A low-complexity algorithm for the construction of ...home.ie.cuhk.edu.hk/~wkshum/papers/GS.pdf · IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001 2225 A Low-Complexity

IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001 2225

A Low-Complexity Algorithm for the Constructionof Algebraic-Geometric Codes Better Than the

Gilbert–Varshamov BoundKenneth W. Shum, Student Member, IEEE, Ilia Aleshnikov, P. Vijay Kumar, Senior Member, IEEE,

Henning Stichtenoth, and Vinay Deolalikar

Abstract—Since the proof in 1982, by Tsfasman Vladut andZink of the existence of algebraic-geometric (AG) codes withasymptotic performance exceeding the Gilbert–Varshamov (G–V)bound, one of the challenges in coding theory has been to provideexplicit constructions for these codes. In a major step forwardduring 1995–1996, Garcia and Stichtenoth (G–S) provided anexplicit description of algebraic curves, such that AG codesconstructed on them would have performance better than theG–V bound. We present here the first low-complexity algorithmfor obtaining the generator matrix for AG codes on the curvesof G–S. The symbol alphabet of the AG code is the finite fieldof 2, 2 49, elements. The complexity of the algorithm, asmeasured in terms of multiplications and divisions over the finitefield GF ( 2), is upper-bounded by [ log ( )]3 where isthe length of the code. An example of code construction using theabove algorithm is presented.

By concatenating the AG code with short binary block codes,it is possible to obtain binary codes with asymptotic performanceclose to the G–V bound. Some examples of such concatenation areincluded.

Index Terms—Algebraic-geometric (AG) codes, concatenatedcodes, function field tower, Gilbert–Varshamov (G–V) bound.

I. INTRODUCTION

L ONG codes are judged on the basis of their parameterswhere is the relative minimum distance andis

the code rate, i.e., if are the length, dimensionand minimum distance of the code, respectively, then

and

The best long codes lie in the region defined by the Gilbert–Var-shamov (G–V) lower bound and the McEliece, Rodemich,Rumsey, and Welch [1] upper bound (see Fig. 1). One of thechallenges in coding theory has been the construction of codeswith symbol alphabet size fixed atand growing length whose

Manuscript received November 6, 2000; revised March 2, 2001. This workwas supported by the National Science Foundation under Grant CCR-0073555.

K. W. Shum and P. V. Kumar are with the Department of ElectricalEngineering-Systems, University of Southern California, Los Angeles, CA90089-2565 USA (e-mail: [email protected]; [email protected]).

I. Aleshnikov and H. Stichtenoth are with Mathematik und Informatik,Universität GH Essen, Fachbereich 6, D-45117 Essen, Germany (e-mail:[email protected]; [email protected]).

V. Deolalikar is with the Information Theory Research Group, Hewlett-Packard Research Laboratories, Palo Alto, CA 94306 USA (e-mail: [email protected]).

Communicated by J. Justesen, Associate Editor for Coding Theory.Publisher Item Identifier S 0018-9448(01)05463-3.

Fig. 1. Upper and lower bound for asymptotic code parameters over GF(2).

performance exceeds that of the G–V bound. It is desirable tokeep small as this allows for simpler encoding and decoding.While it is known that there exist long binary alternantand concatenated codes that meet the G–V bound, no explicitdescription of these codes exists. It is an open question as towhether there exist long binary codes with performance im-proving upon the G–V bound. A similar statement was true inthe nonbinary case until the early 1980s. Around 1980,V. D. Goppa [2] used the theory of algebraic curves to constructa new family of codes, now referred to as algebraic-geometric(AG) codes.

The length of an AG code defined over a curve of genus, is roughly equal to the number of rational points on the

curve, i.e., equal to the number of points having coordinates inthe finite field of elements over which the curve is defined.The performance of an AG code of lengthis governed by theequation

and thus depends upon the ratio . Good codes result whenthe ratio is small. However, the Drinfeld–Vladut (D–V)bound states that this ratio cannot be too small

0018–9448/01$10.00 © 2001 IEEE

2226 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001

Fig. 2. G–V bound and T–V–Z bound over GF(256).

In 1982, Tsfasman, Vladut, and Zink (T–V–Z) [3] showed forthe case when is a perfect square, the existence of curves,known as modular curves, whose ratio achieves the D–Vbound. For , the resulting AG codes had performanceexceeding that of the G–V bound, a result that caused consider-able excitement in the coding community (Fig. 2). However, themodular curves in [3] did not have an explicit description. Analgorithm for code construction of complexity is givenin [4, Ch. 4.3]. This complexity has since been reduced in [5] to

.In a major step forward in 1996, Garcia and Stichtenoth (G–S)

[6], [7], building on ideas of Feng and Pellikaan, showed thattwo explicitly described sequences of curves also achieve theD–V bound. More recently, other examples of asymptoticallyoptimal towers have been given by Elkies [8]. See [9] for aninteresting connection between asymptotically optimal towersof function fields and iterated means.

The two curves described by Garcia and Stichtenoth in [6],[7] are defined over , a perfect square, i.e., and takeon the form in both cases, of a sequence of curves of increasinggenus and number of rational points satisfying

In [10], Voss and Høholdt provide generator matrices for codesconstructed on the first three curves in the first sequence ofcurves of Garcia and Stichtenoth. Some additional details areprovided in [11]. In [12], Haché extends this result to the fourthcurve in the same sequence for the particular case .

The focus of the present paper is on the second sequence ofcurves. The th curve in this sequence is defined by the equa-tions

(1)

It is common to think of this sequence of curves as a towerof curves where is the -level

tower, i.e., the tower defined by the firstequations. The one-level curve is taken to be the projective line over .

In the typical construction of a code on an algebraic curve,a particular rational point on an algebraic curve is singledout. The collection of all functions defined on the curve, whoseonly pole is with pole order upper-bounded by a fixed integer

, forms a vector space . The integer is a parameterof code construction, one that governs the dimension and min-imum distance of the AG code. If is a basisover for this vector space, then theth, row ofthe generator matrix of the AG code constructedon the curve is obtained by evaluating the functionat all or asubset of the rational points on the curve other than. AG codesconstructed in this way are referred to as “one-point” codes.

Thus, given a curve and a rational pointon the curve, oneneeds to find a basis for the vector spaces tobe able to build codes of varying dimension and minimum dis-tance. The problem of finding a basis for the spacesin the case of the curves exhibited by Garcia and Stichtenoth hasproved to be a challenging one. In [13], Pellikaan, Stichtenoth,and Torres determine, for every integer, the dimension of thevector space for a particular choice of . In [14], Alesh-nikov, Deolalikar, Kumar, and Stichtenoth identify a simply de-scribed set of functions whose span includes the vector spaces

. By this we mean that any function in any of the vectorspaces can be expressed as a linear combination of theelements of . Given a suitable set that contains all regular func-tions, an alternative Groebner-basis based approach to identi-fying the regular functions within this set is presented in [15].

The present paper also deals with “one-point” AG codes. As afirst and crucial step in code construction, we identify, as in [14],a set of functions with the property that their span includes thevector spaces . The difference here is that the size of theset is roughly the square root of the size of the setused in[14]. It is the smaller size of this set that allows us to provide alow-complexity algorithm for constructing the generator matrixof the AG code. The set is identified by viewing the vectorspace

as the integral closure of the polynomial ring and usingthe theory of dual basis [16]. Identification of the setis per-haps the principal contribution of this paper.

Having identified the set , the algorithm then proceeds asfollows. The functions in happen to have undesired polesat a collection of points on the curve distinct from . Thecommon approach in such situations, which we adopt here, ispole cancellation via power series expansions. A power seriesexpansion is determined for each function at each of the pointsin . Simple Gaussian elimination is then used to carry out polecancellation, i.e., is used to determine the precise linear combi-nations of elements in whose poles are confined to the singlerational point . The functions so obtained can be shown toform a basis for the vector spaces . A minor complica-tion that arises in the case of the G–S curve is that at some pointsin , the coefficients in the power series belong not to but

SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES 2227

to an extension field. This property of the curves is discussedin detail in [17]. However, in such cases, one can continue towork in the preferred field by replacing each coefficientthat belongs to an extension field of , by a vector over

, i.e., by treating as a vector space over . The overallcomplexity of this algorithm, measured in terms of multiplica-tions and divisions over the finite field is upper-boundedby

where is the code length. We emphasize thatthis figure is an upper bound on the complexity, rather than anestimate of the order of complexity.

The algorithm outlined above for the case was im-plemented in PARI/GP and made to yield a basis for the vectorspaces in the case of the three- and four-level towersand ( and in (1)), respectively. For the sake ofbrevity, only the results for are presented here, the results for

may be found in [18].Using a separate approach, a closed-form expression for the

bases of the spaces on the three-level tower (in (1)) are derived in [18] that hold forarbitrary . These resultsare presented here without proof. After the initial preparation ofthis paper, we learned that the same closed-form expression hadbeen obtained earlier by Pellikaan [20].

Apart from results relating to basis construction, the paperalso studies through examples, the performance of codes con-structed on the G–S tower.

When , the genus and the number of code places of the“one-point” AG code obtained from the tower are tabu-lated below. In the table, denotes the genus of the curve

corresponding to the-level tower and ,the length of the corresponding AG code.

As expected, the ratio approaches . Thecode rates and relative minimum distances of the AG codes ob-tained are plotted in Fig. 3. Note that the performance curvestake on the form of straight lines that convergefrom aboveto alimit that exceeds the G–V bound in some region. Since the codelength increases exponentially in the parameter, only codesfrom the first few levels are expected to be of current practicalinterest. Improved estimates of the true minimum distance canbe found in [19].

Also studied, are the binary codes obtained by concatenatingAG codes on the second G–S tower with suitably chosen shortbinary block codes. For practical reasons, we restrict the size

of the symbol alphabet of the outer AG code to. The large minimum distance of these binary concatenated

codes could cause them to be of interest in applications such as

magnetic recording, optical communications, and in the broad-casting of digital TV signals by satellite, where bit error ratessmaller than are desired. The asymptotic performance ofthe resulting binary codes is presented in Fig. 4.

The presentation of the paper is in the language of functionfields. Here one views the curve from the viewpoint of the fieldof functions defined on the curve. At times, in the analysis of theG–S curve, one is forced to distinguish between the three cases

odd, , and , even. For the sake of simplicity, weadopt the following approach. Where no separation of cases isnecessary, we treat the general case. Where there is a difference,we discuss only the case , even, as this is the case ofgreatest current practical interest. The discussion in the othercases differs only in technical details and details may be foundin [18].

Section II provides background on the curves of Garcia andStichtenoth. The set of functions is identified in Theorem 5 ofSection III. The algorithm for pole cancellation is presented inthe next section, Section IV, which also presents an example im-plementation of the algorithm for the case when is the codesymbol alphabet. Concatenation with binary codes is discussedin Section V. The closed-form expression for the basis for thethree-level tower is presented in Section VI. The complexityof the algorithm is estimated in the Appendix.

II. BACKGROUND AND NOTATION

We introduce the G–S curves in the language of functionfields. From this viewpoint, the G–S curves form a tower

of Artin–Schreier extensions of the rationalfunction field , given by

(2)

(3)

where

(4)

In general, if is a set of places belonging to , we willrefer to places in , lying above a place in , simply asplaces in that lie above . A similar interpretation holds forthe case when we speak of places lying below a collection ofplaces. Also, the superscript attached to a place will beused to indicate that the place belongs to theth function field

.Let , , denote the unique zero of in . Let

denote the unique pole of in . The place istotally ramified in the function field tower. The behavior in thetower of the places lying above is more complicated andis discussed in the subsection below. Let be the uniqueplace in lying above . Some known properties of theG–S tower, taken mostly from [7] are listed below.

Field of Constants: is the full constant field forall , .

Ramification: Let


Fig. 3. Performance of AG codes over for the first five levels.

Fig. 4. Concatenation with five binary codes.

Ramification in the tower takes place only above the placesand , . The places and for are totallyramified throughout the tower (see Fig. 5). We define todenote the places of degree one that are zeros ofand denote by , , the places in thatlie above . Ramification behavior above the place isdiscussed in the subsection below. For every , the

places in are either unramified in or else, are totally(and wildly) ramified.

Genus: The genus of is given by

for odd

for even.

Thus .


Fig. 5. Ramification diagram for the tower.

Number of Places of Degree One:The places ,split completely in . Thus, the number of places

of degree satisfies . Since

the tower asymptotically meets the D–V bound. The exactnumber of places of degreefor is given by (see [17])

for odd

for even .

Rings of Functions:Define

integral closure of in

Then, is the ring of functions that have pole only at andhas the alternative description

We will refer to an element of as aregular function.

A. The Code Places

A place , lying above for somewill be called acode place,because an AG code is obtained byevaluating regular functions at the code places. From [7], it isknown that in , the place splits completely and thatthere are, consequently, code places, all of degreeone, in . We use to denote the set of all code places.

B. Behavior Above

Fig. 5 illustrates much of the notation and behavior describedhere. The places in lying above are conveniently parti-tioned into disjoint sets as follows.

Let , denote the unique place in thatis a zero of . The choice of subscriptrather than maypuzzle the reader at this point, but turns out to be more conve-nient. The degree of this place is one. When ,coincides with . For , is also a zero of

. We will sometimes treat ,as if it were a set consisting of a single place.

The place splits completely in . Thus, thereare places of degreein that lie above . Each of these

places is a zero of for some . The place is

one of these places and corresponds to . We use todenote the places in that lie above and that arezeros of , . Note that the place is excludedfrom this set. For any , let denote the set ofall places in that lie above ; in particular, is the setof all places of which are zeros of for some .

For , , the places in are unramified in. For , the places in are totally

ramified in . For , , the places inare unramified in . For any , the placesin for could have degree larger than one.This aspect is discussed below in greater detail.

C. Degree Expansion Above

The material in this subsection is taken from [17], [18]. Thebehavior with respect to splitting and degree expansion of placeslying above turns out to depend upon whetheris odd,

, or is even and . We focus here on the case ,even as this is the case of greatest current, practical interest.

The other cases are treated in [18].Given a place in function field , we use to denote the

associated valuation function

We will follow [7] and use to denote an element inhaving valuation equal to or larger than the valuation of, i.e.,

means that .The theorem in this section explains the splitting behavior of

places in , as we go up the tower from to (seeFig. 6). More precisely, focus is on the splitting behavior from

to where since we know that when, the places in above are totally ramified.

For any nonnegative integer, we define

unique integer given by

and set , i.e.,

We use , to denote the extension GF of . Inparticular, . We also set .

Theorem 1: Let be an integer, .

i) Let be an integer in the range sothat . Let be the constant fieldextension , . In , all places

lying above are of degree one and there aresuch places. These places are in one-to-one

correspondence with solutions ,to the equations

(5)

(6)

(7)

(8)


Fig. 6. Splitting of placeS .

ii) At the place , we have the expansions

(9)

(10)

for (11)

iii) For , all places in lying above are ofdegree and there are such places.There are places of degree one in lying above .

iv) Suppose . All places lying above in ,, have degree and there are

such places.

III. A N EXPRESSION FORREGULAR FUNCTIONS

Let be a vector space basis for over and letdenote the dual basis, i.e.,

forelse

where : is the trace function. If a basis canbe found where all of whose elements are contained in, i.e.,are regular everywhere except at , then by [16, TheoremIII.3.4], we have

which tells us that every element in has expression as a linearcombination of elements in the dual basis with coefficientsin the polynomial ring . Our goal in this section is to iden-tify such a basis . This will be the first step toward obtainingthe desired expression for regular functions.

A. The Desired Basis

For , let

if

if

The valuations of the above functions at the various places inof interest are tabulated in Table I. As an example, the upper

left entry means that the valuation of at is equal to .The sections to follow will often make use of these valuations.

Lemma 2: The following are a pair of dual basis for,

Proof: The minimal polynomial of over is

The result now follows from the proof of [16, Sec. III.5.10].

Upon multiplication and division by the constant , wesee that the pair

also form dual bases for over . Setting

for all

we obtain the following.

Theorem 3: The -fold products

(12)

form a basis for having dual given by

(13)

It is known from [13], that the functions have poleonly at . Thus, every element in is regular.

Lemma 4: If , the only pole of is , and the zerosof are confined to .

B. The Desired Expression

As pointed out above, by [16, Theorem III.3.4 ], we have thatevery regular function in can be expressed in the form

(14)

with coefficients . Our next goal is to show that


TABLE IVALUATION TABLE

Let be a place in . Since is totally ramified in ,must be a multiple of for any polynomial .

The variables , have valuation

respectively. It follows that each term in the summation in (14)has a distinct valuation at . For the sum in (14) to have non-negative valuation at , it follows from the Strict Triangle In-equality that each term must have nonnegative valuation ataswell, i.e.,

Using the fact that for , this implies

It follows that must divide and since this istrue for all , we have that . As a result, everyfunction in has an expression of the form

(15)


where . Note, moreover, that since the pole orders ofare distinct powers of, every term in the summa-

tion in (15) has distinct pole order at .We next show how one can place an upper bound on the ex-

ponent of . We define theweight of an elementas the negative of the valuation ofat

The weights of the regular functions of are precisely thepole numbers at . The pole numbers at are knownto form a commutative semigroup1 under addition [13]. Thissemigroup has a conductor (i.e., the smallest pole number suchthat all succeeding integers are pole numbers)

The elements , have a pole only at of order, , respectively. A basis for over can,

therefore, also be found by finding a basis for functions inwith weight bounded above by where

(16)

and then multiplying these basis functions by various powers of.We have

Clearly, we can limit the exponent of to the largest valuesuch that the weight of

is less than or equal to the conductor plus. This leads to thefollowing upper bound on :

i.e.,

We thereby have the bound . This leads to thedesired expression for regular functions.

Theorem 5: Every function in has an expression of theform

(17)

where and . Moreover, the weights of the sum-mands are pairwise distinct.

1A semigroup is a nonempty set together with a binary operation which isassociative.

IV. POLE CANCELING ALGORITHM

We continue with our assumption that is even.Let denote the set of -tuples

satisfying

respectively. Arguing as in Section III-B, one can show thatmust divide when . For , there is no changeand we still have that must divide . This leads to analternative expression for the functions in .

Theorem 6: Every function in has an expression of theform

(18)

where and . Moreover, the weights of the sum-mands are pairwise distinct.

The above expression has the advantage over (17) that everysummand is regular at all places in . We will refer to eachsummand in (18) as aquasi-regular(q-r) function. It can beverified that each q-r function is also regular at each place in

. Thus, the poles of a q-r function are confined to

From (17), the number of q-r functions is no more than

(19)

Let denote the set of q-r functions ar-ranged in order of increasing weight, i.e., has the maximalweight. Setting

we have that the poles of a q-r function are confined to. The poles in are undesirable.

For any place of degree one, we can expandasa power series (p-s) in terms of a uniformizer of. If isa pole of , the principal part of the p-s, i.e., the portion withnegative degrees, is nonzero. If has weight that is a nongapin the Weierstrass semigroup of , then there must be aregular function with the same weight that can be expressedin the form with coefficients . This fol-lows from the fact that is contained in the finitely gener-ated -module together with the observation thatthe weights of ’s are pairwise distinct. The same summation


, with replaced by its p-s, is a p-s with no principalpart. Thus, the linear combination has resulted in a“cancellation” of the poles at the place.

A small complication arises when the degreeof a placeis larger than one. Under an appropriate constant

field extension , splits completely into places of de-gree one. One approach is to treatas places and carry outpower series expansions for each of theplaces. The power se-ries expansion coefficients would, in general, have coefficientsbelonging to the extension field of . However, the fol-lowing observation can be used to reduce the computationalworkload.

Let be any place lying above . For any element, we have

because the extension is unramified and Galois. In par-ticular, has a pole at if and only if it has a pole in everyplace lying above in the constant field extension[16, Secs. III.5.2, III.7.1]. It follows from this that it is sufficientto do pole cancellation in only one of the places lyingabove .

The above discussion suggests the following pole cancelingalgorithm.

A. The Algorithm

The algorithm proceeds in two stages.Step 1: In the first stage, a matrix

having rows is set up. Each row of this matrix is associated toa distinct q-r function whose pole order at is no larger thanthe quantity defined in (16). Thus, in building up the ma-trix , we specifically discard those q-r functions whose poleorder at exceeds . The columns of are in one-to-onecorrespondence with the code places inand each row ofis obtained by evaluating the respective q-r function at all codeplaces.

Each row of the matrix on the left represents a concate-nation of the p-s expansions, of the q-r function attached tothat row at the places in lying above that also belongto . We will show in the Appendix that the number ofcolumns of is upper-bounded by .

These p-s expansions are always in terms of local parametersof the respective place. The entries incorrespond to coeffi-cients in the principal part of the p-s. In general, the coefficientsin the p-s belong to a finite extension of with the degreeof this extension equaling the degree of the respective place. Tokeep track of the complexity of our algorithm, it will be foundconvenient to express each coefficient in as a vector with

components corresponding to an expansion with re-spect to a basis for . Thus, with this vector representation,all entries in belong to .

Step 2: In the second stage of our algorithm, the matrixisthen row reduced using elementary row operations to produce amatrix of the form

The zeros in below correspond to linear combinationsof q-r functions that are regular everywhere except at infinity.Row reduction can be carried out in such a way that the rows of

corresponding to regular functions have increasing weightas we go down the rows, so that the last row has largest weightat . Thus, the rows of are the values at the code places,of regular functions having weight corresponding to elementsof the numerical semigroup at that are less than or equal to

The matrix can now be used as a template that can bemade to yield the generator matrices of one-point AG codes ofvarying dimension. If the AG code has parameter(see Sec-tion I) and , i.e., the generator matrix of the AG codeis obtained by evaluating functions in , then by appro-priately deleting rows in one recovers a generator matrix ofthe AG code. If , then one needs to augment withan additional rows.

The th row, , would correspond to thevalues of some function belonging to the set

But, as shown earlier, such a function can be found by multi-plying a q-r function by a suitable power of and so obtainingthese additional rows is a task of low complexity.

An estimate of the complexity of the algorithm can be foundin the Appendix. This Appendix shows that the number of op-erations over has the upper bound stated below.

Theorem 7: The generator matrix of the AG codes of lengthassociated to can be computed usingoperations in the field when is even.

If (it covers all the cases of current practicalinterest when is large), the complexity is upper-bounded by

.

The above algorithm can be refined as discussed in [18].However, this refinement improves the above estimate by atmost a constant factor that depends only on the value of. Also,replacing Gaussian elimination by a more efficient algorithmthat makes use of the special structure of the matrixdoes notsignificantly decrease the overall complexity of the algorithmsince the complexity of computing power series is comparableto the overall complexity of the algorithm.

B. Computational Results

The above pole canceling algorithm was implemented usingPARI/GP for the case of code symbol alphabet , i.e.,

. The resulting basis for the vector space

over of all regular functions with weight upper bounded byin the function field appears below. The basis for reg-

ular functions at the next level can be found in [18]


V. CONCATENATION WITH BINARY CODES

One can obtain efficient and longbinary codes by concate-nating nonbinary AG codes with suitably chosen short binaryblock codes [21, Ch. 18, Par. 8], [22]. Concatenation of an

AG code constructed on the functionfield ( even) with an binary code yields an

binary code. To achieve anoverall rate , one simply picks . The asymptoticparameters of the resulting binary codes are

Let denote the relative minimum distance in the limit as thelength goes to infinity. Then and satisfy the relation

This performance is plotted in Fig. 4 for various choices of innercode parameters . In our examples, we have for prac-tical reasons, limited the size of the outer code alphabet to .For a more general discussion on the performance of binarycodes obtained through concatenation with an outer AG code,see [23, Ch. 7, pp. 672–677 and Ch. 23, pp. 1948–1954]. Theresults of the present paper can be seen to answer Open Problem4.9, in [23, Ch. 23, p. 1953] in the affirmative.

Example 1: The function field has genus ,and the associated AG code with alphabet has pa-rameters . After puncturing this codeto a code and concatenating withthe binary parity-check code, we obtain a binary

code. With , this becomesa rate- binary code. The relativedistance equals .

Example 2: The function field has genus .We can construct an AG code over with parame-ters . We concatenate it with the

binary parity-check code, resulting in a binarycode. With , we have a

rate- binary code. The relativedistance is .

The parameters of the binary codes in Examples 1 and 2are presented along with the G–V bound in Fig. 4. At rate

, the numerical value of the G–V bound equals .We next compare the binary codes in Examples 1 and 2with Bose–Chaudhuri–Hocquenghem (BCH) codes. A binary

BCH code is obtained by lettingbe a primitive element in GF and

be the roots of the generator polynomial. After short-ening, we obtain a binary code.Let be a primitive element in GF . The generatorpolynomial with roots generates a binary

BCH code, which can be shortened toa binary code.

The next example2 generalizes Example 1 to a sequence ofcodes.

Example 3: Concatenation of the AGcodes from with the parity-check code yieldsa binary code. If a rate- codeis desired, we pick . The minimum distance is thengreater than

We, thus, have a sequence of rate-binary codes whose lim-iting relative minimum distance is greater than .

We will show in Appendix A that the complexity of con-structing AG codes on is upper-bounded by ,where is the length of code. Through concate-nation, this yields an algorithm of complexitythat produces binary codes of lengthwith parameters closeto the binary G–V bound.

VI. BASIS FUNCTIONS FORCODES FROM THEFIRST THREE

LEVELS FORGENERAL

In this section, we present explicit basis functions for thesecond and third levels and . The results are valid forany characteristic and any prime power. An approach differentfrom the pole canceling approach was used to derive these re-sults and proofs can be found in [18]. At the late stage of prepa-ration of this paper, the authors discovered that the result in thissection had already been found by Pellikaan in [20].

Theorem 8: The functions

are basis functions for the ring of the function field .

2This example was presented by I. Duursma at the Oberwolfach Conferenceon Coding Theory, April 30–May 4, 2000.


For the third level , we need the some definitions. The el-ement

has weight . Define the step function

ififelse.

Theorem 9: In , the pole numbers of less thancorrespond to weights of powers of. If is an integer largerthan or equal to ( is a pole number), we can find ,

, and such that

with and . If , thenis a regular function with weight. Otherwise

is a regular function with weight .

We illustrate the theorem by presenting the basis functionsfor , , as an example. In the table below, we usetodenote a regular function of weight.

APPENDIX

A. Estimating Complexity of the Algorithm

To estimate the complexity of row reduction, we will need toknow the number of rows and columns of. From (19), wehave that the number of rows in is no more than . Thesubmatrix of has columns and so it remains todetermine the number of columns of the matrix.

1) Counting the Number of Columns of:a) Maximal pole order: To determine the number of

columns in , we need to determine at every place in, the largest pole order at of any q-r function. In

determining the pole order of a q-r function, we may disregardpowers of as is a unit at the places of interest.

The only pole of the element , , is and thecorresponding pole divisor is

The zeros of are confined to , . If is aplace in , then the valuation of at is

We consider two cases.: Let be a fixed place in the region of ramifi-

cation above , i.e., with . Then wehave

where

Hence, for

(20)Thus, the maximum pole order of q-r functions at any place in

with is upper-bounded by the quantitydefined above.

: Similarly, for with, we have


where

This leads to, for

(21)

so that the maximum pole order at any place in withis once again upper-bounded by the quantity. A

common expression for is

for (22)

b) Total degree of places in : As mentioned earlier,given a place in of degree , this place splits intoplaces under the constant field extension

. At any of the places , the coefficients in thep-s expansion of a q-r function belong to . It is sufficient tocarry out pole cancellation at any one of the places.

As a result, the number of columns ofcan be obtained byforming the product for each place in , of the maximalpole order of a q-r function at that place times the degree of thatplace and then summing this product over all places of .

From the previous subsection, we see that our upper boundsgiven by (20) and (21) on the maximal pole order of a q-r func-tion at a place in are a function only of and are, therefore,independent of the choice of particular place in . For thisreason, the sum of degree of places in is of interest. Thissum equals

for

for

From the above, it follows that the number of columns inis upper-bounded by

We only sum from to in the equation above, sincefrom Section IV, we know that the elements of our dualbasis have poles only in . With this, the total number ofcolumns in the matrix is given by

2) Power Series Computation:The goal in this subsectionis to estimate the complexity of setting up the entries of the ma-trix in Section IV-A, i.e., the complexity of determining p-sexpansion in terms of the local parameter for every q-r functionover every place in

The complexity is measured in terms of the number of multi-plications and divisions required over the finite field. It turnsout that this complexity varies with but is the same for allplaces within the same set .

Degree of Places and Finite Field Operations:From The-orem 1, the degree of a place in equals wheresatisfies

if

if .

Thus, when one expands a function as a p-s in a localparameter at a place , the coefficients in this power-series expansion belong, in general, to the extension ofof degree . To be able to measure complexity in terms ofthe number of operations over, we represent each element in

as a vector with components over by selecting asa vector space basis for the set

where is a primitive element in the finite field . Underthis representation it can be verified that a multiplication of twoelements in can be carried out using no more than twicethe square of the degree of the extension multiplications overthe field , i.e., no more than multiplications over thefield . Division of two elements in can be performedwith no more than multiplications over .

Number of Significant Terms:The entries in the matrixcorrespond to the principal part of the p-s of a q-r function ata place . When we speak of the first significantterms in a p-s

we refer to the partial sum

As far as setting up of the matrix is concerned, the numberof significant terms of interest in the p-s of a q-r function at aplace equals the pole order of the q-r function at that place. Onthe way to computing this p-s, the p-s of several other interme-diate functions have to be computed. The question arises as tothe number of significant terms needed in the case of a functioncomputed at an intermediate stage. It can be verified that if weknow the p-s of to significant terms then we also know thep-s of , to significant terms. If the valuations ofandat a place are different, then the same goes for any linear com-bination where belong to some finite extensionof . However, if and have the same valuation at a place

, then it is possible for the linear combination to have signif-icantly larger valuation which means that we knowto a lesser degree of precision. It turns out that in our computa-tion, there are some additions during which this loss of precisiondoes, in fact, take place. However, as it turns out, this loss in pre-cision can be compensated for by doubling the precision, i.e., by


starting out with twice the number of significant terms needed.This is explained below (see also [18]).

Use of Double Precision:As explained above, whenadding two power series corresponding to elements havingthe same valuation, it can happen that the sum is known tolesser precision than the summands. In the p-s program (seethe latter part of the Appendix), there are two instances whenthis precision loss occurs and both correspond essentially tothe same computation given in (27) and (28). The first instancecorresponds to when one computes the sum in(27). We have , but

if

Thus, we have incurred a loss in precision equal toterms. Thesecond instance of precision loss corresponds to the computa-tions in (27) and (28) where we attempt to calculate the powerseries of for . While both terms

and

in (27) have the same negative valuation , their sumhas positive valuation. However, some of this loss in pre-

cision is regained in (28) in the addition of

and

where the first term has negative valuationand the second term has nonnegative valuation. Thus, when, the overall loss in precision equals

For , the loss in precision equals .The table at the bottom of this page tabulates the loss in pre-

cision during the entire power series calculation in for. It is assumed that we start with sig-

nificant terms in .To compensate for this loss, it is enough to simply start out

with a precision that is larger by than the precision needed.Since the maximal pole order of a q-r function at a place

equals for , it suffices touse “double precision,” and carry out all computations tosignificant terms from the outset.

Power Series Operations:Suppose and are p-s withcoefficients in an extension field of . It can be verified thatif both and are known to precision, i.e., to significantterms, then can be computed to precisionusingmultiplications over the field .

In the process of dividing a p-sby a second nonzero p-stocompute , if the leading coefficient of , i.e., the coefficientof the smallest degree nonzero term inis , it takesmultiplications over and no division is required at all. Ingeneral, division of p-s reduces to the special case mentionedabove after dividing each coefficient ofby the leading coef-ficient. Thus, division of p-s requires no more thanmultiplications and divisions over . The complexity of p-sdivision in terms of -multiplications is thus less than

It was shown earlier in this section that . The minimumrequirement for the number of significant terms is at least

. Therefore, is bounded above by, and p-s division hascomplexity less than multiplications over , which isequivalent to multiplications over .

In the algorithm, we will need to raise a p-s over to the thpower. This can be done quite simply by raising each coefficientto the th power and multiply the exponents of uniformizerby

However, given that one wishes to retain onlysignificantterms, it is only necessary to apply theth-power operation tothe first terms. The complexity of raising a p-s to thethpower is thus less than multiplications over .

In summary, we may upper-bound the complexity of eitherp-s multiplication or p-s division by multiplications overand the complexity of raising a p-s to theth power by multi-plications over .

Symmetry of the Tower:The tower has a certain symmetrythat can be exploited to simplify computations. Namely, thatthe equations of the tower remain unchanged if we make thesubstitution

At the same time, this mapping also establishes a one-to-onecorrespondence between places in the sets

As a result, given the p-s expansion for, at a place, , one can compute the p-s expansion

for at the corresponding place in simply by invertingthis p-s.

a) Procedure for computing the power series:We beginhere by considering first, the region above of no ramifica-tion, i.e., by considering the complexity of determining the p-sat a place , . The symmetry of the tower

Variable

Precision


can then be used to determine power series expansions at placesabove corresponding to ramification.

: It can be checked that every placeinfor in this range, has as local parameter. The p-s of all theq-r functions at a fixed place is computed in stages.In the first stage, we determine in sequence the p-s expansionsof in that order.

Let . Given , and a p-s expansion forat in terms of the local parameter , we set

(23)

The defining equation for can be written in the form

Since has a zero at , the p-s of can be computed using

(24)

The addition is repeated until significant terms are obtainedwhere is the number of significant terms desired in the power-series expansion. By iterating this process, we will have com-puted the p-s of .

The procedure for computing the p-s in case ofis onlyslightly different. We know that for some

. We can write

(25)

which yields

(26)

To compute the p-s of for , we use the relationship

contained in Theorem 1, where is a solution tothe tower of linearized equations in Theorem 1. This allows usto write

(27)

where has a zero at . The p-s of can then be com-puted as

(28)

: As mentioned earlier, the symmetry in the towercan be used to compute the p-s of at a placein , simply by taking reciprocals and indexreversal.

Power Series of the q-r Functions:Having computed thep-s of at every place in , we are now readyto calculate the p-s of the q-r functions

This computation can be set up sequentially, in the order of in-creasing weight, starting with the function

To go from one function to the function having the next highestweight, we typically need one multiplication as for example

However, when the present functioncorresponds to an expo-nent and the function with the next highest weightto an exponent , then one needs to multiply by inaddition to multiplying with some variable to obtain ,i.e.,

This requires two multiplications. Thus, in summary, givenpower series expansions for and also for each of the vari-ables , the p-s computation of the q-rfunctions can be carried out sequentially in such a way thateach additional q-r function can be computed with at most twop-s multiplications.

Below, we provide a “program” for computing the powerseries. It is assumed in the program that all solutions

to the tower of linearized equations in The-orem 1 have been precomputed. Also, in the program, given aplace of some degree, when we speak of computingthe p-s at , we mean the computation of the p-s at one ofthe places of degree one lying abovein the constant field extension . Each place is inone-to-one correspondence with the solutions of (8) and one ofthem is chosen arbitrarily.

Program Outlining Procedure for Power Series Computa-tion: In the text, we will refer to this program as simply, the p-sprogram.

1 Power series precision terms in2 for /* Unramified region */3 for each place in4 for5

67 end for8

910 for11 compute and in (27) and (28)12 end for13 save for14 save15 end for


16 end for17 for in the range /*Ramified region*/18 for each place in19 for20 ;21 end for22 end for23 end for24 Reduce the p-s precision to terms in25 In each place in , do2627 for2829 end for3031 for32 Compute the p-s at of the th q-r function33 end for34 end do35 Repeat steps 25–33, for every code

3) Upper Bound for the Overall Complexity:In the fol-lowing, we use the word p-s operation to indicate either a p-smultiplication or a p-s division. When we speak of a certainp-s operation as requiring multiplications in , we willmean that the p-s operation will require multiplication andpossibly division of elements in , equivalent in effort tomultiplications in .

Lines 4–7: Given the p-s for , p-s multiplica-tions are required to compute in suc-cession and we obtain as a by-product. Inline 6, the p-s of is computed by raising to successiveth powers and then taking the sum of these powers. Since the

power series has significant terms, the operation of raisingthe p-s to the th power is equivalent in effort, to multipli-cations. By considering valuations at, it can be seen that thereare at most terms in the summation. Thus, lines 5 and 6 to-gether require multiplications in the extensionfield .

Lines 8–9: Similarily lines 8 and 9 requiremultiplications in .

Lines 11–12: In line 11, after computing the powers

two additional p-s operations are needed to computeusing(27) and (28). Thus, it takes multiplications toexecute the for loop between lines 10 and 12.

Lines 3–15: Combining the above, we see that the numberof multiplications over involved in executing lines 3–15does not exceed

(29)

Lines 1–23: The nested for-loops between line 16 and 23require

multiplications over the finite field . Thus, the total numberof -multiplications between line 1 and 23 has the upperbound

Since one multiplication in translates into mul-tiplications over , in terms of multiplications in , the upperbound on multiplication count equals

where is the constant

(30)

The constant can be interpreted as a count of the numberof multiplications in required to perform one p-s operation ateach of the places in when the power series coefficientslie in and there are significant terms in the p-s.

After executing line 23, we have the p-s for and. In lines 24 and beyond, there are no further ad-

ditions to be performed and it is, therefore, safe to use singleprecision, i.e., retain only the most significant terms in eachpower series rather than .

Lines 25–34: The for-loop between lines 27 and 29 re-quires p-s operations. The computation of in Line 30also needs p-s operations. As mentioned earlier, the cal-culation in line 32 requires at most two power series multipli-cations per function. Since the number of functions is less then

, the complexity of executing lines 25–34 does notexceed

multiplications in .Line 35: To construct the matrix , lines 26–33 are re-

peated for each code place. Here we are given the coordinatesof a code place and are required to compute the value of the cor-responding q-r function at that place. This value is computed bycomputing in succession, the values of the functions listed inlines 25–34. Thus, this step does not involve any p-s compu-tations. The computation of each canbe done using multiplications over (required to com-pute ). Given , it takes a further multiplicationsover to compute and an additional -multiplica-tions to obtain . Each column of is constructed sequentiallyfrom the top to the bottom row and each entry requires for the


same reasons as before, at most two-multiplications. Thus,the complexity of executing line 35 equals

number of code places

Overall Complexity of Computing Power Series:Theoverall complexity in terms of -multiplications, requiredto set up the p-s as well as the entries in, is, therefore,upper-bounded by

(31)

To calculate , note that . Replacingone of the factors in (30) by we obtain

The first inequality above is obtained by extending the summa-tion by running from to . The second inequality followsfrom the assumption that .

From (31) and the above upper bound on, we obtain thefollowing upper bound on the complexity of the p-s setup interms of -multiplications:

(32)

Note that the last term within square brackets in (31) dominates,and we still have an upper bound if we ignore the other termsin the square brackets. The inequality in (32) is obtained byreplacing by , and it holds for .

The number of -multiplications in the row reductionprocess is less than the square of number of rows times thenumber of columns

(The number of divisions over required in row reduction isnegligible in comparison with the number of multiplications.)

As a result, the total number of -multiplications includingboth power series computation and row reduction phases isbounded above by

(33)

We can rewrite the second term in the above equation as

The total number of -multiplications is now upper boundedby

The first inequality above holds when and . For, explicit basis functions are available (see Section V),

and the generator matrix of the corresponding AG code can becomputed explicitly and efficiently. This proves Theorem 7 inSection IV.

REFERENCES

[1] R. J. McEliece, E. R. Rodemich, H. C. Rumsey, Jr., and L. R. Welch,“New upper bounds on the rate of a code via the Delsarte–MacWilliamsinequalities,”IEEE Trans. Inform. Theory, pp. 157–166, Mar. 1977.

[2] V. D. Goppa, “Codes on algebraic curves,”Sov. Math.–Dokl., vol. 24,pp. 170–172, 1981.

[3] M. A. Tsfasman, S. G. Vladut, and T. Zink, “Modular curves, Shimuracurves and Goppa codes better than the Varshamov–Gilbert bound,”Math. Nachrichtentech., vol. 109, pp. 21–28, 1982.

[4] M. A. Tsfasman and S. G. Vladut, Algebraic GeometricCodes. Dordrecht, The Netherlands: Kluwer, 1991.

[5] B. López, “Codes on Drinfeld modular curves,” inCoding Theory, Cryp-tography and Related Areas, J. Buchmannet al., Eds. Heidelberg, Ger-many: Springer, 1998, pp. 175–183.

[6] A. Garcia and H. Stichtenoth, “A tower of Artin–Schreier extensions offunction fields attaining the Drinfeld–Vladutbound,”Invent. Math, vol.121, pp. 211–222, 1995.

[7] , “On the asymptotic behavior of some towers of function fieldsover finite fields,”J. Number Theory, vol. 61, no. 2, pp. 248–273, Dec.1996.

[8] N. Elkies, “Explicit modular towers,” inProc. 35th Annu. Allerton Conf.Communication, Control and Computing, Urbana, IL, 1997.

[9] P. Solé, “Towers of function fields and iterated means,”IEEE Trans.Inform. Theory, vol. 46, pp. 1532–1535, July 2000.

[10] C. Voss and T. Høholdt, “An explicit construction of a sequence of codesattaining the Tsfasman–Vladut–Zink bound the first steps,”IEEE Trans.Inform. Theory, vol. 43, pp. 128–135, Jan. 1997.

[11] D. Umehara and T. Uyematsu, “On codes from Artin–Schreier exten-sions of Hermitian function fields,” preprint.

[12] G. Haché, “Construction effective des codes géométriques,” Ph.D. dis-sertation, Univ. Pierre et Marie Curie Paris VI, Paris, France, 1996.

[13] R. Pellikaan, H. Stichtenoth, and F. Torres, “Weiestrass semigroups inan asymptotically good tower of function fields,”Finite Fields their Ap-plic., vol. 4, pp. 381–392, 1998.

[14] I. Aleshnikov, V. Deolalikar, P. V. Kumar, and H. Stichtenoth, “Towarda basis for the space of regular functions in a tower of function fieldsmeeting the Drinfeld–Vladutbound,” inProc. 5th Int. Conf. Finite Fieldsand Applications, University of Augsburg, Germany, Aug. 1999.

[15] D. Leonard, “Finding the defining functions for one-point AG codes,”preprint.

[16] H. Stichtenoth,Algebraic Function Fields and Codes. Berlin Heidel-berg, Germany: Universitext. Springer-Verlag, 1993.

[17] I. Aleshnikov, P. V. Kumar, K. Shum, and H. Stichtenoth, “On the split-ting of places in a tower of function fields meeting the Drinfeld–Vladutbound,”IEEE Trans. Inform. Theory, vol. 47, pp. 1613–1619, May 2001.

[18] K. Shum, “Low-complexity construction of algebraic geometric codesbetter than the Gilbert–Varshamov bound,” Ph.D. dissertation, Univ.Southern Calif., Los Angeles, 2000.

[19] H. Chen, “Codes on Garcia–Stichtenoth curves with true distancegreater than Feng–Rao distance,”IEEE Trans. Inform. Theory, vol. 45,pp. 706–708, Mar. 1999.


[20] R. Pellikaan, “On the missing functions of a pyramid of curves,” inProc. 35th Allerton Conf. Communication, Control and Computing,Sept. 29–Oct. 1, 1997, pp. 33–40.

[21] F. J. MacWilliams and N. J. A. Sloane,The Theory of Error-CorrectingCodes. Amsterdam, The Netherlands: Elsevier, 1977, Number 16 inNorth-Holland Mathematical Library.

[22] G. L. Katsman, M. Tsfasman, and S. G. Vladut, “Modular curves andcodes with a polynomial construction,”IEEE Trans. Inform. Theory, vol.30, pp. 353–355, Mar. 1984.

[23] V. Pless and W. Huffman,Handbook of Coding Theory. Amsterdam,The Netherlands: North Holland, 1998.

Documents

A low-complexity algorithm for the construction of ...home.ie.cuhk.edu.hk/~wkshum/papers/GS.pdf · IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001 2225 A Low-Complexity