Decoding linear codes via systems solving: complexity issues

Transcription

1 Decoding linear codes via systems solving: complexity issues Stanislav Bulygin (joint work with Ruud Pellikaan) University of Kaiserslautern June 19, 2008

2 Outline Outline of the talk Introduction: codes and decoding problem Quadratic system method Complexity issues: Macaulay matrix, extended linearization, some estimates

3 Introduction Codes recap Let F q be a field with q elements. A linear code C is a linear subspace of F n q endowed with the Hamming metric Hamming distance between x, y F n q : d(x, y) = #{i x i y i }. Hamming weight of x F n q : wt(x) = #{i x i 0}. Minimum distance of the code C : d(c) := min x,y C,x y (d(x, y)). The code C of dimension k and minimum distance d is denoted as [n, k, d]. A matrix G whose rows are the basis vectors of C is a generator matrix. A matrix H with the property c C Hc T = 0 is a check matrix.

4 Introduction Decoding problem Complete decoding: Given y F n q and a code C F n q, so that y is at distance d(y, C) from the code, find c C : d(y, c) = d(y, C). Bounded up to half the minimum distance: Additional assumption d(y, C) (d(c) 1)/2. Then a codeword with the above property is unique.

5 Introduction Decoding via systems solving One distinguishes between two concepts: Generic decoding: Solve some system S(C) and obtain some closed formulas F. Evaluating these formulas at data specific to a received word y should yield a solution to the decoding problem. For example for f F : f (syndrome(y), x) = poly(x). The roots of poly(x) = 0 yield error positions general error-locator polynomial f. Online decoding: Solve some system S(C, y). The solutions should solve the decoding problem. Computational effort Generic decoding. Preprocessing: very hard. Decoding: relatively simple. Online decoding. Preprocessing:. Decoding: hard.

6 Quadratic system method Unknown syndrome Let b 1,..., b n be a basis of F n q and let B be the n n matrix with b 1,..., b n as rows. The unknown syndrome u(b, e) of a word e w.r.t B is the column vector u(b, e) = Be T with entries u i (B, e) = b i e for i = 1,..., n. Structure constants For two vectors x, y F n q define x y = (x 1 y 1,..., x n y n ). Then b i b j is a linear combination of b 1,..., b n, so there are constants µ ij l F q such that b i b j = n l=1 µij l b l. The elements µ ij l F q are the structure constants of the basis b 1,..., b n. MDS matrix Let B s be the s n matrix with b 1,..., b s as rows (B = B n ). Then b 1,..., b n is an ordered MDS basis and B an MDS matrix if all the s s submatrices of B s have rank s for all s = 1,..., n.

7 Quadratic system method Check matrix Let C be an F q -linear code with parameters [n, k, d]. W.l.o.g n q. H is a check matrix of C. Let h 1,..., h n k be the rows of H. One can express h i = n j=1 a ijb j for some a ij F q. In other words H = AB where A is the (n k) n matrix with entries a ij. Known syndrome Let y = c + e be a received word with c C and e an error vector. The syndromes of y and e w.r.t H are equal and known: s i (y) := h i y = h i e = s i (e). They can be expressed in the unknown syndromes of e w.r.t B: s i (y) = s i (e) n j=1 a iju j (e) since h i = n j=1 a ijb j and b j e = u j (e).

8 Quadratic system method Linear forms Let B be an MDS matrix with structure constants µ ij l. Define U ij in the variables U 1,..., U n by U ij = n l=1 µij l U l. Quadratic system The ideal J(y) in F q [U 1,..., U n ] is generated by n l=1 a jlu l s j (y) for j = 1,..., r The ideal I (t, U, V ) in F q [U 1,..., U n, V 1,..., V t ] is generated by t j=1 U ijv j U it+1 for i = 1,..., n Let J(t, y) be the ideal in F q [U 1,..., U n, V 1,..., V t ] generated by J(y) and I (t, U, V ).

9 Quadratic system method Main result Let B be an MDS matrix with structure constants µ ij l. Let H be a check matrix of the code C such that H = AB as above. Let y = c + e be a received word with c C the codeword sent and e the error vector. Suppose that wt(e) 0 and wt(e) (d(c) 1)/2. Let t be the smallest positive integer such that J(t, y) has a solution (u, v) over F q. Then wt(e) = t and the solution is unique satisfying u = u(e). the reduced Gröbner basis G for the ideal J(t, y) w.r.t any monomial ordering is { Ui u i (e), i = 1,..., n, V j v j, j = 1,..., t, where (u(e), v) is the unique solution.

10 Quadratic system method Features No field equations. The same result holds for the complete decoding. The solution lies in the field F q. The equations are at most quadratic. After solving J(t, y) decoding is simple: B 1 u(b, e) = B 1 Be T = e T.

11 Quadratic system method Analysis From J(y) one can express some n k U-variables via k others. Substitution of those in I (t, U, V ) yields a systems of n quadratic equations in k + t variables, thus obtaining overdetermined system. Easier to solve when With constant k and t, n increases. With constant n and t, k decreases. Simulations For example for random binary codes with n = 120 and k = 10,..., 40 one can correct 5 20 errors in 1000 sec. via computing the reduced Gröbner basis in SINGULAR or MAGMA.

12 Diagonal representation (joint with S.Ovsienko) Our system is equivalent to HX T = s X i Y i = 0, i = 1,..., n Ĥ t Y T = ŝ t, where H is a check matrix of the code C, s a known syndrome, X = (X 1,..., X n ) and Y = (Y 1,..., Y n ) are new variables, Ĥ t is a check matrix of a code with the generator matrix B t, ŝ t is a syndrome of the vector b t+1 w.r.t to Ĥ t.

13 Macaulay matrix Like above one can obtain a system Sys with n quadratic equations and k + t variables, w.l.o.g X 1,..., X k, Y 1,..., Y t. The monomials that appear in the system are X i Y j, 1 i k, 1 j t, X 1,..., X k, Y 1,..., Y t. The total number of monomials appearing in the system is kt + k + t = (k + 1)(t + 1) 1. One can consider the Macaulay matrix of Sys: rows are indexed by the equations, columns by the monomials. Denote the matrix by M(Sys). Linearization If n kt + k + t and M(Sys) is full-rank, one can find X i s by applying Gaussian elimination to M(Sys).

14 Macaulay matrix is full-rank Let C be a random [n, k] code over F q, defined e.g. by a random full-rank (n k) n check matrix H and let e be a random error vector over F q of weight t. Let Sys = Sys(n, k, t) be the corresponding system as above. Then the probability of the fact that M(Sys) has full-rank tends to 1 as n tends to infinity. Experiments suggest that already for small values of n (e.g ) the statement also holds with quite high probability. Idea of the proof Degeneracy of M(Sys) is reduced to the fact that e l + C l ( B t+1 ). Here e l and C l are the vector e and the code C resp. restricted to some l positions from {1,..., n} and B t+1 is a code equivalent to the code B t+1 restricted to the same l positions as before.

15 Extended linearization One can try to go further and apply extended linearization. Consider binary case, so Xi 2 = X i for all i. Multiply the system Sys with all monomials in X 1,..., X k of degree s < k. A system, call it Sys s, obtained in this way has n(1 + ( ( k 1) + + k s) ) equations and C s := C s 1 + ( k s+1) (t + 1) monomials. Denote ( k ) ( 0 + k ) ( k ) s =: f (k, s). If we assume that M(Syss ) is full-rank, then if ( ( ) ( ) k k ) n = nf (k, s) C s 1 = (t+1)f (k, s+1) 1, 1 s then successfull application of Gaussian elimination to M(Sys) is possible.

16 Complexity coefficient If an algorithm A has complexity O(2 αn ) in the length of input n, then we say that α is a complexity coefficient of algorithm A. Denote CC A. Minimum distance of a random binary code Let C be a binary random code with parameters [n, Rn, n], where 0 < R < 1 is given. If n, then almost all codes have = H 1 (1 R), where H( ) is a binary entropy function: H(x) = x log 2 x (1 x) log 2 (1 x), 0 < x < 1.

17 Estimating degree of extended linearization If k = Rn, t = δn, s = λn, 0 < R, δ, λ < 1, then it is sufficient to take λ = δr for extended linearization to work. Upper bound for complexity The upper bound on the complexity coefficient with the extended linearization as above is CC QED (R) = ωrh 2 (δ), where ω is the exponent of Gaussian elimination and δ δ e = H 1 (1 R)/2 such that t = δn is the number of errors occurred.

18 Comparing complexities Let t = δ e n so the full error-correcting capacity is used. x axis is information rate R, y-axis is the complexity coefficient

19 Comparing complexities II Relax requirement on t a little. Take t = δn for δ = δ e /

20 Comparing complexities III Relax a little more. Take t = δn for δ = δ e /

21 Highest degree in GB computation I In the table below we compare highest degrees when computing GB w.r.t degrevlex with std command in SINGULAR. For every code the left column shows degree for the diagonal system, and the right one for the initial system. no. of err. [120,40] [120,30] [120,20] [120,10] [150,10]

22 Highest degree in GB computation I no. of err. [120,40] [120,30] [120,20] [120,10] [150,10]

23 Highest degree in GB computation II In the next table we show degrees that appear during GB computation with F4 implementation of MAGMA (GroebnerBasis command) no. of err. [120,40] [120,30] [120,20] [120,10] [150,10]

24 Highest degree in GB computation II no. of err. [120,40] [120,30] [120,20] [120,10] [150,10]

25 Highest degree in GB computation III We also present degree estimate with extended linearization as above. no. of err. [120,40] [120,30] [120,20] [120,10] [150,10]

26 Highest degree in GB computation III no. of err. [120,40] [120,30] [120,20] [120,10] [150,10]

27 Highest degree in GB computation IV Although highest degree of polynomials occurring during GB computations is an important parameter for complexity, it is not the only one. For example in our experiments with slimgb we never obtained degree larger than 3, and still running time was much worse than the ones of std or F4.

28 Comparing with different random systems Consider different types of random systems: R 1 is a system of n quadratic equations that has the same monomials as Sys, but the corresponding coefficients are randomly taken from F q. Require that R 1 has a unique solution in F q. R 2 is a system that has the same properties as R 1, but the requirement on uniqueness of a solution is dropped out. R 3 is a fully random system of n quadratic equations, i.e. it has all possible monomials of degree 2 and the corresponding coefficients are random from F q Note that R 2 and R 3 do not have solutions in general.

29 Experiments Using some experimental evidence we conjecture that there are following relations between the complexities for solving Sys, R 1, R 2, and R 3 with general methods Compl(Sys) Compl(R 1 ) Compl(R 2 ) Compl(R 3 ). Semi-regular sequences Solving R 3 -systems has to do with the semi-regular sequences introduced by M.Bardet et.al. Complexity estimates for the F5 algorithm are available. These results are not applicable for our situation, since the quadratic homogeneous part in our systems has positive dimension, whereas the results there are valid only for zero-dimensional case.

30 Further research Further research The possible directions of research: Complexity analysis of solving, e.g. via the analysis of R 2 systems. In the complexity analysis take into account a special form of the Macaulay matrix. Algorithmic questions connected with the existence of Generalized Newton identities for arbitrary linear codes. Decoding algorithms of polynomial complexity for some classes of codes that follow the idea of cyclic codes.