GROEBNER-BASES APPROACH TO FAST CHASE DECODING OF GENERALIZED REED-SOLOMON CODES

Abstract

An application specific integrated circuit (ASIC) tangibly encodes a program of instructions executable by the integrated circuit to perform a method for fast Chase decoding of generalized Reed-Solomon (GRS) codes. The method includes using outputs of a syndrome-based hard-decision (HD) algorithm to find an initial Groebner basis G for a solution module of a key equation, upon failure of HD decoding of a GRS codeword received by the ASIC from a communication channel; traversing a tree of error patterns on a plurality of unreliable coordinates to adjoin a next weak coordinate, where vertices of the tree of error patterns correspond to error patterns, and edges connect a parent error pattern to a child error pattern having exactly one additional non-zero value, to find a Groebner basis for each adjoining error location; and outputting an estimated transmitted codeword when a correct error vector has been found.

Claims

1. An application specific integrated circuit (ASIC) tangibly encoding a program of instructions executable by the integrated circuit to perform a method for fast Chase decoding of generalized Reed-Solomon (GRS) codes, the method comprising the steps of; using outputs of a syndrome-based hard-decision (HD) algorithm to find an initial Groebner basis G={g.sub.0=(g.sub.00, g.sub.01), g.sub.1=(g.sub.10, g.sub.11)} for a solution module of a key equation, upon failure of HD decoding of a GRS codeword received by the ASIC from a communication channel; traversing a tree of error patterns in $E_{i_1}\mathrm{.Math.}{E}_{i_{n_0}}$ on a plurality of unreliable coordinates to adjoin a next weak coordinate wherein n.sub.0 is a number of the unreliable coordinates, i.sub.1, . . . , i.sub.n.sub.0 are the unreliable coordinates, vertices of the tree of error patterns correspond to error patterns, and edges connect a parent error pattern to a child error pattern having exactly one additional non-zero value, to find a Groebner basis G.sup.+ for each adjoining error location; and outputting an estimated transmitted codeword {circumflex over (x)}:=y+ when a correct error vector has been found.

2. The ASIC of claim 1, wherein the syndrome-based HD algorithm is selected from a group that includes the Berlekamp-Massey (BM) algorithm and Fitzpatrick's algorithm.

3. The ASIC of claim 1, wherein finding an initial Groebner basis G comprises: defining polynomials b.sub.1:=(S mod X.sup.d1, ), and b.sub.2:=(SX.sup.mB mod X.sup.d1, X.sup.mB), wherein S is the syndrome polynomial, is the estimated ELP output by the BM algorithm, m is the number of iterations since the last linear feedback shift register (LFSR) length change in the BM algorithm, and B is a polynomial output from the BM algorithm that is a copy of the last estimated ELP before the LFSR length L was updated; and outputting one of (1) c{b.sub.1b.sub.2} as the Groebner basis when leading monomials of b.sub.1 and b.sub.2 contain distinct unit vectors, for a. non-zero constant c; (2) {d(b.sub.1cX.sup.lb.sub.2), db.sub.2} as the Groebner basis when the leading monomials contain a same unit vector and the leading monomial of b.sub.1 is at least as large as that of b.sub.2, wherein cK* and lN are chosen such that the leading monomial of b.sub.2 is canceled and d is a non-zero constant, or (3) {db.sub.1, d(b.sub.2cX.sup.lb.sub.1)} as the Groebner basis when the leading monomials contain the same unit vector and the leading monomial of b.sub.2 is strictly larger than that of b.sub.1, wherein cK* and lN* are chosen such that the leading monomial of b.sub.2 is canceled and d is a non-zero constant.

4. The ASIC of claim 1, wherein traversing a tree of error patterns to find a Groebner basis G.sup.+ for each adjoining error location comprises: calculating a root discrepancy .sub.j.sup.rt:=g.sup.j1(.sub.r.sup.1) for j=0 and 1, wherein g.sub.0=(g.sub.00(X), g.sub.01(X)) and g.sub.1=(g.sub.10(X), g.sub.11(X)) constitute a current Groebner basis and .sub.ris a next error location and r is a number of error locations; setting, when a set $J:=\left\{j\left\{0,1\right\}|{}_j^{\mathrm{rt}}0\right\},g_j^{+}:=c\left(g_j-\frac{{}_j^{\mathrm{rt}}}{{}_{j*}^{\mathrm{rt}}}.Math.g_{j*}\right)$ when (jj*), wherein j*E is such that a leading monomial of g.sub.j* is a minimum leading monomial of (g.sub.j) for all jJ and c is a non-zero constant, or g.sup.+.sub.j:=c(X.sub.r.sup.1)g.sub.j* when j=j*, wherein X is a free variable; setting g.sub.j:=g.sup.+.sub.j for j=0 and 1; calculating a derivative discrepancy .sub.j.sup.der:=.sub.r.sub.rg.sub.j1(.sub.r.sup.1)+.sub.rg.sub.j0(.sub.r.sup.1) for j=0 and 1, wherein .sub.r is a value of location .sub.r, and g.sub.j1(X) is a formal derivative of g.sub.j1(X); setting, when a set $J:=\left\{j\left\{0,1\right\}|{}_j^{\mathrm{der}}0\right\},g_j^{+}:=c\left(g_j-\frac{{}_j^{\mathrm{der}}}{{}_{j*}^{\mathrm{der}}}.Math.g_{j*}\right)$ when (jj), wherein j*J is such that a leading monomial of M(g.sub.j*)=a minimum leading monomial of (g.sub.j) for all jJ and c is a non-zero constant, or g.sup.+.sub.j:=c(X.sub.r.sup.1)g.sub.j* when j=j*.

5. The ASIC of claim 4, further comprising, when set J:={j{0, 1}|.sub.j.sup.rt0}= or when set J:={j{0, 1}|.sub.j.sup.der0}=, setting g.sup.+.sub.j:=g.sub.j for j=0, 1, wherein g.sup.+.sub.0=(g.sup.+.sub.00, g.sup.+.sub.01) and g.sup.+.sub.1=(g.sup.+.sub.10, g.sup.+.sub.11) is a Groebner basis G.sup.+ for the next error locator.

6. The ASIC of claim 4, the method further comprising determining whether a root discrepancy is zero for j=1 and a derivative discrepancy is zero for j=1, and stopping setting of g.sup.+.sub.j, if it is determined that both the root discrepancy and the derivative discrepancy are zero for j=1.

7. The ASIC of claim 4, further comprising tracking a degree of Groebner basis function g.sub.00 with a variable d.sub.0 by increasing d.sub.0 by 1 whenever j*=0.

8. The ASIC of claim 4, further comprising; tracking two polynomials g.sub.01(X), g.sub.11(X); and calculating g.sub.j0(.sub.r.sup.1) by using the key equation for j=0,1.

9. The ASIC of claim 8, wherein calculating g.sub.j0(.sub.r.sup.1) comprises: calculating and storing, for k=2t1 to 2t2, {tilde over (B)}.sub.k+1=.sub.r.sup.1.Math.{tilde over (B)}.sub.k(g.sub.j1).sub.2t1k and result=result+S.sub.k+1{tilde over (B)}.sub.k+1, wherein :=deg(g.sub.j1), {tilde over (B)}.sub.k is initialized to 0, (g.sub.j1).sub.m is a coefficient of X.sup.m in g.sub.j1, result is initialized to 0, and S.sub.k+1 is a coefficient of the syndrome polynomial; updating result=result.Math.(.sub.r.sup.1).sup.2t; and outputting result, wherein the steps of calculating and storing, for k=2t1 to 2t2, {tilde over (B)}.sub.k+1 and result, updating result and outputting result are performed while adjoining the next weak coordinate .sub.r.

10. The ASIC of claim 9, further comprising calculating and storing (.sub.m.sup.1).sup.2t for all weak coordinates a.sub.m, wherein t=(d1)/2 is an error correction radius of a GRS code of designed distance d.

11. A non-transitory program storage device readable by a computer, tangibly embodying a program of instructions executed by the computer to perform the method steps for fast Chase decoding of generalized Reed-Solomon (GRS) codes, the method comprising the steps of: using outputs of a syndrome-based hard-decision (HD) algorithm to find an initial Groebner basis G={g.sub.0=(g.sub.00, g.sub.01), g.sub.1=(g.sub.10, g.sub.11)} for a solution module of a key equation, upon failure of HD decoding of a GRS codeword received by the ASIC from a communication channel; traversing a tree of error patterns in $E_{i_1}\mathrm{.Math.}{E}_{i_{n_0}}$ on a plurality of unreliable coordinates to adjoin a next weak coordinate wherein n.sub.0 is a number of the unreliable coordinates, i.sub.1, . . . , i.sub.n.sub.0 are the unreliable coordinates, vertices of the tree of error patterns correspond to error patterns, and edges connect a parent error pattern to a child error pattern having exactly one additional non-zero value, to find a Groebner basis G.sup.+ for each adjoining error location; and outputting an estimated transmitted codeword {circumflex over (x)}:=y+ when a correct error vector has been found.

12. The computer readable program storage device of claim 11, wherein the syndrome-based HD algorithm is selected from a group that includes the Berlekamp-Massey (BM) algorithm and Fitzpatrick's algorithm.

13. The computer readable program storage device of claim 11, wherein finding an initial Groebner basis G comprises: defining polynomials b.sub.1:=(S mod X.sup.d1, ), and b.sub.2:=(SX.sup.mB mod X.sup.d1, X.sup.mB), wherein S is the syndrome polynomial, is the estimated FIT output by the BM algorithm, m is the number of iterations since the last linear feedback shift register (LFSR) length change in the BM algorithm, and B is a polynomial output from the BM algorithm that is a copy of the last estimated ELP a before the LFSR length L was updated; and outputting one of (1) c{b.sub.1b.sub.2} as the Groebner basis when leading monomials of b.sub.1 and b.sub.2 contain distinct unit vectors, for a non-zero constant c; (2) {d(b.sub.1cX.sup.lb.sub.2), db.sub.2} as the Groebner basis when the leading monomials contain a same unit vector and the leading monomial of b.sub.1 is at least as large as that of b.sub.2, wherein cK* and lN are chosen such that the leading monomial of b.sub.2 is canceled and d is a non-zero constant, or (3) {db.sub.1, d(b.sub.2cX.sup.lb.sub.1)} as the Groebner basis when the leading monomials contain the same unit vector and the leading monomial of b.sub.2 is strictly larger than that of b.sub.1, wherein cK* and lN* are chosen such that the leading monomial of b.sub.2 is canceled and d is a non-zero constant.

14. The computer readable program storage device of claim 11, wherein traversing a tree of error patterns to find a Groebner basis G.sup.+ for each adjoining error location comprises: calculating a root discrepancy .sub.j.sup.rt:=g.sup.j1(.sub.r.sup.1) for j=0 and 1, wherein g.sub.0=(g.sub.00(X), g.sub.01(X)) and g.sub.1=(g.sub.10(X), g.sub.11(X)) constitute a current Groebner basis and .sub.ris a next error location and r is a number of error locations; setting, when a set $J:=\left\{j\left\{0,1\right\}|{}_j^{\mathrm{rt}}0\right\},g_j^{+}:=c\left(g_j-\frac{{}_j^{\mathrm{rt}}}{{}_{j*}^{\mathrm{rt}}}.Math.g_{j*}\right)$ when (jj*), wherein j*E is such that a leading monomial of g.sub.j* is a minimum leading monomial of (g.sub.j) for all jJ and c is a non-zero constant, or g.sup.+.sub.j:=c(X.sub.r.sup.1)g.sub.j* when j=j*, wherein X is a free variable; setting g.sub.j:=g.sup.+.sub.j for j=0 and 1; calculating a derivative discrepancy .sub.j.sup.der:=.sub.r.sub.rg.sub.j1(.sub.r.sup.1)+.sub.rg.sub.j0(.sub.r.sup.1) for j=0 and 1, wherein .sub.r is a value of location .sub.r, and g.sub.j1(X) is a formal derivative of g.sub.j1(X); setting, when a set $J:=\left\{j\left\{0,1\right\}|{}_j^{\mathrm{der}}0\right\},g_j^{+}:=c\left(g_j-\frac{{}_j^{\mathrm{der}}}{{}_{j*}^{\mathrm{der}}}.Math.g_{j*}\right)$ when (jj), wherein j*J is such that a leading monomial of M(g.sub.j*)=a minimum leading monomial of (g.sub.j) for all jJ and c is a non-zero constant, or g.sup.+.sub.j:=c(X.sub.r.sup.1)g.sub.j* when j=j*.

15. The computer readable program storage device of claim 14, further comprising, when set J:={j{0, 1}|.sub.j.sup.rt0}= or when set J:={j{0, 1}|.sub.j.sup.der0}=, setting g.sup.+.sub.j:=g.sub.j for j=0, 1, wherein g.sup.+.sub.0=(g.sup.+.sub.00, g.sup.+.sub.01) and g.sup.+.sub.1=(g.sup.+.sub.10, g.sup.+.sub.11) is a Groebner basis G.sup.+ for the next error locator.

16. The computer readable program storage device of claim 14, the method further comprising determining whether a root discrepancy is zero for j=1 and a derivative discrepancy is zero for j=1, and stopping setting of g.sup.+.sub.j, if it is determined that both the root discrepancy and the derivative discrepancy are zero for j=1.

17. The computer readable program storage device of claim 14, further comprising tracking a degree of Groebner basis function g.sub.00 with a variable d.sub.0 by increasing d.sub.0 by 1 whenever j*=0.

18. The computer readable program storage device of claim 14, further comprising: tracking two polynomials g.sub.01(X)q.sub.11(X); and calculating g.sub.j0(.sub.r.sup.1) by using the key equation for j=0,1.

19. The computer readable program storage device of claim 18, wherein calculating g.sub.j0(.sub.r.sup.1) comprises: calculating and storing, for k=2t1 to 2t2, {tilde over (B)}.sub.k+1=.sub.r.sup.1.Math.{tilde over (B)}.sub.k(g.sub.j1).sub.2t1k and result=result+S.sub.k+1{tilde over (B)}.sub.k+1, wherein :=deg(g.sub.j1), {tilde over (B)}.sub.k is initialized to 0, (g.sub.j1).sub.m is a coefficient of X.sup.m in g.sub.j1, result is initialized to 0, and S.sub.k+1 is a coefficient of the syndrome polynomial; updating result=result.Math.(.sub.r.sup.1).sup.2t; and outputting result, wherein the steps of calculating and storing, for k=2t1 to 2t2, {tilde over (B)}.sub.k+1 and result, updating result and outputting result are performed while adjoining the next weak coordinate .sub.r.

20. The computer readable program storage device of claim 19, further comprising calculating and storing (.sub.m.sup.1).sup.2t for all weak coordinates a.sub.m, wherein t=[((d1)/2] is an error correction radius of a GRS code of designed distance d.

Description

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

[0034] Exemplary embodiments of the invention as described herein generally provide systems and methods for performing fast Chase decoding of generalized Reed-Solomon codes. While embodiments are susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that there is no intent to limit the invention to the particular forms disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

I. Overview

[0035] Embodiments of the disclosure use a combination of a syndrome-based hard decision algorithm, such as the Berlekamp-Massey algorithm, and Koetter's algorithm for fast Chase decoding of generalized Reed-Solomon codes, and therefore also for fast Chase decoding of their subfield subcodes. Ira case of bard-decision decoding failure, an algorithm according to an embodiment begins by finding a Groebner basis for the solution module of the key equation. This Groebner basis can be obtained from the existing outputs of the Berlekamp-Massey algorithm, or alternatively, the Euclidean algorithm or Fitzpatrick's algorithm (see P. Fitzpatrick, On the key equation, IEEE Trans. Inform. Theory, vol. 41, no. 5, pp. 1290-1302, September 1995, the contents of which are herein incorporated by reference in their entirety, hereinafter Fitzpatrick) may be used. Then, the above Groebner basis is used as an initial value in Koetter's algorithm, as described, e,g., in R. J. McEliece, The GuruswamiSudan decoding algorithm for Reed-Solomon codes, IPN Progress Report, vol. 42-153, May 2003, the contents of which are herein incorporated by reference in their entirety. This leads to a tree-based Chase scheduling. Modifying an unmodified coordinate in the received vector amounts to 2 updates in Koetter's algorithm, and does not require updating syndromes. An algorithm according to an embodiment uses the same number of finite-field multiplications per iteration as Wu's algorithm, but it is conceptually simpler.

2. Preliminaries

[0036] Let q be a prime power, and let F.sub.q be the finite field q elements. Consider a primitive generalized Reed-Solomon (URS) code, C, of length n:=q1 and designed distance dN*, d2, where N* is the set of positive integers. Since the most general GRS code can be obtained by shortening a primitive GRS code, there is no loss of generality in considering only primitive GRS codes. In detail, let =(.sub.0, . . . , .sub.n1)(F*.sub.q).sup.n be a vector of non-zero elements. For a vector f=(f.sub.0, f.sub.1, . . . , f.sub.n1)F.sub.q.sup.n, let f(X):=f.sub.0+f.sub.1X+ . . . +f.sub.n1X.sup.n1F.sub.q[X]. Now CF.sub.q.sup.n is defined as the set of all vectors fF.sub.q.sup.n for which (X)f(X) has roots 1, , . . . , .sup.d2 for some fixed primitive .sub.q, where (--) stands for coefficient-wise multiplication of polynomials: for f(X)=.sub.i=0.sup.rf.sub.iX.sup.i and g(X)=.sub.i=0.sup.sg.sub.iX.sup.i, let m:=min[r, s}, and define f(X)g(X):=.sub.i=0.sup.mf.sub.ig.sub.iX.sup.i.

[0037] To recall the key equation, suppose that a codeword xC is transmitted, and the received word is y:=x+e for some error vector eF.sub.q.sup.n. For j{0, . . . , d2}, let S.sub.j=S.sub.j.sup.(y):=(y)(.sub.j). The syndrome polynomial associated with y is S.sup.(y)(X):=S.sub.0+S.sub.1X+ . . . +S.sub.d2X.sup.d2. By the definition of the GRS code, the same syndrome polynomial is associated with e.

[0038] If vF.sub.q.sup.n is such that v(X)=X.sup.i for some i{0, . . . , n1}, then S.sub.j.sup.(v)=(v)(.sup.j)=.sub.i(.sup.i).sup.j, so that

[00005]$S^{\left(v\right)}\left(X\right)={\tilde{a}}_i\left(1+{}^i.Math.X+\mathrm{.Math.}+{\left({}^i\right)}^{d-2}.Math.X^{d-2}\right)\frac{{\tilde{a}}_i}{1-{}^i.Math.X}.Math.\mathrm{mod}\left(X^{d-1}\right),$

So, if the error locators are some distinct elements .sub.1, . . . , .sub.*.sub.q, where {1, . . . , n} is the number of errors, and the corresponding error values are .sub.1, . . . , .sub.*.sub.q, then

[00006]$\begin{array}{cc}{S}^{\left(y\right)}\left(X\right)\underset{i=1}{\overset{\mathrm{.Math.}}{.Math.}}.Math..Math.\frac{{}_i.Math.a_i}{1-{}_i.Math.X}.Math.\mathrm{mod}\left(X^{d-1}\right),& \left(1\right)\end{array}$

where .sub.i:=.sub.i, for thei{0, . . . , n1} with .sub.i=.sup.i.

[0039] Defining the error locator polynomial, (X)F.sub.q[X], by

(X):=.sub.i=1.sup.(1.sub.iX),

and the error evaluator polynomial, (X)F.sub.q[X , by

(X):=.sub.i=1.sup..sub.i.sub.i.sub.ji(1.sub.jX),

it follows from EQ. (1) that

S.sup.(y)mod(X.sup.d1). (2)

EQ. (2) is the so-called key equation.

[0040] Let

M.sub.0=M.sub.0(S.sup.(y):={(u,v)F.sub.q[X].sup.2|uS.sup.(y)v mod(X.sup.d1)}.

be the solution module of the key equation. Next, recall that if the number of errors in y is up to t:=(d1)/2, then (, ) is a minimal element in M.sub.0 for an appropriate monomial ordering on F.sub.q[X].sup.2, in fact, it is the unique minimal element (u, v)M.sub.0 with v(0)=1see ahead for details. The monomial ordering of the following definition is the special case of the ordering <.sub.r corresponding to r=1 of Fitzpatrick. If a pair (f(X), g(X)) is regarded as the bivariate polynomial f(X)+Yg(X), then this ordering is also the (1, 1)-weighted-lex ordering with Y>X [0041] Definition 2.1: Define the following monomial ordering, <, on F.sub.q[X].sup.2:

(X.sup.i0)<(X.sup.i, 0) iff i<j; (0, X.sup.i)<(0, X.sup.j) iff i<j; (X.sup.i, 0)<(0, X.sup.i) iff ij1.

[0042] The following proposition is a special case of Thm. 3.2 of Fitzpatrick. Its proof is included herein for completeness. Unless noted otherwise, LM(u, v) will stand for the leading monomial of (u, v) with respect to the above monomial ordering, <, and a Groebner basis will stand for a Groebner basis with respect to <. Note that in the following proposition, d.sub.H(y, x) represents the Hamming distance between vectors y and x. [0043] Proposition 2.2: Using the above notation, suppose that d.sub.H(y, x)t. Let (u, v)M.sub.0(S.sup.(y))\{(0, 0) satisfy LM(u, v)LM(, ). Then there exists some scalar cF*.sub.q such that (u, v)=c.Math.(,)=(c.Math.(X), c.Math.(X)). Hence, (, ) is the unique minimal element (u, v) in M.sub.0 with v(1)=1. [0044] Proof. First, note that if there exist (, {tilde over (v)}), (u, v)M.sub.0(S.sup.(y)) and d.sub.1, d.sub.2N with d.sub.1+d.sub.2<d1, gcd(, {tilde over (v)})=1, deg(u), deg()d.sub.1, and deg(v), deg({tilde over (v)})d.sub.2, then there exists a polynomial fF.sub.q[X] such that (u, v)=f.Math.(, {tilde over (v)}). To see this, note that from uS.sup.(y)v mod (X.sup.d1) and S.sup.(y){tilde over (v)}mod(X.sup.d1), it follows that u{tilde over (v)}=v mod(X.sup.d1). In view of the above degree constraints, the last congruence implies u{tilde over (v)}=x. Since gcd(, {tilde over (v)})=1, it follows that |u, {tilde over (v)}|v, and u/=v/{tilde over (v)}. This establishes the claim,

[0045] Now let (u, v)M.sub.0(S.sup.(y)), and note that gcd(, ) 1. If deg(v)>tdeg(), then clearly LM(u, v)>LM(, )=(0, X.sup.deg()). Similarly, if deg(u)>t1deg()1, then LM(u, v)>LM(, ). Hence, it may be assumed without loss of generality that deg(v)t and deg(u)t1. The above claim then shows that (u, v)=f.Math.(, ) for some, FF.sub.q[X]. If LM(u, v)LM(, ), this must imply that f is a constant, as required. This also shows that LM(u, v)=LM(, ).

[0046] It will also be useful to recall that the uniqueness in the previous proposition is an instance of a more general result: [0047] Proposition 2.3: For a field K and for lN*, let < be any monomial ordering on K[X].sup.l, and let MK[X].sup.l be any K[X]-submodule. Suppose that both f:=(f.sub.1(X), . . . , f.sub.l(X))M\{0} and g:=(g.sub.1(X), . . . , g.sub.l(X))M\{0} have the minimal leading monomial in M\{0}. Then there exists a cK* such that f=c.Math.g. [0048] Proof Suppose not. Since LM(f)=LM(g), there exists a constant cK* such that the leading monomial cancels in h:=fcg. By assumption, h0, and LM(h)<LM(f), which is a contradiction.

3 Main Result

[0049] An observation according to an embodiment is that the LFSR minimization task Arad, disclosed on page 112 of Wu2012, incorporated above, does not define a module, and can be replaced by a module minimization task. The possibility of using Koetter's algorithm as an alternative to Wu's method follows almost immediately from the following theorem. [0050] Theorem 3.1: For rN, rn, for distinct .sub.1, . . . , .sub.rF*.sub.q, and for .sub.1, . . , .sub.rF*.sub.q, let

M.sub.r=M.sub.r(S.sup.(y), .sub.1, . . . , .sub.r, .sub.1, . . . , .sub.r)

be the set of all pairs (u, v)F.sub.q[X].sup.2 satisfying the following conditions: [0051] 1. uS.sup.(y)vmod(X.sup.j1) [0052] 2. j{1, . . . , r}, v(.sub.j.sup.1)=0 and .sub.j.sub.jv(.sub.j.sup.1)=.sub.ju(.sub.j.sup.1) with .sub.j:=.sub.j, for the j with .sub.j=.sub.j.

Then

[0053] 1. M.sub.r is a K[X]-module. [0054] 2. If d.sub.H(y, x)=t+r, .sub.j, . . . , .sub.r are error locations and .sub.1, . . . , .sub.r are the corresponding error values, then LW(,)=min {LM(u, v)|(u, v)M.sub.r\{0}. [0055] Proof 1. Clearly, M.sub.r is an F.sub.q-vector space. For f(X)F.sub.q[X] and (u, v) M.sub.r, it needs to be shown that f.Math.(u, v)M.sub.r. Clearly, (fu, fv) satisfies the required congruence, and also fv has the required roots. It remains to verify that for all j, .sub.j.sub.j(fv)(.sub.j.sup.1)=.sub.j(fu)(.sub.j.sup.1). Now,

[00007]${\left(\mathrm{fv}\right)}^{}.Math.\left({}_j^{-1}\right)=\left(f^{}.Math.v\right).Math.\left({}_j^{-1}\right)+\left({\mathrm{fv}}^{}\right).Math.\left({}_j^{-1}\right)=\left({\mathrm{fv}}^{}\right).Math.\left({}_j^{-1}\right)=f\left({}_j^{-1}\right).Math.\frac{-{}_j}{{}_j.Math.a_j}.Math.u\left({}_j^{-1}\right)=-\frac{{}_j}{{}_j.Math.a_j}.Math.\left(\mathrm{fu}\right).Math.\left({}_j^{-1}\right),,$

where in the second equation v(.sub.j.sup.1)=0 was used, and in the third equation .sub.j.sub.jv(.sub.j.sup.1)=.sub.ju(.sub.j.sup.1) was used (note that .sub.j.sub.j0).

[0056] 2. The proof is by induction on r. For r=0, the assertion is just Proposition 2.2, Suppose that r1, and the assertion holds for r1. Let {tilde over (y)} be obtained from y by subtracting .sub.r from coordinate .sub.r. Let {tilde over ()}:=/(1.sub.rX), the error locator for {tilde over (y)}, and let {tilde over ()} be the error evaluator for {tilde over (y)}. By the induction hypothesis,

LM({tilde over ()}, {tilde over ()})=min {LM(u, v)|(u, v)M.sub.r1}(3)

with

M.sub.r1:=M.sub.r1(S.sup.({tilde over (y)}), .sub.1, . . . , .sub.r1, .sub.1, . . . , .sub.r1).

The following lemma will be useful, [0057] Lemma: For (u, v)M.sub.r, write {tilde over (v)}:=v/(1,X) and put h:=u.sub.r.sub.r {tilde over (v)}. Then (1.sub.r,X)|h(X). Moreover, writing {tilde over (h)}:=h/(1.sub.rX), the map : (u, v).fwdarw.({tilde over (h)}, {tilde over (v)}) maps M.sub.r into M.sub.r1, and satisfies (,)=({tilde over ()}, {tilde over ()}). [0058] Proof of Lemma. Since v=(1.sub.rX) {tilde over (v)}, we get v=.sub.r{tilde over (v)}+(1.sub.rX){tilde over (v)}, and therefore v(.sub.r.sup.1)=.sub.r{tilde over (v)}(.sub.r.sup.1). Hence,

[00008]$h\left({}_r^{-1}\right)=u\left({}_r^{-1}\right)-{}_r.Math.a_r.Math.\tilde{v}\left({}_r^{-1}\right)=-\frac{{}_r.Math.a_r}{{}_r}.Math.v^{}\left({}_r^{-1}\right)-{}_r.Math.a_r.Math.\tilde{v}\left({}_r^{-1}\right)=0,$

which proves the first assertion.

[0059] For the second assertion, note first that

[00009]$S^{\left(\tilde{y}\right)}{S}^{\left(y\right)}-\frac{{}_r.Math.a_r}{1-{}_r.Math.X}.Math.\mathrm{mod}.Math..Math.\left(X^{d-1}\right),$

and therefore

[00010]$S^{\left(\tilde{y}\right)}.Math.\tilde{v}{S}^{\left(y\right)}.Math.\tilde{v}-\frac{{}_r.Math.a_r}{1-{}_r.Math.X}.Math.\tilde{v}=\frac{1}{1-{}_r.Math.X}.Math.\left(S^{\left(y\right)}.Math.v-{}_r.Math.a_r.Math.\tilde{v}\right)\frac{1}{1-{}_r.Math.X}.Math.\left(u-{}_r.Math.a_r.Math.\tilde{v}\right)=\tilde{h},$

where stands for congruence modulo X.sup.d1, which implies that ({tilde over (h)}, {tilde over (v)}) satisfies the required congruence relation in the definition of M.sub.r1. Also, clearly {tilde over (v)}(.sub.j.sup.1)=0 for all j{1, . . . , r1}. Finally, using v=.sub.r{tilde over (v)}+(1.sub.rX){tilde over (v)} again, it can be seen that for all j{1, . . . , r1},

[00011]${\tilde{v}}^{}\left({}_j^{-1}\right)=\frac{v^{}\left({}_j^{-1}\right)}{1-{}_r.Math.{}_j^{-1}}=\frac{{}_j}{{}_j.Math.a_j}.Math.\frac{u\left({}_j^{-1}\right)}{1-{}_r.Math.{}_j^{-1}}=\frac{{}_j}{{}_j.Math.a_j}.Math.\tilde{h}\left({}_j^{-1}\right).$

This proves that maps M.sub.r into M.sub.r1.

[0060] Finally, (, )=({tilde over (h)}, {tilde over ()}) with {tilde over (h)}=(.sub.r.sub.r{tilde over ()})/(1.sub.rX), and it is straightforward to verify that {tilde over (h)}={tilde over ()}. In detail, for :=t+r, let .sub.1, . . . , .sub.F*.sub.q be some enumeration of the error locators, let .sub.1, . . . , .sub.F*.sub.q be the corresponding error values, and let .sub.1, . . . , .sub. be the corresponding entries of the vector it {tilde over ()}. Assume without loss of generality that .sub.=.sub.r, and hence .sub.=.sub.r. It follows that

[00012]$\begin{array}{c}\tilde{h}=\frac{-{}_r.Math.a_r.Math.\stackrel{~}{}}{1-{}_r.Math.X}\\ =\frac{1}{1-{}_{\mathrm{.Math.}}^{}.Math.X}.Math.\left({.Math.}_{i=1}^{\mathrm{.Math.}}.Math.{}_i^{}.Math.a_i^{}.Math.{.Math.}_{j=1,ji}^{\mathrm{.Math.}}.Math.\left(1-{}_j^{}.Math.X\right)-{}_{\mathrm{.Math.}}^{}.Math.a_{\mathrm{.Math.}}^{}.Math.{.Math.}_{j=1}^{\mathrm{.Math.}-1}.Math.\left(1-{}_j^{}.Math.X\right)\right)\\ =\frac{1}{1-{}_{\mathrm{.Math.}}^{}.Math.X}.Math.\left({.Math.}_{i=1}^{\mathrm{.Math.}-1}.Math.{}_i^{}.Math.a_i^{}.Math.{.Math.}_{j=1,j1}^{\mathrm{.Math.}}.Math.\left(1-{}_j^{}.Math.X\right)\right)\\ ={.Math.}_{i=1}^{\mathrm{.Math.}-1}.Math.{}_i^{}.Math.a_i^{}.Math.{.Math.}_{j=1,j1}^{\mathrm{.Math.}-1}.Math.\left(1-{}_j^{}.Math.X\right)=\stackrel{~}{}.\end{array}$

This concludes the proof of the lemma.

[0061] Returning to the proof of the theorem, if (u, v)M.sub.r and v=c.Math. for some cF*.sub.q, then LM(u, v)(0, X.sup.deg())=LM(, ). Let (u, v)M.sub.r\{0} be such that vc for all cF*.sub.qF. Then, (u, v)c({tilde over ()}, {tilde over ()}) for all cF*.sub.q, and hence

LM((u, v))>LM({tilde over ()}, {tilde over ()})=(0, X.sup.deg()1), (4)

where the inequality can be obtained by the induction hypothesis and Proposition 2.3. If the leading monomial of (u, v) is of the form (0, X.sup.j) for some j, then LM((u, v))=(0, X.sup.deg(v)1), and EQ. (4) implies deg(v)>deg(), so that certainly LM(u, v)>LM(, ).

[0062] Suppose therefore that LM((u, v)) is of the form (X.sup.j, 0) for some j, that is, LM((u v))=(X.sup.deg(h)1, 0). In this case, EQ. (4) implies that deg(h)1>deg()2, that is, deg(h)deg(). But since h=u.sub.r.sub.r{tilde over (v)}, this implies that at least one of u and {tilde over (v)} must have a degree that is at least as large as deg(). Now, if deg(u)deg(), that is, if deg(u)>deg()1, then LM(u, v)>LM(, )=(0, X.sup.degr())). Similarly, if deg({tilde over (v)})deg(), then deg(v)>deg(), and again LM(u, v)>LM(, ). This completes the proof.

[0063] Using the terminology of Theorem 3.1, for a pair (u(X), v(X)M.sub.r1, embodiments define the r-th root condition on (u,v) as v(.sub.r.sup.1)=0, so that the root condition on (u,v) involves only v, and the r-th derivative condition as .sub.r.sub.rv(.sub.r.sup.1)=.sub.ru(.sub.r.sup.1). The above pair (u,v) is in M.sub.rM.sub.r1iff it satisfies both the r-th root condition and the r-th derivative condition. When moving from M.sub.j to M.sub.j+1, two additional functionals are zeroed. It was already proved in the theorem that each M.sub.j is a K[X]-module. Also, the intersection of M.sub.j with the set of pairs (u, v) for which v(.sub.j+1.sup.1)=0 is clearly a K[X]-module. Hence, if each root condition comes before the corresponding derivative condition, two iterations of Koetter's algorithm can be used to move from a Groebner basis for to a Groebner basis for M.sub.j+1. [0064] Remark: Note that for all r, M.sub.r is free of rank 2. First, since M.sub.r is a submodule of K[X].sup.2, it is free of rank at most 2, a submodule of a free module over a principle ideal domain. Also, since both (X.sup.d1(1.sub.jX) . . . (1.sub.rX), 0) and (, ) are in M.sub.r, the rank is at least 2.

[0065] 4 Koetter's Iterations for Chase Updates

[0066] A description of Koetter's iteration is presented in Appendix, below. Using the terminology of the appendix, in the current context l=1, and, as already mentioned, there are two types of Koetter iterations: one for a root condition, and the other for a derivative condition. For a fair comparison with Algorithm 1 of Wu2012, the version of Koetter's iteration presented herein does include inversions, in this version, the right-hand sides of the update rules are both divided by .sub.j*. Recall that multiplication of elements by non-zero constants takes a Groebner basis to a Groebner basis.

[0067] In the r-th root iteration, the linear functional D acts on a pair (u, v) as D(u, v)=v(.sub.r.sup.1), and hence on X.Math.(u, v) as D(X.Math.(u, v))=.sub.r.sup.1 D(u, v). In the r-th derivative iteration, which comes after the r-th root iteration,

D(u, v)=.sub.r.sub.rv(.sub.r.sup.1)+.sub.ru(.sub.r.sup.1),

and therefore also

[00013]$\begin{array}{c}D\left(X.Math.\left(u,v\right)\right)={}_r.Math.{a_r\left(\mathrm{Xv}\right)}^{}.Math.\left({}_r^{-1}\right)+a_r\left(\mathrm{Xu}\right).Math.\left({}_r^{-1}\right)\\ ={}_r.Math.a_r.Math.{}_r^{-1}.Math.v^{}\left({}_r^{-1}\right)+u\left({}_r^{-1}\right)={}_r^{-1}.Math.D\left(u,v\right),\end{array}$

where (Xv)=Xv+v was used in the second equality and v(.sub.r.sup.1)=0. So, for both types of iterations, root condition and derivative condition, D(X.Math.(u, v))/D(u, v)=.sub.r.sup.1 if D(u, v)0. Hence, the iteration corresponding to a single location .sub.r has the following form.

Algorithm A: Koetter's Iteration for Adjoining Error Location .SUB.r.:

[0068] FIG. 1 is a flowchart of Koetter's iterative algorithm for adjoining error locations, according to embodiments of the disclosure. [0069] Input: A Groebner basis G={g (g.sub.00, g.sub.01), g.sub.1=(g.sub.10, g.sub.11)} for M.sub.r1(S.sup.(y), .sub.1, . . . , .sub.r1, .sub.1, . . . , .sub.r1), with LM(g.sub.j) containing the j-th unit vector for j{0, 1}

[0070] The next error location, .sub.r, and the corresponding error value, .sub.r. [0071] Output: A Groebner basis G.sup.+{g.sup.+.sub.0=(g.sup.+.sub.00, g.sup.+.sub.01)), (g.sup.+.sub.10, g.sup.+.sub.11)} for M.sub.r(S.sup.(y), .sub.j, . . . , .sub.r, .sub.j, . . . , .sub.r) with LM(g.sup.+.sub.j) containing the j-th unit vector for j{0, 1}
Algorithm, with references to the flowchart of FIG. 1:

TABLE-US-00001 Initialize stop := true // Step 101 For type = root, der // Step 103 If type = der Then // Step 105 For j = 0, 1, set g.sub.j := g.sub.j.sup.+ // initiate with output of root step For j = 0, 1, calculate // Step 107 [00014]${}_j:=\{\begin{array}{cc}{g}_{j.Math..Math.1}\left({}_r^{-1}\right)& \mathrm{if}.Math..Math.\mathrm{type}=\mathrm{root}\\ {}_r.Math.a_r.Math.g_{j.Math..Math.1}^{}\left({}_r^{-1}\right)+{}_r.Math.g_{j.Math..Math.0}\left({}_r^{-1}\right)& \mathrm{if}.Math..Math..Math.\mathrm{type}=\mathrm{der}\end{array}$ stop := stop and (.sub.1 == 0)) // Step 109 if type == der and stop == true, exit // Step 111, stopping criteria, described below Set J := {j {0, 1}|.sub.j 0} // Step 113 If J = Then // Step 115 For j = 0, 1, set g.sup.+.sub.j := g.sub.j // Step 117 Exit and process next error pattern Let j* J be such that LM(g.sub.j*) = min.sub.jJ{LM(g.sub.j)} // Step 119 For j J // Step 121 If j* Then [00015]$\mathrm{Set}.Math..Math.g_j^{+}:=g_j-\frac{{}_j}{{}_{j*}}.Math.g_{j*}$ Else // j = j* Set g.sup.+.sub.j := (X .sub.r.sup.1)g.sub.j*

[0072] Regarding the jj* part of step 121, note that multiplication by a non-zero constant is possible in other embodiments. For example, an update of the form g.sup.+.sub.j=.sub.j*g.sub.j.sub.jg.sub.j* is also allowed.

[0073] It should be noted that multiplying all elements of a Groebner basis by (possibly different) non-zero constants results in a Groebner basis. Hence, multiplying the outputs of Algorithm A by non-zero constants again gives a Groehner basis with the required properties. Moreover, in Algorithm A, if each update of the form

[00016]$g_j^{+}:=g_j-\frac{{}_j}{{}_{j^{*}}}.Math.g_{j*}$

or g.sup.+.sub.j*:=(X.sub.r.sup.1)g.sub.j* is replaced by

[00017]$g_j^{+}:=c\left(g_j-\frac{{}_j}{{}_{j^{*}}}.Math.g_{j*}\right)$

or g.sup.+.sub.j*:=c(X.sub.r.sup.1)g.sub.j*, respectively, where c, c are non-zero constants that may depend on j, then the output will still he a Groebner basis with the required properties.

[0074] A stopping criterion for a Koetter algorithm according to an embodiment for fast Chase decoding, implemented as steps 101, 109, and 111, is as follows. Suppose that (.sub.1, .sub.1), . . . , (.sub.r, .sub.r) are correct pairs of error locations and corresponding error values, and that, as above, r=t, so that an error-locator polynomial is, up to non-zero multiplicative constant, the second coordinate of the output g.sup.+.sub.1 of the derivative step of Koetter's iteration for adjoining error-locator .sub.r. However, it is expensive to perform a Chien search. However, suppose there exists one more erroneous location, .sub.r+1, within the weak coordinates, with corresponding error value is .sub.r+1. Then, according to embodiments of the disclosure, in Koetter's iteration for adjoining the pair (.sub.r+1, .sub.r+1) to (.sub.1, .sub.1), . . . , (.sub.r, .sub.r). .sub.1=0 for both the root step and the derivative step. For the root step, this follows from the fact that .sub.r+1.sup.1 is a root of the ELP (X), and for the derivative step it follows from the fact that (X), (X) satisfy Forney's formula. Thus, checking if .sub.1=0 for both the root step and the derivative step can serve as a stopping criterion. However, it is possible that .sub.1=0 for both the root step and the derivative step even if there is not a correct error-locator polynomial, i.e., a false positive. The cost of handling a false positive is an increased complexity. However, even if the false positive rate is of the order 1/100, or even 1/10, the overall increase in complexity is negligible, and a Monte Carlo simulation can be used to obtain a reliable estimation in such situations. The cost of a stopping criterion according to an embodiment involves performing one more root step and half a derivative step for the discrepancy calculations for a sphere of radius r+1 when t is only r. This reduces the overall complexity gain over a brute force Chien search. When t=r, r+1 errors are needed in the weak coordinates, which slightly degrades the FER in comparison to a brute force Chien search. It is to be understood that the implementation of a stopping criteria according to an embodiment in steps 101, 109, and 111 is exemplary and non-limiting, and other embodiments of the disclosure can use different implementations to achieve a same result.

[0075] Next, according to an embodiment, consider some simplifications. The above scheme has two pairs of polynomials to be maintained, rather than just two polynomials. In the above form, the algorithm will work even if 2t, where e is the total number of errors. It should be noted that Wu's fast Chase algorithm does not have a version that supports more than 2t1. errors. However, if 2t1, as supported by Wu's algorithm, there is no need to maintain the first coordinate of the Groebner basis. For this, two questions should be answered: [0076] 1. How can g.sub.j0(.sub.r.sup.1) be calculated efficiently when only g.sub.j1 is available? [0077] 2. How can LM(g.sub.0) be found without maintaining g.sub.00 (recall that the leading monomial of g.sub.0 is on the left)?

[0078] To answer the second question: introduce a variable d.sub.0 to track the degree of g.sub.00. Whenever j*=0, increase d.sub.0 by 1, and in all other cases keep d.sub.0 unchanged. Note that when 0J but 0j*, LM(g.sup.+.sub.0)=LM(g.sub.0), as shown in Appendix A, which justifies keeping d.sub.0 unchanged.

[0079] Recalling that the algorithm of FIG. 1 is invoked for any adjoined weak coordinate down the path front the root to a leaf, with the previous g.sub.1.sup.+ becoming the next g.sub.1, an implementation according to an embodiment of this answer would involve initializing d.sub.0=deg(g.sub.00) in the root of the tree, before any invocation of the algorithm of FIG. 1. In the process of executing the tree traversal, the d.sub.0 should be saved on vertices with more than one child and used as an initialization for all paths going down from that vertex to a leaf. A step of defining: LM(g.sub.0)=(X.sup.d.sup.0, 0) would he performed after step 105, and an update step, if j*=0 then ++d.sub.0, would be performed after step 119. Note that, in going down a path to a leaf, d.sub.0 from a previous application of the algorithm of FIG. 1 should he used as an initial value for the next application of the algorithm.

[0080] Turning to the first question, it is known that for all r and all (u, v)M.sub.r(S.sup.(y), .sub.1, . . . , .sub.r, .sub.1, . . . , .sub.r), then uS.sup.(y)v mod (X.sup.2t), and hence one can calculate u(hd r.sup.1) directly from v if deg(u)2t1 (see ahead). So, a first task is to verify that if 2t1, so that r2t1t=t1, then deg(g.sub.10)2t1 and deg(g.sub.20)2t1. for all Koetter's iterations involved in fast Chase decoding, assuming the hypotheses of Theorem 3.1 hold.

[0081] First, however, recall the following proposition, which is just a re-phrasing of Prop. 2. of Beelen, et al., On Rational Interpolation-Based List-Decoding And List-Decoding Binary Goppa Codes, IEEE Trans. Inform. Theory, Vol. 59, No. 6, pp. 3269-3281, June 2013 the contents of which are herein incorporated by reference in their entirety. For the sake of completeness, a proof is included in Appendix B. From this point on, a monomial in K[X].sup.2 will he said to be on the left if it contains the unit vector (1, 0), and on the right if it contains the unit vector (0, 1). [0082] Proposition 4.1: Let {h.sub.0=(h.sub.00, h.sub.01), h.sub.1=(h.sub.10, h.sub.11)} be a Groebner basis for M.sub.0 with respect to the monomial ordering <, and suppose that the leading monomial of h.sub.0 is on the left, while the leading monomial of h.sub.1 is on the right. Then deg(h.sub.00(X))+deg(h.sub.11(X))=2t.

[0083] With Proposition 4.1, it can be proven that for all iterations of Koetter's algorithm, deg(gr.sub.10)<2t1 and deg(g.sub.20)2t 1 when 2t1. Before the proof, it will be useful to introduce some additional notation.

[0084] Definition 4.2: For i=1, . . . , r, j{0, 1}, and T{root, der} write g.sub.j(i; T)=(g.sub.j0(i; T), g.sub.j1(i; T)) and g.sup.+.sub.j(i; T)=(g.sup.+.sub.j0(i; T), g.sup.+.sub.j1(i: T)) for the values in the root step (T=root) or the derivative step (T=der) of Algorithm A corresponding to adjoining error location .sub.j. Explicitly, the notation g.sub.0(i; root) and g.sub.t(i; root) are the values of the input variables g.sub.0 and g.sub.1 respectively, during the root iteration of the application of algorithm A for adjoining .sub.i. Similarly, g.sub.0(i; der) and g.sub.1(i; der) are the values of the input variables g.sub.0 and g.sub.1, respectively, during the derivative iteration of the application of algorithm A for adjoining .sub.i. By convention, {g.sub.0(1; root), g.sub.1(1; root)} is a Groebner basis for M.sub.0 with LM(g.sub.0(1; root)) on the left and LM(g.sub.1(1; root)) on the right. [0085] Proposition 4.3: Suppose that the condition in part 2 of Theorem 3.1 holds. Then for all i{1, . . . , r}, all j{0, 1} and all T{root, der}, deg(g.sub.j0(i; T)) and deg(g.sub.j1(i; T)), where =t+r is the total number of errors. [0086] Proof. By Theorem 3.1, (, )=c.Math.g.sup.+.sub.j(r; der) for some j{0, 1} and some cF*.sub.q, and hence necessarily (, )=c.Math.g.sup.+.sub.1(r; der) for some cF*.sub.q, as the leading monomial of (, ) is on the right. Note that for all i, j, and T, LM(g.sup.+.sub.j(i; T))LM(g.sub.j(i; T)) is true, and so for all i and T, LM(g.sub.1(i; T))LM(, )=(0, X.sup.c) must be true, in particular, deg(g.sub.10(i; T))1, and deg(g.sub.11(i; T)).

[0087] Turning to g.sub.0(i; T), note that for all i, j, and T, LM(g.sup.+.sub.j(i; T))>LM(g.sub.j(i; T)) for at most one j{0, 1}. Also, for j{0, 1} and for each i and T with LM(g.sup.+.sub.j (i; T))>LM(g.sub.j(i; T)), LM(g.sup.+.sub.j(i; T))=X LM(g.sub.j(i; T)) is true. Since the degree of the second coordinate of g.sub.j(i; T), the coordinate containing the leading monomial, must increase from deg(g.sub.11(1; root)) for i=1 and T=root to deg()= for i=r and T=der, it follows that

|{(i, T)|LM(g.sup.+.sub.1(i; T))>LM(g.sub.1(i; T))}|=deg(g.sub.11(1; root)),

and therefore,

[00018]$\left|\left\{\left(i,T\right)|\mathrm{LM}\left(g_0^{+}\left(i.Math.\text{;}.Math..Math.T\right)\right)>\mathrm{LM}\left(g_0\left(i.Math.\text{;}.Math..Math.T\right)\right)\right\}\right|2.Math..Math.r-\left(\mathrm{.Math.}-\mathrm{deg}\left(g_{11}\left(1.Math.\text{;}.Math..Math.\mathrm{root}\right)\right)\right)=\mathrm{deg}\left(g_{11}\left(1.Math.\text{;}.Math..Math.\mathrm{root}\right)\right)+r-t.$

Hence, for all i and T,

[0088] [00019]$\begin{array}{c}\mathrm{deg}\left(g_{00}\left(i.Math.\text{;}.Math..Math.T\right)\right).Math.\mathrm{deg}\left(g_{00}\left(r.Math.\text{;}.Math..Math.\mathrm{der}\right)\right).Math.\left(\mathrm{LM}\left(\mathrm{on}.Math..Math.\mathrm{the}.Math..Math.\mathrm{left}\right).Math.\mathrm{does}.Math..Math.\mathrm{not}.Math..Math.\mathrm{decrease}\right)\\ .Math.\mathrm{deg}\left(g_{00}\left(1.Math.\text{;}.Math..Math.\mathrm{root}\right)\right)+\mathrm{deg}\left(g_{11}\left(1.Math.\text{;}.Math..Math.\mathrm{root}\right)\right)+r-t\\ =.Math.t+r=\mathrm{.Math.}.Math..Math.\left(\mathrm{by}.Math..Math.\mathrm{Proposition}.Math..Math.4.1\right).\end{array}$

[0089] Finally, since the leading monomial of g.sub.0(i; T) is on the left, it follows that deg(g.sub.01(i; T)) 1<deg(g.sub.00(i; T), which proves deg(g.sub.01(i; T)).

[0090] Using Proposition 4.3, g.sub.j0(.sub.r.sup.1) can be calculated in Algorithm A while maintaining only the right polynomials g.sub.j1(j{0, 1}). According to embodiments of the disclosure, an efficient O(t) method for calculating g.sub.10(.sub.r.sup.1is as follows.

[0091] For a polynomial v(X)K[X], assume that :=deg(v)2t1, and write v(X)=v.sub.0+v.sub.1X+ . . . +v.sub.2t1X.sup.2t1. For short, write S(X)=S.sub.0+S.sub.1X+ . . . +S.sub.2t1X.sup.2t1:=S.sup.(y)(x). Then for F.sub.q, (Sv mod(X.sup.2t)) () can he expressed as

S.sub.0v.sub.0+(S.sub.0v.sub.1+S.sub.1v.sub.0)+(S.sub.0v.sub.2+S.sub.1v.sub.1+S.sub.2v.sub.0).sup.2+ . . . (S.sub.0v.sub.2t1+S.sub.1v.sub.2t2+S.sub.2v.sub.2t3+ . . . +S.sub.2t1v.sub.0).sup.2t1, (5)

[0092] For j{0, . . . , 2t1}, let A.sub.j(v, ) be the sum over the j-th column of EQ. (5). Then

A.sub.j(v, )=S.sub.j.sup.j(v.sub.0+v.sub.1+ . . . +v.sub.2t1j.sup.2t1j),

If 2t1j(=deg(v)), then A.sub.j(v, )=S.sub.j.sup.fv(). Hence if is a root of v(X), then

(Sv mod(X.sup.2t))()=.sub.j=0.sup.2t1A.sub.j(v, )=.sub.j=2t.sup.2t1A.sub.j(v, ) (6)

[0093] The sum on the right-hand side of EQ. (6) may be calculated recursively. For this, let

.sub.j(v, ):=.sup.j.sub.i=0.sup.2t1jv.sub.i.sup.i,

so that A.sub.j(v, )=S.sub.j.sub.j(v, ). Then .sub.2t1=0, and for all j{2t1, . . . , 2t2},

[00020]$\begin{array}{cc}\frac{{\tilde{A}}_{j+1}\left(,\right)}{{}^{2.Math..Math.t}}=.Math.\frac{{\tilde{A}}_j\left(,\right)}{{}^{2.Math..Math.t}}-{}_{2.Math..Math.t-1-j}.& \left(7\right)\end{array}$

[0094] Calculating, .sup.2t takes O(log.sub.2(2t)) squarings and multiplications. In fact, this can be calculated once, before starting the depth-first search in Wu's tree, for all non-reliable coordinates, not just for those corresponding to a particular leaf. After that, each one of the iterations of EQ. (7) in the calculation of the sum of EQ. (6 requires 2 finite-field multiplications: two for moving from .sub.j(v, )/.sup.2t to .sub.j+1(v, /.sup.2t, and one for multiplying by S.sub.j+1 before adding to an accumulated sum. Then, after the calculation of the accumulated sum, one additional multiplication by .sup.2t is required.

[0095] FIG. 4 is a flow chart of an algorithm for an answer to the first question, according to an embodiment of the disclosure. An algorithm according to an embodiment, with references to the steps of FIG. 4, is as follows.

[0096] Before starting an algorithm of FIG. 1:

TABLE-US-00002 Calculate and store (.sub.m.sup.1).sup.2t for all weak coordinates .sub.m // Step 40 Perform algorithm of FIG. 1 for weak coordinate .sub.r1 //Step 41 When adjoining a next weak coordinate r, for any choice of the corresponding error value .sub.r, if type == der, perform the following steps: //Step 42 [00021]$\mathrm{Initialize}.Math..Math.{\tilde{B}}_{2.Math.t--1}=0//.Math.{\tilde{B}}_j\frac{{\tilde{A}}_{j+1}\left(v,\right)}{{}^{2.Math..Math.t}},.Math.\mathrm{where}.Math..Math.v=g_{j.Math..Math.1}.Math..Math.\mathrm{and}.Math..Math.={}_r^{-1};$ Step 43 Initialize resu1t=0 For k = 2t 1, . . . , 2t 2, //Step 44 Calculate and store {tilde over (B)}.sub.k+1 = .sub.r.sup.1 .Math. {tilde over (B)}.sub.k (g.sub.j1).sub.2t1k // (g.sub.j1).sub.m is the coefficient of X.sup.m in g.sub.j1 Update result = result + S.sub.k+1{tilde over (B)}.sub.k+1 //S.sub.k+l is a syndrome polynomial coefficient Update result = result .Math. (.sub.r.sup.1).sup.2t // (.sub.r.sup.1).sup.2t was pre-calculated once in the first step; Step 45 Output result // result is g.sub.j0 (.sub.r.sup.1) for j == 0, 1; Step 46 Return to step 41 and repeat algorithm of FIG. 1 for next weak coordinate, until all weak coordinates have been processed. // Step 47

5. Fast Chase Decoding

[0097] FIG. 2 is a flowchart of an algorithm for fast chase decoding of generalized Reed-Solomon codes according to embodiments of the disclosure. As above, consider a primitive generalized Reed-Solomon (GRS) code, CF.sub.q.sup.n, of length n:=q1, q be a prime power, and designed distance dN*, d2, and F.sub.q be the finite field of q elements Given a received codeword y=x+e , where XC is a transmitted GRS codeword, C is a GRS code, and e is an error vector, a decoding algorithm begins at step 20 by calculating the syndrome polynomial S.sup.(y)(X )from the Channel output y, wherein S.sup.(y)(X):=S.sub.0+S.sub.1X+ . . . +S.sub.d2X.sup.d3 and S.sub.j=S.sub.j.sup.(y):=(y)(.sup.j), and applying a syndrome-based hard decision algorithm at step 21 to the input S.sup.(y)(X) to find the estimated error-locator polynomial (ELIC) (X):=.sub.i=1.sup.(1.sub.iX). Exemplary syndrome-based hard decision algorithms include, but are not limited to, the Beriekamp-Massey (BM), Fitzpatrick's algorithm and the Euclidean algorithm.

[0098] Next, at step 22, check whether the syndrome-based hard decision algorithm succeeded in finding an error vector of weight up to t, where t is the error-correction radius of the GRS code, i.e.,

[00022]$t=\left[\frac{d-1}{2}\right].$

If the syndrome-based hard decision algorithm is the BM algorithm, then one way of doing this is to let the output of the BM algorithm be a pairce, ({circumflex over ()}, L), where {circumflex over ()}={circumflex over ()}(X)is the estimated ELP, while L is the LFSR length calculated in the BM algorithm. The decoding is a success if the following condition holds: deg({circumflex over ()}(X))=L and {circumflex over ()}(X) has L distinct roots in F.sub.q.

[0099] If, at step 28, the HD decoding is successful, let the estimated error locations be the inverses of the roots of the estimated ELP {circumflex over ()}(X), calculate the error values, and estimate for the error vector from the estimated error locations and error values, and output the estimate {circumflex over (x)}:=y+ for x.

[0100] According to embodiments, error values can be calculated by finding the error evaluator polynomial (EEP) (X)F.sub.q[X], by (X):=.sub.i=1.sup..sub.i.sub.i.sub.ji(1.sub.jX), by substituting {circumflex over ()}(X) as the ELP in the key equation S.sup.(y)mod (X.sup.d1). According to other embodiments, error values can be calculated using Forney's formula.

[0101] Otherwise, if the HD decoding is unsuccessful, the unreliable (weak) coordinates and their potential error values are identified at step 24, and an initial Groebner basis G based on the outputs of the syndrome-based hard decision algorithm is found at step 25.

[0102] According to embodiment, if the syndrome based hard decision algorithm is the BM algorithm, finding an initial Groebner basis G based on the BM algorithm outputs includes defining b.sub.1:=(S mod X.sup.d1, ), and b.sub.2:=(SX.sup.mT mod X.sup.d1, X.sup.mB), where B is a polynomial output from the BM algorithm that is a copy of the last ELP before L was updated, and outputting one of (1) c{b.sub.1, b.sub.2} as the Groebner basis if the leading monomials of b.sub.1 and b.sub.2 contain distinct unit vectors, where c is a non-zero constant; (2) d{b.sub.1cX.sup.lb.sub.2, b.sub.2} as the Groebner basis if the leading monomials contain the same unit vector and the leading monomial of b.sub.1 is at least as large as that of b2 , where cK* and lN are chosen such that the leading monomial of b.sub.1 is canceled, and d is a non-zero constant; or (3) {db.sub.1, d(b.sub.2cX.sup.lb.sub.1)} as the Groebner basis if the leading monomials contain the same unit vector and the leading monomial of b.sub.2 is strictly larger than that of b.sub.1, where cK* and lN* are chosen such that the leading monomial of b.sub.2 is canceled, and d is a non-zero constant.

[0103] Next, a subset of all possible error patterns

[00023]$E_{i_1}\mathrm{.Math.}{E}_{i_{n_0}},$

on the unreliable coordinates is scanned, where n.sub.0 is the number of unreliable coordinates, and I.sub.1, . . . , i.sub.n.sub.0 are the unreliable coordinates. The subset of error patterns is formed into a tree, where vertices correspond to error patterns and edges connect a parent error pattern to a child error pattern having exactly one additional non-zero value.

[0104] At step 26, traverse the tree of error patterns until .sub.1=0 for both the root and der steps, wherein moving from a vertex corresponding to an error pattern with error locations .sub.1, . . . , .sub.r1 and corresponding error values .sub.1, . . . , .sub.r1 to a child with one additional error location .sub.r and corresponding error value .sub.r corresponds to moving from a current Groebner basis G={g.sub.0=(g.sub.00, g.sub.01), g.sub.1=(g.sub.10, g.sub.11)} for M.sub.r1(S.sup.(y), .sub.j, . . . , .sub.r1, .sub.1, . . . , .sub.r1), with LM(g.sub.j) containing the j-th unit vector for j{0, 1} to a Groebner basis G.sup.+={g.sup.+.sub.0=(g.sup.+.sub.00, g.sup.+.sub.01)), g.sup.+.sub.1=(g.sup.+.sub.10, g.sup.+.sub.11)} for M.sub.r(S.sup.(y), .sub.1, . . . , .sub.r, .sub.1, . . , .sub.r) with LM(g.sup.+.sub.j)containing the j-th unit vector for j{0, 1}. According to embodiments, Koetter's iteration Algorithm A for adjoining error locations .sub.r can be used to move from the Groebner basis G to the Groehner basis G.sup.+.

[0105] The correct error pattern is reached if there is a total t+r of erroneous coordinates in y, and if .sub.1, . . . , .sub.r are indeed error locations and .sub.1, . . . , .sub.r are indeed the corresponding error values, and it is guaranteed that the output g.sub.1.sup.+ of the algorithm satisfies g.sub.1.sup.+=c.Math.(, ) for some non-zero constant c, where is the EEP and is the ELP. To use a simplified stopping criterion according to an embodiment, the maximum tree depth should be increased by 1, and a Chien search is performed only in case .sub.1=0 for both the root and the derivative iterations. If there is one additional error locator .sub.r+1 in the weak coordinates and the set of potential error patterns for coordinate .sub.r+1 includes the correct error value .sub.r+1 for .sub.r+1, then the stopping criterion will succeed.

[0106] If, at step 27, a valid estimated error value was found, {circumflex over (x)}=y+ is output at step 28 as an estimate for the transmitted codeword x. Otherwise, at step 29. If no such is found, a decoding failure is output.

[0107] According to embodiments, the complexity of an algorithm according to an embodiment can be roughly compared with one iteration of Wu's Algorithm 1, pp. 114-115 of Y. Wu, Fast Chase Decoding Algorithms and Architectures for Reed-Solomon Codes, IEEE Trans. Inform. Theory, Vol. 58, No. 1, pp. 109-129, January 2012, incorporated by reference above.

[0108] In Wu's iteration, there are 2 substitutions in polynomials of degrees typically growing from t to , and two calculations of substitutions of the form (Sf mod X.sup.2t)(x) based on the knowledge of f, using Wu's, EQS. (23) and (24). Each of the last two substitutions takes about 2t multiplications, noting that the internal sums of Wu's, EQS. (23) and (24) were already calculated for the first two substitutions.

[0109] In an algorithm according to an embodiment, there are 2 substitutions in polynomials of degrees typically growing from t to , two calculations of substitutions of the form (Sf mod X.sup.2t)(x) based on the knowledge of f using the recursion EQ. (7), each requiring about 2t multiplications, and two substitutions in the derivative g.sub.j1, which, in characteristic 2 has non-zero coefficients only for even powers of X.

[0110] In a typical application of Wu's algorithm, there are 3 multiplications of a vector by a scalar, where the vector length typically grows from t to . On the other hand, in an algorithm according to an embodiment, there are 4 such multiplications, 2 for each one of the root and der steps. However, this advantage of Wu's algorithm is balanced by the following item.

[0111] Wies method requires a syndrome update step that updates about t syndrome coordinates with a total of about t multiplications, which is completely avoided in an algorithm according to an embodiment.

[0112] Considering the above, the complexity of an algorithm according to an embodiment is somewhat higher than that of Wu's iteration. However, it is conceptually simpler. Also, an algorithm according to an embodiment is suitable for working in the so-called transform domain, using evaluation vectors of both the and the formal derivatives of the g.sub.j1. Moreover, an algorithm according to an embodiment can work also for the case where the total number of errors is strictly above d1, by maintaining two pairs of polynomials.

6. System Implementations

[0113] It is to be understood that embodiments of the present disclosure can he implemented in various forms of hardware, software, firmware, special purpose processes, or a combination thereof In one embodiment, the present disclosure can be implemented in hardware as an application-specific integrated circuit (ASIC), or as a field programmable gate array (FPGA). In another embodiment, the present disclosure can be implemented in software as an application program tangible embodied on a computer readable program storage device. The application program can be uploaded to, and executed by, a machine comprising any suitable architecture.

[0114] FIG. 3 is a block diagram of a system for fast chase decoding of generalized Reed-Solomon codes, according to an embodiment of the disclosure. Referring now to FIG. 3, a computer system 31 for implementing the present invention can comprise, inter alia, a central processing unit (CPU) 32, a memory 33 and an input/output (I/O) interface 34. The computer system 31 is generally coupled through the I/O interface 34 to a display 35 and various input devices 36 such as a mouse and a keyboard. The support circuits can include circuits such as cache, power supplies, clock circuits, and a communication bus. The memory 33 can include random access memory (RAM), read only memory (ROM), disk drive, tape drive, etc., or a combinations thereof. The present disclosure can be implemented as a routine 37 that is stored in memory 33 and executed by the CPU 32 to process the signal from the signal source 38. As such, the computer system 31 is a general purpose computer system that becomes a specific purpose computer system when executing the routine 37 of the present invention. Alternatively, as described above, embodiments of the present disclosure can be implemented as an ASIC or FPGA 37 that is in signal communication with the CPU 32 to process the signal from the signal source 38.

[0115] The computer system 31 also includes an operating system and micro instruction code. The various processes and functions described herein can either be part of the micro instruction code or part of the application program (or combination thereof) which is executed via the operating system. In addition, various other peripheral devices can be connected to the computer platform such as an additional data storage device and a printing device.

[0116] It is to be further understood that, because some of the constituent system components and method steps depicted in the accompanying figures can be implemented in software, the actual connections between the systems components (or the process steps) may differ depending upon the manner in which the present invention is programmed. Given the teachings of the present invention provided herein, one of ordinary skill in the related art will be able to contemplate these and similar implementations or configurations of the present invention.

[0117] While the present invention has been described in detail with reference to exemplary embodiments, those skilled in the art will appreciate that various modifications and substitutions can be made thereto without departing from the spirit and scope of the invention as set forth in the appended claims.

A. Koetter's Algorithm

[0118] For completeness, a self-contained presentation of Koetter's algorithm is presented hereinbelow, taken from Sect. VILC of R. J. McEliece, The Guruswami-Sudan Decoding Algorithm for Reed-Solomon Codes, IPN Progress Report, Vol. 42-453, May 2003, the contents of which are herein incorporated by reference in their entirety. For convenience, the current presentation of the algorithm is stated in the language of Groebner bases.

[0119] Let K be a field. Fork lN* and for a K[X]-submodule M of K[X].sup.l+1 with rank(M)=l+1, suppose that there is a Groebner basis G=(g.sub.0, . . . , g.sub.l} for M with respect to some monomial ordering < on K[X].sup.l+1. In such a case, the leading monomials of the g.sub.i must contain distinct unit vectors, as otherwise, the leading monomial of two basis vectors would contain the same unit vector, so that the leading monomial of one vector divides the leading monomial of the other vector. In such a case, one of the basis vectors may be discarded which leaves a Groebner basis, which is, in particular, a set of less than l+1 generators for a free module of rank l+1, which is a contradiction. Thus, according to an embodiment, it may be assumed without loss of generality that the leading monomial of g.sub.j contains the j-th unit vector, for all j{0, . . . , l}, where coordinates of vectors are indexed by 0, . . . , l.

[0120] From this point on, according to an embodiment, < will stand for an arbitrary monomial ordering on K[X].sup.l+1.

[0121] Now let D: K[X].sup.l+1.fwdarw.K be a non-zero linear functional that satisfies the following property:

MOD M.sup.+:=Mker(D) is a K[X]-module,

[0122] Before proceeding, it may he useful to note that, as a consequence of the proof of validity of Koetter's algorithm appearing ahead, it holds that moving from M to M.sup.+ does not decrease the rank. The purpose of Koetter's algorithm is to convert the (l+1)-element Groebner basis G of M to an (l+1)-element Groebner basis G.sup.+{g.sup.+.sub.0, . . . , g.sup.+.sub.l} of M.sup.+, while maintaining the property that LM(g.sup.+.sub.j) contains the f-th unit vector for all j{0, . . . , l}. From this point on, Groebner basis will mean a Groebner basis with respect to a fixed monomial ordering <.

[0123] Now, it can be proved that a single iteration of Koetter's algorithm has the required properties.

Koetter's Iteration without Inversions: [0124] Input: A Groebner basis G={g.sub.0, . . . , g.sub.l} for the submodule MF.sub.q.sup.l+1, with LM(g) containing the j-th unit vector for all j. [0125] Output: A Groebner basis G.sup.+={g.sup.+.sub.0, . . . , g.sup.+.sub.l} for M.sup.+ with LM(g.sup.+.sub.l) containing the j-th unit vector for all j, assuming MOD holds. [0126] Algorithm:

TABLE-US-00003 For j = 0, ..., l, calculate .sub.j := D(g.sub.j) Set J := {j {0, ..., l}|.sub.j 0 } If J = , Then For j = 0, ..., l, set g.sup.+.sub.j := g.sub.j Exit Let j* J be such that LM(g.sub.j*) = min.sub.jJ{LM(g.sub.j)} /* the leading monomials are distinct, and so j* is unique */ For j J If j j* Set g.sup.+.sub.j := .sub.j*gj .sub.jgj* Else /* j = j**/ Set g.sup.+.sub.j*:= .sub.j .sub.Xg.sub.j* D(X g.sub.j*) g.sub.j* /* = ( .sub.j*X D(X g.sub.j*)) g.sub.j**/ indicates data missing or illegible when filed [0127] Proposition A.2: At the end of Koetter's iteration, it holds that G.sup.+={g.sup.+.sub.0, . . . , g.sup.+.sub.l} is a Groebner basis for M.sup.+ and for all j, LM(g.sup.+.sub.j) contains the j-th unit vector. [0128] Proof: First note that by the linearity of D, at the end of Koetter's iteration, g.sup.+.sub.jM.sup.+ for all j. It will be proven that for all j, [0129] LM(g.sup.+.sub.j)=min {LM(f)|fM.sup.+ and LM(f) contains the j-th unit vector}
This show that, since modules according to embodiments are over K[X], the leading monomial of every element in M.sup.+ is divisible by the leading monomial of some element from G.sup.+, and hence G.sup.+ is a Groebner basis.

[0130] For j{0, . . . l}, write [0131] M.sub.j:={fM\{0}|LM(f) contains the j-th unit vector}
and [0132] M.sup.+.sub.j:={fM.sup.+\{0}|LM(f) contains the j-th unit vector}.
Note that since M.sup.+M, it also holds that M.sup.+.sub.jM.sub.j for all j,

[0133] Take some j{0, . . . , l}. If jJ, then since g.sup.+.sub.j=g.sub.j and LM(g.sub.j) is minimal in LM(M.sub.j) LM(M.sup.+.sub.j), then certainly LM(g.sup.+.sub.j) is minimal in LM(M.sup.+.sub.j). This minimality follows from the assumptions on a Similarly, if jJ and jj*, then

LM(g.sup.+.sub.j)=LM(.sub.j*g.sub.j.sub.jg.sub.j*)=LM(g.sub.j),

and again, LM(g.sup.+.sub.j) is minimal in LM(M.sup.+.sub.j).

[0134] It remains to verify that if J, then LM(g.sup.+.sub.j*)=min(LM(M.sup.+.sub.j*)). Note first that because < is a monomial ordering, LM(Xg.sub.j*)=X LM(g.sub.j*), and X LM(g.sub.j*)>LM(g.sub.j*). Hence, LM(g.sup.+.sub.j*)=X LM(g.sub.j*). In addition, X LM(g.sub.j*) is the immediate successor of LM(g.sub.j*) in LM(M.sub.j*).

[0135] Suppose that there exists some h.sub.j*M.sup.+.sub.j* with LM(h.sub.j*)<LM(g.sup.+.sub.j*). It will be proven that this implies an infinite decreasing chain, and hence a contradiction. Because h.sub.j* is also in M.sub.j*, then LM(h.sub.j*) must be true, and therefore LM(g.sub.j*)LM(h.sub.j*)<LM(g.sup.+.sub.j*). But LM(g.sub.j*) is the immediate successor of LM(g.sub.j*) in LM(M.sub.j*), and therefore LM(h.sub.j*)=LM(g.sub.j*) must be true.

[0136] Let cK* be such that LM(g.sub.j*ch.sub.j*) is strictly smaller than LM(h.sub.j*)=LM(g.sub.j*) and set .sub.0:=g.sub.j*ch.sub.j*. Note that since g.sub.j*.Math.M.sup.+ while h.sub.j*M.sup.+, then .sub.0.Math.M.sup.+, and, in particular, .sub.0=0. Suppose that LM(.sub.0) contains the j.sub.0-th unit vector for some j.sub.0{0, . . . l}.

[0137] If j.sub.0J, then LM(.sub.0)<LM(g.sub.j*)LM(g.sub.j0), where the first inequality follows from the construction of .sub.0, and the second from the definition of j*. Since .sub.0M.sub.j0, this contradicts the assumption on g.sub.j0.

[0138] It follows that j.sub.0.Math.J. By the minimality of LM(g.sub.j0) in LM(M.sub.j0), there exists some d0 such that LM(.sub.0)=X.sup.dLM(g.sub.j0). Choose cK* such that the leading monomial cancels in .sub.1:=.sub.0cX.sup.dg.sub.j0. Note that .sub.1.Math.M.sup.+, because .sub.0.Math.M.sup.+, while g.sub.j0M.sup.+ since j.sub.0.Math.J. Then by construction, .sub.10, and LM(.sub.1)<LM(.sub.0)).

[0139] Suppose that LM(.sub.1) contains the j.sub.1-th unit vector. If j.sub.1J, then LM(.sub.1)<LM(.sub.0)<LM(g.sub.j*)LM(g.sub.j1), a contradiction, since .sub.1M.sub.j1. Hence j.sub.1.Math.J. Continuing this way, an infinite strictly decreasing chain can be obtained, which is a contradiction.

B. Proof of Proposition 4.1

[0140] Since (S.sup.(y), 1) is in the F.sub.q[X]-span of {h.sub.0, h.sub.1}, it follows that I(h.sub.01, h.sub.11), and hence that h.sub.01 and h.sub.11 are relatively prime. Now suppose that (X), (X)F.sub.q[X] are such that (X)h.sub.0(X)h.sub.1=(?, 0). Then (X)h.sub.01(X)=(X)h.sub.11(X), and because gcd(h.sub.01, h.sub.11)=1, this implies that h.sub.11(X)|(X), h.sub.01(X)|(X),

[00024]$\frac{\left(X\right)}{h_{11}\left(X\right)}=\frac{\left(X\right)}{h_{01}\left(X\right)},$

and these two equal rational functions are in fact a polynomial in F.sub.q[X]. Write r(X)F.sub.q[X] for this polynomial. Let .sub.0: F.sub.q[X].sup.2F.sub.q[X] be the projection to the first coordinate. Now, the second coordinate of the vector

f:=h.sub.11(X)h.sub.0h.sub.01(X)h.sub.1M.sub.0

is 0, and for (X), (X) as above, it follows from the above explanation that

(X)h.sub.0(X)h.sub.1=r(X)f.

This shows that .sub.0(f) has the lowest degree in .sub.0 (M.sub.0{(?, 0)}). Now, as M.sub.0 is generated as an F.sub.q[X]-module by {(X.sup.2t, 0), (S.sup.(y)(X), 1)}, this lowest degree is 2t. Hence deg(.sub.0(f)) 2t. Now,

[00025]$\begin{array}{c}\mathrm{deg}\left({}_0\left(f\right)\right)=.Math.\mathrm{deg}\left(h_{11}\left(X\right).Math.h_{00}\left(X\right)-h_{01}\left(X\right).Math.h_{10}\left(X\right)\right)\\ =.Math.\mathrm{deg}\left(h_{11}\left(X\right).Math.h_{00}\left(X\right)\right),\end{array}$

because by assumption deg(h.sub.11)deg(h.sub.10)+1 and deg(h.sub.00)>deg(h.sub.01)1, so that

deg(h.sub.11h.sub.00)>deg(h.sub.01h.sub.10).

This concludes the proof.