Decoding Linear Errorcorrecting Codes with Groebner Bases Ruud Pellikaan and Stanislav Bulygin Depar

1
Decoding Linear Error-correcting Codes with
Groebner BasesRuud Pellikaan and Stanislav
Bulygin Department of Mathematics and
Computer Science, Eindhoven University of
Technology, The Netherlands Department of
Mathematics, Technical University of
Kaiserslautern, GermanyWork in progressParis,
October, 2006
2
Decoding Linear Codes I

3
Decoding Linear Codes II

• Exhaustive search
• Syndrome decoding
• Advanced linear algebra (bit swapping etc.)
• Via solving systems of polynomial equations

4
Decoding Linear Codes III
5
Groebner Bases and Linear Codes

• Cyclic codes Power sums - Cooper, Chen, Reed,
  Helleseth, Truong et.al., Sala, Mora, and others
• Cyclic codes Newton identities of syndromes -
  Augot, Bardet, Faugere
• Arbitrary linear codes generalization of the
  power sum method - Lax, Fitzgerald
• Arbitrary linear codes key equation - OKeeffe,
  Fitzpatrick, and others

6
Preliminaries and Notation I

• 
  

7
Preliminaries and Notation II

8
Main Result I

• Advantages
• NO field equations
• nevertheless, solution is unique, and lies in the
  ground field
• all equations have degree at most 2
• after solving the system, decoding is simple

9
Main Result II

10
Main Result III

11
Other Problems that can be Solved

• Other problems that can be solved by applying
  ideas that lie behind the Main Theorem include
• Finding minimum weight of the code
• Finding weight distribution of the code
• Nearest codeword decoding, when for a received
  vector all codewords closest to this vector are
  found (when distance from the received word to
  the code exceeds error capacity).

12
Experiments I

• We use the technique of Groebner bases to solve
  the system I(t,r) above (computations are with
  SINGULAR)
• For random linear codes the method is much faster
  than one of Fitzgerald-Lax
• Slower than the GB-based method for cyclic codes
  which uses Waring function (Augot, Bardet,
  Faugere)
• Useful when redundancy r is quite large (so that
  syndrome decoding is inapplicable) and dimension
  k is not too large (but such that exhaustion is
  not possible).

13
Experiments II

• For small (binary) codes fast 2-3 errors for
  n25,,30, k around 10 up to 0.01 sec.
• For larger (binary) codes the following number of
  errors can be corrected in up to 1 minute

14
Experiments III

• Number of equations is nr2n-k, number of
  variables is nt.
• Overdetermined systems are easier to solve, so
  the performance will increase if (in particular)
• With constant k and t, n grows
• With constant n and t, r grows.

15
Possible Transformations I

16
Possible Transformations II

• We can impose a trial search assigning some x
  variables to 0. The system becomes more
  overdetermined, thus (much) easier to solve. Try
  many subsets of variables randomly. Stop when the
  answer is found.
• Still slower than e.g. bit-swapping.
• The new system is easier to understand and
  interpret. Can we take advantage of that?

17
Generic Decoding

18
Things to be Done

• Study dedicated methods for solving the system
  I(t,r) (perhaps other than Groebner bases)
• Ultimately, try to apply this technique to
  cryptanalyzing McEliece, Niederreiter
  cryptosystems and their improvements
• Try to find dedicated versions of the system for
  studying special classes of linear codes (e.g.
  cyclic codes)
• Studying complexity issues thereof.