 1 = 0 (see Fig. 3.1) is represented by 4 0’s and l’s, which can be stored in a row of 4 storage elements (called a register):
[ol(o1111PI
contains the element 001 1 t,a’+ a,.
To multiply by a. The circuit shown in Fig. 3.2, called a linear feedback shift register, multiplies the contents of the register by a in GF(2‘).
Fig. 3.2.
For if initially it contains
r;;;;l
[;;;1
t*a,,+a,a+a2a2+a3a2,
then one time instant later it contains 03
+ a 2 a 2 +a3a3) = a, + (a,,+ u,)a + a,a’ + u 2 a 3 .
CI 0 0c,a(an+
ao+a3
01
02
u
I
~
If initially this register contains 1000 c, 1, then at successive time instants it contains 1, a,Q 2, . . . , a 14, a I s = 1, a,.. . , since a is primitive. So the output of the circuit in Fig. 3.3 is periodic with period 15. This is the maximum possible period with 4 storage elements (since there are just z4- 1 = 15 nonzero states). Segments of length 15 of the output sequence are codewords in a maximal/en& feedback shift register code, which is a simplex code (see 39 of Ch. 1 and Ch. 14).
I
t OUTPUT
Fig. 3.3
To multiply by a fixed element. E.g. to multiply an arbitrary element an + * * . + a3a3by 1 + a 2 : ( a n + a l ~ + a 2 ~ Z + a ~ ~ 3 ) (a 1o + a~l 2a + ) =( a o + a 2 ) a 2 + ( a ,+ a , ) a 3 +a 2 a 4 + a s a s
=(an+ a 2 ) + ( a l+ a 2 + a3)a+(an+
a2+
a 3 ) a 2 + ( a+l a 3 ) a 3 ;
which is accomplished by the circuit in Fig. 3.4.
Ch. 3. 54.
BCH codes and finite fields
90
QO+02
01 + 0 2 + Q 3
a. + a 2
+a 3
01 + a 3
Fig. 3.4.
Similarly to divide by a fixed element. multiply by the inverse.
To niultiply two arbitrary field elements. Unfortunately (because this is an essential step, for example, in decoding BCH and Goppa codes, see Chapters 9 and 12). this is considerably more difficult. Suppose we want to form the product
c
=a.
h = ( a l l +u l a + u 2 a z +a 3 a ' ) ( h n +h l a + h 2 a 2 +b'a')
given a and b. Methods. ( I ) (Brute force.) If c
=
c,,= a,,b,,+ a l b , + a&,
c,,+ c I a + c z a 2+ e m ' then
+ a,hl
c I = a,,bI+ul(b,,+ b , ) + a 2 ( h 2 +b , ) + a , ( h , + b d , e t c . .
and a large and complicated circuit is needed to form the ci's from the ai's and hi's. ( 2 ) Mimic long multiplication as done by hand. Thus we write
c
= h,,a
+ h , ( a a )+ h,(a'u) + h 4 a ' a ) .
and use the circuit in Fig. 3.5. A t each step, add a i a to c iff bi = I , and then multiply a ' u by a. Laws and Rushforth [796] have recently described a cellular array circuit which also multiplies in this way, but is iterative in space rather than in time, and so is faster than the above circuit. (3) Use log and antilog tables. To multiply two elements of GF(2"). take
Computing in a finite field
Ch. 3. 44.
91
-
* MULTIPLIES BY a
ADD a i a T O I F F bi = I
i
8 63
i
i
CONTAINS a , aa , a20
,a 3 a
c FORMS c
Fig. 3.5.
their logarithms to base a (as in §2), where a is a primitive element of the field, add the logs as integers modulo 15, and take the antilog of the answer. Figure 3.6 shows this schematically.
4TJ lTl
=
MOD 15
b
L3G b
r---k ANTILOG
c = a *b
Fig. 3.6.
Unlike the logarithm of a real number, the logarithm in a finite field is an extremely irregular function. No good shortcut is known for finding log a, a E GF(24). Either one calculates it directly, by computing successive powers of a until a is reached (which is slow), or, better, a log table is used, as in Fig. 3.1 above, or Figs. 4.1, 4.2. This method is fine for GF(24) but is not practicable for GF(2"') if rn is large, especially as an antilog table of the same length is needed. (4) Zech's logarithms (Conway [301]). In this scheme only the polar representation (i.e. as a power of a primitive element a ) of the field elements is used. Multiplication is now easy, but what about addition? This is carried out by using Zech's logarithms. The Zech's logarithm of n is defined by the equation 1 + a n = aZ(n)
(see Fig. 3.7). Then to add a m ,a": =am(l+an-m)=af.l+Z(n-m)
Thus the antilog table has been eliminated. For example, al
+
- a3(1
+ az)
= a ' a z ( * )= a l l .
Notes
92
n -cc
Z(n) 0
0
--a,
1
4 8 14
2 3 4 5 6
1
10 13
n 7 8 9 10
I1
12 13 14
Z(n) 9 2 7 5 12 I1 6 3
Ch. 3. Gives Z(n) where I +a"= a7(")
Fig. 3.7. Zech's logarithms in GF(2').
Notes on Chapter 3 02. The theorem that any polynomial over a field can be written uniquely as the product of irreducible polynomials may be found in any textbook o n algebra - see for example Albert [ 19, p. 491 or Van der Waerden [ 1376, Vol. 1, p. 601.
$3. The decoding scheme. Note that not all quadratic equations can be solved in GFQ4)- see Berlekamp [ 113, p. 2431. This decoding scheme is incomplete, for it doesn't correct those triple errors that the code is capable of correcting - see Ch. 9. Other references on computations in Galois fields are Beard [92], Levitt and Kautz [827] and Tanaka et al. [1300]. See also the Notes to Ch. 4.
Hamming codes, we saw in Chapter 1, are single-error-correcting codes. The codes which in some sense generalize these to correct r errors are called Bose-Chaudhuri-Hocquenghem codes (or BCH codes for short), and we introduce them in this chapter. We shall also introduce one of the central themes in coding theory, namely the theory of finite fields. We begin by attempting to find a generalization of the Hamming codes which will correct two errors. The (binary) Hamming code of length n = 2" - 1 needed rn parity checks to correct one error. A good guess is that 2rn parity checks will be needed to correct two errors. So let's try to construct the parity check matrix H' of the double-error-correcting code, by adding rn more rows to the parity check matrix H of the Hamming code. As an example take rn = 4 , n = 15. Then H has as columns all nonzero 4-tuples: 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1 H=[ 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 ' 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 which we abbreviate to
1
H
=
[1,2,3,. . . , 14, 1.51,
(1)
where each entry i stands for the corresponding binary 4-tuple. We are going to add 4 more rows to H , say
Ch. 3. §I.
Double-error-correcting codes ( I )
81
where each f ( i ) is also a 4-tuple of 0's and 1's. The ith column of H' is
a column vector of length 8. How do we choose f ( i ) ? Suppose 2 errors occurred, in positions i and j . The syndrome (from Theorem 4 of Ch. l), is
s = Hi + Hj
We must choose f ( i ) so that the decoder can find i and j from S, i.e., can solve the simultaneous equations
for i and j , given zI and z2. But all of i, j , f ( i ) , f ( j ) , zI, zz are 4-tuples. In order to solve these equations we would like to be able to add, subtract, multiply and divide 4-tuples. In other words we want to make 4-tuples into a field. We next describe the construction of this field and then return to the problem of finding double-error-correcting codes Definition. A field is a set of elements in which it is possible to add, subtract, multiply and divide (except that division by 0 is not defined). Addition and multiplication must satisfy the commutative, associative, and distributive laws: for any a,p, y in the field
and furthermore elements 0, 1, -a, a-' (for all a ) must exist such that: o+a=a, 1a=a,
(-a)+a=O,
oa=o,
andif a f O ,
(a-')a=l.
A finite field contains a finite number of elements, this number being called the order of the field. Finite fields are called Galois fields after their discoverer.
82
BCH codes and finite fields
Ch. 3. 42.
§2. Construction of the field GF(16)
The 4-tuples of 0‘s and 1’s can clearly be added by vector addition, and in our case subtraction is the same as addition. Furthermore a,,a,u,a,+ a,a,azuz= 0. We must however define a multiplication. To do this we associate with each 4-tuple a polynomial in a: 4-tuple 0000
Polynomial 0 1
1000 0100 1100 0010 1010 000 1
a I+a az 1+az a3
...
...
I +a+a*+a’
1111
Multiplying two of these polynomials will often give a polynomial of degree greater than 3, i.e.. something which is not in our set of objects. E.g. 1101 . 1 0 0 1 t * ( l + a + a ’ ) ( l i a’)= I + a + a 4 + a h .
We want to reduce the answer to a polynomial of degree a 3 . To do this we agree that a will satisfy a certain fixed equation of degree 4; a suitable equation is T ( ( Y ) = 1 + a + a 4 = 0 or a 4 =I + a . Then a ’ = a + a 2 ,a h= a A +a , so 9
‘
I + a + a 4 + a h = I + a + I + a + ( Y * + ( Y ’a=* + a ’ .
This is equivalent to dividing by a 4+ a + 1 and keeping the remainder: a?
+I
a 4 + a ‘ + a Z ++ aI a4 +a+] a3+a’
= remainder
Thus the product 1101 times 1001 is
-
( I + ~ + ~ ~ ) ( I +I ~ +’ )~= + ~ ~ + ~ ~ = ( I + ~ ~ ) ~ ( ~ = a ’ + a ’ since . r r ( a ) = O
001 I
Ch. 3. 02.
Construction of the field GF(16)
83
Another way of describing this process is that we reduce a product of polynomials modulo ~ ( a ) : I + a + a 4 + a h= ( 1 + a 2 ) r ( a ) + ai = a'+ a' mod ~ ( a ) .
Similarly a4= I + a mod ~ ( a etc. ), Now if this multiplication is to have an inverse. which it must if our system is to be a field, d x ) must be irreducible over GF(2). Definition. A polynomial is irreducible over a field if it is not the product of two polynomials of lower degree in the field. Loosely speaking an irreducible polynomial is like a prime number: it has no nontrivial factors. Any polynomial can be written uniquely (apart from a constant factor) as the product of irreducible polynomials (just as any number can be written uniquely as the product of prime numbers). We shall see in a moment that x 4 + x + 1 is irreducible over GF(2). Theorem 1. If ~ ( x is ) irreducible, then every nonzero polvnotniul B ( a ) of degree S 3 has a unique inverse B(a1-I such thut B ( a ) . B ( a ) ' = 1 mod d a ) . Proof. Look at the products A ( a ) B ( a ) where A ( a ) runs through all, the polynomials I,a,a+l,a? ,.... a i + a 2 + a + 1
(5 1
of degree Q3. These products must all be distinct mod .rr(a).for if A l ( a ) B ( a )= A z ( a ) B ( a mod ) da)
~ ( aI ( A ) I ( a )- A 2 ( a ) ) B ( a ) and (since ~ ( a is) irreducible) either ~ ( aI Al(cu) ) - A 2 ( a ) or ~ ( aI B)( a ) . Because the degrees of A I ( a ) , A z ( a ) , B ( aare ) less than the degree of ~ ( athis ) can only happen if A l ( a )= A2 ( a ) .Thus all the products A ( a ) B ( a )are distinct. and \o they mu3t also be equal to (5) in some order. In particular for just one ,4(a).A ( a ) B ( a )= 1. and A ( a ) = B ( a ) I . Q.E.D.
then
Example. (i) To find the inverse of a, note that 1 = a +a'= a( l t a') SO a-I= I-ta'. (ii) To find the inverse of u t a 2 ,suppose it is u,, + u l a + uza' + u 3 a i .Then (a+ a 2 ) ( u C +, u l a + u 2 a 2+ u , a ' ) = I which implies
84
BCH codes and finite fields az+
a3
=
Ch. 3. $2.
1
+ a* = 0 a’ + = 0 a , + a* = 0 a,
a,+
a3
whose solution is a . = a , = a z = I , a? = 0. Therefore the inverse is 1 + a + a’. Logarithm tables (e.g., Fig. 3.1) make finding an inverse much easier, as will be explained below. Division. To find AIB, first find the inverse B - ’ = I/B and then use the rule
We must check that ~ ( x =) x 4 + x + 1 is irreducible. It has degree 4 and so, if not irreducible, contains a factor of degree 1 or 2. The only polynomials of degree 1 are x and x + I . Clearly x \ h ~ ( x ) .If x + 1 1 ~ ( x then ) T ( - I ) = 0. But T ( - 1 ) = 1 + 1 + 1 = 1 . ’ . x + IX.rr(x). What about a factor of degree 2? We can rule out x z + x and x’ + 1 = (x + I ) * . This only leaves x 2+ x + 1 , which we test by a division using detached coefficients: I1 I 1 1)10011 111 111 111 1 = remainder Therefore x4+ x + 1 is irreducible. Thus we have made the 16 4-tuples of 0’s and 1’s into a field. This is called the Galois field of order 16, abbreviated GF(24)or GF(16). The field elements can be written in several different ways, as shown in Fig. 3.1. We note that the nonzero elements of the field form a cyclic group of order 15 with generator a,where a” = 1 ; and that we have been fortunate enough to choose an irreducible polynomial ~ ( x which ) has a generator of this group as a zero (cyclic groups are defined on p. 96). a (or any other generator of this cyclic group) is called a primitive element of GF(z4). For example a, a’, a 4 are primitive but a’, a’ are not. A polynomial having a primitive element as a zero is called a primitive polynomial. Not all irreducible polynomials are primitive, e.g. x 4+ x’ + x z + x + 1 is irreducible, so could be used to generate the field, but is not a primitive polynomial. Any nonzero element y of GF(z4) can be written uniquely as a power of a, say y = a ’ for O c i S 1 4 .
Construction of the field GF(16)
Ch. 3. 82.
as a 4-tuple
as a polynomial
as a power of a
0000 I000
0
0 I a
0100 0010 0001 1100 01 10 001 1 1101 1010 0101 1110 0111 1111 1011 1001
1 a a2 a? I+a a +a2 a2+a3 I+a+a’ 1+az a+a3 I+a+a2
logarithm -m
0 1
2 3 4 5 6 7 8 9
aL a?
a4 a’ ah a’ ax
ay a a”
QI+aZ+a’
+
1 + a QIz+a3 I+a2+a3 1 +a’
10
a IZ
II 12
a l3 a l4
14
Fig. 3. I . GF(2“) generated by a4+ a
13
+I
=0
(Of course a’ = a’‘= 1.) Then i is called the logarithm (or sometimes the index) of y. It is convenient to say that 0 = a -. It is helpful to think of the first representation (columns I and 2 of Fig. 3.1) as resembling the representation of a complex number z in rectangular coordinates:
z
=x
+ iy,
and the second (columns 3 and 4) as the representation in polar coordinates:
z
=
rele,
The rectangular representation is best for addition, while the polar representation is best for multiplication. Indeed, to multiply two field elements, take logarithms and add, remembering that a” = 1. (So that the logarithms are manipulated mod 15.) Example: To multiply 01 1 1 and 1 1 11: element 0111 1111
log 11
+ 12 23
But a15= I , so the answer is 01 1 1 . 1 11 1 = a*’= To find a reciprocal: (lO1O)-’=(an)-’=a~X=a”~X=a’=
= a x= 1010.
1101.
Ch. 3. 83.
BCH codes and finite fields
86
To find a square root: (01 10)1/' = (&5)1/'
= (&'0)1/2
= & 10 =
1 110.
We shall see in Chapter 4 that any finite field can be constructed in exactly the same way, and has the property that the multiplicative group of nonzero elements is cyclic, with a primitive element ds generator. We shall also see that the number of elements in a finite field is a prime power, and that there is essentially only one field with a given number of elements. In particular, if we take ~ ( x to ) be a primitive irreducible polynomial over GF(2) of degree m, we get the field GF(2") of all 2" binary m-tuples.
§3. Double-error-correcting BCH codes (11)
Now that our new field GF(16) makes it possible to do arithmetic with 4-tuples, let's return to the problem of designing the double-error-correcting BCH code of length 15. How should we choose f ( i ) in Equation (4) so that these equations can be solved (in GF(16))? A bad choice would be f(i) = ci, where c is a constant. For then (4) becomes i+j=zl
c(i + j ) = zz which are redundant and can't be solved. Another bad choice is f(i) = i', for i' + j' = (i + j)' (mod 2), and (4) becomes i+j=zl
( i + j)' = zz
which are also redundant. A good choice is f(i) = i 3 , for then (4) becomes i+j=zlfO
i 3+ j' = zz
which we can solve. We have
z z = i J + j J-- (i + j ) ( i ' + ij + j ' )
= zl(zf
+ ij)
From (6), (7), i and j are the roots of x2+
ZIX
+
(?+
2:)
=0
(21
+ 0).
Ch. 3. §3.
Double-error-correcting codes ( / I )
87
Note that if there are no errors, 2 , = z2 = 0; while if there is a single error at location i, z2= i3 = 2:. Thus we have:
Decoding scheme f o r double-error-correcting BCH code. Receive y, calculate the syndrome S = Hy"=
(:I)say. Then
(i! If zI = z2 = 0, decide that no errors occurred. (ii) If zI # 0, zz = z:, correct a single error at location i = zI. (iii) If z , # 0, z2 # z:. form the quadratic (8). If this has 2 distinct roots i and j . correct errors at these locations. (iv) If (8) has no roots, or if zI = 0, z2 # 0, detect that at least 3 errors occurred. Let us repeat that i , j . z , , z2 are all elements of GF( l6), and that (8) is to be solved in this field. (Unfortunately the usual formula for solving a quadratic equation doesn't work in GF(2"). One way of finding the roots is by trying each element of the field in turn, and another method will be described in 47 of Ch. 9). The parity check matrix. Now let us rearrange the matrix H so that the first row is in the order 1, a, a 2 ,a'. . . ; i.e., our matrix is 1 a' a 4 a' a x a9 a l l a12 all a14\, H=( (9) 1 a3 aY aIZ I ah aY a12 I al a '
*I4
This has the important advantage, as we shall see in Ch. 7. of making the srde cyclic. Notice that not all powers of a appear in the second row: this is bec:ti!sq (r.' is not a primitive element (since (az)'=r I). Expanding this in binary we obtain
H=(
)
1 0 0 0 1 0 0 I 1 0 I 0 1 1 I 0 1 0 0 1 1 0 1 0 1 1 1 1 0 0 0 0 l 0 0 1 l 0 l 0 l l 1 1 0 0 0 0 1 0 0 1 1 (i i 0 1 1 1 ! 10001100011ooTj-r 0 0 0 1 1 0 0 0 1 1 0 0 0 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 I 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1
Example of decoding procedure. First let's suppose two errors occurred, say in places 6, 8 (i.e. in the columns (a6, a?),( a x a .').) Then z , = 1001 = a14, z2= 0100 = a,and (z2/zI) + zf = a'+ a" = 1001 = aI4.Thus the equation ( 8 ) for i, j is x ?+ a I 4 x t a("= (x + a")(x+ a? and indeed the roots give the locations of the errors.
BCH codes and finite fields
88
Ch. 3. 44.
On the other hand, suppose three errors occurred, in places 0, 1, 3 say. Then z , = 1101 = a 7 ,zz = 1100 = a4,and Equation (8) is x z + a 7 x + a<.
By trying each element in turn the decoder finds that this equation has no zeros in the field, and so decides that at least three errors occurred. Nothing in our construction depends on the length being 15, and plainly we can use any field GF(2") to get a double-error-correcting BCH code of length 2" - 1. The parity check matrix is
where each entry is to be replaced by the corresponding binary m-tuple. The decoding scheme given above shows that this code does indeed correct double errors. We return to these codes, and construct t-error-correcting BCH codes, in Chapters 7 and 9. Problems. ( 1 ) Find the locations of the errors if the syndrome is S = (1001 01 10)" or (0101 1 1 1 (2) If the received vector is 11000. . . 0, what was transmitted? 04. Computing in a finite field
Since elements of GF(2") are represented by 4-tuples of 0's and I's, they are easy to manipulate using digital circuits or in a binary computer. In this section we give a brief description of some circuits for carrying out computations in GF(24). ( A similar description could be given for any field GF(2").) For further information see Bartee and Schneider [72], Peterson and Weldon [1040, Ch. 71, and Beriekamp [113, Chs. 1-51. Good references for shift registers are Gill [485], Golomb [523], and Kautz [750]. The basic building blocks are:
Storage element (or flip-flop), Binary adder* (output is 1 iff an odd number of contains a 0 or a 1 . inputs are 1). Also called an EXCLUSIVE-OR gate. Binary multiplier (output is 1 iff all inputs are 1 ) . Also called an A N D gate.
33+
"Strictly speaking this should be called a half-adder. since there is no carry.
Ch. 3. 04.
Computing in a finite field
89
Thus an element of GF(Z4) generated by a 4 +a + 1 = 0 (see Fig. 3.1) is represented by 4 0’s and l’s, which can be stored in a row of 4 storage elements (called a register):
[ol(o1111PI
contains the element 001 1 t,a’+ a,.
To multiply by a. The circuit shown in Fig. 3.2, called a linear feedback shift register, multiplies the contents of the register by a in GF(2‘).
Fig. 3.2.
For if initially it contains
r;;;;l
[;;;1
t*a,,+a,a+a2a2+a3a2,
then one time instant later it contains 03
+ a 2 a 2 +a3a3) = a, + (a,,+ u,)a + a,a’ + u 2 a 3 .
CI 0 0c,a(an+
ao+a3
01
02
u
I
~
If initially this register contains 1000 c, 1, then at successive time instants it contains 1, a,Q 2, . . . , a 14, a I s = 1, a,.. . , since a is primitive. So the output of the circuit in Fig. 3.3 is periodic with period 15. This is the maximum possible period with 4 storage elements (since there are just z4- 1 = 15 nonzero states). Segments of length 15 of the output sequence are codewords in a maximal/en& feedback shift register code, which is a simplex code (see 39 of Ch. 1 and Ch. 14).
I
t OUTPUT
Fig. 3.3
To multiply by a fixed element. E.g. to multiply an arbitrary element an + * * . + a3a3by 1 + a 2 : ( a n + a l ~ + a 2 ~ Z + a ~ ~ 3 ) (a 1o + a~l 2a + ) =( a o + a 2 ) a 2 + ( a ,+ a , ) a 3 +a 2 a 4 + a s a s
=(an+ a 2 ) + ( a l+ a 2 + a3)a+(an+
a2+
a 3 ) a 2 + ( a+l a 3 ) a 3 ;
which is accomplished by the circuit in Fig. 3.4.
Ch. 3. 54.
BCH codes and finite fields
90
QO+02
01 + 0 2 + Q 3
a. + a 2
+a 3
01 + a 3
Fig. 3.4.
Similarly to divide by a fixed element. multiply by the inverse.
To niultiply two arbitrary field elements. Unfortunately (because this is an essential step, for example, in decoding BCH and Goppa codes, see Chapters 9 and 12). this is considerably more difficult. Suppose we want to form the product
c
=a.
h = ( a l l +u l a + u 2 a z +a 3 a ' ) ( h n +h l a + h 2 a 2 +b'a')
given a and b. Methods. ( I ) (Brute force.) If c
=
c,,= a,,b,,+ a l b , + a&,
c,,+ c I a + c z a 2+ e m ' then
+ a,hl
c I = a,,bI+ul(b,,+ b , ) + a 2 ( h 2 +b , ) + a , ( h , + b d , e t c . .
and a large and complicated circuit is needed to form the ci's from the ai's and hi's. ( 2 ) Mimic long multiplication as done by hand. Thus we write
c
= h,,a
+ h , ( a a )+ h,(a'u) + h 4 a ' a ) .
and use the circuit in Fig. 3.5. A t each step, add a i a to c iff bi = I , and then multiply a ' u by a. Laws and Rushforth [796] have recently described a cellular array circuit which also multiplies in this way, but is iterative in space rather than in time, and so is faster than the above circuit. (3) Use log and antilog tables. To multiply two elements of GF(2"). take
Computing in a finite field
Ch. 3. 44.
91
-
* MULTIPLIES BY a
ADD a i a T O I F F bi = I
i
8 63
i
i
CONTAINS a , aa , a20
,a 3 a
c FORMS c
Fig. 3.5.
their logarithms to base a (as in §2), where a is a primitive element of the field, add the logs as integers modulo 15, and take the antilog of the answer. Figure 3.6 shows this schematically.
4TJ lTl
=
MOD 15
b
L3G b
r---k ANTILOG
c = a *b
Fig. 3.6.
Unlike the logarithm of a real number, the logarithm in a finite field is an extremely irregular function. No good shortcut is known for finding log a, a E GF(24). Either one calculates it directly, by computing successive powers of a until a is reached (which is slow), or, better, a log table is used, as in Fig. 3.1 above, or Figs. 4.1, 4.2. This method is fine for GF(24) but is not practicable for GF(2"') if rn is large, especially as an antilog table of the same length is needed. (4) Zech's logarithms (Conway [301]). In this scheme only the polar representation (i.e. as a power of a primitive element a ) of the field elements is used. Multiplication is now easy, but what about addition? This is carried out by using Zech's logarithms. The Zech's logarithm of n is defined by the equation 1 + a n = aZ(n)
(see Fig. 3.7). Then to add a m ,a": =am(l+an-m)=af.l+Z(n-m)
Thus the antilog table has been eliminated. For example, al
+
- a3(1
+ az)
= a ' a z ( * )= a l l .
Notes
92
n -cc
Z(n) 0
0
--a,
1
4 8 14
2 3 4 5 6
1
10 13
n 7 8 9 10
I1
12 13 14
Z(n) 9 2 7 5 12 I1 6 3
Ch. 3. Gives Z(n) where I +a"= a7(")
Fig. 3.7. Zech's logarithms in GF(2').
Notes on Chapter 3 02. The theorem that any polynomial over a field can be written uniquely as the product of irreducible polynomials may be found in any textbook o n algebra - see for example Albert [ 19, p. 491 or Van der Waerden [ 1376, Vol. 1, p. 601.
$3. The decoding scheme. Note that not all quadratic equations can be solved in GFQ4)- see Berlekamp [ 113, p. 2431. This decoding scheme is incomplete, for it doesn't correct those triple errors that the code is capable of correcting - see Ch. 9. Other references on computations in Galois fields are Beard [92], Levitt and Kautz [827] and Tanaka et al. [1300]. See also the Notes to Ch. 4.