Content deleted Content added
ClueBot NG (talk | contribs) m Reverting possible vandalism by 128.179.157.4 to version by ChrisGualtieri. False positive? Report it. Thanks, ClueBot NG. (1655260) (Bot) |
→Decoding: Fixed a mistake |
||
| (24 intermediate revisions by 20 users not shown) | |||
Line 1:
{{Short description|Kind of error correction code}}
In [[mathematics]] and [[computer science]], the '''binary Goppa code''' is an [[error-correcting code]] that belongs to the class of general
==Construction and properties==
Codewords belong to the kernel of the syndrome function, forming a subspace of <math>\{0,1\}^n</math>:▼
: <math>\Gamma(g,L)=\left\{ c \in \{0,1\}^n
▲Codewords belong to the kernel of syndrome function, forming a subspace of <math>\{0,1\}^n</math>:
The code defined by a tuple <math>(g,L)</math> has dimension at least <math>n-mt</math> and
▲: <math>\Gamma(g,L)=\left\{ c \in \{0,1\}^n | \sum_{i=0}^{n-1} \frac{c_i}{x-L_i} \equiv 0 \mod g(x) \right\}</math>
▲Code defined by a tuple <math>(g,L)</math> has minimum distance <math>2t+1</math>, thus it can correct <math>t=\left\lfloor \frac{(2t+1)-1}{2} \right\rfloor</math> errors in a word of size <math>n-mt</math> using codewords of size <math>n</math>. It also possesses a convenient [[parity-check matrix]] <math>H</math> in form
: <math>
H=VD=\begin{pmatrix}
1 & 1 & 1 & \cdots & 1\\
\vdots & \vdots & \vdots & \ddots & \vdots \\
\end{pmatrix}
\begin{pmatrix}
\frac{1}{g(
& \frac{1}{g(
& & \frac{1}{g(
& & & \ddots & \\
& & & & \frac{1}{g(L_{n
\end{pmatrix}
</math>
Line 32:
Note that this form of the parity-check matrix, being composed of a [[Vandermonde matrix]] <math>V</math> and [[diagonal matrix]] <math>D</math>, shares the form with check matrices of [[alternant code]]s, thus alternant decoders can be used on this form. Such decoders usually provide only limited error-correcting capability (in most cases <math>t/2</math>).
For practical purposes, parity-check matrix of a binary Goppa code is usually converted to a more computer-friendly binary form by a trace construction, that converts the <math>t</math>-by-<math>n</math> matrix over <math>GF(2^m)</math> to a <math>mt</math>-by-<math>n</math> binary matrix by writing polynomial
==Decoding==
Line 38:
Decoding of binary Goppa codes is traditionally done by Patterson algorithm, which gives good error-correcting capability (it corrects all <math>t</math> design errors), and is also fairly simple to implement.
Patterson algorithm converts a syndrome to a vector of errors. The syndrome of a binary word <math>c=(
: <math>s(x) \equiv \sum_{
Alternative form of a parity-check matrix based on formula for <math>s(x)</math> can be used to produce such syndrome with a simple matrix multiplication.
Line 48:
<math>v(x)</math> is reduced to polynomials <math>a(x)</math> and <math>b(x)</math> using the [[extended euclidean algorithm]], so that <math>a(x) \equiv b(x)\cdot v(x) \mod g(x)</math>, while <math>\deg(a)\leq\lfloor t/2 \rfloor</math> and <math>\deg(b)\leq\lfloor (t-1)/2 \rfloor</math>.
Finally, the ''error locator polynomial'' is computed as <math>\sigma(x) = a(x)^2 + x\cdot b(x)^2</math>. Note that in binary case, locating the errors is sufficient to correct them, as there's only one other value possible.
If the original codeword was decodable and the <math>e=(
: <math>\sigma(x) = \prod_{
Factoring or evaluating all roots of <math>\sigma(x)</math> therefore gives enough information to recover the error vector and fix the errors.
Line 64:
==References==
* Elwyn R. Berlekamp, Goppa Codes, IEEE Transactions on information theory, Vol. IT-19, No. 5, September 1973, https://web.archive.org/web/20170829142555/http://infosec.seu.edu.cn/space/kangwei/senior_thesis/Goppa.pdf
* Daniela Engelbert, Raphael Overbeck, Arthur Schmidt. "A summary of McEliece-type cryptosystems and their security." Journal of Mathematical Cryptology 1, 151–199. {{MR
* Daniel J. Bernstein. "List decoding for binary Goppa codes." http://cr.yp.to/codes/goppalist-20110303.pdf
| |||