Reed-Solomon Codes over Fields of Characteristic Zero
Carmen Sippel, Cornelia Ott, Sven Puchinger, Martin Bossert

TL;DR
This paper investigates Reed-Solomon codes over fields of characteristic zero, providing bounds on coefficient growth and decoding complexity, with potential generalizations to other number fields.
Contribution
It extends Reed-Solomon code analysis to characteristic zero fields, deriving bounds on encoding growth and decoding complexity, inspired by recent work on Gabidulin codes.
Findings
Bounds on coefficient growth during encoding
Polynomial bit complexity of decoding
Generalization to arbitrary number fields
Abstract
We study Reed--Solomon codes over arbitrary fields, inspired by several recent papers dealing with Gabidulin codes over fields of characteristic zero. Over the field of rational numbers, we derive bounds on the coefficient growth during encoding and the bit complexity of decoding, which is polynomial in the code length and in the bit width of error and codeword values. The results can be generalized to arbitrary number fields.
| general | |||
|---|---|---|---|
| , | |||
| , |
| general | |||
|---|---|---|---|
| , | |||
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Reed–Solomon Codes over Fields of Characteristic Zero
Carmen Sippel1, Cornelia Ott1, Sven Puchinger2, and Martin Bossert1 This work was supported by the German Research Council (DFG) under Grants Bo 867/32 and Bo 867/35. This is an extended version of a paper [1] accepted at ISIT 2019.
1Institute of Communications Engineering, Ulm University, Germany
2Institute for Communications Engineering, Technical University of Munich (TUM), Germany
{carmen.sippel, cornelia.ott, martin.bossert}@uni-ulm.de, [email protected]
Abstract
We study Reed–Solomon codes over arbitrary fields, inspired by several recent papers dealing with Gabidulin codes over fields of characteristic zero. Over the field of rational numbers, we derive bounds on the coefficient growth during encoding and the bit complexity of decoding, which is polynomial in the code length and in the bit width of error and codeword values. The results can be generalized to arbitrary number fields.
I Introduction
Reed–Solomon (RS) codes were introduced in 1960 [2] and have become some of the most used classes of algebraic codes. The codes are defined over finite fields and can be efficiently decoded, both up to half-the-minimum distance [3, 4] and beyond [5, 6, 7, 8, 9]. RS codes over the field of complex numbers, also called complex RS codes or analog codes, were introduced in [10] and [11], and their decoding was studied in [12]. Further decoding principles known from finite fields, as well as applications of the codes to compressed sensing, were analyzed and numerically evaluated in [13, 14, 15, 16].
In this paper, we study RS codes over arbitrary fields and their properties. The idea is inspired by several recent publications that have dealt with Gabidulin codes, the rank-metric analog of RS codes, over field of characteristic zero (in particular number fields), which were first described in [17, Section 6], [18, 19, 20, 21]. These codes have applications in space-time coding [22] and low-rank matrix recovery [23]. Among other possible applications, we believe that RS codes over number fields (in particular over and ) are suitable to replace complex RS codes in some applications, e.g., the compressed sensing scenario studied in [14, 15], since there are no numerical issues. Studying these applications goes beyond the scope of this paper and needs to be done in future work.
For decoding, we adapt a syndrome-based half-the-minimum-distance decoder known from finite fields and restrict to the field of rational numbers, which is an infinite field and an exact computation domain. In contrast to complex RS codes, we face the problem of coefficient growth (i.e., large numerators and denominators, also known as intermediate expression swell) during computations instead of numerical issues caused by floating point operations. This substantially influences the bit complexity of decoding algorithms compared to finite fields, where field elements can be represented with a fixed number of bits and field operations cost a constant number of bit operations (for a given field size). On the other hand, there are no numerical problems, in contrast to complex RS codes.
We derive bounds on the coefficient growth during encoding and decoding. This implies an upper bound on the bit complexity of decoding, which is polynomial in the code length and bit width of the error values.
The results can be extended to more classes of number fields, for instance , or cyclotomic and Kummer extensions. The adaption is technical, which is why we restrict ourselves to here. Furthermore, it is reasonable to expect that our results can be used to analyze the runtimes of the existing decoders for Gabidulin codes over number fields [18, 19, 20] in bit operations, instead of field operations (which do not consider coefficient growth).
II Reed–Solomon Codes over Arbitrary Fields
The following is a straight-forward generalization of generalized Reed–Solomon (GRS) codes to arbitrary, possibly infinite, fields. We define the codes as in [4] by simply replacing the finite field by an arbitrary field .
Definition 1**.**
Let and be integers such that . Furthermore, choose to be distinct non-zero elements of the field , and to be non-zero elements from . The corresponding generalized Reed–Solomon (GRS) code is defined by the linear code with parity check matrix
[TABLE]
The proof that RS codes are MDS is straightforward using the same arguments as in the finite field case (see, e.g., [4]).
Theorem 1**.**
Any GRS code is MDS, i.e., .
Theorem 2**.**
The code as defined in Definition 1 has a generator matrix of the form
[TABLE]
where the are the same as in Definition 1 and the are non-zero elements of , given by the following linear system of equations:
[TABLE]
Proof:
The proof is analog to [4, Proposition 5.2]. ∎
Theorem 3**.**
Fix distinct. Let be non-zero such that
[TABLE]
Then, the corresponding matrices {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{GRS}} and {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}} are generator and parity check matrix of the same code, respectively.
Proof:
If we solve the system in (1) for , then the solution is given by a non-zero element in the kernel of a Vandermonde matrix with rows. Such a vector is given by as above, since is the last column of the inverse Vandermonde matrix (cf. [24, eq. (9),(10): Set , note that .]). ∎
Remark 1**.**
Theorem 3 implies a method to compute the from the or vice-versa, i.e.,
[TABLE]
III Coefficient Growth over the Rational Numbers
In the following, we study the coefficient growth during computations over the rational numbers. The results can in principle be extended to a wider class of number fields by generalizing the following well-known notion of bit width.
Definition 2** (Generalization of [25, p. 142]).**
Let be an element of one of the sets in . We define its bit width as follows:
- •
:
[TABLE]
- •
* with , , and :*
[TABLE]
- •
* with and such that :*
[TABLE]
- •
{\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}=(a_{ij})\in\mathbb{Q}^{k\times n}:
[TABLE]
Remark 2**.**
Note that the bit width does not necessarily cover the required memory space, e.g. for a rational number only the maximum of the bit widths of numerator and denominator is regarded, which means, that for equal bit widths of numerator and denominator the actual memory space is twice the bit width.
Theorem 4** (Coefficient Growth [25, p. 142]).**
Let be polynomials in with coefficients , for and and , then the following statements hold:
** 2. 2.
** 3. 3.
** 4. 4.
** 5. 5.
**
Proof:
1) For polynomials of degree [math], it’s trivial. For polynomials of arbitrary degree (w.l.o.g. we assume ) with coefficients , for and it holds that
[TABLE]
2)
[TABLE]
3)We write and with with . It holds:
[TABLE]
4) Let , then the claim follows by 3).
5)
[TABLE]
Theorem 4 implies the following statements about coefficient growth in a vector or matrix multiplication.
Theorem 5** (Multiplication of vector and vector).**
Let {\mathchoice{\mbox{\boldmath\displaystyle a}}{\mbox{\boldmath\textstyle a}}{\mbox{\boldmath\scriptstyle a}}{\mbox{\boldmath\scriptscriptstyle a}}},{\mathchoice{\mbox{\boldmath\displaystyle b}}{\mbox{\boldmath\textstyle b}}{\mbox{\boldmath\scriptstyle b}}{\mbox{\boldmath\scriptscriptstyle b}}}\in\mathbb{Q}^{n}. Then,
[TABLE]
Proof:
Using Theorem 4, we obtain
[TABLE]
which implies the claim. ∎
Theorem 6** (Multiplication of vector and matrix).**
Let {\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}\in\mathbb{Q}^{n\times r} and {\mathchoice{\mbox{\boldmath\displaystyle B}}{\mbox{\boldmath\textstyle B}}{\mbox{\boldmath\scriptstyle B}}{\mbox{\boldmath\scriptscriptstyle B}}}\in\mathbb{Q}^{r\times m}. Then,
[TABLE]
Proof:
The statement directly follows from Theorem 5 since any entry of the product \textstyle A$$\textstyle B is the result of the multiplication of a row of with a column of , which are both vectors of length . ∎
IV Coefficient Growth in Encoding RS Codes over the Rational Numbers
In this section we study the coefficient growth during encoding with a generator matrix , i.e., we derive a bound on the bit width of the codeword {\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}}\in\mathbb{Q}^{n} obtained from an information word {\mathchoice{\mbox{\boldmath\displaystyle u}}{\mbox{\boldmath\textstyle u}}{\mbox{\boldmath\scriptstyle u}}{\mbox{\boldmath\scriptscriptstyle u}}}\in\mathbb{Q}^{k} with a given bit width. We also show how to reduce the coefficient growth compared to the standard generator matrix given in Theorem 2.
Theorem 7**.**
Let be an RS codeword generated by encoding {\mathchoice{\mbox{\boldmath\displaystyle u}}{\mbox{\boldmath\textstyle u}}{\mbox{\boldmath\scriptstyle u}}{\mbox{\boldmath\scriptscriptstyle u}}}\in\mathbb{Q}^{k} with generator matrix {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}\in\mathbb{Q}^{k\times n}. Then
[TABLE]
Proof:
The claim follows directly from Theorem 6. ∎
Hence, the maximal coefficient growth depends heavily on the choice of the generator matrix. We can bound \lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}) as follows.
Corollary 1**.**
Let be a generator matrix as in Theorem 2 using {\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}}=(\alpha_{1},\dots,\alpha_{n}) and {\mathchoice{\mbox{\boldmath\displaystyle v}}{\mbox{\boldmath\textstyle v}}{\mbox{\boldmath\scriptstyle v}}{\mbox{\boldmath\scriptscriptstyle v}}}^{\prime}=(v_{1}^{\prime},\dots,v_{n}^{\prime}). Then
[TABLE]
Proof:
We have
[TABLE]
which implies the claim. ∎
Remark 3**.**
For the addition of \lambda({\mathchoice{\mbox{\boldmath\displaystyle v}}{\mbox{\boldmath\textstyle v}}{\mbox{\boldmath\scriptstyle v}}{\mbox{\boldmath\scriptscriptstyle v}}}^{\prime})=1 can be omitted, since then . In this case, (2) is fulfilled with equality.
Example 1**.**
If we choose {\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}}=(1,\dots,n), {\mathchoice{\mbox{\boldmath\displaystyle v}}{\mbox{\boldmath\textstyle v}}{\mbox{\boldmath\scriptstyle v}}{\mbox{\boldmath\scriptscriptstyle v}}}^{\prime}=(1,\dots,1) then \lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}})=(k-1)\lambda(n), whereas the allocated memory is
[TABLE]
This example shows, that the bit width does not cover the necessary memory space.
According to [26, Theorem 1] the generator matrix of a GRS code can be brought to systematic form, where the identity matrix is followed by a Cauchy matrix, which is defined as follows.
Theorem 8** (Cauchy Generator Matrices [26, Theorem 1]).**
Let as defined in Definition 1. The code has a systematic generator matrix of the form {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}=({\mathchoice{\mbox{\boldmath\displaystyle I}}{\mbox{\boldmath\textstyle I}}{\mbox{\boldmath\scriptstyle I}}{\mbox{\boldmath\scriptscriptstyle I}}}_{k\times k}\mid{\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}), where {\mathchoice{\mbox{\boldmath\displaystyle I}}{\mbox{\boldmath\textstyle I}}{\mbox{\boldmath\scriptstyle I}}{\mbox{\boldmath\scriptscriptstyle I}}}_{k\times k} is an identity matrix of size and {\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}=\left(\frac{c_{i}d_{j}}{a_{i}-b_{j}}\right) is a Cauchy matrix with
[TABLE]
Using a generator matrix in systematic form, we obtain a generator matrix with a lower \lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}) than a generator matrix in Vandermonde form.
Corollary 2**.**
Let {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}=({\mathchoice{\mbox{\boldmath\displaystyle I}}{\mbox{\boldmath\textstyle I}}{\mbox{\boldmath\scriptstyle I}}{\mbox{\boldmath\scriptscriptstyle I}}}_{k\times k}\mid{\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}) be a generator matrix of as defined in Theorem 8, where the are chosen such that are zero, we get
[TABLE]
Proof:
The claim directly follows from the fact that in this case {\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}=(\tfrac{1}{\alpha_{i}-\alpha_{j+k}}) and Theorem 4. ∎
We obtain the for Corollary 2 as follows.
Remark 4**.**
If in {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}} have the following form
[TABLE]
and from Theorem 3. Then the Cauchy matrix inside the corresponding generator matrix {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{GRS}} has the form
[TABLE]
i.e. , from equations (5) and (6) fulfill .
For arbitrary , we get a worse bound on \lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}) if the Vandermonde matrix is in systematic form.
Corollary 3**.**
If {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}=({\mathchoice{\mbox{\boldmath\displaystyle I}}{\mbox{\boldmath\textstyle I}}{\mbox{\boldmath\scriptstyle I}}{\mbox{\boldmath\scriptscriptstyle I}}}_{k\times k}\mid{\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}) be a generator matrix of as defined in Theorem 8, where {\mathchoice{\mbox{\boldmath\displaystyle A}}{\mbox{\boldmath\textstyle A}}{\mbox{\boldmath\scriptstyle A}}{\mbox{\boldmath\scriptscriptstyle A}}}=\left(\frac{c_{i}d_{j}}{a_{i}-b_{j}}\right)\in\mathbb{Q}^{k\times(n-k)},i=1,\dots,k,j=1,\dots,n-k, then
[TABLE]
Proof:
The claim directly follows when inserting equations (3) - (6) into the definition of the bit width for matrices (see Def. 2) and the fact that , whereas the argument of in the statement never gets zero. Then we have
[TABLE]
By the previous statements we can regard several cases of choices for and . The resulting upper bounds on the bit widths of the generator and parity-check matrices are summarized in Table I. More details about the formulas in the table can be found in the appendix.
All derived bounds depend on the bit width of the code locators . The following theorem shows how to choose such distinct with minimal \lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}}).
Theorem 9**.**
If distinct, then , where is the numerator of and fulfills .
Remark 5**.**
Using as evaluation points for an RS code as defined in Def. 1 leads to \lambda({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}})\in O(\log n), whereas as chosen by Theorem 9 for evaluation points will have \lambda({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}})\in O(\log\sqrt{n}). So asymptotically this only differs in a constant .
Remark 6**.**
Since \lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})\in O(\log n), all the entries in Table I asymptotically belong to , except for for the Cauchy generator matrix, i.e. the case of Corollary 2, which is . So this is asymptotically the best choice.
In Figure 1 the different choices of for Vandermonde and Cauchy generator matrices are compared.
V Coefficient Growth in Decoding RS Codes over the Rational Numbers
There are many decoding algorithms for GRS codes, both for decoding up to half-the-minimum distance [27, 28, 3, 29] and beyond [5, 6, 7, 8, 9].
In the following, we formulate the bounded-minimum-distance (BMD) decoder described in [4, Chapter 6], which is based on [27, 28, 3, 30], over instead of a finite field (which is straightforward) and analyze its complexity (which is the involved part). For obtaining a good complexity, we use the variant based on the extended Euclidean algorithm (EEA), which was first suggested by [3]. For the core step of the algorithm, the EEA, we rely on an algorithm from [25], which is designed for small intermediate coefficient growth.
V-A Decoding Algorithm
The decoding algorithm in [4, Chapter 6], which is described for finite fields there, returns the codeword given only a received word {\mathchoice{\mbox{\boldmath\displaystyle r}}{\mbox{\boldmath\textstyle r}}{\mbox{\boldmath\scriptstyle r}}{\mbox{\boldmath\scriptscriptstyle r}}}={\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}}+{\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}. The algorithm finds the error positions by solving a key equation and then computes the error values by Forney’s formula. All proofs showing the correctness of the algorithm do not make use of the finiteness of the field. Hence, the algorithm carries over directly and we only briefly recall its idea.
The key equation consists of the following polynomials.
- •
Error locator polynomial
[TABLE]
- •
Error evaluator polynomial
[TABLE]
- •
Syndrome polynomial
[TABLE]
Note that [s_{0},\dots,s_{d-2}]={\mathchoice{\mbox{\boldmath\displaystyle r}}{\mbox{\boldmath\textstyle r}}{\mbox{\boldmath\scriptstyle r}}{\mbox{\boldmath\scriptscriptstyle r}}}{\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}^{\top} is the syndrome with respect to the parity-check matrix {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}} of Definition 1.
The BMD decoder then finds the error locator and error evaluator polynomial by solving the following key equation.
Lemma 1**.**
(Key Equation, generalization of [4, Equations (6.4)–(6.6)] to ) Let be defined as above. Then,
[TABLE]
Proof:
The proof follows by exactly the same arguments as the statements in [4, Section 6.3], by replacing the finite field by . ∎
The following lemma shows how to obtain the solution of the key equation through the extended Euclidean algorithm over , which computes for two input polynomials with a sequence for such that we have
[TABLE]
and is strictly monotonically decreasing until . For some integer , we denote by the variant of the EEA that returns only the unique triple for which we have
[TABLE]
Lemma 2**.**
Let \mathrm{wt}_{\mathrm{H}}({\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}})\leq\lfloor\tfrac{d-1}{2}\rfloor and be the corresponding syndrome polynomial. Furthermore, let be the output of the with input
[TABLE]
where is the smallest positive integer, s.t. has integer coefficients (i.e. it is the lcm of the denominators of coefficients of S). Then, we have
[TABLE]
where is a non-zero constant.
Proof:
The proof follows from the same arguments that lead to [4, Corollary 6.5] since no step assumes the finiteness of the underlying field. The only difference besides the different field is the non-zero constant here, which we will use for complexity reasons below, and which simply multiplies each , , in the EEA by . 111Note that this was stated wrongly in the short version [1]. ∎
The constant in Lemma 2 can be determined as the coefficient of since by definition.
Lemma 3** (Forney’s formula).**
Let be the formal derivative of . Then, we can compute the entries of the error vector by
[TABLE]
for all .
Proof:
The proof follows by the same arguments as in [4, Section 6.5]. ∎
Note that we get for , so there is no need to find separately. However, this can be done to reduce the runtime of the algorithm.
V-B Complexity Estimation
For bounding the complexity of the algorithm, we need the following lemmas.
Lemma 4**.**
Let {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}} as defined in Def. 1, {\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}}=({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}}+{\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}){\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}^{\top}, \tau=\mathrm{wt}_{\mathrm{H}}({\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}) and {\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}},{\mathchoice{\mbox{\boldmath\displaystyle v}}{\mbox{\boldmath\textstyle v}}{\mbox{\boldmath\scriptstyle v}}{\mbox{\boldmath\scriptscriptstyle v}}} as defined in Corollary 1.
[TABLE]
Proof:
Let be error positions and {\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}_{\mathcal{E}}=[e_{i_{1}},\dots,e_{i_{\tau}}] as well as {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathcal{E}}=[H_{i_{1}},\dots,H_{i_{\tau}}], where is the -th column of {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}. Then, we have \lambda({\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathcal{E}})\leq\lambda({\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}), {\mathchoice{\mbox{\boldmath\displaystyle r}}{\mbox{\boldmath\textstyle r}}{\mbox{\boldmath\scriptstyle r}}{\mbox{\boldmath\scriptscriptstyle r}}}{\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}={\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}{\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}={\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}_{\mathcal{E}}{\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathcal{E}}, and
[TABLE]
Using the better coefficient growth bounds for computations over (cf. Theorem 4), we obtain the following smaller bound in this case.
Lemma 5**.**
Let {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}} from Def. 1 and {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}\in\mathbb{Z}^{(n-k)\times n} (i.e., ), then
[TABLE]
Proof:
[TABLE]
where . Thus, \xi{\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}\in\mathbb{Z}^{n} and
[TABLE]
Using \lambda(\xi)\leq\tau\lambda({\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}}), we obtain
[TABLE]
Lemma 6**.**
Let with and . Then, can be computed in
[TABLE]
bit operations using [25, Algorithm 6.57, page 188]. Furthermore, can be computed in
[TABLE]
bit operations.
Proof:
The statement follows directly from [25, Theorem 6.58], which is formulated in terms of the -norm of the polynomials and , i.e., for some integer . This condition is equivalent to . The complexity of the EEA with stopping condition follows from the fact that we save a factor if only one specific triple in the output sequence of the EEA is explicitly computed, cf. [25, page 189]. ∎
In the following, denote by and the (reduced) denominator and numerator of , respectively.
Lemma 7**.**
Let be the syndrome polynomial and .
[TABLE]
Proof:
The first claim, is obviously fulfilled (in fact, is the smallest positive integer with this property). For the bit width, we have
[TABLE]
which implies the claim. ∎
Lemma 8**.**
For and it holds that
[TABLE]
Proof:
Let . Then,
[TABLE]
where , , and . By applying Property 2 of Theorem 4 inductively, we get
[TABLE]
Due to and \lambda(\zeta)\leq\sum_{i\in\mathcal{E}}\lambda(\alpha_{i})\leq\tau\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}}), the claim follows by . ∎
Lemma 9**.**
For and it holds that
[TABLE]
Proof:
Let , \eta:=\prod_{i\in\mathcal{E}}\big{(}\mathrm{den}(e_{i}v_{i})\big{)} and then
[TABLE]
Since it holds that
[TABLE]
Also for the bit width of we have that
[TABLE]
And therefore the claim holds. ∎
Lemma 10**.**
Let and . Then, the evaluation of at can be implemented in
[TABLE]
bit operations222 neglects logarithmic terms of its arguments.
Proof:
Applying Horner’s rule [25, p. 101] for evaluation, one gets multiplications and additions. By naive computation of the additions and the multiplications as in [31], the complexity for integers of bit width and (define: ) is , respectively (cf. Algorithms 2.1 in [25]). Hence,
[TABLE]
where . ∎
Corollary 4**.**
For the computation of the error value , and are evaluated at , thus , can be computed in
[TABLE]
bit operations.
V-C Summary of the Algorithm
[TABLE]
Theorem 10**.**
Algorithm 1 returns the correct codeword if \mathrm{wt}_{\mathrm{H}}({\mathchoice{\mbox{\boldmath\displaystyle e}}{\mbox{\boldmath\textstyle e}}{\mbox{\boldmath\scriptstyle e}}{\mbox{\boldmath\scriptscriptstyle e}}})\leq\tfrac{n-k}{2}. Its complexity in bit operations is
[TABLE]
Proof:
Correctness follows directly by Lemmas 2 and 3 above and the computational complexity of in Line 1. Since the latter is a usual vector-matrix-multiplication and the computation itself depends on the codeword , its complexity is bounded by
[TABLE]
The remaining part of the algorithm is independent of the codeword . The second bottleneck of the algorithm is the EEA, which can be implemented by [25, Algorithm 6.57, page 188]. The input polynomials, and have bit width
[TABLE]
by Lemmas 7 and 4, and degrees and . By Lemma 6, we can therefore bound the cost of Line 1 by
[TABLE]
The remaining steps of Algorithm 1 are negligible compared to this step due to Corollary 4. ∎
Remark 7**.**
The syndrome computation complexity depends on \lambda({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}}), which itself depends on the bit width of the information . We can bound \lambda({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}}) depending on \lambda({\mathchoice{\mbox{\boldmath\displaystyle u}}{\mbox{\boldmath\textstyle u}}{\mbox{\boldmath\scriptstyle u}}{\mbox{\boldmath\scriptscriptstyle u}}}) by Theorem 7.
For a special choice of , the following corollary holds. We state it in terms of as we often have .
Corollary 5**.**
If the error has bit width at most , codeword at most and the code locators are chosen with \lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})\in O(\log(n)) (e.g., for ), then Algorithm 1 can be implemented in
[TABLE]
bit operations. In case of {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}\in\mathbb{Z}^{(n-k)\times n} we get
[TABLE]
VI Trade-Off between Encoding and Decoding
Corollary 5 states that the complexity might be reduced by choosing the entries of {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}} in . The next corollary also compares this reduction.
Corollary 6**.**
Regard the setting of Lemma 4.
- •
For the case of , we have
[TABLE]
- •
For the case , we have
[TABLE]
- •
For the case of {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}\in\mathbb{Z}^{(n-k)\times n} and , we have
[TABLE]
- •
For the case {\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}\in\mathbb{Z}^{(n-k)\times n} and , we have
[TABLE]
Proof:
Insert the results from Table I into \lambda({\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}}). ∎
In this case, however, we must have , which might yield large values of \lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}) according to Theorem 3. Note that there might be alternative generator and parity check matrix combinations with smaller overall coefficient growth. This again can increase the coefficient growth during encoding. Hence, one can find a tradeoff between decoding complexity and coefficient growth during encoding by choosing .
Table II shows a part of the tradeoff by comparing the upper bounds for the bit width of syndrome and codeword, that are derived in Theorem 7 and Lemma 4 in the sections before. Since \lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})\in O(\log n), we get \lambda({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}})\in O(n^{2}\log n) for all cases except for the Cauchy generator matrix {\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{Cauchy}} in combination with , where we have \lambda({\mathchoice{\mbox{\boldmath\displaystyle c}}{\mbox{\boldmath\textstyle c}}{\mbox{\boldmath\scriptstyle c}}{\mbox{\boldmath\scriptscriptstyle c}}})\in O(n\log n). Hence, this choice is asymptotically the best, since the syndrome has \lambda({\mathchoice{\mbox{\boldmath\displaystyle s}}{\mbox{\boldmath\textstyle s}}{\mbox{\boldmath\scriptstyle s}}{\mbox{\boldmath\scriptscriptstyle s}}})\in O(n^{2}\log n) anyway.
VII Conclusion
In this paper we studied RS codes over arbitrary fields and analyzed the coefficient growth for encoding and decoding over the rational numbers. By deriving bounds on the intermediate coefficient growth during computations, we were able to show that decoding up to half-the-minimum distance is possible in a polynomial number of bit operations in the code length and bit width of the error values.
As also mentioned by the reviewers, we believe, that this paper is a starting point for research on RS codes over number fields and there are many open problems that need to be studied in future work. For instance, we can consider other decoding algorithms such as Berlekamp-Welch, Berlekamp-Massey or list decoding approaches. Further, the results can be extended to a wider class of number fields. Also reduction of the computation modulo a prime by decomposing the number field into prime ideals as in [21] is a possibility for further research. Another important aspect is to study possible applications in detail. Moreover, the methods can be used to determine the bit complexity of the algorithms in [19, 20] for decoding Gabidulin codes over characteristic zero.
VIII Appendix
Proofs for formulas in Table I. Case: , then
\lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{GRS}})\leq(k-1)(3\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})+1)
Proof:
[TABLE]
∎
Case: , then
\lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{GRS}})\leq(2n+k-3)\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})+n-1
Proof:
[TABLE]
∎
Case: , then
\lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{Cauchy}})\leq(2n-2k+1)(2\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})+1)
Proof:
Inserting the condition into gives
[TABLE]
[TABLE]
∎
Case: , then
\lambda({\mathchoice{\mbox{\boldmath\displaystyle G}}{\mbox{\boldmath\textstyle G}}{\mbox{\boldmath\scriptstyle G}}{\mbox{\boldmath\scriptscriptstyle G}}}_{\mathrm{Cauchy}})\leq 2(k-1)(2\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})+1)
Proof:
[TABLE]
∎
Case: , , then
\lambda({\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}})\leq(3n-k-3)\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})+n-1
Proof:
[TABLE]
∎
Case , then
\lambda({\mathchoice{\mbox{\boldmath\displaystyle H}}{\mbox{\boldmath\textstyle H}}{\mbox{\boldmath\scriptstyle H}}{\mbox{\boldmath\scriptscriptstyle H}}}_{\mathrm{GRS}})\leq(3n-3k-1)\lambda({\mathchoice{\mbox{\boldmath\displaystyle\alpha}}{\mbox{\boldmath\textstyle\alpha}}{\mbox{\boldmath\scriptstyle\alpha}}{\mbox{\boldmath\scriptscriptstyle\alpha}}})+n-k
Proof:
Representation of , see Remark 4.
[TABLE]
∎
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] C. Sippel, C. Ott, S. Puchinger, and M. Bossert, “Reed–Solomon Codes over Fields of Characteristic Zero,” 2019.
- 2[2] I. S. Reed and G. Solomon, “Polynomial codes over certain finite fields,” SIAM J Appl Math , vol. 8, no. 2, pp. 300–304, 1960.
- 3[3] Y. Sugiyama, M. Kasahara, S. Hirasawa, and T. Namekawa, “A Method for Solving Key Equation for Decoding Goppa Codes,” Information and Control , vol. 27, no. 1, pp. 87–99, 1975.
- 4[4] R. M. Roth, Introduction to Coding Theory . Cambridge UP, 2006.
- 5[5] M. Sudan, “Decoding of Reed–Solomon Codes Beyond the Error-Correction Bound,” J. Complexity , vol. 13, no. 1, pp. 180–193, 1997.
- 6[6] V. Guruswami and M. Sudan, “Improved Decoding of Reed-Solomon and Algebraic-Geometric Codes,” in IEEE FOCS , 1998, pp. 28–37.
- 7[7] Y. Wu, “New List Decoding Algorithms for Reed–Solomon and BCH Codes,” IEEE Trans. Inf. Theory , vol. 54, no. 8, pp. 3611–3630, 2008.
- 8[8] G. Schmidt, V. R. Sidorenko, and M. Bossert, “Syndrome Decoding of Reed–Solomon Codes Beyond Half the Minimum Distance Based on Shift-Register Synthesis,” IEEE Trans. Inf. Theory , vol. 56, no. 10, pp. 5245–5252, 2010.
