AD-A273 089 ° (

ARMY RESEARCH LABORATORY. ..... mu

Toward a New Method ofDecoding Algebraic Codes

Using Grobner Bases

A. Brinton Cooper III

ARL-TR-293 October 1993

93-28508

APPROVED FOR PUILIC REUL.ASE; DISTRIBUTION IS UNLIMITED

1 jCj

NOTICES

Destroy this report when it is no longer needed. DO NOT return it to the originator.

Additional copies of this report may be obtained from the National Technical InformationService, U.S. Department of Commerce, 5285 Port Royal Road, Springfield, VA 22161.

The findings of this report are not to be construed as an official Department of the Armyposition, unless so designated by other authorized documents.

The use of trade names or manufacturers' names in this report does not constituteindorsement of any commercial product.

Form ApprovedREPORT DOCUMENTATION PAGE OMBNo 0040.188

ijn ill

1. AGENCY USE ONLY (Leave blank) 2. REPORT DATE 3. REPORT TYPE AND DATES COVERED

October 1993 Final, October 1991 to September 19924. TITLE AND SUBTITLE S. FUNDING NUMBERS

Toward a New Method of Decoding Algebraic Codes Using GrSbner Bases

PR: 1L161102AH436. AUTHOR(S)

A. Brinton Cooper III

7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) 8. PERFORMING ORGANIZATIONREPORT NUMBER

U.S. Army Research LaboratoryATTN: AMSRL-CI-CCAberdeen Proving Ground, MD 21005-5066

9 SPONSORING, MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSORING MONITORING

U.S. Army Research Laboratory AGENCY REPORT NUMBER

ATTN: AMSRL-OP-CI-B (Tech Lib) ARL-TR-293Aberdeen Proving Ground, MD 21005-5066

11. SUPPLEMENTARY NOTES

12a. DISTRIBUTION AVAILABILITY STATEMENT 12b. DISTRIBUTION CODE

Approved for public release; distribution is unlimited.

13. ABSTRACT (Maximum 200 words;

A binary BCH error control code is a vector subspace of binary N-tuples. Algebraically, the code isgenerated by a polynomial having binary coefficients and roots in GF(2m). It is decoded by computing a setof syndrome equations which are multivariate polynomials over GF(2m) and which exhibit a certain symmetry.If the number of transmission errors in a received word does not exceed a bound t for the code, the roots of thesyndromes are the locations, in the received word, of those errors. These multivariate polynomials are takenas the basis for an ideal in the ring of polynomials in t variables over GF(2m). A celebrated algorithm byBuchberger produces a reduced Gr6bner basis of that ideal. It turns out that, since the common roots of all thepolynomials in the ideal are a set of isolated points, this reduced Gribner basis is in triangular form, and theunivariate polynomial in that basis is the well known BCH error locator polynomial, the roots of which specifythe error locations. Decoding is algorithmically complete when this polynomial is known.

14. SUBJECT TERMS 15. NUMBER OF PAGES

22decoding, algebraic functions, polynomials 16. PRICE CODE

17. SECURITY CLASSIFICATION 18. SECURITY CLASSIFICATION 19. SECURITY CLASSIFICATION 20. LIMITATION OF ABSTRACT

OF REPORT OF THIS PAGE OF ABSTRACT

UNCLASSIFIED UNCLASSIFIED UNCLASSIFIED ULNSN 7540-01-280-5500 S~anclaro 'orm 298 (Rev 2-89)

P- mcDa bv .ZNS, it. 139-'82I9 2S

INTENTIONALLY LEFT BLANK.

ii

Acknowledgements

The author expresses special thanks to Professor Peter Stiller of Texas A&kM University formany discussions on Gr6bner bases, the theory of equations, and topics in the theory of finitefields; to Richard Kaste and Edwin Davisson of the US Army Research Laboratory for reading manypreliminary versions of this paper and for providing enlightening discussions of the matheniatics: toProfessor Charles Retter, recently of Northeastern University, for expressing his skeptical view, onthis work; to Professor P.G. Farrell of Manchester University, UK, for his unwavering encouragementto follow through with these ideas; and to Professor Stephen Wicker of the Georgia Institute ofTechnology for reading this work and making many thoughtful suggestions for its improvement.Notwithstanding these contributions, the shortcomings remain mine.

L iS i

I,:T

I--. -

4 ',oo_

INTENTIONALLY LEFT BLANK.

iv

Contents

1 Introduction 1

2 Linear Block Codes 12.1 Error Control .......... ........................................ 12.2 Polynomials and Cyclic Codes ...................................... 22.3 BCII Codes .......... ......................................... 3

3 BCH Decoding 33.1 Peterson's Decoder ............................................. 4

3.1.1 The Syndromes ........................................... 43.1.2 The Error Locator Polynomial ....... .......................... 53.1.3 Solving the Error Locator Polynomial ........................... 6

3.2 Related Methods of Finding the Error Locator Polynomial ................... 6

4 Direct Solution Techniques 64.1 Rings and Ideals ......... ...................................... 74.2 A Basis for 1(F) ......... ...................................... 74.3 Gr6bner Bases as a Basis for Decoding ................................ 8

5 Conclusion 9

6 References 11

Appendix: Buchberger's Grobner Basis Algorithm 13

A Preliminaries 13A.1 Notation .......... ........................................... 13A.2 Ordering .......... ........................................... 13A.3 Derivation of Spol(fi, fj) .......................................... 14A.4 Reduction Modulo F ............................................. 14

B The Grobner Basis Algorithm 15

Distribution List 17

v

INTENTIONALLY LEFT BLANK.

vi

1 Introduction

Modern algebraic techniques have been used to design and decode codes for error control as far backas the early 1960s when the binary BCH' codes [2-5] were discovered independently by Bose andChaudhuri and by Hocquenghem. The BCH codes and their descendents are popular for severalreasons, including their regular algebraic structure which permits easy encoding using simple shiftregisters and the existence of codes for a wide range of block lengths and error correction capabilities.

However, the asymptotic performance of BCtt codes is not "good" [5] in that the error probabil-ity after decoding and the information rate of the code are not simultaneously bounded away fromzero with increasing block length. Nevertheless, the BCH codes and their derivatives are widelyused because the)y are easy to generate, well understood. and useful in the control of transmis-sion errors over noisy channels. BCH decoders, however, are complex, and work continues to findsimpler and more powerful decoders.

This work applies recent results from the algebra of multivariate polynomials to the directsolution of the syndrome equations of binary BCtt codes. In this problem, some number I ofnonlinear polynomial equations must be solved for the locations of the errors.

Following a review of the basic theory of linear block codes, Section 2 presents the polynomialmodel of cyclic codes and shows how a BCH code is specified solely by a set of roots of its generatorpolynomial. Section 3 reviews popular methods for decoding BCIt codes. Although the Berlekamp-Massey Algorithm (BMA) [6,7] is probably the most widely discussed in the literature, we presentPeterson's algorithm [2] because it is simpler than BMA and provides the paradigm for BMA as wellas other decoders. Section 4 casts the problem into ideals in the ring of multivariate polynomialsover GF(2mn). Such ideals are defined by the roots of the member polynomials. Modern methodsare used to solve these equations directly.

Examples are included.

2 Linear Block Codes

2.1 Error Control

A common method for controlling errors in information transmitted over noisy channels is the useof linear block codes (LBC) 2. Algebraically; a LBC is a k-dimensional vectol subspace of a vectorspace of n-tuples over a finite field and, therefore, has a basis which spans the code. Methods fromlinear algebra can be used to express and manipulate the generator matrix, the rows of which aretie basis of the code. The dimension k of the LBC is smaller than n, the number of elementsor symbols in the n-tuple. This gives rise to the existence of n - k redundant symbols in eachcodeword. This redundancy introduces distance between pairs of codewords.

The sense in which we define "nearness" is Hlamming distance.

'Bose-Chaudhuri-Hocquenghem. McEliece [1] presents an interesting history of the naming of these codes.2 For a thorough coverage of this topic, the reader is referred to any of several excellent texts [1-6,8.9].

T • | |1

Definition: The Hamming distance d,1 between two n-tuples is the number of places in whichthey differ.

Thus, if wu = (1001110) and 1t'2 = (1011010), dl(wl, w2 ) = 2 as can be verified by inspection.

Channel noise often increases the probability that the received word will be closer to a code wordother than that which was transmitted. Sufficient code redundancy, however, can usually providesufficient distance between all pairs of codewords that the codeword which was transmitted canbe identified correctly in a large fraction of cases, even when noise has moved it closer to anothercodeword.

Let k be the number of bits of information represented by one codeword, and let u be thecodeword length. An information block is represented as follows:

I = (i, ..... ik), ij E GF(2), j = 1,.. .,k, k < n. (1)

Let G be a k x n generator matrix, the rows of which span the LBC. Then every block I of kinformation bits generates a distinct codeword V:

V = IG. (2)

A convenient model of the channel represents noise as a set of n Bernoulli trials [10] in whichthe "probability of success" is taken as the probability p of an error in any binary symbol. Thismeans that the n-tuple VR received at the noisy channel output can be modeled as the modulo 2vector sum of the transmitted codeword V and an error vector E = (el, .... e,) where r. = 1 if anerror occurred in the jth position and 0 otherwise.

VR = V + E (p)

The decoding problem is: given Vf,, find V.

2.2 Polynomials and Cyclic Codes

Using powers of an indeterminate x as placeholders permits writing a polynomial model of theimC. This is more than formalism, however, as it permits code construction and decoding based

upon well-known principles of algebra.

Information can be carried in the (binary) coefficients of a polynomial i(x):

i(') = io + i 3 + ... + ik._Z - , ij E (,(2), j = 0,1,...-.k - I. (.)

Codeword polynomials are generated by multiplying i(x) by a gernrator polynoviolg(') of degreeui - k:

q(x") -" , + , + ' •..+q, .kx -k, ,qk E -1(2), j = 0, 1 .... n - k,.

(coellicients or the resulti ig polynomial v( x) represent the hinary symbols in the codeword,

,,(•) :: i(x-)q•(7)

I%) +' "I x. 1.- , j C ( 1F(2), j . , I, . , - 1 6

Here, the code redundancy is introduced in the process of multiplication by g(x) which results inthe representation of k binary information symbols by n > k binary code symbols. Previous notionsof distance and error correction, therefore, hold here as well.

A code is said to be cyclic if every cyclic shift " very codeword is also a codeword..-Xlgebraically.a code is cyclic whenever g(z)[xn - 1, and I- codeword length n is the smallest integer for which.q(X)lz"- 1[5].

2.3 BCH Coder

The BCII codes provide a convenient paradigm for several families of powerful l.('s includingReed-Solomon (1-6,8,91 and Goppa [1] codes. A binary, primitive BCH code is a cyclic code oflength n = 2' - 1. Its generator polynomial numbers among its roots 2t consecutive powers:1 ofa primitive element a of the locator field GF(2m). With correct decoding. this code can correct upto t channel errors in every codeword..4

Example: Let rn, = 4 and t = 2. Then n = 15 and the roots of g(x) include n. a2. 03, and o4.Because al' = 1, these must also be roots of g(x): {as, a0, 012, 09} . Ilence, the degree of g( x)is n - k = 8 so that the dimension k of the code is 7. (i.e., the code has 27 = 128 code words.)The code is capable of correcting at least t = 2 errors in every codeword. and the code rate, k/7)is 0.47 information bits per binary symbol transmitted.

3 BCH Decoding

Of course correcting t errors in a codeword of length n implies a decoding procedure that achievesthis error correcting potential. A trivial but completely correct decoding technique is to constructa table of every binary n-tuple and the codeword into which it is to be decoded. For a channelimposing independent errors on the symbols of a codeword, the rule for constructing this table isto decode an n-tuple into the nearest codewords.

However, table lookup decoding is feasible only for rather small codes. The power of moderncomputers is quickly exhausted for codeword lengths of several thousand bits and hundreds oferrors per word. Therefore, we continue to search for algorithmic, algebraic decoders which aremuch faster and demand much less storag-. Many algebraic decoders will correct every error pat ternof t or fewer errors but no more, even though the code may correct some patterns of more than terrors. Nevertheless, the number of such error patterns is usually sufficiently small that it does notaffect the overall decoding error probability significantly.

'The nonzero powers a0,01 .. a 2--1 of a primitive element of GF(2") are the distinct nonzero elements of thatfield.

41n order that the codewords be binary, it is necessary, for every root 3' of g(z). that all conjugates 3",be roots of g(r) as well [61 .

5 Becawuke this is a minimum distance decoding technique, no other decoder can correct more errors on a memoryless

channel.

3.1 Peterson's Decoder

Let r(x) represent the received vector when t-error correcting BCII codeword v(x) is transmitted

over a channel corrupted by additive noise:

r(x) = v()+ e(z). (7)

c(z) is the error polynomial: ej = 1 if an error occurred in the jth position and 0 otherwise.The paradigm for many useful decoders of this code is Peterson's decoder [2], which implements afour-step decoding procedure:

* calculate syndromes, functions of the coeffcients of r(x);

* calculate coefficients of the error locator polynomial;

* solve the error locator polynomial for the locations, in the received word, of the errors; and

• (for nonbinary codes) calculate the error values.

3.1.1 The Syndromes

Consider the channel output, r(z) as given by (7). The 2t syndrome values are obtained by

substituting the 21 consecutive roots of the generator polynomial into the received polynomial:

S, = r(oa) = g(oj) + e(aj) = e(ct-), j = 1,...,2t. (8)

Writing only those coefficients e3 which are not zero leads to the following form of the 2t syndromeequations:

eilat' + ei, 02 +' + ei,oil"- S1Cie2i ' + eC2 o

2i2 + + " i, O2i' = S2

Cio i + ei2o 262 +-- ' •+ ei, o 29i' = St. (9)

Note the following:

(a) rhe indices {it, i2,...) in (9) are the coordinates of the nonzero elements (and hence, of theerrors) in the error vector. It is convenient, therefore, to write Xj -- 0i). The values of the oW arecalled the error locators of the received word.

(b) In any field GF(2m) of characteristic two, (a + b)2 = a2 + bV [11]. Therefore, In (9), everysyndrome computed from even powers of a Is an even power of some syndrome computed from("Id powers of 0; e.g., S2 = S?. These are redundant and do not contribute to solving for the errorlocators.

(c) In (9), e,, = 1, j = 1,...,2t and need not be explicitly written. The syndromes{Sj, j = 1,....,21} are known (computed) elements of GF(2m) and can be expressed as powersof a; i.e., S, = a]-.

Considering (a), (b), and (c) with (9) gives a system of t polynomial equations, the solutionsto which are the error locators of the received word:

S1 = j X X2 '- t

S3 = 0 = X 13 + X 2

3 + ... + Xt 3

S 2 t- 1 = 2-I - X 12t- 1 + X 2 2t- 1 + ... + Xt2 t

-1. (10)

3.1.2 The Error Locator Polynomial

Derivation of (10) 6 assumed that no more than t errors occured in a block of length n. An errorlocator polynomial is derived from these functions.

Definition: The error locator polynomial a(x) is the (univariate) polynomial, all the roots ofwhich indicate the locations of errors in a received word:

t

a(x) = l(x - xi)i=~1

= Xt + ±aIzt-1 + 0"a2 xt- 2 + ". t. (11)

It is easy to see that the coefficients are functions of the elementary symmetric functions of theroots ( te error locators):

S= Xi (12)

a 2 =

i<I

a 3 = 1 XXjXk (13)i<j<k

(14)

at = XIX 2 ... Xt.

Since a(x) is satisfied by the error locators, (11) becomes

Xt + (lX- 0. (15)

Peterson's method uses the syndrome relations to construct a set of linear equations in the {ai}.This set can be solved for these coefficients. Multiplying (15) by Xj for any j gives

Xt++ax+' + 2 X:+j- 2 +...+atX! = 0. (16)6 The reader should recognize these as a set of power-sum symmetric functions [11].

Summing over i and substituting S, X) gives

St+) + olSt+j- 1 + C 2St+, - 2 + "+ OtS. = 0. (17)

These Newton's Identities [11] generate linear systems of equations for the {a1 }, one systern foreach value of t. For t = 1,

S2 +a 1 S1 =0,

and for t = 2,S3 + S2a1 + S1a2+ = 0.

These are recursively solved for the coefficients, yielding (15) explicitly.

3.1.3 Solving the Error Locator Polynomial

Decoding is complete when the roots of a(z) are found and the necessary corrections made tt r(X).The Chien search [81 is a method for doing this without explicitly solving a(r). This method uses adigital circuit which evaluates a(x) at each member &J of GF(2m) and sets a correction bit to unityif o'(x) is satisfied. The received polynomial r(x) is clocked through the circuit and the correctionbit is added modulo 2 at the appropriate location. Therefore, whenever a root of a(x) is found.the appropriate received symbol is complemented.

The Chien search will be required in implementing the direct solution methods discussed below.

3.2 Related Methods of Finding the Error Locator Polynomial

For more than approximately six errors per codeword, Peterson's method requires a number of finitefield multiplications which grows with the square of t. Berlekamp [61 produced an iterative methodfor finding the coefficients that grows only linearly with t; Massey [7] improved Berlekamp's method(producing the BMA), showing that it is equivalent to synthesizing the shortest linear feedback shiftregister that can generate the sequence of syndrome values. The methods are similar and can bestudied in the references.

4 Direct Solution Techniques

The objective is to find a solution set to (10):

aj" = X1+X2+-+Xt

a 33 = X3 + X 23 + ... + Xt3

•I2,-1 = x,2t-1 + X.22 t-l + + Xt 2 t-1 (18)

6

where a is a primitive element in GF(2m). Assume that the number of errors in a received worddoes not exceed t'. Then (18) is a system F of t independent equations with at most t solutions.Hence, F is a system of t polynomials in t unknowns and has one unique solution, 3 = ...... ,

4.1 Rings and Ideals

Direct solution techniques of (18) attempt to exploit the rich algebraic structure of the ring RK[X] = K[XI,X 2 ,...,Xt] of polynomials in t variables over K = GF(2m ) [11]. A subset 1 of aring is called an ideal if it is a subgroup of the additive group of the ring and if, for every i E I andevery r E R, both ir and ri belong to ". Hilbert's Basis Theorem [12] requires that every ideal inK[X] have a finite basis.

Consider F to be a subset of the ring K[X]. The set I(F) spanned by members of F (wherecoefficients are taken from K[X]) is an ideal in K[X]:

I(F) =--- (F) C K[X]. (19)

The common zeros of the polynomials of F are said to form an algebraic manifold, [12] whichis "defined by" those polynomials. Thus, all points of the manifold satisfy every polynomial inI(F). Direct solution techniques involve searching 21(F) for another set G of polynomials whichspan I(F) and which are simpler to solve than those in F. Hence, new methods for finding basesof ideals in K[X] bear on the decoding problem.

4.2 A Basis for 2"(F)

The objective now is to find for "(F) a basis G which is "easily" solved for the underlying roots.

The basis G is obtained from the defining polynomial set F by applying transformations whichdo not eliminate any roots of the system. An example illustrates the transformations:

Example: Suppose set F is:

fl: X 1 +X 2 +a = 0

f2: +X3+ao = 0, (20)

and suppose that it is known that this system has the solution (131, 32) E GF(2m) 2 . Then

y(X) = a1(X)fj(X) + o2(X)f 2(X) (21)

is satisfied by (131,132) as well 9 .

'If the number of errors exceeds t, such a decoder is likely to exhibit decoding failure. That is, it may return anincorrect result.

'Actually, the rigorously correct statement is that all zeros of the system are "equivalent" and "mapped on one

another by an isomorphism wlhich leaves fixed the elements of the ground field..." [12]9 Of course, if al (X) and a2 (X) have a common factor, y(X) may have an additional root that does not satisfy f,

or f2, but this case is of no interest.

7

If a2(X)= I andaj(X) = X2 + Xd(X2 + oa) + (X 2 + C1)2, (22)

theny(X) = X 2ao + X 2o21 + 02i + , (23)

and this system has been reduced from two equations (a cubic and a linear) to a single, univariatesecond degree equation having the same solution (/31,02) as the original system. We say that thecubic has been reduced modulo F to y(X).

The algorithm for deriving the desired ideal basis G is based upon such reduction operationsand produces a reduced Gr6bner basis [13] of the ideal spanned by F. A reduced Grobner G basis isa basis of the ideal, each member of which has coefficient of highest order term = 1 and no elementof which can be reduced modulo G. It is known [13] that a reduced Grbbner basis for I(F) can bewritten in triangularized form:

gi = g1(X 1 )

92 = g2(X 1 ,X 2 )

(24)

9t = gt(X1,X2, ... Xt).

This form suggests a recursive root finding technique. However, the following lemma forms thebases for our direct method of finding the BCH error locator polynomial [14].

Lemma 1 gi(xi) is, within a multiplicative constant, the error locator polynomial a(x) of the BCHcode.

Proof: Every element of I has among its roots the set {13i} of roots which defines the originalspanning set F. Reducing F to G neither adds nor subtracts roots to/from any polynomial.Therefore, a(x) and gi(x) are products of the same factors {(zi - 'i3)} and, hence, differ by nomore than a nmultiplicative constant. q.e.d.

4.3 Gr6bner Bases as a Basis for Decoding

Descriptions of the general form of Buchberger's algorithm for finding the Grbbner basis of an ideal"(F) run for many pages [13]. We include a succinct tutorial exposition of the algorithm in the

Appendix. The example below illustrates the use of the algorithm:

Example: This is a general form of the problem. Taking K to be GF(24) and t = 3 results ina 3-error correcting code with block length n = 24 - 1, dimension k = 5, and 32 code words. Ingeneral, the decoder produces these non-redundant syndromes:

X1 +X 2 +X 3 ±ai = 0

X 2= 0 (25)

5 + X5+ = 0.

8

Define three intermediate polynomials,

2

p 1(X) = 1: XY(X2 + XI + ý')2-

j=O

4

pA(X) = 1 X3(X 2 + XI + a') 4-j

j=O

p3 (X) = g+ + X 2 X 1 + X 2a + X? I+ Xja' + a2 i, (26)

and from these produce three "coefficient" polynomials:

ai(X) = pIP 3 (XI + aI) + p2 (XI + ai) + pl(aj + a3 i)a 2 (X) = p3(XI + i) + al + a3i

a 3 (X) = Xl+a. (27)

Substitute the pi into the aj to get

a,(X) = XX4 + a'X4 + XX 2X3 + a'X 2 X3 + X2X3 + a2iX3 + X 2X 2X23i 3 2,o 3X X3 1J2 a3iX 3 12 3 i23

+a 2iXX + aX + 2 XX+ X + a3 x + X+X 2 2iX~ x3

+X3X 2 X 3 + aIX 2 X 3 + a'X X 3 + aJX1 X 3 + a+'X 3 + a 4 X 3 + 1X2

_12 .2 + a 2 a X1X + aX2 + a3 X+ X2 X 2 + a'X 2

+aX +I a la, + a I + a + a 2 + a5 '

"a2 (X) X 1 X -+ a'X2 + X 2 X 2 + a 2 iXX2 + X3 + a s.

This yields a univariate polynomial which we recognize as the error locator polynomial:

3

0'(X 3) = a.(X)f.(X)V=1X33(aj + 3•3) + X 2 (C,+j + C4i) + x(ak + a2 ,j) (28)

-•Oi+k JrO2i .- t3i+j -- t6i"

+a +a 2 +a 3+a k'

Finding a(X) solves the decoding problem.

5 Conclusion

Mathematically, we have shown a decoder that computes a set of syndrome values which are func-tions of the roots of the code's generator polynomial and of the error locations. These syndromesare the constant terms of a system of nonlinear polynomials. We have presented a method for ex-tracting from that system the error locator polynomial, one which is satisfied by the error locationsexpressed as elements of GF(2m). The coefficients of the error locator polynomial are functions ofthe syndrome values only. Thus, the decoder need do only two things: compute syndromes andcoefficients.

This class of decoder is interesting because of the promise of noniterative decoding of BCH andBCH-like codes.10 Of course, an efficient version of Buchberger's algorithm, tailored to systems

'00f special, near-term importance to system designers is the possibility of improved decoders for Reed-Solomoncodes, powerful codes already used in many high performance systems.

9

of equations such as (10), is required but not yet in hand. Once this hurdle is overcome, weenvision several possibilities. One is to incorporate a version of Buchberger's algorithm into adecoder. Another is to solve Buchberger's algorithm for a large family of codes, expressing the errorlocator polynomials in terms of the syndrome values alone. These could easily be programmed intohardware to produce a fast decoder.

10

6 References

[1] McEliece, R.J., "The Theory of Information and Coding," in Encyclopedia of Mathematics andits Appliations, Volume 3, Cambridge University Press, Cambridge, 1977.

[2] Peterson, W.W. and E.J. Weldon, Jr, Error-Correcting Codes, MIT Press, Cambridge, 1972.

[3] Lin, S. & D.J. Costello Jr., Error Control Coding, Prentice-Hall, Englewood Cliffs, 1983.

[4] Blahut, R.E., Theory and Practice of Error Control Codes, Addison-Wesley, Reading, 1983.

[5] MacWilliams, F.J. & N.J.A. Sloane, The Theory of Error Correcting Codes, North-Holland,Amsterdam, 1977.

[6] Berlekamp, E.R., Algebraic Coding Theory, McGraw-Hill, New York, 1968.

[7] Massey, J.L., "Shift-register Synthesis and BCH Decoding," IEEE Trans. Inf. Theory,IT-18(1969), 122-127.

[8] Michelson, A.M. & A.H. Levesque, Error-Control Techniques for Digital Communication, Wiley,New York, 1985.

[9] Pless, V., Introduction to the Theory of Error-Correcting Codes, Wiley-Interscience, New York,1982.

[10] Feller, W., An Introduction to Probability Theory and Its Applications, Wiley, New York, 1968.

[11] van der Waerden, B.L., Modern Algebra - Volume I, Frederick Ungar, New York, 1953.

[12] van der Waerden, B.L., Modern Algebra - Volume II, Frederick Ungar, New York, 1950.

[13] Buchberger, B., "An Algorithmic Method in Polynomial Ideal Theory," in MultidimensionalSystems Theory, N.K. Bose, ed., Mathematics and Its Applications, D. Reidel, Boston, 1985.

[14] Cooper, A.B., III, "Finding BCH error locator polynomials in one step," Electronics Letters 27(24 October 1991), 2090-2091.

[15] Poli, A. & L. Huguet, Error Correcting Codes: Theory and Applications, Masson and PrenticeHall, Paris, 1992.

[16] Buchberger, B., Ein Algorithmus zum Auffinden der Basiselemente des Restklassenringes nacheinem nulldimensionalen Polynomideal, PhD Dissertation, University of Innsbruck, Math Insti-tute, Austria, 1965.

11

INTENTIONALLY LEFT BLANK.

12

Appendix

Buchberger's Gr6bner Basis Algorithm

What follows is a tutorial exposition of Buchberger's algorithm for finding a Gr6bner basis of anideal in the ring of multivariate polynomials [13,151. Such an ideal is of interest here when it isdefined by an algebraic manifold of roots of every member.

A Preliminaries

A.1 Notation

(i) = (i0 ,i 2, .... im) (29)

- -1 . .2 -i,

A.2 Ordering

In what follows, we shdll req-Jic thai an ordering be defined on the multivariate monomials. The

order of a multivariate polynomial is the analog of the degree of a univariate polynomial.

Let 1P be a transitive ordering on the monomials.

a P.b nb Z c a 7Z c. (30)

(Read 7Z as "precedes" or as "is less than.") We require the following of 1?:

"* 1 ?z X(0, V (i)

"* X) ) --t. X(i X+(k)

Any admissible ordering can be used.11 Two examples follow.

1. The lexicographicordering defines an order on the individual symbols. so that, e.g., X1 R X 2 Pý -- -.

(Some authors write X, _< X 2 < --- ). In this case, XjX)' 1Z XIX6.

2. For the product ordering P, monomials are ordered according to the exponents of everysymbol, X,. Therefore, XP X'- 2 Z X - •VXJ 2 iff il _< ji and i 2 _< j2.

We shall need the concept of supremum (sup) or least upper bound. With an ordering defined onthe monomials, sup is defined exactly as in mathematical analysis. It is the maximum over a set

"An ordering is said to be admissible if 1 K X and X 'R Y imply XU 1 Il.

13

with respect to the ordering defined on that set. If there is no maximum (c.g., if two or more

elements in the set are tied for largest according to the ordering), the smallest monomial largerthan either is the sup over the set. For each of the example orderings, we give the supremum. Forthe lexicographic ordering,

sup(X2X3 X1,X) = (31)

for the product ordering,sup(X\'X3, NX'X 6 ) = X12 X6. (32)

A.3 Derivation of Spol(f,,fj)

Definition: Hterm(f) != the maximal monomial or head term of f(X) with respect to ,. Iff = f(t)X(W) + f then Hterm(f) = X().

For two polynomials f, h E FEXI define

SUP(f, h) = sup( 'i icrm(f), lHterm(h)). (33)

Then express each polynomial explicitly as the sum of its head term (multiplied by the appropriatescalar coefficient) and the rest of the polynomial.

f = f(j)Hterrn(f) + f (3-1)

h = h( 2)Hterm(h) + h

and define

Spol(f, h) = hIZSUP(f, h) f _ SUP(f ,h)h (35)Hterm(f) Ht)rm(h)

It is easy to see that Spol(f, h) has order less than that of either f or h.

A.4 Reduction Modulo F

Let F = {f,, E K[X 1, . . . ,X. m , j = 1. .. ,r}. For each fj, write

fj = pjntterm(fj) + fj. (36)

Select some h E K[XI such that at least one Hterm(F,) appears in h; i.e.,

h = ... + f(j)Hterm(fi) +... (37)

Now form

f=iw-X()-)fj = f(i)'IjX(0)-()(PIj)X(W) + fj) (38)

= fw)X(i) + other terms.

Finally, writeh' = h - f(j) p X'0) 'U fj. (39)

14

Now, h' no longer contains a monomial in X(W, and we say that h is reduced to h' modulo F,13]orthat h' is an F - derivative of h[15].

Repeated application of reduction or derivation to h eventually, and in a finite number of steps[16], produces a polynomial which cannot be reduced further modulo F.

B The Grobner Basis Algorithm

Let F = {f,,f 2 ,. .. ,f,} be any basis of an ideal I in the ring of multivariate polynomials overGF(q). The following algorithm produces a Gr6bner basis.

1. From F, select a pair (fi, fj) of polynomials not previously chosen.

2. Compute S,)ol(fi, fj). By the process defined above, reduce Spol to a polynomial fj whichis F-irreducible.

3. If fij = 0 go to 1. Otherwise, add fij to the basis, then go to 1.

4. The algorithm, when it terminates (which it has been shown to do [13.15]), will have produceda GB = (91 .... g,) for the ideal spanned by F. By construction SpoI(g,.g3 ) = 0 Vgi,gj E GB.It is well-known [13,15] that the existence of GB can always infer a reduced GB of the ideal.

15

INTENTIONALLY LEFT BLANK.

16

No. of No. ofCopies Organization Copes Organizagon

2 Administrator I CommanderDefense Technical Info Center U.S. Army Missile CommandATrN: DTIC-DDA ATTN: AMSMI-RD-CS-R (DOC)Cameron Station Redstone Arsenal, AL 35898-5010Alexandria, VA 22304-6145

1 CommanderCommander U.S. Army Tank-Automotive CommandU.S. Army Materiel Command ATTN: AMSTA-JSK (Armor Eng. Br.)ATTrN: AMCAM Warren, MI 48397-50005001 Eisenhower Ave.Alexandria, VA 22333-0001 1 Director

U.S. Army TRADOC Analysis CommandDirector A1TN: ATRC-WSRU.S. Army Research Laboratory White Sands Missile Range, NM 88002-5502ATTN: AMSRL-OP-CI-AD,

Tech Publishing (Qc-o ny) I Commandant2800 Powder Mill Rd. U.S. Army Infantry SchoolAdeiphi, MD 20783-1145 ATTN: ATSH-CD (Security Mgr.)

Fort Benning, GA 31905-5660DirectorU.S. Army Research Laboratory uncals only) I CommandantATTN: AMSRL-OP-CI-AD, U.S. Army Infantry School

Records Management ATTN: ATSH-WCB-O2800 Powder Mill Rd. Fort Bcnning, GA 31905-5000Adelphi, MD 20783-1145

1 WL/MNOI2 Commander Eglin AFB, FL 32542-5000

U.S. Army Armament Research,Development, and Engineering Center Aberdeen Provine Ground

ATTN: SMCAR-IMI-IPicatinny Arsenal, NJ 07806-5000 2 Dir, USAMSAA

ATTN: AMXSY-D2 Commander AMXSY-MP, H. Cohen

U.S. Army Armament Research,Development, and Engineering Center I Cdr, USATECOM

ATTN: SMCAR-TDC ATTN: AMSTE-TCPicatinny Arsenal, NJ 07806-5000

1 Dir, ERDECDirector ATTN: SCBRD-RTBenet Weapons LaboratoryU.S. Army Armament Research, I Cdr, CBDA

Development, and Engineering Center ATTN: AMSCB-CIIATI'N: SMCAR-CCB-TLWatervliet, NY 12189-4050 1 Dir, USARL

ATTN: AMSRL-SL-IDirectorU.S. Army Advanced Systems Research 5 Dir, USARL

and Analysis Office (ATCOM) ATTN: AMSRL-OP-CI-B (Tech Lib)ATTN: AMSAT-R-NR, M/S 219-1Ames Research CenterMoffett Field, CA 94035-1000

17

No. of No. ofCopie Organi/ation Copies Organimation

4 Commander 1 California Institute of TechnologyU.S. Army CECOM Department of Electrical EngineeringATTN: AMSEL-RD-C3-AC, Paul Sass ATTN: Prof. Rod Goodman

ST-LA-L, Charles Graff Pasadena, CA 91125ST-C, Dr. Felix SchweringST-MC-M, Dr. Haim Soicher I Georgia Institute of Technology

Fort Monmouth, NJ 07703 Coding and Information Theory LaboratorySchool of Electrical Engineering

2 Director ATTN: Prof. Stephen B. WickerU.S. Army Research Office Atlanta, GA 30332-0250A1T'N: AMXRO-EL, Dr. W. Sander

AMXRO-MA, Dr. G. Anderson 3 The Johns Hopkins UniversityP.O. Box 12211 Department of Electrical andResearch Triangle Park, NC 22709-2211 Computer Engineering

ATT'N: Prof. Brian HughesCommander Prof. Oliver CollinsU.S. Army Center for Signals Research Prof. Willis C. GoreATTN: AMSEL-SW, S. Rhodes Baltimore, MD 21218Vint Hill Farm StationWarrenton, VA 22186-5100 2 Cornell University

Department of MathematicsCommander ATTN: Prof. Mike SullmanU.S. Army Research, Development, Prof. Moss Sweedler

and Standardization Group Ithaca, NY 14853United KingdomUSARDSG (UK) Box 65 1 Cornell UniversityFPO New York 09510 School of Electrical Engineering

A'ITN: Prof. Chris HeegardCommander Ithaca, NY 14853U.S. Army Research, Development,

and Standardization Group 3 University of DelawareAustralia APO, SF 96404 Department of Computer and

Information Sciences

Commandant A1T'N: Prof. B. CavinessU.S. Military Academy Prof. D. SaundersWest Point, NY 10996 Prof. D. Wood

Newark, DE 19716CommandantU.S. Naval Academy I Prof. Charles T. ReuerAnnapolis, MD 21404 18 Ridgefield Drive

Framingham, MA 01701CommandantU.S. Air Force Academy I Texas A & M UniversityColorado Springs, CO 80840 Department of Mathematics

AT-N: Prof. Peter StillerDirector College Station, TX 77843-3368Naval Research LaboratoryAT`TN: Code 7521,

Dr. J. E. WiescithicrWashington, DC 20375-5000

18

No. of No. ofCopie Organization Copies Organization

Director Aberdeen Proving GroundArmy Research OfficeATTN: AMXRO-MCS, Mr. K. Clark 20 Dir, USARLP.O. Box 12211 ATN: AMSRL-CI, Mr. W. MermagenResearch Triangle Park, NC 27709-22111

AMSRL-CI-C, Dr. W. Sturek

DirectorArmy Research Office AMSRL-CI-CB, Mr. Richard KasteATTN: AMXRO-RT-IP, Library ServicesP.O. Box 12211 AMSRL-CI-CC,Research Triangle Park, NC 27709-2211 Mr. B. Reichard

Dr. P. Broome3 University of Virginia Dr. S. Chamberlain

Department of Electrical Engineering Mr. G. HartwigATTN: Prof. Stephen G. Wilson Ms. B. Broome

Prof. Demetrios Kazakos Mr. H. CatonProf. P. Papantoni-Kazakos Mr. A. Downs

Charlottesville, VA 22901 Ms. A. BrodeenMr. D. GwynMs. M. LopezMr. F. Brundick

AMSRL-CI-S, Ms. V. Kaste

AMSRL-CI-AC, Mr. P. Dykstra

AMSRL-SS-SC, Ms. S. Stratton

AMSRL-SS-IC, Dr. P. Emmerman

AMSRL-SL-BV, Mr. E. Davisson

AMSRL-WT-WB, Mr. R. McGee

19

No. ofCi Organization

University of Wales at BangorSchool of Electronic

Engineering ScienceATTN: Prof John O'ReillyDean Street, Bangor,Gwynedd LL57 IUTUK

The UniversityDepartment of Electrical

EngineeringATTN: Prof P. G. FarrellManchester ML3 9PLUK

IFI Institute of AdvancedMicroelectronics

ATTN: Prof Patrick FitzpatrickNMRC, CorkIreland

University of BristolCentre for Communication ResearchFaculty of EngineeringATfN: Prof Graham H. NortonUK

Universtity of WaterlooDepartment of Electrical EngineeringATTN: Prof Ian F. BlakeWaterloo, Ontario, N2L 3GICanada

Waseda UniversityDepartment of Industrial

EngineeringATTN: Prof Shigeichi Hirasawa3-4-1 Ohkubo, Shinjuku-kuTokyo 160Japan

Toyoashi University of TechnologyDepartment of Knowledge-Based

Information EngineeringATTN: Prof Shojiro SakataTempaku, Toyohashi 440Japan

20