Coset Decomposition Method for Decoding Linear Codes

Similar documents
MATH 433 Applied Algebra Lecture 21: Linear codes (continued). Classification of groups.

9 THEORY OF CODES. 9.0 Introduction. 9.1 Noise

MATH 433 Applied Algebra Lecture 22: Review for Exam 2.

Error-Correcting Codes

Mathematics Department

Cryptographie basée sur les codes correcteurs d erreurs et arithmétique

Chapter 3 Linear Block Codes

Can You Hear Me Now?

MATH Examination for the Module MATH-3152 (May 2009) Coding Theory. Time allowed: 2 hours. S = q

channel of communication noise Each codeword has length 2, and all digits are either 0 or 1. Such codes are called Binary Codes.

MATH3302 Coding Theory Problem Set The following ISBN was received with a smudge. What is the missing digit? x9139 9

Binary Linear Codes G = = [ I 3 B ] , G 4 = None of these matrices are in standard form. Note that the matrix 1 0 0

Error-correcting codes and Cryptography

MATH 291T CODING THEORY

Cyclic Redundancy Check Codes

Hadamard Codes. A Hadamard matrix of order n is a matrix H n with elements 1 or 1 such that H n H t n = n I n. For example,

A Brief Encounter with Linear Codes

Linear Codes and Syndrome Decoding

Notes 10: Public-key cryptography

B. Cyclic Codes. Primitive polynomials are the generator polynomials of cyclic codes.

A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors

The extended coset leader weight enumerator

Error-correcting codes and applications

16.36 Communication Systems Engineering

Code-based cryptography

Coding Theory and Applications. Linear Codes. Enes Pasalic University of Primorska Koper, 2013

3. Coding theory 3.1. Basic concepts

Modular numbers and Error Correcting Codes. Introduction. Modular Arithmetic.

The Golay codes. Mario de Boer and Ruud Pellikaan

Chapter 5. Cyclic Codes

MATH32031: Coding Theory Part 15: Summary

MT5821 Advanced Combinatorics

MATH3302. Coding and Cryptography. Coding Theory

Math 512 Syllabus Spring 2017, LIU Post

EE 229B ERROR CONTROL CODING Spring 2005

Ma/CS 6b Class 24: Error Correcting Codes

Error Detection and Correction: Hamming Code; Reed-Muller Code

1.6: Solutions 17. Solution to exercise 1.6 (p.13).

Lecture 12. Block Diagram

Errors, Eavesdroppers, and Enormous Matrices

MATH 291T CODING THEORY

Channel Coding for Secure Transmissions

} has dimension = k rank A > 0 over F. For any vector b!

: Coding Theory. Notes by Assoc. Prof. Dr. Patanee Udomkavanich October 30, upattane

Information redundancy

McEliece type Cryptosystem based on Gabidulin Codes

Side-channel analysis in code-based cryptography

Attacking and defending the McEliece cryptosystem

2 Description of McEliece s Public-Key Cryptosystem

Vector spaces. EE 387, Notes 8, Handout #12

A FUZZY COMMITMENT SCHEME WITH MCELIECE S CIPHER

Multimedia Systems WS 2010/2011

MA441: Algebraic Structures I. Lecture 18

Answers and Solutions to (Even Numbered) Suggested Exercises in Sections of Grimaldi s Discrete and Combinatorial Mathematics

MATH/MTHE 406 Homework Assignment 2 due date: October 17, 2016

On Compression Encrypted Data part 2. Prof. Ja-Ling Wu The Graduate Institute of Networking and Multimedia National Taiwan University

Solutions to problems from Chapter 3

Chapter 7. Error Control Coding. 7.1 Historical background. Mikael Olofsson 2005

Improving the efficiency of Generalized Birthday Attacks against certain structured cryptosystems

All-Or-Nothing Transforms Using Quasigroups

Ideals over a Non-Commutative Ring and their Application in Cryptology

MATH 433 Applied Algebra Lecture 19: Subgroups (continued). Error-detecting and error-correcting codes.

Code-based Cryptography

Communications II Lecture 9: Error Correction Coding. Professor Kin K. Leung EEE and Computing Departments Imperial College London Copyright reserved

Example: sending one bit of information across noisy channel. Effects of the noise: flip the bit with probability p.

ELEC-E7240 Coding Methods L (5 cr)

Complex Reflection Group Coding

Finite Mathematics. Nik Ruškuc and Colva M. Roney-Dougal

Ma/CS 6b Class 25: Error Correcting Codes 2

Algebraic Codes for Error Control

Combinatorial Method in the Coset Enumeration. of Symmetrically Generated Groups II: Monomial Modular Representations

REED-SOLOMON CODE SYMBOL AVOIDANCE

AN EFFICIENT GOLAY CODEC FOR MIL-STD A AND FED-STD-1045 ERIC E. JOHNSON NMSU-ECE FEBRUARY 1991

Know the meaning of the basic concepts: ring, field, characteristic of a ring, the ring of polynomials R[x].

The Hamming Codes and Delsarte s Linear Programming Bound

Cryptanalysis of the Wu}Dawson Public Key Cryptosystem

An Introduction to (Network) Coding Theory

6 Cosets & Factor Groups

ERROR-CORRECTING CODES AND LATIN SQUARES

Code-based cryptography

U Logo Use Guidelines

Optimization of the Hamming Code for Error Prone Media

New polynomials for strong algebraic manipulation detection codes 1

EE512: Error Control Coding

8 Elliptic Curve Cryptography

Outline. EECS Components and Design Techniques for Digital Systems. Lec 18 Error Coding. In the real world. Our beautiful digital world.

On the Security of Some Cryptosystems Based on Error-correcting Codes

Optimization of the Hamming Code for Error Prone Media

Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks

2. Polynomials. 19 points. 3/3/3/3/3/4 Clearly indicate your correctly formatted answer: this is what is to be graded. No need to justify!

A new zero-knowledge code based identification scheme with reduced communication

New algebraic decoding method for the (41, 21,9) quadratic residue code

Codes used in Cryptography

BINARY CODES. Binary Codes. Computer Mathematics I. Jiraporn Pooksook Department of Electrical and Computer Engineering Naresuan University

Linear Cyclic Codes. Polynomial Word 1 + x + x x 4 + x 5 + x x + x

Network Coding and Schubert Varieties over Finite Fields

exercise in the previous class (1)

Cryptographie basée sur les codes correcteurs d erreurs et arithmétique

Reed-Muller Codes. These codes were discovered by Muller and the decoding by Reed in Code length: n = 2 m, Dimension: Minimum Distance

Error Correction Review

Transcription:

International Journal of Algebra, Vol. 5, 2011, no. 28, 1395-1404 Coset Decomposition Method for Decoding Linear Codes Mohamed Sayed Faculty of Computer Studies Arab Open University P.O. Box: 830 Ardeya 92400, Kuwait msayed@aou.edu.kw Abstract We introduced an application of the decomposition of a group into cosets of a subgroup to the theory of error detecting and correcting codes. The proposed approach is based on the general method for decoding linear codes known as syndrome decoding. Mathematics Subject Classification: 20A05; 20B05; 20B40 Keywords: Finite groups; coset enumerations; decoding problem; syndrome decoding; linear codes 1 Introduction Messages sent over electronic and other channels are subject to distortions of various sort. For instance, messages sent over telephone lines may be distorted by other electromagnetic fluctuations; information stored on a CD digital audio system may become corrupted by strong magnetic fields. The result is that the messages received or read may be different from the originally sent or stored. Extreme examples are the pictures sent back from space probes, where a very high error rates occurs and retransmission is often impossible. Codes provide a systematic way to send messages, with some extra information (check digits) in such a way that an error occurring in the original messages will not just be noticed (detected) by the receiver but, in many cases, may be corrected. In order for error correction to be efficient, the decoding problem must be efficiently solvable. It should be noted that coding theory can only be secure if the decoding is hard without knowledge of a secrete. Linear codes are widely used for controlling errors because they are easy to generate, well understood and powerful, see for example [1, 3, 5, 7, 10].

1396 M. Sayed This paper begins by going through the definitions and theoretical background needed to talk about the decoding problem. Then, it focuses on the application of the decomposition of a finite group into cosets of a subgroup to the elementary theory of error detecting and correcting codes. Next, it outlines our decoding algorithm for linear codes. Lastly, some conclusions are put forward. More introduction material can be taken for instance from [2, 4]. 2 Theoretical background In this section we introduce the decoding problem. Let n N and let F = {0, 1} be the group of two elements. We will think of words of length n as members of F n, the direct product of n copies of the binary set F regarded as an Abelian group under addition. The weight of v F n is the number of nonzero entries in the word v. The distance dist(v,w) ofv, w F n is the weight of the difference v - w. It should be noted that we are working in a product of copies of F in which every element is its own additive inverse and so v - w = v + w. For k n, we define a coding function f : F k F n, and instead of sending a word w, we send the word f(w). There is an obvious constraint on a suitable coding function f: f should be injective, otherwise there would be two different words of length k that would be sent as the same word of length n. We say that (n, k)-code is a linear code over F if the images of f form a subgroup of F n. The elements of such a code are called codewords. For d Nan(n, k, d)-code is an (n, k)-code for which d is the minimum distance between two different codewords. One advantage of linear codes is that the minimum distance between codewords is relatively easily found. Let C be an (n, k)-code for some n, k N. A generator matrix for C is a matrix G F (n,k) whose rows are an F -basis of C. We also say that the matrix G which has rank k generates the code C. A message w F k is encoded as z = wg. If the encoded message is transmitted, it is possible that during the transmission some bits of z are changed. The receiver receives the incorrect message y. He solves the decoding problem, that is, he calculates x Csuch that dist(x,y) is minimum. If dist(z,y) < 1 d where d is the minimum distance 2 of any two distinct codewords, then x is equal to the original message z. Theorem 2.1. Let f : F k F n be a coding function. Then f allows the detection of d 1 or fewer error if and only if the minimum distance between distinct codewords is at least d. Theorem 2.2. Let f : F k F n be a coding function. Then f allows the correction of d 1 or fewer errors if and only if the minimum distance between 2

Coset decomposition method 1397 distinct codewords is at least d. Theorem 2.3. If f : F k F n is a linear code, then the minimum distance between distinct codewords is the lowest weight of a non-zero codeword. Problem 2.4. Crypto decoding problem. Given an (n,k)-code C, n, k N, n k, the error weight t N,t n, and y F n. Find a word of wight t in the coset y + C. Of course correcting t errors in a codeword of length n implies a decoding procedure that achieves this error correcting potential. A completely correct decoding technique is to construct a table of every binary n-tuples and the codeword into which it is to be detected. The rule for constructing this table is to decode an n-tuple into the nearest codeword. However, the table lookup decoding (coset decoding table, as we will call it below) is feasible only for rather small codes. Therefore, we continue search for algorithmic algebraic decoders which are much faster and demand much less storage. 3 Syndrome decoding Let H be a subgroup of a group G and g be any element of G. The left coset gh is defined to be the subset gh = {gh : h H}of G. One defines analogously the concept of right coset of H in G determined by g to be the subset Hg = {hg : h H}of G. The subgroup H is a coset itself being equal eh where e is the identity element of G. The element a is always a member of its coset ah. Ifb is in ah, then bh = ah. Moreover, if H is a subgroup of G and a, b are elements of G, then either ah = bh or ah bh = φ. Also, if H is a subgroup of G then each coset of H in G has the same number of elements as H. Let G be a finite group. The order of G, G, is the number of elements in G. The number of distinct left (right) cosets of a subgroup H in G is denoted by G : H. Lagrange s Theorem 3.1. G / H = G : H. If H is a subgroup of a finite group G, then For further information about enumerating cosets of a subgroup in a finite group the reader is referred to [6]. The word linear helps to remind us that the group operation is addition. What do we have to check in order to show that we have a linear code? Since the group operation is addition, we must show that if words v and w are in the image of a coding function f then so is the word v + w. Let k, n N with k n. A generator matrix G is a matrix with entries

1398 M. Sayed in F and with k rows and n columns, the first k columns of which form the k k identity matrix I k. We may write such a matrix as a partitioned matrix: G =(I k A) where A is an k (n k) matrix. we define f G : F k F n by f G (w) =wg for w F k. It is noted that if G is a generator matrix, then f G is a linear code and, in fact, f G (v + w) =f G (v)+f G (w) for all words v and w in F k. We provide now a small example explaining linear codes. Example 3.2 Consider the coding function f G : F 2 F 5 defined by a generator matrix as below ( ) 1 0 1 1 0 G = 0 1 0 1 1 Opposite each word w in F 2 we list f G (w): 00 00000 01 01011 10 10110 11 11101 The minimum distance between codewords is 3 (being the minimum weight of a non-zero codeword), so the code can detect two errors and correct one error. Suppose that we have a coding function f : F k F n for which the associated code is linear code. Let W be the set of codewords in F n (subgroup of F n ). Assume that the codeword w is sent but that an error occurs in, say, the last digit, resulting the word v being received. So that v = e n + w, where e n is the word of length n which has all digits 0 except the last digit which is 1. Thus the set of words which may be received as the result of a single error in the last digit is precisely the set e n + W. In the language of group theory, this is precisely the coset of e n with respect to the subgroup W of F n. Similarly two, or more, errors result in the set of codewords being replaced by a certain coset. For instance if n = 8 then an error in the third digit combined with an error in the fifth digit transforms the codeword w into the word 00101000 +w, so replaces the subgroup W of codewords with the coset 00101000+W. Rather than do the above computation every time we receive an erroneous word, it is as well to do the computations once and for all and to prepare a table showing the result of these computations, such table is called coset decoding table. List the elements of W in some fixed order with the zero n-tuple as the first element, then array these as the top row of the decoding table. For each word v of minimum weight among those not in W and beneath each codeword w on the top row place the word v + w. The entries in the first column of our coset decoding table are called coset leaders.

Coset decomposition method 1399 Example 3.3 Consider the coding function and generator matrix as in Example 3.2. We array the codewords along the top row and then look for words of minimum length not already included in the table, and array their cosets as described. There are 2 5 2 = 8 cosets of the subgroup of 2 2 = 4 codewords in the group of 2 5 = 32 words, so there will be 8 rows in the coset decoding table, which is shown below: 00000 01011 10110 11101 00001 01010 10111 11100 00010 01001 10100 11111 00100 01111 10010 11001 01000 00011 11110 10101 10000 11011 00110 01101 00101 01110 10011 11000 10001 11010 00111 01100 Given the k n generator matrix G =(I k A), we( define the ) corresponding A parity-check matrix H to be the n (n k) matrix. The syndrome I n k of w F n is defined to be the matrix product wh in F n k. Theorem 3.4. Let H be a parity-check matrix associated with a given code. Then w is a codeword if and only if its syndrome wh is the zero element in F n k. Corollary 3.5. Two words are in the same row of the coset decoding table if and only if they have the same syndrome. This means that it is sufficient to construct two-column decoding table, one which contains just the column of coset leaders and the column of syndromes. Then, given a word w to decode, compute its syndrome, add to (subtract from, really) w the coset leader u which has the same syndrome - the word w + u will then be corrected version of w - finally read off the first k digits to reconstruct the original word. Example 3.6 Consider the coding function and generator matrix as in Example 3.2. The corresponding parity-check matrix H is the 5 3 matrix 1 1 0 0 1 1 1 0 0 0 1 0 0 0 1

1400 M. Sayed and the syndrome plus coset leader decoding table is Syndrome Coset leader 000 00000 001 00001 010 00010 011 01000 100 00100 101 00101 110 10000 111 10001 Suppose that the message received is w = 11001. The syndrome of the word received is obtained by forming the product wh = (100). The corresponding coset leader is u = 00100. The corrected message, obtained by adding the coset leader to the received word, is w + u = 11101. The advantage of using a table showing only syndromes and coset leaders is well illustrated by the next example. Example 3.7 Let f : F 8 F 12 be defined by the generator and parity-check matrices 1 1 1 0 0 1 1 0 1 0 0 0 0 0 0 0 1 1 1 0 1 0 1 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 1 1 0 0 1 0 0 0 0 0 1 0 1 0 1 1 0 0 G = 0 0 0 1 0 0 0 0 0 0 1 1 0 0 0 0 1 0 0 0 1 1 0 0,H = 0 1 0 1 1 0 0 1 0 0 0 0 0 1 0 0 0 1 0 1 1 1 0 1 0 0 0 0 0 0 1 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 1 0 0 0 0 1 0 0 0 0 1 There are 2 8 codewords and the minimum distance between codewords is 3. Thus the code detects two errors and corrects one error. How many digits would the full coset decoding table contain? It would have 2 12 8 =16rows (cosets) each containing 2 8 twelve-digit words (codewords). That is 16 256 12 = 49152 digits. Now we see how much efficient it may be to compute and store only coset leader with syndrome decoding table. This table contains 16 (12 + 4) = 256 digits. Another advantage of listing coset leaders together with syndromes is that it is then much easier to find any missing coset leader, since each sequence in F n k

Coset decomposition method 1401 occurs as a syndrome. This enable us to find a coset leader relatively easily (comparing with searching through the coset leader with syndrome table), by seeing how to combine known coset leaders and their syndromes. 4 An algorithm for decoding linear codes The power of modern computers is exhausted for codeword lengths of several hundred bits and tens of errors per word. Consequently, we need an algorithmic decoder which demands less storage. Suppose that we have a coding function f : F k F n for which the associated code is linear code. Assume that the rate of errors is relatively high so that more check digits are added. Therefore, the number n k becomes large leading a longer decoding table. In this section we show that the number of coset leaders in this table may be reduced from 2 n k to n +1. Let W be the set of codewords in F n (subgroup of F n ) and H be the parity-check matrix of the linear code. For 1 i n, we define e i F n to be the word of length n which has all digits 0 except the i th digit which is 1. The zero word in F n is denoted by e 0. The decoding table for this algorithm is formed as follows: Syndrome Coset leader e 0 H e 0 e 1 H e 1...... e n H e n In some very rare cases the set {e i H :1 i n} does not span F n k so that we might need to add more coset leaders to the table. Let v represent the received word when t-error correcting codeword w is transmitted over a channel corrupted by additive noise: v = w + e, where e is a linear combination of some elements from the set {e i :0 i n}. In order to find the codeword w, the following four-steps decoding procedure is performed: calculate the syndrome of the corrupted word v; express the syndrome as combinations of the known syndromes; obtain e as the same combinations of the corresponding coset leaders; and find the corrected codeword w = v + e.

1402 M. Sayed Now, let us compare our decoding algorithm with the original syndrome decoding methods which use either of full coset decoding table or coset leader plus syndrome decoding table. First we take a look at a small code. Example 4.1 Let C be a (8, 2, 5) linear code over F with parity-check matrix 1 0 1 1 1 1 1 1 0 1 1 1 1 0 0 0 0 0 H = 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 1 The full coset decoding table contains 2048 digits while the coset leader with syndrome decoding table contains 896 digits. Using our decoding algorithm, we need only 128 digits to store the decoding table. This gives substantial reduction in the total needed storage. We have calculated the table below which shows the advantage of our decoding algorithm in terms of the number of digits over the other syndrome decoding techniques. Linear Full coset Coset leader plus Our decoding code decoding table syndrome decoding table algorithm (12,8,3) 3 2 14 2 8 208 (15,7,5) 15 2 15 23 2 8 368 (25,8,5) 25 2 25 21 2 18 1092 (25,11,3) 25 2 25 39 2 14 1014 (n, k, d) n 2 n (2n k) 2 n k (n + 1)(2n k) 5 Conclusion The theory of error-correcting codes over F = Z 2 is discussed. Attention is restricted to linear codes which may be described in terms of generator matrices or in terms of parity-check matrices. A linear code is considered as an additive subgroup of a group F n of n-tuples over F. The problem of decoding errors is shown to be equivalent to calculating a set of coset representatives for the code viewed as a subgroup in the explained way. Our algorithm is applicable to not only binary codes but also general codes over Z p, p is a prime number. The main advantage of this algorithm, in addition to low demand of storage, lies in two facts: high capability of correcting random errors and notable simplicity of performing calculations. The operations which are combinations

Coset decomposition method 1403 of codewords are XOR operations. Therefore, it could be easily programmed into hardware to produce a fast decoder. We remark that linear codes can also be used for encryption, see for example [8, 9]. To encrypt a message, it is encoded in such a way that an error word of fixed weight t is added. Decryption requires the solution of the decoding problem for which the weight of the error word is known. This work is a first step in solving the secure biometric storage problem using syndrome decoding. Biometric technologies are becoming the foundation of an extensive array of high secure identification and personal verification solutions. For instance digital signatures are widely used in identification and authentication protocols. References [1] S. Bulygin and R. Pellikaan, Bounded distance decoding of linear errorcorrecting codes with Gröbner bases, J. Symb. Comp. 44 (2009), 1626 1643. [2] A. M. Cohen, H. Cuypers and H. Sterk, Some tapas of computer algebra, Algorithms and Computation in Mathematics Vol. 40, Springer, 1999. [3] D. Cox, J. Little and D. O Shea, Using algebraic geometry, Springer- Verlag, New York, 1998. [4] J. Grabmeier, E. Kaltofen and V. Weispfenning, Computer algebra handbook, Springer, 2003. [5] C. Heegard, J. Little and K. Saints, Systematic encoding via Gröbner bases for a class of algebraic-geometric Goppa codes, IEEE Trans. Inform. Theory. Vol 41, No. 6 (1995), 1752 1761. [6] J. H. Humphreys, A course in group theory, Oxford University Press, 1996. [7] P. Loustaunau and E. V. York, On the decoding of cyclic codes using Gröbner bases, AAECC 8 (1997), 469 483. [8] R. J. McEliece, A public key cryptosystem based on algebraic coding theory, DSN progress report 42-44 (1978), 114 116. [9] H. Niederreiter, Knapsack-type cryptosystems and algebraic coding theory, Problem of Control and Information Theory 15, No. 2 (1968), 159 166.

1404 M. Sayed [10] K. Saints and C. Heegard, Algebraic-geometric codes and multidimensional cyclic codes: A unified theory and algorithms for decoding using Gröbner bases, IEEE Trans. Inform. Theory. Vol 41, No. 6 (1995), 1733 1751. Received: July, 2011

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback