BM-BASED FAST CHASE DECODING OF BINARY BCH CODES THROUGH DEGENERATE LIST DECODING

Abstract

An application specific integrated circuit (ASIC) tangibly encodes a method for fast polynomial updates in fast Chase decoding of binary Bose-Chaudhuri-Hocquenghem (BCH) codes. The method includes the steps of using outputs of a syndrome-based hard-decision (HD) algorithm to find a Groebner basis for a solution module of a modified key equation, upon failure of HD decoding of a BCH codeword received by the ASIC from a communication channel; evaluating polynomials obtained from said Groebner basis at inverses of specified weak-bit locations; and transforming a Groebner basis for a set of flipped weak-bit locations (.sub.1, . . . , .sub.r1) to a Groebner basis for (.sub.1, . . . , .sub.r), wherein .sub.r is a next weak-bit location, wherein r is a difference between a number of errors and a HD correction radius of the BCH codeword.

Claims

1. An application specific integrated circuit (ASIC) tangibly encoding a program of instructions executable by the integrated circuit to perform a method for fast polynomial updates in fast Chase decoding of binary Bose-Chaudhuri-H-Hocquenghem (BCH) codes, the method comprising the steps of: receiving, by the ASIC, a BCH codeword from a communication channel; using outputs of a syndrome-based hard-decision (HD) algorithm to find a Groebner basis for a solution module of a modified key equation, upon failure of HD decoding of the BCH codeword; the ASIC evaluating polynomials obtained from said Groebner basis at inverses of specified weak-bit locations; and the ASIC transforming a Groebner basis for a set of flipped weak-bit locations (.sub.1, . . . , .sub.r1) to a Groebner basis for (.sub.1, . . . , .sub.r), wherein .sub.r is a next weak-bit location, wherein r is a difference between a number of errors and a HD correction radius of the BCH codeword.

2. The ASIC of claim 1, wherein a polynomial of the Groebner basis for (.sub.1, . . . , .sub.r) has a degree of at most of order r.

3. The ASIC of claim 1, wherein the syndrome-based HD algorithm is selected from a group that includes the Berlekamp-Massey (BM) algorithm and Fitzpatrick's algorithm.

4. The ASIC of claim 1, wherein using outputs of a syndrome-based HD algorithm to find a Groebner basis for a solution module of a modified key equation comprises: setting a polynomial h.sub.1=(h.sub.10(X), h.sub.11(X)) be the odd and even parts of C, respectively, and a polynomial h.sub.2=(h.sub.20(X), h.sub.21(X)) be respectively a shifted version of the odd and even parts of B, wherein polynomials B(X) and C(X) are output from a Berlekamp-Massey (BM) algorithm performed on syndromes of the BCH codeword, wherein C(X) is such that (SC mod X.sup.2t,C) is an element of .sub.1 of minimal order, wherein .sub.1:={(u,v)|v(0)=1}, .sub.1:={(u,v).sub.2.sub.m[X].sub.2.sub.m[X]|uSv mod(X.sup.2t)}, t is a correction radius of the BCH codeword, and S.sub.even(X) and S.sub.odd(X) are even and odd parts of the syndrome polynomial, respectively, and polynomial B(X) tracks C(X) before a last length change in a virtual BM algorithm, where the virtual BM algorithm minimizes an order in N.sub.1, wherein $N_1:=\left\{\left(u,v\right)Nv\left(0\right)=1\right\},.Math.N:=\left\{\left(u,v\right){}_2.Math.m\left[X\right]{}_2.Math.m\left[X\right]u\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}\left(X^t\right)\right\},$ with an input syndrome $\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math..Math.\mathrm{mod}.Math..Math.X^t$ and the modified key equation is $u\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}\left(X^t\right),$ replacing h.sub.ih.sub.i+cX.sup.lh.sub.i for one i{1,2}, if h.sub.1 and h.sub.2 do not have a same leading monomial, wherein cK and l are chosen such that the leading monomial of h.sub.i is canceled; and setting .sub.i(X):=h.sub.i1(X.sup.2)+Xh.sub.i0(X.sup.2), for i{1,2}, wherein {h.sub.1(X),h.sub.2(X)} is the Groebner basis for the solution module of the modified key equation.

5. The ASIC of claim 4, wherein evaluating polynomials obtained from said Groebner basis at the inverses of specified weak-bit locations comprises calculating the inverses of the specified weak-bit locations .sub.1.sup.2, . . . , .sub.R.sup.2, of the BCH codeword, and evaluating polynomials .sub.1(.sub.1.sup.1), . . . , .sub.1(.sub.R.sup.1), . . . , .sub.2(.sub.R.sup.1) and further comprising calculating a weight w:=2 deg(h.sub.21)t(1), wherein = mod 2 and is a total number of errors in the BCH codeword.

6. The ASIC of claim 1, wherein transforming a Groebner basis for a module L(.sub.1, . . . , .sub.r1) to a Groebner basis for a module L(.sub.1, . . . , .sub.r) comprises: initializing a Groebner basis g.sub.1, g.sub.2, as g.sub.1=(g.sub.10(X), g.sub.11(X))=(1,0) and g.sub.2=(g.sub.20(X), g.sub.21(X))=(0,1); calculating, for j=1, 2, a discrepancy ${}_j:=\{\begin{array}{cc}{\hat{h}}_1\left({}_r^{-1}\right).Math.g_{j.Math..Math.0}\left({}_r^{-2}\right)+{\hat{h}}_2\left({}_r^{-1}\right).Math.g_{j.Math..Math.1}\left({}_r^{-2}\right)& \mathrm{if}.Math..Math.{\hat{h}}_1\left({}_r^{-1}\right)0\\ g_{j.Math..Math.1}\left({}_r^{-2}\right)& \mathrm{otherwise}\end{array};.Math.\mathrm{setting}.Math..Math.J:=\left\{j\left\{1,2\right\}{}_{j}0\right\};$ outputting g.sub.1, g.sub.2 and processing a next error location .sub.r+1, if J=, otherwise setting j*J such that the LM(g.sub.j*)=min.sub.j{LM(g.sub.j)}; and updating, for $jJ,g_j^{+}:=g_j+\frac{{}_j}{{}_{j^{*}}}.Math.g_{j^{*}},\mathrm{if}.Math..Math.j{j}^{*},$ and g.sub.j.sup.+=(X+.sub.r.sup.2)g.sub.j, otherwise.

7. The ASIC of claim 6, the method further comprising determining whether one of the discrepancies .sub.j is zero, and stopping calculation of the Groebner basis for a module L(.sub.1, . . . , .sub.r), if it is determined that discrepancy .sub.j is zero.

8. The ASIC of claim 1, the method further comprising calculating a final error-locator polynomial (X) from a Groebner basis h.sub.1=(h.sub.10, h.sub.11) and h.sub.2=(h.sub.20, h.sub.21) for the solution of the modified key equation and the Groebner basis g.sub.j.sup.+=(g.sup.+.sub.j0(X), g.sup.+.sub.j1(X)) for (.sub.1, . . . , .sub.r) from
(X)=a(g.sub.j0.sup.+(X.sup.2)(h.sub.11(X.sup.2)+Xh.sub.10(X.sup.2)+g.sub.j1.sup.+(X.sup.2)(h.sub.21(X.sup.2)+Xh.sub.20(X.sup.2))), wherein a is a multiplicative constant.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

[0019] FIG. 1 is a schematic block diagram of a BM-based Chase decoding algorithm according to an embodiment of the disclosure.

[0020] FIG. 2 is a flowchart of a fast Chase pre-calculation according to an embodiment of the disclosure.

[0021] FIG. 3 illustrates an exemplary Wu-type tree for a 5-bit sequence, according to an embodiment of the disclosure.

[0022] FIG. 4 is a flowchart of a Koetter algorithm that is specialized for fast Chase decoding, according to an embodiment of the disclosure.

[0023] FIG. 5 illustrates a general method to convert the outputs of the standard BM algorithm to a Groebner basis to a generic module N, according to an embodiment of the disclosure.

[0024] FIG. 6 is a block diagram of a machine for performing BM-based fast chase decoding of binary BCH codes, according to an embodiment of the disclosure.

[0025] FIG. 7 is a flowchart of another method of obtaining h.sub.1, h.sub.2, and .sub.1, .sub.2. and w, according to an embodiment of the disclosure.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

[0026] Exemplary embodiments of the invention as described herein generally provide systems and methods for performing BM-based fast chase decoding of binary BCH codes. While embodiments are susceptible to various modifications and alternative forms, specific embodiments thereof are shown by way of example in the drawings and will herein be described in detail. It should be understood, however, that there is no intent to limit the invention to the particular forms disclosed, but on the contrary, the invention is to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

[0027] Exemplary embodiments of the disclosure as described herein generally include systems and methods for a new polynomial-update algorithm that manipulates polynomials of degrees that typically grow from 0 to only 2r1, and has a new stopping criterion that differs from Wu's criterion and that avoids unnecessary Chien searches. For example, if t=10 and r=3, Wu's polynomials typically have a degree that grows from 10 to 13. Polynomials in an algorithm according to an embodiment have a degree that typically grows from 0 to 5. A Chase decoder polynomial-update algorithm according to an embodiment is based on the BM algorithm, since the BM algorithm is already implemented and well-understood. Polynomials according to embodiments should be further processed to obtain the desired error-locator polynomial. This has a cost in complexity, but further processing is performed only when the stopping criteria suggests that the correct error-locator polynomial may have been obtained.

[0028] This disclosure will use terminology that is substantially similar to that in Massey's 1969 paper, Massey, J. L. (1969), Shift-register synthesis and BCH decoding, IEEE Trans. Information Theory, IT-15 (1): 122-127, the contents of which are herein incorporated by reference in their entirety.

[0029] FIG. 1 is a schematic block diagram of a BM-based Chase decoding algorithm according to an embodiment of the disclosure. Referring to the figure, a BM-based Chase decoding algorithm includes a syndrome calculation 11, a BM algorithm 12, fast Chase pre-calculations 13, fast Chase polynomial updates 14, error locator construction 15, and a Chien search 16. Steps 13, 14, and 15 are performed if HI) decoding fails. These steps will be described in detail below.

[0030] The syndromes are calculated from a received codeword at step 11 as described above. A BM algorithm as performed at step 12 is a modified version of the BM algorithm described above. A binary BM algorithm according to an embodiment of the disclosure is as follows.

[0031] The input is

[0032] (a) The correction radius t; and

[0033] (b) The syndrome polynomial S(X).

The output is:

[0034] (a) A polynomial C(X) such that (SC mod X.sup.2t, C) is an element of .sub.1 of minimal order, where .sub.1:={(u,v)|v(0)=1}, :={(u,v).sub.2.sub.m[X].sub.2.sub.m[X]|uSv mod(X.sup.2t)};

[0035] (b) An integer L defined by L:=ord(SC mod X.sup.2t, C), where ord(f.sub.0,f.sub.1):=max{deg(f.sub.0)+1, deg(f.sub.1)} is the order of (f.sub.0, f.sub.2);

[0036] (c) A polynomial B(X) tracking C(X) before the last length change;

[0037] (d) A polynomial B(X) tracking C(X) before the last length change in a virtual BM algorithm, where the virtual BM algorithm minimizes the order in N.sub.l, where

[00001]$N_1:=\left\{\left(u,v\right)N|v\left(0\right)=1\right\},N:=\left\{\left(u,v\right){}_{2^m}\left[X\right]{}_{2^m}\left[X\right]|u\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}\left(X^t\right)\right\},$

with an input syndrome

[00002]$\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.\mathrm{mod}.Math..Math.X^t,$

where S.sub.even(X) and S.sub.odd(X) are the even and odd parts, respectively, of S(X), defined in general below;

[0038] (e) An integer tracking the number of indices since the last length change; and

[0039] (f) An integer {tilde over ()} tracking the number of indices since the last length-change in the virtual BM algorithm. Note that

[00003]$u\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}\left(X^t\right)$

is a modified key equation.
The following initializations are performed: [0040] C(X):=1, B(X):=1, {tilde over (B)}(X):=1, :=1, {tilde over ()}:=1, L:=0, b:=1.

[0041] A BM algorithm according to an embodiment performs the following iterations.

[0042] for k=1 to t: [0043] set d:=Coeff.sub.x.sub.2k2(SC) //coeff. of X.sup.k1 for k=2k1 [0044] if d=0, then // minimum LFSR unchanged [0045] update +2 [0046] update {tilde over ()}{tilde over ()}+1 [0047] if d0 and 2k1<2L+1, then // LFSR change w/o length change [0048] update C(X)C(X)db.sup.1X.sup.B(X) [0049] update +2 [0050] update {tilde over ()}{tilde over ()}+1 [0051] if d0 and 2k12L+1, then // length change [0052] set TMP:=C(X) [0053] update C(X)C(X)db.sup.1X.sup.B(X) [0054] set B(X):=TMP [0055] set b:=d [0056] set :=2 [0057] set L:=2k1L // next length, temp. storage [0058] if 2 does not divide L and L=L+1 // no virtual length change [0059] update {tilde over ()}{tilde over ()}+1 [0060] else // virtual length change [0061] update {tilde over (B)}(X)B(X) [0062] set {tilde over ()}:=1 [0063] set L:=L

[0064] Recall that in case of length-change, the BM algorithm saves the last C, i.e., the shortest LFSR before the length change, in B. A modified BM algorithm 12 according to an embodiment of the disclosure uses storage for two B polynomials instead of one, and maintains an additional polynomial B that is updated as follows. If there is a length change, i.e., when B has to be updated, then B is unchanged, if L, the minimum LFSR length, is odd and changes to L+1. So, in this case B has the value of B before the update. Otherwise, B changes, and is equal to the updated B.

[0065] A HD decoding is said to fail if the HD decoder failed to output a valid codeword. Because the HD decoder is limited to correcting up to t errors, if there are more than t errors, the typical result is a decoding failure. A much less probable case is to have an undetected error, in which the number of errors is so large that the decoder outputs some codeword, but this is not the transmitted codeword. If the BM algorithm 12 fails to output a valid codeword, then an algorithm according to embodiments of the disclosure branches to perform the fast Chase pre-calculations 13, the fast Chase polynomial updates 14, and the error locator construction 15, before performing the Chien search 16.

[0066] The fast Chase pre-calculations block 13 calculates some values that are unchanged during the fast Chase iterations, and thus can be pre-calculated once in advance.

[0067] First, for a field K, define a monomial ordering <.sub.r on K[X].sup.2 as follows: (X.sup.i, 0)<(X.sup.j, 0) iff i<j, (0,X.sup.i)<(0,X.sup.j) iff i<j, and (X.sup.i, 0)<(0,X.sup.j) iff ij+r. In addition, for an even integers s, and a polynomial f(X)=f.sub.0+f.sub.1X+ . . . +f.sub.sX.sup.sK[X], the odd part of f(X), f.sub.odd(X), is f.sub.odd(X):=f.sub.1+f.sub.3X+ . . . +f.sub.s1X.sup.s/21, while the even part of f(X), f.sub.even(x), is f.sub.even(X):=f.sub.0+f.sub.2X+ . . . +f.sub.sX.sup.s/2. In the above definition, note that f(X)=f.sub.even(X.sup.2)+Xf.sub.odd(X.sup.2).

[0068] FIG. 2 is a flowchart of a fast Chase pre-calculation according to an embodiment of the disclosure. Referring to the figure, at step 21, from the B, C outputs of the BM algorithm, two pairs of polynomials, h.sub.1=(h.sub.10(X), h.sub.11(X)), h.sub.2=(h.sub.20(X), h.sub.21(X)), where X is the free variable, are prepared as follows. Let the pair h.sub.1 be the odd and even parts of C, the minimum LFSR output by the BM algorithm. Let the pair h.sub.2 be a shifted version, i.e., a multiplied by a power of X, of the odd and even parts of the polynomial B. If the leading monomials of h.sub.1 and h.sub.2 with respect to the above monomial ordering contain distinct unit vectors, keep h.sub.1 and h.sub.2 unchanged, otherwise, at step 22, for exactly one i{1,2}, writing j:={1,2}\{i}, replace h.sub.ih.sub.i+cX.sup.lh.sub.j for come c and l, where cK* and lN are chosen such that the leading monomial of h.sub.i is canceled. The resulting pair is a Groebner basis for a solution of the modified key equation

[00004]$u\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}\left(X^t\right)$

for a <.sub.1 monomial ordering. Then, at step 23, for i{1,2}, let {umlaut over (h)}.sub.i(X):=h.sub.i1(X.sup.2)+Xh.sub.i0(X.sup.2). This combines the even and odd parts. Note that no calculations are involved. The polynomials .sub.1(X) and .sub.2 (X) are outputs of the pre-calculations block 13.

[0069] Next, let the weak bits coordinates be .sub.1, . . . , .sub.R. At step 24, the pre-calculations block 13 calculates and outputs .sub.1.sup.2, . . . , .sub.R.sup.2, as well as .sub.1(.sub.1.sup.1), . . . , .sub.1(.sub.R.sup.1), .sub.2(.sub.1.sup.1), . . . , .sub.2(.sub.R.sup.1), and a weight w defined as w:=2 deg(h.sub.21)t(1), where is the total number of errors, and = mod 2 is assumed known at the negligible cost of losing one information bit.

[0070] The polynomial update block uses the quantities pre-calculated by the pre-calculations block 13 along with weak bit coordinates from additional soft reads. Flipping patterns are arranged in a Wu-type tree in which in each path from the root to a leaf, one additional bit is flipped at each level of the tree. An exemplary Wu-type tree for a 5-bit sequence is shown in FIG. 3. Intermediate results may be saved for nodes 30 with more than one child node, which are boxed in the figure. The processing for one edge of the graph of FIG. 3, i.e., the processing for adding one more assumed error, is as follows.

[0071] Let the primitive binary BCH code being decoded have length 2.sup.m1, and let K be a finite field defined as K:=F.sub.2.sub.m. Then search for two polynomials f.sub.1(X), f.sub.2(X)K[X] such that the error-locator polynomial (X) is given by

(X)=f.sub.1(X.sup.2).sub.1(X)+f.sub.2(X.sup.2).sub.2(X),

where .sub.1(X) and .sub.2(X) are outputs of the pre-calculations block 13.

[0072] Let .sub.1, . . . , .sub.rK be a set of potential error locations to be flipped, and consider the following interpolation task. Among all bivariate polynomials Q(X Y)=q.sub.0(X)+Y.sub.q1(X) of Y-degree of at most one that satisfy the following two conditions:

js.Math.t.Math..sub.1(.sub.j.sup.1)0:Q(.sub.j.sup.2,.sub.2(.sub.j.sup.1)/.sub.1(.sub.j.sup.1))=0;(1)

js.Math.t.Math..sub.1(.sub.j.sup.1)=0:(.sub.j.sup.2,0)=0;(2)

where (X,Y):=q.sub.1(X)+Yq.sub.0(X) is the Y-reversed version of Q, find a polynomial Q(X Y) that minimizes the (1, w)-weighted degree, defined as

max(deg(q.sub.0),deg(q.sub.1)+w),

where w is an output of the pre-calculations block 13. Let L=L(.sub.1, . . . , .sub.r) be a module of those bivariate polynomials of Y-degree of at most one that satisfy the above two conditions, and let Q(X Y) by a polynomial on L that minimizes the weighted degree.

[0073] The basic ideas of a Chase decoding according to an embodiment are as follows.

[0074] 1. Correctness: If all of the .sub.j are actual error locations and rt, i.e., there is a correct flipping pattern that is at least as large as that required for a Chase trial, then the sought-after polynomials f.sub.1(X) and f.sub.2(X) appear in Q(X, F), that is, Q(X, Y)=c (f.sub.1(X)+Y f.sub.2(X)), for some non-zero constant c.

[0075] 2. Groebner Basis: A minimizing Q(X, Y) appears in a Groebner Basis (GB) for L with an appropriate monomial ordering, such as a <.sub.w ordering. Embodiments of the disclosure use GBs with two bivariate polynomials. An appropriate monomial ordering is a defined above with respect to the pre-calculations.

[0076] 3. Fast Update: If there already exists a GB for L=L(.sub.1, . . . , .sub.r1), it is easy to obtain a GB for an additional flipping, that is, for L(.sub.1, . . . , .sub.r1, .sub.r). A fast Chase update needs an algorithm for moving from a GB for L(.sub.1, . . . , .sub.r1) to a GB for L(.sub.1, . . . , .sub.r). According to embodiments, one such algorithm is Koetter's algorithm.

[0077] Koetter's algorithm solves a more general interpolation than Chase decoding. FIG. 4 is a flowchart of a Koetter algorithm according to an embodiment that is specialized for fast Chase decoding, with a monomial <.sub.w ordering.

[0078] The input to a Koetter algorithm according to an embodiment is a GB {g.sub.1=(g.sub.10(X), g.sub.11(X)), g.sub.2=(g.sub.20(X), g.sub.21(X))} for L(.sub.1, . . . , .sub.r1) with the leading monomial (LM) of g.sub.1 in the first coordinate and the LM of g.sub.2 in the second coordinate, and the next error location .sub.r. The output is a GB {g.sup.+.sub.1=(g.sup.+.sub.10(X), g.sup.+.sub.11(X)), g.sup.+.sub.2=(g.sup.+.sub.20(X), g.sup.+.sub.21(X))} for L(.sub.1, . . . , a.sub.r1, .sub.r) with the LM of g.sup.+.sub.1 in the first coordinate and the LM of g.sup.+.sub.2 in the second coordinate.

[0079] Referring now to the figure, an algorithm according to an embodiment begins at step 41 by calculating, for j=, 2, a discrepancy:

[00005]${}_j:=\{\begin{array}{cc}{\hat{h}}_1\left({}_r^{-1}\right).Math.g_{j.Math..Math.0}\left({}_r^{-2}\right)+{\hat{h}}_2\left({}_r^{-1}\right).Math.g_{j.Math..Math.1}\left({}_r^{-2}\right)& \mathrm{if}.Math..Math.{\hat{h}}_1\left({}_r^{-1}\right)0\\ g_{j.Math..Math.1}\left({}_r^{-2}\right)& \mathrm{otherwise}\end{array}.$

[0080] If, at step 42, d, =0 for some j, exit, and go to error locator construction 15, and Chien search 16. This is a stopping criterion according to an embodiment, and is described below.

[0081] An algorithm according to an embodiment continues at step 43 by setting J:={j{1,2}|.sub.j0}. If, at step 44, J=, output g.sub.1, g.sub.2 at step 45, and process the next error location .sub.r+1. Otherwise, at step 46, let j*J be such that the LM(g.sub.j*)=min.sub.j{LM(g.sub.j)}, where the LM and the minimization are with respect to the monomial ordering <.sub.w, where w is the pre-calculated weight. Then, at step 47, the polynomials are updated: for jJ,

[00006]$\mathrm{if}.Math..Math.j{j}^{*},\mathrm{set}.Math..Math.g_j^{+}:=g_j+\frac{{}_j}{{}_{j^{*}}}.Math.g_{j^{*}};$$\mathrm{otherwise},\mathrm{set}.Math..Math.g_j^{+}:=\left(X+{}_r^{-2}\right).Math.g_j,$

after which the algorithm returns to step 41.

[0082] A Koetter algorithm according to an embodiment for fast Chase decoding is called on the edges of Wu's tree, shown in FIG. 3. In particular, when the algorithm is first called, g.sub.1=(1,0) and g.sub.2=(0,1). Then, the previous output becomes the next input when one additional bit becomes one in the flipping pattern. For example, consider the following sequence of flipping patterns 31 in the tree shown in FIG. 3, assuming that there are 5 weak bits: 01000.fwdarw.01010.fwdarw.01110.fwdarw.11110.fwdarw.111111. Then the initial GB for the first flipping pattern (single flipped bit, 01000) is g.sub.1=(1,0), g.sub.2=(0,1) and .sub.1 is the field element pointing to the 2.sup.nd weak bit (01000), and the output GB (g.sub.1.sup.+, g.sub.2.sup.+) becomes the input GB (g.sub.1, g.sub.2), this time with .sub.2 pointing to the fourth weak bit (01010), etc. A Koetter's algorithm according to an embodiment outputs two pairs of polynomials: g.sub.1.sup.+ and g.sub.2.sup.+. A fast Chase decoder according to an embodiment selects one of the two outputsthe one that has a smaller leading monomial.

[0083] Note that if up to r bits within the weak bits are flipped, then the depth of every path from the root to a leaf is at most r. Thus, according to embodiments of the disclosure, after applying a Koetter algorithm according to an embodiment r times, the sum of the degrees of the four involved polynomials is at most 2r1:

deg(g.sup.+.sub.10)+deg(g.sup.+.sub.11)+deg(g.sup.+.sub.20)+deg(g.sup.+.sub.21)2r1.

Note that it is possible that one of g.sup..sub.11 or g.sup.+.sub.20 is the zero polynomial, in which case the above formula is meaningless, since deg(0)=. However, in such a case, it can be verified that the formula still holds when the sum on the left-hand side is only over the non-zero polynomials.

[0084] A stopping criterion for a Koetter algorithm according to an embodiment for fast Chase decoding is as follows. Suppose that .sub.1, . . . , .sub.r are correct flipping locations, and that r=t, so that an error-locator polynomial can be constructed from the output of a Koetter's algorithm according to an embodiment. However, it is expensive to reconstruct (X) and perform a Chien search. However, suppose there exists one more erroneous location, .sub.r+1, within the weak bits. Then, according to embodiments of the disclosure, in Koetter's iteration for adjoining .sub.e+1 to .sub.j, . . . , .sub.r, one of the discrepancies will be zero: .sub.j=0 for some j. Thus, checking if one of the .sub.j's is zero can serve as a stopping criterion. However, it is possible that some .sub.j is zero even if there is not a correct error-locator polynomial, i.e., .sub.j is a false positive. The cost of handling a false positive is an increased complexity. However, even if the false positive rate is of the order 1/100, or even 1/10, the overall increase in complexity is negligible, and a Monte Carlo simulation can be used to obtain a reliable estimation in such situations. The cost of a stopping criterion according to an embodiment involves performing half an iteration of the discrepancy calculation for a sphere of radius r+1 when t is only r. This reduces the overall complexity gain over a brute force Chien search. When t=r, r+1 errors are needed in the weak bits, which slightly degrades the FER in comparison to a brute force Chien search.

[0085] After performing the fast Chase polynomial updates and satisfying the stopping criteria, an algorithm constructs an error locator polynomial (ELP), as follows. First, let j{1,2} be such that g.sub.j.sup.+=(g.sup.+.sub.j0(X), g.sup.+.sub.j1(X)) is the output of a Koetter's algorithm according to an embodiment, with a minimal leading monomial ordered according to <.sub.w. Then the ELP (X) can be reconstructed, up to a multiplicative constant, from (X)=g.sub.j0.sup.+(X.sup.2).sub.1(X)+g.sub.j1.sup.+(X.sup.2).sub.2(X). Here, the .sub.j(X) are defined as follows: Letting {h.sub.1, h.sub.2} be a Groebner basis for the module N, where h.sub.1=(h.sub.10, h.sub.11) has its leading monomial in the first coordinate and h.sub.2=(h.sub.20, h.sub.21) has its leading monomial in the second coordinate. Then, for i=1,2, define .sub.i(X):=h.sub.i1(X.sup.2)+Xh.sub.i0(X.sup.2).

[0086] According to further embodiments of the disclosure, a general method to convert the outputs of the standard BM algorithm to a Groebner basis to a generic module N with respect to the ordering <.sub.1 is as follows, as illustrated in the flowchart of FIG. 5. According to an embodiment, a generic module N is defined as N:={(u,v)K[X]K[X]|ug vmod(X.sup.m)}, where K is some field, m* is some integer, where N* is the integers without 0, and g(X)K[X] is some polynomial, and g(X)0 mod X.sup.m. Referring now to the figure, at step 51, from the outputs C, B, of the BM algorithm with inputs m, g, form the following two pairs of polynomials:

b.sub.1:=(gC mod X.sup.m,C), and

b.sub.2:=(gX.sup.B mod X.sup.m,X.sup.B).

Then consider three cases, where leading monomials are ordered according to the ordering <.sub.1:

[0087] (1) If, at step 52, the leading monomials of b.sub.1 and b.sub.2 contain distinct unit vectors, then output {b.sub.1, b.sub.2} as the Groebner basis at step 53;

[0088] (2) If, at step 54, the leading monomials contain the same unit vector and the leading monomial of b.sub.1 is at least as large as that of b.sub.2, then output {b.sub.1cX.sup.lb.sub.2, b.sub.2,} as the GB at step 55, where cK*, where K* is a multiplicative subgroup of K without 0, and lN are chosen such that the leading monomial of b.sub.1 is canceled; and

[0089] (3) If, at step 56, the leading monomials contain the same unit vector and the leading monomial of b.sub.2 is strictly larger than that of b.sub.1, then output {b.sub.1, b.sub.2cX.sup.lb.sub.1} as the GB at step 57, where cK* and lN* are chosen such that the leading monomial of b.sub.2 is canceled. Note that these cases cover all possibilities.

[0090] According to further embodiments of the disclosure, there is also another way to obtain h.sub.1, h.sub.2, and consequently .sub.1, .sub.2. and w, as follows:

[0091] 1. Calculate the modified syndrome,

[00007]$\hat{S}:=\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.\mathrm{mod}.Math..Math.X^t.$

Note that there is an efficient way to do this, which will be described below.

[0092] 2. Find a two-element Groebner basis {h.sub.1, h.sub.2} for the module N:={(u,v).sub.2m[X].sub.2.sub.m[X]|uv mod(X.sup.t)}. This can be done in several different ways: [0093] (a) Apply a conventional BM algorithm to the inputs t and , and then convert the outputs C, B, to the required Groebner basis h.sub.1, h.sub.2 using the generic conversion method described above. [0094] (b) Alternatively, use Fitzpatrick's algorithm. [0095] (c) Alternatively, use the Euclidean algorithm.

[0096] Now, the calculation of the modified syndrome concerns the general question of finding

[00008]$\frac{f}{1+X_g}.Math.\mathrm{mod}.Math..Math.X^k,$

where f, gK[X] are polynomials over some field K and k is some positive integer. For a polynomial t(X)=t.sub.0+t.sub.jX+ . . . t.sub.rX.sup.r, write [t(X)].sub.i:=t.sub.i, the coefficient of X.sup.i. For i{1, . . . , k}, suppose there is a polynomial t.sub.i1(X) that satisfies the following two conditions: (1) deg(t.sub.i1)i1, and (2) t.sub.i1(1+Xg)=f mod X.sup.i. Define =[f].sub.i[t.sub.i1 (1+Xg)].sub.i. Then, t.sub.i:=t.sub.i1+X.sup.i satisfies conditions (1), (2) above with i+1 instead of i. Note that in the calculation of , finding [t.sub.i1(1+Xg)].sub.i requires the calculation of one single coefficient of the multiplied polynomials. Furthermore, since deg(t.sub.i1)i1, then [t.sub.i1(1+Xg)].sub.i=[t.sub.i1 g].sub.i1. This leads to a following algorithm according to an embodiment for calculating

[00009]$\frac{f}{1+X_g}.Math.\mathrm{mod}.Math..Math.X^k,$

with reference to the flowchart of FIG. 7:

TABLE-US-00001 t := [f].sub.0 (Step 70) for i = 1 to kl (Step 71) := [f].sub.i [t g].sub.il (Step 72) t t + X.sup.i (Step 73) end (Step 74) output t (Step 75)
An algorithm according to an embodiment has zero delay, since the coefficient of X.sup.l in the output t is in its final form after the i-th iteration, and can be pipelined with the Groebner basis algorithms of steps 2(a), 2(b) to speed up the processing.

Theoretical Background and Proof of Validity

[0097] The validity of the above method for fast Chase decoding will now be explained. In what follows, for a polynomial f, the notation , will sometimes be used for f.sub.even, f.sub.odd, respectively.

Definition

[0098] Define an .sub.2.sub.m[X]-module, L, as follows. As an abelian group, L=.sub.2.sub.m[X], but the scalar multiplication .Math..sub.1: .sub.2.sub.m[X]L.fwdarw.L is defined by f(X).Math..sub.1g(X):=f(X.sup.2)g(X). Let :.sub.2.sub.m[X].sub.2.sub.m[X].fwdarw.L be defined by (u(X),v(X))v(X.sup.2)+Xu(X.sup.2), and note that is an isomorphism of .sub.2.sub.m[X]-modules.

[0099] Recall that we have defined

[00010]$N:=\left\{\left(u,v\right){}_{2^m}\left[X\right]{}_{2^m}\left[X\right]|u\frac{\stackrel{\mathrm{even}}{S}\left(X\right)}{1+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}.Math..Math.\left(X^t\right)\right\}$

as the solution module of the modified key equation. Define also M={u.sub.2.sub.m[X]|uSu mod (X.sup.2t)}, the solution module of the standard key equation in the binary case. The two solution modules are related through the following proposition.
Proposition 1 (Relation between solution modules). M is an .sub.2.sub.m[X]-submodule of L and (N)=M. Hence p restricts to an isomorphism : N{tilde over (.fwdarw.)}M.

Proof.

[0100] While the first assertion follows from the second, it can be verified directly. First, M is clearly an abelian subgroup of L, and so it remains to verify that for all f.sub.2.sub.m[X] and all uM, f.Math..sub.1uM. But

(f(x).Math..sub.1u(X))=(f(X.sup.2)u(X))=f(X.sup.2)u(X)f(X.sup.2)Su=S.Math.(f(X).Math..sub.1u(X)),

where characteristic 2 was used in the second equation, and where stands for congruence modulo (X.sup.2t).

[0101] Let us now turn to the second assertion. For a polynomial u.sub.2.sub.m[X] we have u(X)=(X.sup.2), and so u is in M iff

[00011]$\begin{array}{cc}\stackrel{\mathrm{odd}}{u}\left(X^2\right)\left(\stackrel{\mathrm{even}}{S}\left(X^2\right)+X.Math.\stackrel{\mathrm{odd}}{S}\left(X^2\right)\right).Math.\left(\stackrel{\mathrm{even}}{u}\left(X^2\right)+X.Math.\stackrel{\mathrm{odd}}{u}\left(X^2\right)\right)=\stackrel{\mathrm{even}}{S}\left(X^2\right).Math.\stackrel{\mathrm{even}}{u}\left(X^2\right)+X^2.Math.\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\stackrel{\mathrm{odd}}{u}\left(X^2\right)+X\left(\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\stackrel{\mathrm{even}}{u}\left(X^2\right)+\stackrel{\mathrm{even}}{S}\left(X^2\right).Math.\stackrel{\mathrm{odd}}{u}\left(X^2\right)\right).& \left(1\right)\end{array}$

Now, (1) is equivalent to the following pair of equations:

[00012]$\begin{array}{cc}\stackrel{\mathrm{odd}}{u}\left(X^2\right)\stackrel{\mathrm{even}}{S}\left(X^2\right).Math.\stackrel{\mathrm{even}}{u}\left(X^2\right)+X^2.Math.\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\stackrel{\mathrm{odd}}{u}\left(X^2\right).Math.\mathrm{mod}\left(X^{2.Math..Math.t}\right),.Math.\mathrm{and}& \left(2\right)\\ 0\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\stackrel{\mathrm{even}}{u}\left(X^2\right)+\stackrel{\mathrm{even}}{S}\left(X^2\right).Math.\stackrel{\mathrm{odd}}{u}\left(X^2\right).Math.\mathrm{mod}\left(X^{2.Math..Math.t}\right).& \left(3\right)\end{array}$

So, we have shown that uM iff EQS. (2) and (3) are true. To prove the assertion, we will show that for all u.sub.2.sub.m[X], (i) EQ. (3) follows from EQ. (2), so that uM iff EQ. (2), and (ii) EQ. (2) is equivalent to .sup.1(u)N, so that uM iff .sup.1(u)N. Let us start with (ii). Observe that for all u, EQ. (2) is equivalent to

[00013]$\begin{array}{cc}\stackrel{\mathrm{odd}}{u}\left(X\right)\stackrel{\mathrm{even}}{S}\left(X\right).Math.\stackrel{\mathrm{even}}{u}\left(X\right)+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\stackrel{\mathrm{odd}}{u}\left(X\right).Math.\mathrm{mod}\left(X^{.Math.t}\right).& \left(4\right)\end{array}$

Collecting terms in the last equation, and noting that

[00014]$1+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right)$

has an inverse in .sub.2.sub.m[[X]], and hence in .sub.2.sub.m[X]/(X.sup.i) for all i, we see that for all u.sub.2.sub.m[X], EQ. (2) is equivalent to .sup.1(u)N, as required.

[0102] Moving to (i), recall that in the binary case in question, for all i, S.sub.2i=S.sub.i.sup.2, and hence

[00015]${S\left(X\right)}^2=S_2+S_4.Math.X^2+\mathrm{.Math.}+S_{2.Math..Math.d-2}.Math.X^{2.Math..Math.d-4}\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\mathrm{mod}\left(X^{2.Math..Math.t}\right),$

recall that d=2t+1. Hence

[00016]${\left(\stackrel{\mathrm{even}}{S}\left(X^2\right)+X.Math.\stackrel{\mathrm{odd}}{S}\left(X^2\right)\right)}^2\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\mathrm{mod}\left(X^{2.Math..Math.t}\right),.Math.\mathrm{that}.Math..Math.\mathrm{is},.Math.{\left(\stackrel{\mathrm{even}}{S}\left(X^2\right)\right)}^2{X^2\left(\stackrel{\mathrm{odd}}{S}\left(X^2\right)\right)}^2+\stackrel{\mathrm{odd}}{S}\left(X^2\right).Math.\mathrm{mod}\left(X^{2.Math..Math.t}\right),$

which is equivalent to

[00017]$\begin{array}{cc}{\left(\stackrel{\mathrm{even}}{S}\left(X\right)\right)}^2{X\left(\stackrel{\mathrm{odd}}{S}\left(X\right)\right)}^2+\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\mathrm{mod}\left(X^t\right).& \left(5\right)\end{array}$

[0103] Now, to prove (i), assume that EQ. (2) holds, so that EQ. (4) also holds. Multiplying EQ. (4) by

[00018]$.Math.\stackrel{\mathrm{even}}{S}\left(X\right).Math..Math.\mathrm{and}.Math..Math.\mathrm{writing}.Math..Math.\mathrm{for}.Math..Math.\mathrm{congruence}.Math..Math.\mathrm{modulo}.Math..Math.\left(X^t\right),\mathrm{we}.Math..Math.\mathrm{get}$$\stackrel{\mathrm{odd}}{u}\left(X\right).Math.\stackrel{\mathrm{even}}{S}\left(X\right){\left(\stackrel{\mathrm{even}}{S}\left(X\right)\right)}^2.Math.\stackrel{\mathrm{even}}{u}\left(X\right)+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\stackrel{\mathrm{even}}{S}\left(X\right).Math.\stackrel{\mathrm{odd}}{u}\left(X\right).Math.\stackrel{\mathrm{(*})}{}.Math.\left(1+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right)\right).Math.\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\stackrel{\mathrm{even}}{u}\left(X\right)+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\stackrel{\mathrm{even}}{S}\left(X\right).Math.\stackrel{\mathrm{odd}}{u}\left(X\right),$

where (*) follows from EQ. (5), which is equivalent to

[00019]$\left(1+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right)\right).Math.\stackrel{\mathrm{odd}}{u}\left(X\right).Math.\stackrel{\mathrm{even}}{S}\left(X\right)\left(1+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right)\right).Math.\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\stackrel{\mathrm{even}}{u}\left(X\right).$

Canceling the term

[00020]$1+X.Math.\stackrel{\mathrm{odd}}{S}\left(X\right),$

which is invertible in .sub.2.sub.m[X]/(X.sup.t), we get

[00021]$0\stackrel{\mathrm{odd}}{S}\left(X\right).Math.\stackrel{\mathrm{even}}{u}\left(X\right)+\stackrel{\mathrm{even}}{S}\left(X\right).Math.\stackrel{\mathrm{odd}}{u}\left(X\right).Math.\mathrm{mod}\left(X^t\right)$

which is equivalent to EQ. (3), as required.

[0104] The following proposition will be useful ahead. We omit the simple proof.

Proposition 2. Let K be Afield.

[0105] 1. For r* and for any monomial ordering on K[X].sup.r, let PK[X].sup.r be a submodule with the following property: for all i{0, . . . , r1}, there is a vector fP such that LM(f) contains the i-th unit vector. Then P has a Groebner basis {h.sub.1, . . . , h.sub.r} with LM(h.sub.i) containing the i-th unit vector for all i.
2. For any gK[X] and any s*, the submodule P:={(u,v)|ugv mod(X.sup.s)} of K[X].sup.2 satisfies the condition of part 1 of the theorem (as clearly (X.sup.s, 0), (0, X.sup.s)P) and therefore has a two-element Groebner basis {h.sub.1, h.sub.2} with LM(h.sub.1) containing (1,0) and LM(h.sub.2) containing (0,1).

[0106] Note that in part 1 of the proposition, and hence also in part 2, the Groebner basis is also a free-module basis. The following proposition is a small modification of Proposition 2 of P. Beelen, T. Hoeholdt, J. S. R. Nielsen, and Y. Wu, On rational interpolation-based list-decoding and list-decoding binary Goppa codes, IEEE Trans. Inform. Theory, vol. 59, no. 6, pp. 3269-3281, June 2013, the contents of which are herein incorporated by reference in their entirety.

Proposition 3. Let {h.sub.1=(h.sub.10, h.sub.11), h.sub.2=(h.sub.20, h.sub.21)} be a Groebner basis for the module N with respect to the monomial ordering <.sub.1, and assume without loss of generality that that LM(h.sub.1) contains (1,0) and LM(h.sub.2) contains (0,1). Then
1. deg(h.sub.10)+deg(h.sub.21)=t.
2. For u=(u.sub.0, u.sub.1)N, let f.sub.1, f.sub.2.sub.2.sub.m[X] be the unique polynomials such that u=f.sub.1h.sub.1+f.sub.2h.sub.2. Put :=deg((u))=deg(u.sub.1(X.sup.2)+Xu.sub.0(X.sup.2)).
(a) If is even, so that =2deg(u.sub.1), then

deg(f.sub.1(X))deg(u.sub.1(X))t+deg(h.sub.21(X))1=:w.sub.1.sup.even

deg(f.sub.2(X))=deg(u.sub.1(X))deg(h.sub.21(X))=:w.sub.2.sup.even

(b) Otherwise, if is odd, so that =2deg(u.sub.0)+1, then

deg(f.sub.1(X))=deg(u.sub.0(X))t+deg(h.sub.21(X))=:w.sub.2.sup.odd

deg(f.sub.2(X))deg(u.sub.0(X))deg(h.sub.21(X))=:w.sub.2.sup.odd

Definition

[0107] 1. For h.sub.i(i=1,2) as in the above proposition, let .sub.i:=(h.sub.i), so that .sub.i is the polynomial obtained by gluing the odd and even parts specified in h.sub.i.
2. Take u:=.sup.1() in part 2 of the proposition, so that =deg()= is the number of errors in the received word y. For i=1,2, let f.sub.i(X).sub.2.sub.m[X] be the unique polynomials from the proposition for this choice of u, and let

[00022]$N_1:=\left\{\left(u,v\right)N|v\left(0\right)=1\right\},N:=\left\{\left(u,v\right){}_{2^m}\left[X\right]{}_{2^m}\left[X\right]|u\frac{S_{\mathrm{even}}\left(X\right)}{1+{\mathrm{XS}}_{\mathrm{odd}}\left(X\right)}.Math.v.Math..Math.\mathrm{mod}\left(X^t\right)\right\},$

Note that w.sub.1+w.sub.2=t1, regardless of the parity of .
The following proposition is a small modification of p. 148 of J. S. R. Nielsen, List Decoding of Algebraic Codes, Ph.D. Thesis, Dep. of Applied Mathematics and Computer Science, Technical University of Denmark, 2013, the contents of which are herein incorporated by reference in their entirety. The proof is omitted, which is similar to that appearing in the above reference.

Proposition 4.

[0108] 1. Suppose that there exists some free-module basis {g.sub.1, g.sub.2} for N such that gcd((g.sub.1),u(g.sub.2))=1. Then for any free-module basis {h.sub.1,h.sub.2} for N it holds that gcd((h.sub.1),(h.sub.2))=1.
2. N has a free-module basis {g.sub.1, g.sub.2} with gcd((g.sub.1), (g.sub.2))=1.
Let us now return to the error-locator polynomial, (X). Let {h.sub.1, h.sub.2} be a GB for N as in Proposition 3, and recall that =deg() is the number of errors in the received word. Let f.sub.1,f.sub.2.sub.2.sub.m[X] be the unique polynomials such that .sup.1()=f.sub.1h.sub.1+f.sub.2h.sub.2. Since is a homomorphism, we have

[00023]$\begin{array}{cc}=\left(f_1.Math.h_1+f_2.Math.h_2\right)=f_1\left(X\right).Math.{.Math.}_1.Math.\left(h_1\right)+f_2\left(X\right).Math.{.Math.}_1.Math.\left(h_2\right)=f_1\left(X^2\right).Math.{\hat{h}}_1+f_2\left(X^2\right).Math.{\hat{h}}_2,.Math..Math.\mathrm{that}.Math..Math.\mathrm{is}.Math..Math..Math.\left(X\right)=f_1\left(X^2\right).Math.{\hat{h}}_1\left(X\right)+f_2\left(X^2\right).Math.{\hat{h}}_2\left(X\right).& \left(6\right)\end{array}$

Hence,

[0109]
xRoots(,.sub.2.sub.m),f.sub.1(x.sup.2).Math..sub.1(x)+f.sub.2(x.sup.2).Math..sub.2(x)=0,(7)

and also, by Proposition 4,

x.sub.2.sub.m*,.sub.1(x)=0.Math..sub.2(x)0.(8)

Note that h.sub.1 and h.sub.2 depend only on the received word (through the syndrome), and the decoder's task is to find f.sub.1,f.sub.2, as can be restored from f.sub.1,f.sub.2.

[0110] The interpolation theorem below indicates how EQ. (7) can be used for finding f.sub.1 and f.sub.2. Before stating this theorem, we will need some additional definitions, following P. Trifonov, and M. H. Lee, Efficient interpolation in the Wu list decoding algorithm, IEEE Trans. Inform. Theory, vol. 58, no. 9, pp. 5963-5971, September 2012, the contents of which are herein incorporated by reference in their entirety.

Definition

[0111] 1. Let K be a field. A polynomial of the form f(X, Y, Z):=.sub.j=0.sup..sub.ia.sub.ijX.sup.iY.sup.jZ.sup.j for some N, where a.sub.ijK for all i, j, will be called a (Y,Z)-homogeneous polynomial of (Y,Z)-homogeneous degree . We will write Homog.sub.Y,Z.sup.K() for the K[X]-sub-module of polynomials in K[X, Y, Z] which are (Y, Z)-homogeneous with (Y, Z)-homogeneous degree , and set Homog.sub.Y,Z.sup.K:=U.sub.0 Homog.sub.Y,Z.sup.K().
2. For f(X, Y, Z)Homog.sub.Y,Z.sup.K(), let {tilde over (f)}(X,Y):=f(X, Y, 1). Also, let {circumflex over (f)}(X,Y) be the Y-reversed version of {tilde over (f)}(X,Y), that is, {circumflex over (f)}(X,Y):=Y.sup.{tilde over (f)}(X,Y.sup.1). Writing M.sub.K() for the K[X]-submodule of K[X,Y] consisting of all polynomials of Y-degree at most , it can be verified that ({tilde over ()}): Homog.sub.Y,Z.sup.K().fwdarw.M.sub.K() is an isomorphism of K[X]-modules.

[0112] With the above definition, we can state the interpolation theorem. In the sequel, mult(f,x) stands for the multiplicity of fK[X], where K is some field and X=(X.sub.1, . . . , X.sub.n) for some n*, at the point xK.sup.n, that is, for the minimum total degree of a monomial appearing in f(X+x). Also, for w=(w.sub.1, . . . , w.sub.n).sup.n, wdeg.sub.w(f) will stand for the w-weighted degree of f, the maximum of w.sub.1i.sub.1+ . . . +w.sub.ni.sub.n over all monomials X.sub.1.sup.i.sup.1 . . . X.sub.n.sup.i.sup.n appearing in f.

[0113] The following theorem can be deduced from the results of Trifonov and Lee.

Theorem 1. (The Interpolation Theorem) For any field K, let Q(X, Y, Z)Homog.sub.Y,Z.sup.K, and let f.sub.1(X),f.sub.2(X)K[X] be polynomials with deg(f.sub.1(X))w.sub.1 and deg(f.sub.2(X))w.sub.2 for some w.sub.1, w.sub.2. For e*, let {(x.sub.i, y.sub.i, z.sub.i)}.sub.i=1.sup.e.Math.K.sup.3 be a set of triples satisfying the following conditions:
1. The x.sub.i are distinct.
2. The y.sub.i and z.sub.i are not simultaneously zero, that is, for all i, y.sub.i=0.Math.=z.sub.i0.
3. For all i, z.sub.if.sub.1(x.sub.i)+y.sub.if.sub.2(x.sub.i)=0.

Then, if

[0114] [00024]$\underset{i=1}{\overset{e}{.Math.}}.Math..Math.\mathrm{mult}\left(Q\left(X,Y,Z\right),\left(x_i,y_i-z_i\right)\right)>{\mathrm{wdeg}}_{1,w_1^{},w_2^{}}\left(Q\left(X,Y,Z\right)\right)<$

then Q(X,f.sub.1(X),f.sub.2(X))=0 in K[X].

Definition

[0115] For a vector m={m.sub.x}.sub.x.sub.2.sub.m*.sup.2.sup.m* of multiplicities, let a(m):={Q.sub.2.sub.m[X, Y, Z]|x.sub.2.sub.m*,mult(Q,(x.sup.2,.sub.2(x),.sub.1(x)))m.sub.x.sub.1} be the ideal of all polynomials having the multiplicities specified in m. Also, for , let M(m,) be the .sub.2.sub.m[X]-submodule of .sub.2.sub.m[X, Y, Z] defined by

M(m,):=a(m)().

The proof of the following proposition is straightforward.
Proposition 5. Let {tilde over (M)}(m,) be the image of M(m,) under the isomorphism ({tilde over ()}). Then {tilde over (M)}(m,) is the .sub.2.sub.m[X]-module of all polynomials P.sub.2.sub.m[X, Y] satisfying
1. wdeg.sub.0,1(P),
2. For all x with .sub.1(x)0,

[00025]$\mathrm{mult}\left(P,\left(x^2,\frac{{\hat{h}}_2\left(x\right)}{{\hat{h}}_1\left(x\right)}\right)\right)m_{x^{-1}}.$

3. For all x with .sub.1(x)=0 (and hence with .sub.2(x)0),

mult(Y.sup.P(X,Y.sup.1),(x.sup.2,0))m.sub.x.sub.1.

Moreover, for a polynomial RM(m,), we have

wdeg.sub.1,w.sub.1.sub.,w.sub.2(R)=wdeg.sub.1,w.sub.1.sub.w.sub.2({tilde over (R)})+w.sub.2.

Hence, if P{tilde over (M)}(m,) has the minimal (1,w.sub.1w.sub.2)-weighted degree in {tilde over (M)}(m,), then the RM(m,) with {tilde over (R)}=P has the minimal (1, w.sub.1, w.sub.2)-weighted degree in M(m,).

[0116] Let us now proceed to a success criterion for decoding. Later, we will show that the validity of fast Chase decoding follows as a special case. The following proposition follows easily from the Interpolation Theorem (Theorem 1).

Proposition 6. Suppose that I.Math..sub.2.sub.m* is the set of erroneous coordinates (so that |I|32 ). Let J.Math..sub.2.sub.m* be some subset, and for m*, define m by setting, for all x.sub.2.sub.m*,

[00026]$m_x:=\{\begin{array}{cc}m& \mathrm{if}.Math..Math.xJ,\\ 0& \mathrm{otherwise}\end{array}.$

Let also N*. Then if t+1 and

[00027]$\begin{array}{cc}m.Math..Math.I.Math.J.Math.>\frac{.Math.J.Math..Math.m\left(m+1\right)}{2.Math.\left(+1\right)}+\frac{}{2}.Math.\left(\mathrm{.Math.}-t-1\right),& \left(9\right)\end{array}$

then a non-zero polynomial {tilde over (Q)}(X,Y) minimizing the (1,w.sub.1w.sub.2)-weighted degree in {tilde over (M)}(m,) satisfies (Yf.sub.2(X)+f.sub.1(X))|{tilde over (Q)}(X,Y).

[0117] For using the previous proposition in our context of fast Chase decoding, let us now consider the special case of Proposition 6 where t+1, p=1, m=1, JI, and |J|t. This case corresponds to a correct Chase trial, in which a multiplicity of 1 was assigned only to erroneous locations, and to at least t erroneous locations.

[0118] Write :=|J|(t)0. Then with the current assumptions, EQ. (9) reads

[00028]$.Math.J.Math.>\frac{.Math.J.Math.}{2}+\frac{1}{2}.Math.\left(.Math.J.Math.--1\right)=.Math.J.Math.-\frac{1}{2}.Math.\left(+1\right),$

and is therefore satisfied. This immediately shows that fast Chase decoding can be based on the above degenerate case of Wu-like soft decoding, provided that Koetter's algorithm, a point-by-point algorithm, is used for interpolation. Since the Y-degree is limited to =1, the list size in this case will be exactly 1, and there is no need in a factorization step.

[0119] In detail, suppose that j is indeed a set of error locations with |J|t, and let {tilde over (Q)}(X, Y) be a non-zero polynomial minimizing the (1, w.sub.1w.sub.2)-weighted degree in {tilde over (M)}(m,) for =1 and for m=1.sub.j, where 1.sub.j.sub.2.sub.m*{0,1} is the indicator function on J.

[0120] If f.sub.2(X)=0, then it can be verified that =c.Math..sub.1 for some constant c. This means that before starting the Chase iterations, the decoder must check whether .sub.1 may be an error-locator polynomial.

[0121] If .sub.1 does not qualify as a potential error-locator polynomial, then the above discussion shows that f.sub.20. Assume, therefore, that f.sub.20. Since the Y-degree in {tilde over (M)}(1.sub.j, 1) is upper bounded by =1, Proposition 6 shows that there exists some non-zero polynomial t(X).sub.2.sub.m[X] such that

{tilde over (Q)}(X,Y)=t(X).Math.(Yf.sub.2(X)+f.sub.1(X)).(10)

Proposition 7. In EQ. (10), t(X) must be a constant in .sub.2.sub.m*, so that f.sub.1 and f.sub.2 can be read off {tilde over (Q)}(X,Y) without any further calculations.

Proof.

[0122] For x.sub.2.sub.m* with x.sup.1J, let

[00029]$p_x:=\{\begin{array}{cc}(x^2,\frac{{\hat{h}}_2\left(x\right)}{{\hat{h}}_1\left(x\right)}& \mathrm{if}.Math..Math.{\hat{h}}_1\left(x\right)0\\ \left(x^2,0\right)& \mathrm{if}.Math..Math.{\hat{h}}_1\left(x\right)=0\end{array}.$

Letting also J.sub.1.sup.1:={x|x.sup.1J and .sub.1(x)0} and J.sub.2.sup.1:={x|x.sup.1J and .sub.1(x)=0}, a polynomial of the form R.sub.0(X)+YR.sub.1(X).sub.2.sub.m[X,Y] is in {acute over (M)}(1.sub.j, 1) iff for all xJ.sub.1.sup.1, (R.sub.0(X)+YR.sub.1(X))(p.sub.x)=0, and for all xJ.sub.2.sup.1, (R.sub.1(X)+YR.sub.0(X))(p.sub.x)=0.

[0123] With this description in mind, EQS. (7) and (8) show that Yf.sub.2(X)+f.sub.1(X) itself is already in {tilde over (M)}(1.sub.j, 1). Recall that J is assumed to include only error locations, that is, inverses of roots of (X). Now, for a non-zero t(X), the (1, w.sub.1w.sub.2)-weighted degree of t(X)(Yf.sub.2(X)+f.sub.1(X)) is strictly larger than that of Yf.sub.2(X)+f.sub.1(X), unless t(X) is a constant. As {tilde over (Q)}(X,Y) minimizes the weighted degree, this shows that t(X) must be a non-zero constant, as required.

[0124] The above discussion justifies Koetter's iterations from FIG. 4.

[0125] Let us now turn to the validity of FIG. 2, and briefly describe how the suggested method indeed produces .sub.1, .sub.2. First, as already stated above, the output of the BM algorithm for the module N, with inputs being the modified syndrome and the integer t, can be used to find a Groebner basis {h.sub.1, h.sub.2} for N, where we omit the rather long proof. This means that if we do calculate the modified syndrome, then the BM algorithm for M can be used for obtaining the required Groebner basis.

[0126] Let us refer to the BM algorithm with inputs the syndrome S and the integer 2t as the usual BM algorithm. To completely avoid the calculation of the modified syndrome and, instead, to use the usual BM algorithm, it is possible to apply a method for converting the outputs of the usual BM algorithm to an equivalent of the outputs of the BM algorithm for N. For this, recall first that if C.sup.usual.sub.2.sub.m[X] is the output C of the usual BM algorithm, then C.sup.usual is in the module M (see, e.g., pp. 25-26 of E. R. Berlekamp, Nonbinary BCH codes, Institute of Statistics, Mimeo Series no. 502, Department of Statistics, University of North Carolina, December 1966), the contents of which are herein incorporated by reference in their entirety. Consequently,

[00030]$\mathrm{ord}\left({\stackrel{\_}{{\mathrm{SC}}^{{\mathrm{usual}}^{}}}}^{\left(2.Math.t\right)},C^{\mathrm{usual}}\right)=\mathrm{deg}\left(C^{\mathrm{usual}}\right),$

where for integer k and a polynomial g.sub.2.sub.m[X],g.sup.(k):=g mod X.sup.k, a unique representative of degree k1.
Proposition 8. For f.sub.2.sub.m[X], it holds that

[00031]$\begin{array}{cc}\mathrm{ord}\left({}^{-1}\left(f\right)\right)=.Math.\frac{\mathrm{deg}\left(f\right)}{2}.Math..& \left(11\right)\end{array}$

Consequently, .sup.1(C.sup.usual) has the minimum order in the set N.sub.1:={(u,v)N|v(0)=1}.

Proof.

[0127] We have

[00032]$\begin{array}{c}\mathrm{ord}\left({}^{-1}\left(f\right)\right)=.Math.\mathrm{ord}\left(\stackrel{\mathrm{odd}}{f},\stackrel{\mathrm{even}}{f}\right)\\ \stackrel{\left(a\right)}{=}.Math..Math.(\begin{array}{cc}\mathrm{deg}\left(\stackrel{\mathrm{even}}{f}\right)& \mathrm{if}.Math..Math.\mathrm{deg}\left(f\right).Math..Math.\mathrm{is}.Math..Math.\mathrm{even}\\ \mathrm{deg}\left(\stackrel{\mathrm{odd}}{f}\right)+1& \mathrm{if}.Math..Math.\mathrm{deg}\left(f\right).Math..Math.\mathrm{is}.Math..Math.\mathrm{odd}\end{array}\\ =.Math..Math.\frac{\mathrm{deg}\left(f\right)}{2}.Math.,\end{array}$

where for (a), note that if deg(f) is even, then

[00033]$\mathrm{deg}\left(\stackrel{\mathrm{even}}{f}\right)>\mathrm{deg}\left(\stackrel{\mathrm{odd}}{f}\right),$

while if deg(f) is odd, then

[00034]$\mathrm{deg}\left(\stackrel{\mathrm{odd}}{f}\right)\mathrm{deg}\left(\stackrel{\mathrm{even}}{f}\right).$

This proves EQ. (11), and the second assertion is an immediate consequence of EQ. (11).

[0128] It follows from the proposition that from the output C.sup.usual of the BM algorithm for the inputs S(X) and 2t, we can immediately obtain some element of minimal order in N.sub.1 by taking .sup.1(C.sup.usual). Note that an element of minimal order might not be unique, and the above does not necessarily mean that .sup.1(C.sup.usual) corresponds to the outputs of the BM algorithm for N. However, using Theorem 3 of Massey's paper, which describes the set of all minimal-order elements in N.sub.1, together with the last proposition, it can be verified that the outputs of the modified BM algorithm of the previous section are sufficient for producing the required Groebner basis. The details are omitted.

System Implementations

[0129] It is to be understood that embodiments of the present disclosure can be implemented in various forms of hardware, software, firmware, special purpose processes, or a combination thereof. In one embodiment, the present disclosure can be implemented in hardware as an application-specific integrated circuit (ASIC), or as a field programmable gate array (FPGA). In another embodiment, the present disclosure can be implemented in software as an application program tangible embodied on a computer readable program storage device. The application program can be uploaded to, and executed by, a machine comprising any suitable architecture.

[0130] FIG. 6 is a block diagram of a system for the use of algebraic curves to reduce complexity and the required field size of AMD error detection codes with a block cipher code, according to an embodiment of the disclosure. Referring now to FIG. 6, a computer system 61 for implementing the present invention can comprise, inter alia, a central processing unit (CPU) 62, a memory 63 and an input/output (I/O) interface 64. The computer system 61 is generally coupled through the I/O interface 64 to a display 65 and various input devices 66 such as a mouse and a keyboard. The support circuits can include circuits such as cache, power supplies, clock circuits, and a communication bus. The memory 63 can include random access memory (RAM), read only memory (ROM), disk drive, tape drive, etc., or a combinations thereof. The present disclosure can be implemented as a routine 67 that is stored in memory 63 and executed by the CPU 62 to process the signal from the signal source 68. As such, the computer system 61 is a general purpose computer system that becomes a specific purpose computer system when executing the routine 67 of the present invention. Alternatively, as described above, embodiments of the present disclosure can be implemented as an ASIC or FPGA 67 that is in signal communication with the CPU 62 to process the signal from the signal source 68.

[0131] The computer system 61 also includes an operating system and micro instruction code. The various processes and functions described herein can either be part of the micro instruction code or part of the application program (or combination thereof) which is executed via the operating system. In addition, various other peripheral devices can be connected to the computer platform such as an additional data storage device and a printing device.

[0132] It is to be further understood that, because some of the constituent system components and method steps depicted in the accompanying figures can be implemented in software, the actual connections between the systems components (or the process steps) may differ depending upon the manner in which the present invention is programmed. Given the teachings of the present invention provided herein, one of ordinary skill in the related art will be able to contemplate these and similar implementations or configurations of the present invention.

[0133] While the present invention has been described in detail with reference to exemplary embodiments, those skilled in the art will appreciate that various modifications and substitutions can be made thereto without departing from the spirit and scope of the invention as set forth in the appended claims.