Cyclic codes

the bytes, which could be up to 80 bits in error) with an information rate approximately 0.92.

As mentioned before, Reed-Solomon codes are particularly useful against burst errors, and indeed against a mixture of burst and random errors. In the RS(255, 235) code mentioned above, a codeword could suffer from, say, 4 random errors in bits (in 4 different bytes) and a burst error 5 bytes (40 bits) long and the code could correct it. For this reason, they are commonly used in data storage (CDs use a variant), QR codes and deep-space communication.

6.5 Cyclic codes.

A linear code C of length n is cyclic if for all codewords c0c1· · · cⁿ−1 ∈ C we have

cn−1c0c1· · · cⁿ−2 ∈ C.

That is, a cyclic shift of the symbols of a codeword produces another codeword.

The coefficients here are in F = GF (p^r) where p is prime, and q = p^r.

Cyclic codes have several advantages when it comes to their implementation. To look further at them, we need some useful algebra.

6.5.1 Rings and Ideals

A ring can be thought of a field where the rules of division have been lost, for example, the integers are a ring, as are, say, 2× 2 real matrices.

A subset I of a ring R is an ideal if for any x ∈ I and any r ∈ R then rx ∈ I. For example, the set of even integers is an ideal in the ring of integers, since any multiple of an even integer is even.

An ideal is called principal if there is an element g ∈ I such that I consists all multiples of g, and we write I =hgi to show this. A ring is a principal ideal ring if all ideals are principal. The Euclidean Algorithm implies that Z is a principal ideal ring, for example, the set of all even integers is the idealh2i.

The set F[x]/hxⁿ− 1i = R of polynomial remainders modulo xⁿ− 1 over F is not a field since xⁿ− 1 is clearly not irreducible, but it is a ring. It is in fact a principal ideal ring.

6.5.2 Cyclic codes as ideals

Now, suppose we have a cyclic code C. We identify codewords with elements of R = F[x]/hxⁿ− 1i by

C(x) = c₀ + c₁x +· · · + cⁿ−1xⁿ⁻¹. Then

xC(x) = xc0+ c1x²+· · · + cⁿ−2xⁿ⁻¹+ cn−1xⁿ

= cn−1+ c0x + c1x²+· · · + cⁿ−2xⁿ⁻¹

so multiplying by x corresponds to a cyclic shift in the codeword.

In this way we viewC as a subset of R. Now as the code is cyclic, xC(x) also corresponds to a code word, and we can extend this result to prove that C must be an ideal of R. But as R is a principal ideal ring we have

A subset C of R is a cyclic code if and only if there exists g(x) ∈ C with C = hg(x)i = {a(x)g(x) : a(x) ∈ R}.

This g(x) is the unique monic polynomial of least degree that lies inC, and it must be a factor of xⁿ− 1 over F. We call g(x) the generator polynomial of C, and any factor g(x) of xⁿ− 1 will lead to a cyclic code.

If g(x) = g0+ g1x +· · · + g^mx^m, where gm = 1, then the k× n matrix G given by

G =







g₀ g₁ g₂ · · · g^m 0 0 · · · 0 0 g0 g1 g2 · · · g^m 0 · · · 0 ... . .. . .. . .. ... 0 · · · 0 g⁰ · · · g^m







is called a generator matrix for C and C has dimension k = n − m. The ith row of G corresponds to the coefficients of xⁱ⁻¹g(x). Since the ideal hg(x)i is all multiples of g(x), the code consists of all linear combinations of the rows of G.

Writing xⁿ− 1 = g(x)h(x) over F gives the check polynomial h(x) = h0+ h1x +· · · + h^kx^k where hk= 1.

The name arises from the fact that if c(x) corresponds to a correct code word, then as c(x) = a(x)g(x) for some a(x), c(x)h(x) = a(x)g(x)h(x) = a(x)(xⁿ − 1) = 0 in R.

Conversely, if c(x)h(x) = 0 in R, then c(x)h(x) = a(x)(x²− 1) in F[x] for some a(x), and so c(x) = a(x)g(x) in F[x].

We also have the m× n matrix

H =







hk hk−1 · · · h0 0 0 · · · 0 0 hk · · · h1 h₀ 0 · · · 0

... . .. . .. ...

0 · · · 0 0 hk · · · h¹ h0







as a parity check matrix for C.

Examples:

1. The cyclic codes of length 4 over Z3. We have

x⁴− 1 = (x − 1)(x + 1)(x²+ 1) over Z₃ with each factor irreducible.

Combining the irreducible factors in all possible ways gives 8 different cyclic codes of length 4 over Z3.

6.5. CYCLIC CODES. 133 For example if

g(x) = x²+ 1

h(x) = (x− 1)(x + 1) = x²− 1 then the corresponding cyclic code has

G =

and isC = {0000, 1010, 0101, 1111, 2020, 0202, 2121, 1212, 2222.}

Here n = 4, k = m = 2 and there are 3² = 9 elements.

2. Suppose f (x) is primitive of degree r over Z2.

That is, f (x) is irreducible and its root α generates Z2[x]/hf(x)i = GF(2^r).

As before H = (1 α α² α³ · · · α^2r−2) is the parity check matrix of the Hamming (n, k) code (in this particular order). We have n = 2^r− 1, m = r and k = 2^r− r − 1.

Then, for a binary vector c of length n, c∈ Hamming (n, k)

⇔ C(α) = 0 where C(x) = c0+ c₁x +· · · + cⁿ−1xⁿ⁻¹

⇔ C(x) = 0 since α is primitive

⇔ C(x) is a multiple of f(x)

⇔ C(x) ∈ hf(x)i

Hence this version of Hamming (n, k) is cyclic with generator polynomial f (x).

(In fact all BCH codes are cyclic.)

For example with r = 4, n = 15, m = 4, k = 11 we used f (x) = x⁴+ x + 1 so and another Hamming check matrix is the cyclic matrix

H^′ =

6.5.3 Encoding Cyclic codes

There are several ways we could encode messages with cyclic codes. Suppose we have word w = w1w2. . . wk to be encoded with a cyclic(n, k) code C = hg(x)i.

The most obvious way of encoding w is to create a polynomial of degree k w(x) = w1+ w2x +· · · + w^kx^k

with the bits as coefficients and encode it as the polynomial w(x)g(x). This is in C as C is an ideal.

The problem with this method is that it is not systematic: we cannot tell the check and information bits apart.

For a systematic encoding, define the polynomial

w(x) = w₁xⁿ⁻¹+· · · w^kx^n−k = Xk

i=1

wixⁿ⁻ⁱ,

which we know is in R = Zp[x]/hxⁿ− 1i.

Then let r(x) be the remainder on dividing w(x) by g(x): r(x) ≡ w(x) (mod g(x)), which has degree at most m− 1 = n − k − 1. So w(x) − r(x) is a multiple of g(x), and hence is in C.

Since the information bits are the coefficients of powers x^n−k and higher, and the check bits (coefficients of −r(x)) are coefficients of powers less than x^n−k, this encoding is systematic, so decoding is straightforward.

Error correcting is done using a nearest member strategy.

Alternatively, we could put the generating matrix into standard form, i.e. into row reduced echelon form, and then use the leading columns as the check bits, as we did in chapter 2.

Fortunately, there is a nice result that allows us to do this without any row reduction:

it relies on the division algorithm.

Let Ri(x) be the remainder on dividing x^n−k+i−1 by g(x) for i = 1, . . . k and A be the matrix whose ith row is the coefficients of Ri(x).

Theorem 6.2 With the notation above, the standard form generating matrix G and as-sociated parity check matrix H of code C = hg(x)i are given by

G = (Ik| −A) , H = A^T | Iⁿ−k

.

Proof: For any polynomial f (x) ∈ Z^p[x], let remg(f (x)) be the remainder on dividing f (x) by the generating polynomial g(x). Then f (x)− rem^g(f (x)) is a multiple of g(x) and so is in C.

It follows that the k polynomials

Qi(x) = x^n−k+i−1− rem^g(x^n−k+i−1), i = 1, . . . k are in C, and in fact must generate C, being independent. Hence the set

x^kQi(x) = xⁿ⁺ⁱ⁻¹− x^kremg(x^n−k+i−1) also generates C.