[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Next Article in Journal
The Symmetry of Pairing and the Electromagnetic Properties of a Superconductor with a Four-Fermion Attraction at Zero Temperature
Next Article in Special Issue
Ideals of Numerical Semigroups and Error-Correcting Codes
Previous Article in Journal
Histological Evaluation of a New Beta-Tricalcium Phosphate/Hydroxyapatite/Poly (1-Lactide-Co-Caprolactone) Composite Biomaterial in the Inflammatory Process and Repair of Critical Bone Defects
Previous Article in Special Issue
The Root Extraction Problem for Generic Braids
You seem to have javascript disabled. Please note that many of the page functionalities won't work as expected without javascript enabled.
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

The Symmetric Key Equation for Reed–Solomon Codes and a New Perspective on the Berlekamp–Massey Algorithm

by
Maria Bras-Amorós
1,* and
Michael E. O’Sullivan
2
1
Departament d’Enginyeria Informàtica i Matemàtiques, Universitat Rovira i Virgili, Av. Països Catalans 26, 43007 Tarragona, Catalonia
2
Department of Mathematics and Statistics, San Diego State University, 5500 Campanile Drive, San Diego, CA 92182-7720, USA
*
Author to whom correspondence should be addressed.
Symmetry 2019, 11(11), 1357; https://doi.org/10.3390/sym11111357
Submission received: 19 September 2019 / Revised: 23 October 2019 / Accepted: 25 October 2019 / Published: 2 November 2019
(This article belongs to the Special Issue Interactions between Group Theory, Symmetry and Cryptology)

Abstract

:
This paper presents a new way to view the key equation for decoding Reed–Solomon codes that unites the two algorithms used in solving it—the Berlekamp–Massey algorithm and the Euclidean algorithm. A new key equation for Reed–Solomon codes is derived for simultaneous errors and erasures decoding using the symmetry between polynomials and their reciprocals as well as the symmetries between dual and primal codes. The new key equation is simpler since it involves only degree bounds rather than modular computations. We show how to solve it using the Euclidean algorithm. We then show that by reorganizing the Euclidean algorithm applied to the new key equation we obtain the Berlekamp–Massey algorithm.

1. Introduction

Reed–Solomon codes are the basis of many applications such as secret sharing [1], distributed storage [2,3], private information retrieval [4] and the analysis of cryptographic hardness [5]. The most used tool for decoding Reed–Solomon codes is the key equation by Berlekamp [6] and the milestone algorithms that solve it are the Berlekamp–Massey algorithm [7] and the Sugiyama et al. adaptation of the Euclidean algorithm [8]. Their connections are analyzed in [9,10,11,12]. This paper is meant to bring a new unified presentation of the key equation, the Sugiyama-Euclidean algorithm and the Berlekamp–Massey algorithm for correcting errors and erasures for Reed–Solomon codes.
Section 2 presents a revisited key equation for both erasures and errors using the symmetry between polynomials and their reciprocals as well as the symmetries between dual and primal codes. In the new key equation, as opposed to the classical equation, there is no need to reference computations modulo a power of the indeterminate, and the correction polynomials reveal error locations rather than their inverses. Section 3 gives a way to solve the new key equation using the Euclidean algorithm. We show how the Berlekamp–Massey algorithm can be obtained by reorganizing the Euclidean algorithm. Hence, the whole paper is, in fact, a simple presentation of the Berlekamp–Massey algorithm as a restructured Euclidean algorithm.

2. Symmetric Key Equation

2.1. Reed–Solomon Codes

Suppose that F is a finite field of q elements and suppose that α is a primitive element of F . Let n = q 1 . Each vector u = ( u 0 , , u n 1 ) F n is identified with the polynomial u ( x ) = u 0 + u 1 x + + u n 1 x n 1 . The evaluation of u ( x ) at a is then denoted u ( a ) . The cyclic code C ( k ) of length n generated by the polynomial ( x α ) ( x α 2 ) ( x α n k ) is classically referred to as a (primal) Reed–Solomon code. Its dimension is k. On the other hand, the cyclic code C ( k ) of lenth n generated by the polynomial ( x α n ( k + 1 ) ) ( x α n ( k + 2 ) ) ( x α ) ( x 1 ) is referred to as a dual Reed–Solomon code. Its dimension is k as well. The minimum distance of both codes is d = n k + 1 . The codes are related by the equality C ( k ) = C ( n k ) .
The vector space F n is naturally bijected to itself through a map c c taking C ( k ) to C ( k ) . For a vector c = ( c 0 , c 1 , , c n 1 ) F n the vector c is defined componentwise as c = ( c 0 , α 1 c 1 , α 2 c 2 , , α c n 1 ) . Symmetrically, if c = ( c 0 , c 1 , , c n 1 ) , then c = ( c 0 , α c 1 , α 2 c 2 , , α n 1 c n 1 ) . In particular, c ( α i ) = c 0 + α c 1 α i + α 2 c 2 α 2 i + + α n 1 c n 1 α ( n 1 ) i = c ( α i + 1 ) .
Due to this bijective map, algorithms for correcting errors and erasures for primal Reed–Solomon code are also applicable for dual Reed–Solomon codes and vice versa. Indeed, if the codeword c C ( k ) at minimum distance of a received vector u differs from u by a vector of errors e, then the codeword c C ( k ) at minimum distance of a received vector u differs from u by a vector of errors e .

2.2. Decoding for Errors and Erasures

Suppose that a noisy channel adds t errors and erases s other components of a transmitted codeword c C ( k ) with 2 t + s < d . Let u be the received word after replacing the erased positions by 0 and let e = u c . The erasure locator polynomial is defined as Λ r = i : c i was erased ( x α i ) while the error locator polynomial is defined as Λ e = i : e i 0 , c i not erased ( x α i ) . The product Λ r Λ e is called Λ . We remark that while Λ r is known driectly from the received word, the Λ e is not a priori known. The error evaluator polynomial is defined as Ω = i : e i 0 or c i erased e i j : e j 0 or c j erased , and j i ( x α i ) = i = 0 n 1 e i Λ x α i The error positions can be identified by Λ e ( α i ) = 0 while the error values can be derived, as well as the erased values, from the analogue of the Forney formula [13]
e i = Ω ( α i ) Λ ( α i ) .
Notice that in the traditional setting, the roots of the locator polynomial are not related to the error positions but to their inverses. Hence, in the new setting we take the reciprocals of the polynomials of the traditional setting thus establishing a symmetry between the different versions. Also, the classical Forney formula involves the evaluator polynomial and the derivative of the locator polynomial evaluated at the inverses of the error positions, while with the new settings we use directly the error positions.
Finally, the polynomial S = e ( α n 1 ) + e ( α n 2 ) x + + e ( α ) x n 2 + e ( 1 ) x n 1 is called the syndrome polynomial of e.
Lemma 1.
Ω ( x n 1 ) = Λ S .
Proof. 
We can compute directly,
Ω ( x n 1 ) = ( x n 1 ) i = 0 n 1 e i Λ x α i = Λ i = 0 n 1 e i x n 1 x α i = Λ i = 0 n 1 e i j = 0 n 1 x n 1 j ( α i ) j = Λ j = 0 n 1 x n 1 j i = 0 n 1 e i ( α j ) i = Λ j = 0 n 1 x n 1 j e ( α j ) = Λ S
 ☐
The general term of S is e ( α n 1 i ) x i , but we only know from a received word the values e ( 1 ) = u ( 1 ) , , e ( α n k 1 ) = u ( α n k 1 ) . For this reason we use the truncated syndrome polynomial defined as S ¯ = e ( α n k 1 ) x k + e ( α n k 2 ) x k + 1 + + e ( 1 ) x n 1 . The degree of the polynomial Ω ( x n 1 ) Λ S ¯ = Λ ( S S ¯ ) is at most t + s + k 1 < d s 2 + s + n d = n d s 2 . One consequence of this bound is that the reciprocal polynomials Ω = x t + s 1 Ω ( 1 / x ) , Λ = x t + s Λ ( 1 / x ) and the polynomial S ¯ = x n 1 S ¯ ( 1 / x ) satisfy the well known Berlekamp key equation Λ S ¯ = Ω mod x n s k . Theorem 1 uses the bound on the degree of Ω ( x n 1 ) Λ S ¯ to derive a symmetric key equation for dual Reed–Solomon codes. To prove it, we first need the next two lemmas.
Lemma 2.
Suppose that f is a polynomial of F [ x ] with d e g ( f ) < n . Suppose that for a given α F the polynomial f ( x ) x n 1 x α has no term of degree n 1 . Then α is a root of f.
Proof. 
The Euclidean division of f by x α gives a polynomial g F [ x ] of degree smaller than n 1 that satisfies f ( x ) = f ( α ) + g ( x ) ( x α ) . Then f ( x ) x n 1 x α = f ( α ) x n 1 x α + g ( x ) ( x n 1 ) . On one hand, the product g ( x ) ( x n 1 ) has no term of degree n 1 . On the other hand, the coefficient of f ( α ) x n 1 x α of degree n 1 is exactly f ( α ) . Hence, if f ( x ) x n 1 x α has no term of degree n 1 , then necessarily f ( α ) = 0 .  ☐
Lemma 3.
Suppose that f is a polynomial of F [ x ] with d e g ( f ) n s t such that the terms of degree n t , , n 1 of f Λ r S are all zero. Then Λ e is a divisor of f.
Proof. 
Suppose that the terms of degree n t , , n 1 of f Λ r S are all zero. Suppose c j was not erased and e j 0 . Consider g ( x ) = Λ e / ( x α j ) . We have deg ( g ) = t 1 and consequently the term of degree n 1 of f g Λ r S is 0. Then,
f g Λ r S = f ( x ) g ( x ) Λ r ( x ) Ω ( x ) ( x n 1 ) Λ ( x ) = k : e k 0 e k f ( x ) g ( x ) Λ r ( x ) x n 1 x α k = e j f ( x ) g ( x ) Λ r ( x ) x n 1 x α j + k : e k 0 , c k   not   erased k j e k f ( x ) g ( x ) x α k Λ r ( x ) ( x n 1 ) + k : c k   erased e k f ( x ) g ( x ) Λ r ( x ) x α k ( x n 1 ) .
Because of the restriction on the degree of f, none of the last two summands has term of degree n 1 . Since the term of degree n 1 of f g Λ r S is 0, so is the term of degree n 1 of f ( x ) g ( x ) Λ r ( x ) x n 1 x α j . By Lemma 2, x α j must be a divisor of f. Since j was chosen arbitrarily such that e j 0 and c j was not erased, we conclude that Λ e must divide f. ☐
Theorem 1 (Symmetric key equation).
Suppose that a number s of erasures occurred together with a number of at most d s 1 2 errors. Then the polynomials Λ e and Ω are uniquely determined by the conditions
  • f is monic
  • f , φ are coprime
  • d e g ( f ) d s 2
  • d e g ( f Λ r S ¯ φ ( x n 1 ) ) < n d s 2
Proof. 
It is easy to see that Λ e and Ω satisfy conditions 1, 2, 3. It follows from the previous lemmas that Λ e and Ω satisfy condition 4. Conversely, suppose that f , φ satisfy the conditions 3 and 4. We will prove that the terms of degrees n t , , n 1 of f Λ r S are all zero. Then, by Lemma 3, and because deg ( f ) d s 2 n d + s 2 = n s d s 2 < n s t , it can be deduced that Λ e is a divisor of f. Indeed, write
f Λ r S = ( f Λ r S ¯ φ ( x n 1 ) ) + f Λ r ( S S ¯ ) + φ ( x n 1 ) .
By consition 4, the degree of the first term in this sum is less than n d s 2 < n t . By condition 3, deg ( f Λ r ( S S ¯ ) ) d s 2 + s + k 1 = n d s 2 < n t . By condition 4, deg ( φ ) + n deg ( f ) + s + n 1 . Consequently deg ( φ ) < deg ( f ) + s and by condition 3, deg ( φ ) < d s 2 + s = d + s 2 n d s 2 < n t . So, the terms of degrees n t , , n 1 of φ ( x n 1 ) are all zero. Suppose now that there exists g F [ x ] such that f = g Λ e . Then
f Λ r S ¯ φ ( x n 1 ) = f Λ r ( S ¯ S ) + f Λ r S φ ( x n 1 ) = f Λ r ( S ¯ S ) + g Λ S φ ( x n 1 ) = f Λ r ( S ¯ S ) + g Ω ( x n 1 ) φ ( x n 1 ) = f Λ r ( S ¯ S ) + ( g Ω φ ) ( x n 1 ) .
By condition 4, deg ( f Λ r S ¯ φ ( x n 1 ) ) < n d s 2 and as just seen, deg ( f Λ r ( S ¯ S ) ) < n t . Consequently, φ = g Ω . Now condition 1 and condition 2 imply g = 1 and so φ = Ω and f = Λ e .  ☐

3. Solving the Symmetric Key Equation

We first approach the case in which only erasures occurred. In this case Λ = Λ r , Λ e = 1 , and Ω can be directly derived from the key equation of Theorem 1. Indeed, the polynomial Ω is exactly the sum of those monomials of Λ r S ¯ of degree at least n d s 2 , divided by the monomial x n d s 2 .
Suppose now the case in which errors and erasures occured simultaneously. The extended Euclidean algorithm applied to the quotient polynomial Λ r S ¯ and the divisor polynomial ( x n 1 ) gives gcd ( Λ r S ¯ , x n 1 ) and two polynomials λ ( x ) and η ( x ) satisfying that λ Λ r S ¯ η ( x n 1 ) = gcd ( Λ r S ¯ , x n 1 ) . A new remainder r i and two polynomials λ i ( x ) and η i ( x ) such that λ i Λ r S ¯ η i ( x n 1 ) = r i are computed at each intermediate step of the Euclidean algorithm, in a way such that the degree of r i decreases at each step. Truncating at a proper point the Euclidean algorithm we can obtain two polynomials λ i and η i satisfying that the degree of λ i Λ r S ¯ η i ( x n 1 ) is smaller than n d s 2 . The next algorithm is a truncated version of the Euclidean algorithm. It satisfies that, for all i 0 , deg ( r i ) deg ( r i 1 ) and deg ( f i ) deg ( f i 1 ) .
Algorithm 1: Euclidean Algorithm
Initialize:
        r 2 = Λ r S ¯ , f 2 = 1 , φ 2 = 0 , r 1 = ( x n 1 ) , f 1 = 0 , φ 1 = 1 ,
while deg ( r i ) n d s 2 :
   q i = Quotient ( r i 2 , r i 1 )
   r i = Remainder ( r i 2 , r i 1 )
   f i = f i 2 q i f i 1
   φ i = φ i 2 q i φ i 1
end while
Return f i / LC ( f i ) , φ i / LC ( f i )
or, equivalently, in matrix form,
Initialize:
        r 1 f 1 φ 1 r 2 f 2 φ 2 = ( x n 1 ) 0 1 Λ r S ¯ 1 0
while deg ( r i ) n d s 2 :
q i = Quotient ( r i 2 , r i 1 )
r i f i φ i r i 1 f i 1 φ i 1 = q i 1 1 0 r i 1 f i 1 φ i 1 r i 2 f i 2 φ i 2
end while
Return f i / LC ( f i ) , φ i / LC ( f i )
For every integer i larger than or equal to 1 consider the matrix R i F i Φ i R ˜ i F ˜ i Φ ˜ i = 1 / LC ( r i ) 0 0 LC ( r i ) r i f i φ i r i 1 f i 1 φ i 1 It is easy to check that the polynomial R i is monic. In the algorithm one can replace the update step by the next multiplication.
R i F i Φ i R ˜ i F ˜ i Φ ˜ i = 1 LC ( R ˜ i 1 Q i R i 1 ) 0 0 LC ( R ˜ i 1 Q i R i 1 ) Q i 1 1 0 R i 1 F i 1 Φ i 1 R ˜ i 1 F ˜ i 1 Φ ˜ i 1 , where the polynomial Q i is the quotient of the division of R ˜ i 1 by R i 1 . Furthermore, if Q i = Q i ( 0 ) + Q i ( 1 ) x + + Q i ( l i ) x l i , then Q i 1 1 0 = 1 Q i ( 0 ) 0 1 1 Q i ( 1 ) x 0 1 1 Q i ( l ) x l 0 1 0 1 1 0 and the update step becomes
R i F i Φ i R ˜ i F ˜ i Φ ˜ i = 1 LC ( R ˜ i 1 Q i R i 1 ) 0 0 LC ( R ˜ i 1 Q i R i 1 ) 1 Q i ( 0 ) 0 1 1 Q i ( 1 ) x 0 1
1 Q i ( l ) x l 0 1 0 1 1 0 R i 1 F i 1 Φ i 1 R ˜ i 1 F ˜ i 1 Φ ˜ i 1 ,
One can see that LC ( R ˜ i 1 Q i R i 1 ) and the Q i ( j ) ’s are the leading coefficients of the left-most, top-most polynomials in the previous product of all the previous matrices. This follows from the fact that R i is monic. Define μ as the (changing) leading coefficients of the left-most, top-most element in the product of all the previous matrices. It follows that
R i F i Φ i R ˜ i F ˜ i Φ ˜ i = 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 0 1 0 1 1 0 R i 1 F i 1 Φ i 1 R ˜ i 1 F ˜ i 1 Φ ˜ i 1 = 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 0 1 0 1 1 0 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 1 0 1 0 1 1 0 R i 2 F i 2 Φ i 2 R ˜ i 2 F ˜ i 2 Φ ˜ i 2 = 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 0 1 0 μ 1 / μ 0 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 1 0 1 0 1 1 0 R i 2 F i 2 Φ i 2 R ˜ i 2 F ˜ i 2 Φ ˜ i 2 = 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 0 1 0 μ 1 / μ 0 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l i 1 0 1 0 μ 1 / μ 0 1 μ 0 0 μ 1 μ 0 0 μ 1 μ 0 0 μ 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l 0 0 1 0 1 1 0 R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1 ,
Let us label the matrices in the previous product:
1 μ 0 0 μ 1 μ 0 1 M m 1 μ x 0 1 M m 1 1 μ x l i 1 0 1 1 μ x l i 0 1 0 μ 1 / μ 0 1 μ 0 0 μ 1 μ 0 0 μ 1 μ 0 0 μ 1 μ 0 0 μ 1 μ 0 1 1 μ x 0 1 1 μ x l 1 1 0 1 M l 0 + 3 1 μ x l 1 0 1 M l 0 + 2 0 μ 1 / μ 0 M l 0 + 1 1 μ 0 0 μ 1 μ 0 1 M l 0 1 μ x 0 1 M l 0 1 1 μ x l 0 1 0 1 M 1 1 μ x l 0 0 1 M 0 0 1 1 0 . R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1
Now, we define
R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1 = 0 1 1 0 R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1 = Λ r S ¯ 1 0 x n 1 0 1 R i F i Φ i R ˜ i F ˜ i Φ ˜ i = M i · M i 1 · · M 0 · R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1
Lets us see now that, for all i m , the polynomials R ˜ i and F i are monic. Indeed, R ˜ 1 = x n 1 is monic, and it follows by induction and by the definition of the matrices M i , that R ˜ i is monic for all i. Now, all the matrices M i have determinant equal to 1. This implies that R i F ˜ i F i R ˜ i is constant for all i and it equals ( x n 1 ) . In particular, since LC ( R i F ˜ i F i R ˜ i ) = LC ( F i ) LC ( R ˜ i ) = LC ( F i ) , we deduce that for every i, the polynomial F i is monic.
Algorithm 2 computes the matrices R i F i Φ i R ˜ i F ˜ i Φ ˜ i until deg ( R i ) < n d s 2 .
Algorithm 2: Single Coefficient Euclidean Algorithm.
Initialize:
   R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1 = Λ r S ¯ 1 0 x n 1 0 1
while deg ( R i ) n d s 2 :
   μ = LC ( R i )
   p = deg ( R i ) deg ( R ˜ i )
  if p 0 then
   R i + 1 F i + 1 Φ i + 1 R ˜ i + 1 F ˜ i + 1 Φ ˜ i + 1 = 1 μ x p 0 1 R i F i Φ i R ˜ i F ˜ i Φ ˜ i
  else
   R i + 1 F i + 1 Φ i + 1 R ˜ i + 1 F ˜ i + 1 Φ ˜ i + 1 = 0 μ 1 / μ 0 R i F i Φ i R ˜ i F ˜ i Φ ˜ i
  end if
end while
Return F i , Φ i
Due to the fact that the polynomials R ˜ i are monic, after each step with a negative value of p the new updated value p coincides with the previous one but with opposite sign and so happens for μ . Taking this into account we join each step with a negative value of p with the next step. We obtain R i + 1 F i + 1 Φ i + 1 R ˜ i + 1 F ˜ i + 1 Φ ˜ i + 1 = 1 μ x p 0 1 0 μ 1 / μ 0 R i F i Φ i R ˜ i F ˜ i Φ ˜ i
This adjustment keeps F i , Φ i unaltered. It can be stated as follows
At this point we observe that we only need to keep the polynomials R i (and R ˜ i ) because we need their leading coefficients (the μ i ’s). The next lemma proves that these leading coefficients can be obtained independently of the polynomials R i . This allows the computation of the polynomials F i , Φ i iteratively while dispensing with the polynomials R i .
Lemma 4.
L C ( R i ) = L C ( F i Λ r S ¯ )
Proof. 
The result is obvious for i = 1 . Since we joined two steps, before Algorithm 3, the degree of the remainder R i = F i Λ r S ¯ Φ i ( x n 1 ) = F i Λ r S ¯ x n Φ i + Φ i is at most n 1 for every i 1 . Consequently all terms of x n Φ i cancel with terms of F i Λ r S ¯ and R i must have leading term equal to either a term of Φ i or a term of F i Λ r S ¯ or a sum of a term of Φ i and a term of F i Λ r S ¯ .
On the other hand, the algorithm computes LC ( R i ) only while deg ( R i ) n d s 2 . In particular, 2 deg ( R i ) = 2 n d + s n + s . Leu us show that in this case the degree of the leading term of R i is strictly larger than the degree of Φ i . Indeed, since all the matrices M i in the algorithm have determinant equal to 1, this implies that deg ( Φ i ) = deg ( Λ r S ¯ ) deg ( R ˜ i ) n + s deg ( R ˜ i ) < 2 deg ( R i ) deg ( R i ) = deg ( R i ) . ☐
Algorithm 3: Refactored Single Coefficient Euclidean Algorithm
Initialize:
   R 1 F 1 Φ 1 R ˜ 1 F ˜ 1 Φ ˜ 1 = Λ r S ¯ 1 0 x n 1 0 1
while deg ( R i ) n d s 2 :
   μ = LC ( R i )
   p = deg ( R i ) deg ( R ˜ i )
  if p 0 or μ = 0 then
   R i + 1 F i + 1 Φ i + 1 R ˜ i + 1 F ˜ i + 1 Φ ˜ i + 1 = 1 μ x p 0 1 R i F i Φ i R ˜ i F ˜ i Φ ˜ i
  else
   R i + 1 F i + 1 Φ i + 1 R ˜ i + 1 F ˜ i + 1 Φ ˜ i + 1 = x p μ 1 / μ 0 R i F i Φ i R ˜ i F ˜ i Φ ˜ i
  end if
end while
Return F i , Φ i
We transform now Algorithm 3 in a way such that isntead of keeping the remainders we keep their degrees. For this we use the values d i , d ˜ i satisfying, at each step, that d i deg ( R i ) , d ˜ i = deg ( R ˜ i ) .
Algorithm 4 is exactly the Berlekamp–Massey algorithm applied to the recurrence j = 0 t Λ j e ( α i + j 1 ) = 0 for all i > 0 . This linear recurrence is a consequence of the equality S x n 1 = 1 x e ( 1 ) + e ( α ) x + e ( α 2 ) x 2 + and the fact that Λ S x n 1 is a polynomial and, hence, its terms of negative order in its expression as a Laurent series in 1 / x are all zero.
Algorithm 4: Berlekamp-Massey Algorithm
Initialize:
   d 1 = s + deg ( S ¯ )
   d ˜ 1 = n
   F 1 Φ 1 F ˜ 1 Φ ˜ 1 = 1 0 0 1
while d i n d s 2 :
   μ = Coefficient ( F i Λ r S ¯ , d i )
   p = d i d ˜ i
  if p 0 or μ = 0 then
    F i + 1 Φ i + 1 F ˜ i + 1 Φ ˜ i + 1 = 1 μ x p 0 1 F i Φ i F ˜ i Φ ˜ i
    d i + 1 = d i 1
    d ˜ i + 1 = d ˜ i
  else
    F i + 1 Φ i + 1 F ˜ i + 1 Φ ˜ i + 1 = x p μ 1 / μ 0 F i Φ i F ˜ i Φ ˜ i
    d i + 1 = d ˜ i 1
    d ˜ i + 1 = d i
   end if
end while
Return F i , Φ i

4. Conclusions

By working with error/erasure locator polynomials whose roots correspond to the error positions rather than to their inverses and with an evaluator polynomial that gives the error values when we evaluate it at the error positions instead of evaluating it at the inverses of the error positions we get to a symmetric key equation for Reed–Solomon codes. We showed that the symmetric key equation can be solved by an adapted Euclidean algorithm whose steps can be refined leading naturally to the Berlekamp–Massey algorithm.

Author Contributions

The authors contributed equally to the theoretical framing and algorithms and the corresponding author took principle responsibility for writing the article.

Funding

The first author was partly supported by the Catalan Government under grant 2017 SGR 00705, by the Spanish Ministry of Economy and Competitivity under grant TIN2016-80250-R, and by Universitat Rovira i Virgili under grant OPEN2019.

Conflicts of Interest

The authors declare no conflict of interest.

References

  1. McEliece, R.J.; Sarwate, D.V. On sharing secrets and Reed-Solomon codes. Commun. ACM 1981, 24, 583–584. [Google Scholar] [CrossRef]
  2. Dimakis, A.G.; Ramchandran, K.; Wu, Y.; Suh, C. A Survey on Network Codes for Distributed Storage. Proc. IEEE 2011, 99, 476–489. [Google Scholar] [CrossRef]
  3. Tamo, I.; Ye, M.; Barg, A. The repair problem for Reed-Solomon codes: Optimal repair of single and multiple erasures with almost optimal node size. IEEE Trans. Inf. Theory 2019, 65, 2673–2695. [Google Scholar] [CrossRef]
  4. Tajeddine, R.; Gnilke, O.W.; Karpuk, D.; Freij-Hollanti, R.; Hollanti, C. Private information retrieval from coded storage systems with colluding, Byzantine, and unresponsive servers. IEEE Trans. Inf. Theory 2019, 65, 3898–3906. [Google Scholar] [CrossRef]
  5. Kiayias, A.; Yung, M. Cryptographic hardness based on the decoding of Reed-Solomon codes. IEEE Trans. Inf. Theory 2008, 54, 2752–2769. [Google Scholar] [CrossRef]
  6. Berlekamp, E.R. Algebraic Coding Theory; McGraw-Hill Book Co.: New York, NY, USA, 1968; p. xiv+466. [Google Scholar]
  7. Massey, J.L. Shift-register synthesis and BCH decoding. IEEE Trans. Inf. Theory 1969, 15, 122–127. [Google Scholar] [CrossRef]
  8. Sugiyama, Y.; Kasahara, M.; Hirasawa, S.; Namekawa, T. A method for solving key equation for decoding Goppa codes. Inf. Control 1975, 27, 87–99. [Google Scholar] [CrossRef]
  9. Dornstetter, J.L. On the equivalence between Berlekamp’s and Euclid’s algorithms. IEEE Trans. Inf. Theory 1987, 33, 428–431. [Google Scholar] [CrossRef]
  10. Heydtmann, A.E.; Jensen, J.M. On the equivalence of the Berlekamp-Massey and the Euclidean algorithms for decoding. IEEE Trans. Inf. Theory 2000, 46, 2614–2624. [Google Scholar]
  11. Mateer, T.D. On the equivalence of the Berlekamp-Massey and the Euclidean algorithms for algebraic decoding. In Proceedings of the 12th Canadian Workshop on Information Theory (CWIT), Kelowna, BC, Canada, 17–20 May 2011; pp. 139–142. [Google Scholar]
  12. Ilani, I. Berlekamp–Massey Algorithm: Euclid in Disguise. In Proceedings of the 2018 IEEE International Conference on the Science of Electrical Engineering in Israel (ICSEE), Eilat, Israel, 12–14 December 2018; pp. 1–5. [Google Scholar] [CrossRef]
  13. Forney, G.D., Jr. On decoding BCH codes. IEEE Trans. Inf. Theory 1965, 11, 549–557. [Google Scholar] [CrossRef]

Share and Cite

MDPI and ACS Style

Bras-Amorós, M.; O’Sullivan, M.E. The Symmetric Key Equation for Reed–Solomon Codes and a New Perspective on the Berlekamp–Massey Algorithm. Symmetry 2019, 11, 1357. https://doi.org/10.3390/sym11111357

AMA Style

Bras-Amorós M, O’Sullivan ME. The Symmetric Key Equation for Reed–Solomon Codes and a New Perspective on the Berlekamp–Massey Algorithm. Symmetry. 2019; 11(11):1357. https://doi.org/10.3390/sym11111357

Chicago/Turabian Style

Bras-Amorós, Maria, and Michael E. O’Sullivan. 2019. "The Symmetric Key Equation for Reed–Solomon Codes and a New Perspective on the Berlekamp–Massey Algorithm" Symmetry 11, no. 11: 1357. https://doi.org/10.3390/sym11111357

APA Style

Bras-Amorós, M., & O’Sullivan, M. E. (2019). The Symmetric Key Equation for Reed–Solomon Codes and a New Perspective on the Berlekamp–Massey Algorithm. Symmetry, 11(11), 1357. https://doi.org/10.3390/sym11111357

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Back to TopTop