A low-complexity algorithm for the construction of ... - Semantic Scholar
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
2225
A Low-Complexity Algorithm for the Construction of Algebraic-Geometric Codes Better Than the Gilbert–Varshamov Bound Kenneth W. Shum, Student Member, IEEE, Ilia Aleshnikov, P. Vijay Kumar, Senior Member, IEEE, Henning Stichtenoth, and Vinay Deolalikar
Abstract—Since the proof in 1982, by Tsfasman Vl˘adut¸ and Zink of the existence of algebraic-geometric (AG) codes with asymptotic performance exceeding the Gilbert–Varshamov (G–V) bound, one of the challenges in coding theory has been to provide explicit constructions for these codes. In a major step forward during 1995–1996, Garcia and Stichtenoth (G–S) provided an explicit description of algebraic curves, such that AG codes constructed on them would have performance better than the G–V bound. We present here the first low-complexity algorithm for obtaining the generator matrix for AG codes on the curves of G–S. The symbol alphabet of the AG code is the finite field of 2 , 2 49, elements. The complexity of the algorithm, as measured in terms of multiplications and divisions over the finite field GF ( 2 ), is upper-bounded by [ log ( )]3 where is the length of the code. An example of code construction using the above algorithm is presented. By concatenating the AG code with short binary block codes, it is possible to obtain binary codes with asymptotic performance close to the G–V bound. Some examples of such concatenation are included. Index Terms—Algebraic-geometric (AG) codes, concatenated codes, function field tower, Gilbert–Varshamov (G–V) bound.
I. INTRODUCTION
L
ONG codes are judged on the basis of their parameters where is the relative minimum distance and is are the length, dimension the code rate, i.e., if and minimum distance of the code, respectively, then and The best long codes lie in the region defined by the Gilbert–Varshamov (G–V) lower bound and the McEliece, Rodemich, Rumsey, and Welch [1] upper bound (see Fig. 1). One of the challenges in coding theory has been the construction of codes with symbol alphabet size fixed at and growing length whose Manuscript received November 6, 2000; revised March 2, 2001. This work was supported by the National Science Foundation under Grant CCR-0073555. K. W. Shum and P. V. Kumar are with the Department of Electrical Engineering-Systems, University of Southern California, Los Angeles, CA 90089-2565 USA (e-mail: [email protected]; [email protected]). I. Aleshnikov and H. Stichtenoth are with Mathematik und Informatik, Universität GH Essen, Fachbereich 6, D-45117 Essen, Germany (e-mail: [email protected]; [email protected]). V. Deolalikar is with the Information Theory Research Group, HewlettPackard Research Laboratories, Palo Alto, CA 94306 USA (e-mail: vinayd@ exch.hpl.hp.com). Communicated by J. Justesen, Associate Editor for Coding Theory. Publisher Item Identifier S 0018-9448(01)05463-3.
Fig. 1. Upper and lower bound for asymptotic code parameters over GF (2).
performance exceeds that of the G–V bound. It is desirable to keep small as this allows for simpler encoding and decoding. alternant While it is known that there exist long binary and concatenated codes that meet the G–V bound, no explicit description of these codes exists. It is an open question as to whether there exist long binary codes with performance improving upon the G–V bound. A similar statement was true in case until the early 1980s. Around 1980, the nonbinary V. D. Goppa [2] used the theory of algebraic curves to construct a new family of codes, now referred to as algebraic-geometric (AG) codes. of an AG code defined over a curve of genus The length , is roughly equal to the number of rational points on the curve, i.e., equal to the number of points having coordinates in of elements over which the curve is defined. the finite field The performance of an AG code of length is governed by the equation
and thus depends upon the ratio . Good codes result when is small. However, the Drinfeld–Vl˘adut¸ (D–V) the ratio bound states that this ratio cannot be too small
0018–9448/01$10.00 © 2001 IEEE
2226
Fig. 2.
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
G–V bound and T–V–Z bound over GF (256).
In 1982, Tsfasman, Vl˘adut¸, and Zink (T–V–Z) [3] showed for the case when is a perfect square, the existence of curves, ratio achieves the D–V known as modular curves, whose , the resulting AG codes had performance bound. For exceeding that of the G–V bound, a result that caused considerable excitement in the coding community (Fig. 2). However, the modular curves in [3] did not have an explicit description. An is given algorithm for code construction of complexity in [4, Ch. 4.3]. This complexity has since been reduced in [5] to . In a major step forward in 1996, Garcia and Stichtenoth (G–S) [6], [7], building on ideas of Feng and Pellikaan, showed that two explicitly described sequences of curves also achieve the D–V bound. More recently, other examples of asymptotically optimal towers have been given by Elkies [8]. See [9] for an interesting connection between asymptotically optimal towers of function fields and iterated means. The two curves described by Garcia and Stichtenoth in [6], and take [7] are defined over , a perfect square, i.e., on the form in both cases, of a sequence of curves of increasing satisfying genus and number of rational points
In [10], Voss and Høholdt provide generator matrices for codes constructed on the first three curves in the first sequence of curves of Garcia and Stichtenoth. Some additional details are provided in [11]. In [12], Haché extends this result to the fourth . curve in the same sequence for the particular case The focus of the present paper is on the second sequence of curves. The th curve in this sequence is defined by the equations (1) It is common to think of this sequence of curves as a tower of curves where is the -level
tower, i.e., the tower defined by the first equations. The oneis taken to be the projective line over . level curve In the typical construction of a code on an algebraic curve, on an algebraic curve is singled a particular rational point out. The collection of all functions defined on the curve, whose only pole is with pole order upper-bounded by a fixed integer , forms a vector space . The integer is a parameter of code construction, one that governs the dimension and minis a basis imum distance of the AG code. If for this vector space, then the th, row of over generator matrix of the AG code constructed the on the curve is obtained by evaluating the function at all or a subset of the rational points on the curve other than . AG codes constructed in this way are referred to as “one-point” codes. Thus, given a curve and a rational point on the curve, one to needs to find a basis for the vector spaces be able to build codes of varying dimension and minimum distance. The problem of finding a basis for the spaces in the case of the curves exhibited by Garcia and Stichtenoth has proved to be a challenging one. In [13], Pellikaan, Stichtenoth, and Torres determine, for every integer , the dimension of the for a particular choice of . In [14], Aleshvector space nikov, Deolalikar, Kumar, and Stichtenoth identify a simply described set of functions whose span includes the vector spaces . By this we mean that any function in any of the vector can be expressed as a linear combination of the spaces elements of . Given a suitable set that contains all regular functions, an alternative Groebner-basis based approach to identifying the regular functions within this set is presented in [15]. The present paper also deals with “one-point” AG codes. As a first and crucial step in code construction, we identify, as in [14], a set of functions with the property that their span includes the . The difference here is that the size of the vector spaces set is roughly the square root of the size of the set used in [14]. It is the smaller size of this set that allows us to provide a low-complexity algorithm for constructing the generator matrix of the AG code. The set is identified by viewing the vector space
as the integral closure of the polynomial ring and using the theory of dual basis [16]. Identification of the set is perhaps the principal contribution of this paper. Having identified the set , the algorithm then proceeds as happen to have undesired poles follows. The functions in at a collection of points on the curve distinct from . The common approach in such situations, which we adopt here, is pole cancellation via power series expansions. A power series expansion is determined for each function at each of the points in . Simple Gaussian elimination is then used to carry out pole cancellation, i.e., is used to determine the precise linear combinations of elements in whose poles are confined to the single rational point . The functions so obtained can be shown to . A minor complicaform a basis for the vector spaces tion that arises in the case of the G–S curve is that at some points but in , the coefficients in the power series belong not to
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
to an extension field. This property of the curves is discussed in detail in [17]. However, in such cases, one can continue to by replacing each coefficient work in the preferred field of , by a vector over that belongs to an extension field , i.e., by treating as a vector space over . The overall complexity of this algorithm, measured in terms of multiplicais upper-bounded by tions and divisions over the finite field where is the code length. We emphasize that this figure is an upper bound on the complexity, rather than an estimate of the order of complexity. was imThe algorithm outlined above for the case plemented in PARI/GP and made to yield a basis for the vector in the case of the three- and four-level towers spaces and ( and in (1)), respectively. For the sake of are presented here, the results for brevity, only the results for may be found in [18]. Using a separate approach, a closed-form expression for the on the three-level tower ( bases of the spaces in (1)) are derived in [18] that hold for arbitrary . These results are presented here without proof. After the initial preparation of this paper, we learned that the same closed-form expression had been obtained earlier by Pellikaan [20]. Apart from results relating to basis construction, the paper also studies through examples, the performance of codes constructed on the G–S tower. , the genus and the number of code places of the When are tabu“one-point” AG code obtained from the tower denotes the genus of the curve lated below. In the table, corresponding to the -level tower and , the length of the corresponding AG code.
2227
magnetic recording, optical communications, and in the broadcasting of digital TV signals by satellite, where bit error rates smaller than are desired. The asymptotic performance of the resulting binary codes is presented in Fig. 4. The presentation of the paper is in the language of function fields. Here one views the curve from the viewpoint of the field of functions defined on the curve. At times, in the analysis of the G–S curve, one is forced to distinguish between the three cases odd, , and , even. For the sake of simplicity, we adopt the following approach. Where no separation of cases is necessary, we treat the general case. Where there is a difference, , even, as this is the case of we discuss only the case greatest current practical interest. The discussion in the other cases differs only in technical details and details may be found in [18]. Section II provides background on the curves of Garcia and Stichtenoth. The set of functions is identified in Theorem 5 of Section III. The algorithm for pole cancellation is presented in the next section, Section IV, which also presents an example imis the code plementation of the algorithm for the case when symbol alphabet. Concatenation with binary codes is discussed in Section V. The closed-form expression for the basis for the is presented in Section VI. The complexity three-level tower of the algorithm is estimated in the Appendix. II. BACKGROUND AND NOTATION We introduce the G–S curves in the language of function fields. From this viewpoint, the G–S curves form a tower of Artin–Schreier extensions of the rational , given by function field (2) (3) where (4)
As expected, the ratio approaches . The code rates and relative minimum distances of the AG codes obtained are plotted in Fig. 3. Note that the performance curves take on the form of straight lines that converge from above to a limit that exceeds the G–V bound in some region. Since the code length increases exponentially in the parameter , only codes from the first few levels are expected to be of current practical interest. Improved estimates of the true minimum distance can be found in [19]. Also studied, are the binary codes obtained by concatenating AG codes on the second G–S tower with suitably chosen short binary block codes. For practical reasons, we restrict the size of the symbol alphabet of the outer AG code to . The large minimum distance of these binary concatenated codes could cause them to be of interest in applications such as
In general, if is a set of places belonging to , we will lying above a place in , simply as refer to places in , places in that lie above . A similar interpretation holds for the case when we speak of places lying below a collection of attached to a place will be places. Also, the superscript used to indicate that the place belongs to the th function field . , , denote the unique zero of in . Let Let denote the unique pole of in . The place is totally ramified in the function field tower. The behavior in the is more complicated and tower of the places lying above be the unique is discussed in the subsection below. Let lying above . Some known properties of the place in G–S tower, taken mostly from [7] are listed below. is the full constant field for Field of Constants: . all , Ramification: Let
2228
Fig. 3. Performance of AG codes over
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
for the first five levels.
Fig. 4. Concatenation with five binary codes.
Ramification in the tower takes place only above the places and , . The places and for are totally to ramified throughout the tower (see Fig. 5). We define places of degree one that are zeros of denote the and denote by , , the places in that . Ramification behavior above the place is lie above , the discussed in the subsection below. For every
places in are either unramified in or else, are totally (and wildly) ramified. of is given by Genus: The genus
Thus
.
for
odd
for
even.
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
Fig. 5.
2229
The place splits completely in . Thus, there . Each of these are places of degree in that lie above places is a zero of for some . The place is . We use to one of these places and corresponds to places in that lie above and that are denote the , . Note that the place is excluded zeros of , let denote the set of from this set. For any that lie above ; in particular, is the set all places in which are zeros of for some . of all places of , , the places in are unramified in For . For , the places in are totally . For , , the places in ramified in are unramified in . For any , the places for could have degree larger than one. in This aspect is discussed below in greater detail.
Ramification diagram for the tower.
C. Degree Expansion Above Number of Places of Degree One: The places split completely in . Thus, the number . Since of degree satisfies
, of places
the tower asymptotically meets the D–V bound. The exact is given by (see [17]) number of places of degree for for odd for even
.
Rings of Functions: Define integral closure of
in
Then, is the ring of functions that have pole only at has the alternative description
We will refer to an element of
The material in this subsection is taken from [17], [18]. The behavior with respect to splitting and degree expansion of places turns out to depend upon whether is odd, lying above , or is even and . We focus here on the case , even as this is the case of greatest current, practical interest. The other cases are treated in [18]. to denote the Given a place in function field , we use associated valuation function
and
as a regular function.
We will follow [7] and use to denote an element in having valuation equal to or larger than the valuation of , i.e., means that . The theorem in this section explains the splitting behavior of , as we go up the tower from to (see places in Fig. 6). More precisely, focus is on the splitting behavior from to where since we know that when , the places in above are totally ramified. For any nonnegative integer , we define unique integer
A. The Code Places , lying above for some A place will be called a code place, because an AG code is obtained by evaluating regular functions at the code places. From [7], it is , the place splits completely and that known that in code places, all of degree there are, consequently, to denote the set of all code places. one, in . We use B. Behavior Above Fig. 5 illustrates much of the notation and behavior described lying above are conveniently partihere. The places in as follows. tioned into disjoint sets , denote the unique place in that Let . The choice of subscript rather than may is a zero of puzzle the reader at this point, but turns out to be more conve, nient. The degree of this place is one. When coincides with . For , is also a zero of . We will sometimes treat , as if it were a set consisting of a single place.
given by
and set
, i.e.,
We use , particular,
to denote the extension GF . We also set .
of
. In
. Theorem 1: Let be an integer, so i) Let be an integer in the range . Let be the constant field that , . In , all places extension lying above are of degree one and there are such places. These places are in one-to-one , correspondence with solutions to the equations (5) (6) (7) (8)
2230
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
A. The Desired Basis For
, let if if
The valuations of the above functions at the various places in of interest are tabulated in Table I. As an example, the upper is equal to . left entry means that the valuation of at The sections to follow will often make use of these valuations. Lemma 2: The following are a pair of dual basis for ,
Fig. 6.
Splitting of place S
ii) At the place
Proof: The minimal polynomial of
is
, we have the expansions (9) (10)
for
The result now follows from the proof of [16, Sec. III.5.10]. Upon multiplication and division by the constant see that the pair
, we
(11)
, all places in lying above are of iii) For and there are such places. degree . There are places of degree one in lying above iv) Suppose
over
.
also form dual bases for
over
. Setting for all
we obtain the following.
. All places lying above in , , have degree and there are such places.
Theorem 3: The -fold products (12)
III. AN EXPRESSION FOR REGULAR FUNCTIONS Let be a vector space basis for denote the dual basis, i.e.,
over
form a basis for
having dual
given by
and let
for else is the trace function. If a basis can where : , i.e., be found where all of whose elements are contained in , then by [16, Theorem are regular everywhere except at III.3.4], we have
(13) It is known from [13], that the functions . Thus, every element in is regular. only at of
Lemma 4: If are confined to
, the only pole of is .
have pole
, and the zeros
B. The Desired Expression As pointed out above, by [16, Theorem III.3.4 ], we have that can be expressed in the form every regular function in
which tells us that every element in has expression as a linear with coefficients combination of elements in the dual basis . Our goal in this section is to idenin the polynomial ring . This will be the first step toward obtaining tify such a basis the desired expression for regular functions.
(14) with coefficients
. Our next goal is to show that
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
2231
TABLE I VALUATION TABLE
Let
be a place in . Since is totally ramified in must be a multiple of for any polynomial have valuation The variables ,
, .
respectively. It follows that each term in the summation in (14) has a distinct valuation at . For the sum in (14) to have nonnegative valuation at , it follows from the Strict Triangle Inequality that each term must have nonnegative valuation at as well, i.e.,
Using the fact that
for
, this implies
It follows that must divide and since this is , we have that . As a result, every true for all has an expression of the form function in
(15)
2232
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
where
. Note, moreover, that since the pole orders of are distinct powers of , every term in the summa. tion in (15) has distinct pole order at We next show how one can place an upper bound on the exponent of . We define the weight of an element as the negative of the valuation of at
The weights of the regular functions of are precisely the . The pole numbers at are known pole numbers at to form a commutative semigroup1 under addition [13]. This semigroup has a conductor (i.e., the smallest pole number such that all succeeding integers are pole numbers)
The elements , have a pole only at of order , , respectively. A basis for over can, therefore, also be found by finding a basis for functions in with weight bounded above by where
IV. POLE CANCELING ALGORITHM We continue with our assumption that denote the set of -tuples Let satisfying
is even.
respectively. Arguing as in Section III-B, one can show that must divide when . For , there is no change must divide . This leads to an and we still have that . alternative expression for the functions in Theorem 6: Every function in form
has an expression of the
(16) and then multiplying these basis functions by various powers of . We have
(18) and . Moreover, the weights of the sumwhere mands are pairwise distinct.
Clearly, we can limit the exponent such that the weight of
of
is less than or equal to the conductor plus following upper bound on :
to the largest value
. This leads to the
The above expression has the advantage over (17) that every . We will refer to each summand is regular at all places in summand in (18) as a quasi-regular (q-r) function. It can be verified that each q-r function is also regular at each place in . Thus, the poles of a q-r function are confined to
From (17), the number
of q-r functions is no more than (19)
denote the set of q-r functions arLet has the maximal ranged in order of increasing weight, i.e., weight. Setting
i.e.,
We thereby have the bound . This leads to the desired expression for regular functions. has an expression of the Theorem 5: Every function in form (17) and . Moreover, the weights of the sumwhere mands are pairwise distinct. 1A semigroup is a nonempty set together with a binary operation which is associative.
we have that the poles of a q-r function are confined to . The poles in are undesirable. of degree one, we can expand as For any place is a power series (p-s) in terms of a uniformizer of . If a pole of , the principal part of the p-s, i.e., the portion with has weight that is a nongap negative degrees, is nonzero. If , then there must be a in the Weierstrass semigroup of regular function with the same weight that can be expressed with coefficients . This folin the form is contained in the finitely generlows from the fact that together with the observation that ated -module the weights of ’s are pairwise distinct. The same summation
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
, with replaced by its p-s, is a p-s with no principal has resulted in a part. Thus, the linear combination “cancellation” of the poles at the place . A small complication arises when the degree of a place is larger than one. Under an appropriate constant , splits completely into places of defield extension gree one. One approach is to treat as places and carry out power series expansions for each of the places. The power series expansion coefficients would, in general, have coefficients of . However, the folbelonging to the extension field lowing observation can be used to reduce the computational workload. be any place lying above . For any element Let , we have
because the extension is unramified and Galois. In particular, has a pole at if and only if it has a pole in every lying above in the constant field extension place [16, Secs. III.5.2, III.7.1]. It follows from this that it is sufficient lying to do pole cancellation in only one of the places above . The above discussion suggests the following pole canceling algorithm. A. The Algorithm The algorithm proceeds in two stages. Step 1: In the first stage, a matrix having rows is set up. Each row of this matrix is associated to is no larger than a distinct q-r function whose pole order at defined in (16). Thus, in building up the mathe quantity trix , we specifically discard those q-r functions whose pole exceeds . The columns of are in one-to-one order at and each row of correspondence with the code places in is obtained by evaluating the respective q-r function at all code places. Each row of the matrix on the left represents a concatenation of the p-s expansions, of the q-r function attached to lying above that also belong that row at the places in . We will show in the Appendix that the number of to . columns of is upper-bounded by These p-s expansions are always in terms of local parameters of the respective place. The entries in correspond to coefficients in the principal part of the p-s. In general, the coefficients of with the degree in the p-s belong to a finite extension of this extension equaling the degree of the respective place. To keep track of the complexity of our algorithm, it will be found as a vector with convenient to express each coefficient in components corresponding to an expansion with re. Thus, with this vector representation, spect to a basis for all entries in belong to . is Step 2: In the second stage of our algorithm, the matrix then row reduced using elementary row operations to produce a matrix of the form
2233
The zeros in below correspond to linear combinations of q-r functions that are regular everywhere except at infinity. Row reduction can be carried out in such a way that the rows of corresponding to regular functions have increasing weight as we go down the rows, so that the last row has largest weight . Thus, the rows of are the values at the code places, at of regular functions having weight corresponding to elements that are less than or equal to of the numerical semigroup at The matrix can now be used as a template that can be made to yield the generator matrices of one-point AG codes of varying dimension. If the AG code has parameter (see Sec, i.e., the generator matrix of the AG code tion I) and , then by approis obtained by evaluating functions in one recovers a generator matrix of priately deleting rows in , then one needs to augment with the AG code. If rows. an additional , would correspond to the The th row, values of some function belonging to the set But, as shown earlier, such a function can be found by multiplying a q-r function by a suitable power of and so obtaining these additional rows is a task of low complexity. An estimate of the complexity of the algorithm can be found in the Appendix. This Appendix shows that the number of operations over has the upper bound stated below. Theorem 7: The generator matrix of the AG codes of length associated to can be computed using operations in the field when is even. (it covers all the cases of current practical If interest when is large), the complexity is upper-bounded by . The above algorithm can be refined as discussed in [18]. However, this refinement improves the above estimate by at most a constant factor that depends only on the value of . Also, replacing Gaussian elimination by a more efficient algorithm does not that makes use of the special structure of the matrix significantly decrease the overall complexity of the algorithm since the complexity of computing power series is comparable to the overall complexity of the algorithm. B. Computational Results The above pole canceling algorithm was implemented using , i.e., PARI/GP for the case of code symbol alphabet . The resulting basis for the vector space
over
of all regular functions with weight upper bounded by in the function field appears below. The basis for regcan be found in [18] ular functions at the next level
2234
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
binary
parity-check code, resulting in a binary code. With , we have a binary code. The relative rate. distance is The parameters of the binary codes in Examples 1 and 2 are presented along with the G–V bound in Fig. 4. At rate , the numerical value of the G–V bound equals . We next compare the binary codes in Examples 1 and 2 with Bose–Chaudhuri–Hocquenghem (BCH) codes. A binary BCH code is obtained by letting be a primitive element in GF and be the roots of the generator polynomial. After shortbinary code. ening, we obtain a be a primitive element in GF . The generator Let generates a binary polynomial with roots BCH code, which can be shortened to code. a binary The next example2 generalizes Example 1 to a sequence of codes. V. CONCATENATION WITH BINARY CODES One can obtain efficient and long binary codes by concatenating nonbinary AG codes with suitably chosen short binary block codes [21, Ch. 18, Par. 8], [22]. Concatenation of an AG code constructed on the function ( even) with an binary code yields an field binary code. To achieve an . The asymptotic overall rate , one simply picks parameters of the resulting binary codes are
AG Example 3: Concatenation of the with the parity-check code yields codes from binary code. If a ratecode a . The minimum distance is then is desired, we pick greater than
We, thus, have a sequence of ratebinary codes whose lim. iting relative minimum distance is greater than Let denote the relative minimum distance in the limit as the length goes to infinity. Then and satisfy the relation
This performance is plotted in Fig. 4 for various choices of inner . In our examples, we have for praccode parameters . tical reasons, limited the size of the outer code alphabet to For a more general discussion on the performance of binary codes obtained through concatenation with an outer AG code, see [23, Ch. 7, pp. 672–677 and Ch. 23, pp. 1948–1954]. The results of the present paper can be seen to answer Open Problem 4.9, in [23, Ch. 23, p. 1953] in the affirmative. has genus , Example 1: The function field has paand the associated AG code with alphabet . After puncturing this code rameters code and concatenating with to a parity-check code, we obtain a binary the binary code. With , this becomes binary code. The relative a rate. distance equals has genus . Example 2: The function field with parameWe can construct an AG code over . We concatenate it with the ters
We will show in Appendix A that the complexity of conis upper-bounded by , structing AG codes on is the length of code. Through concatewhere nation, this yields an algorithm of complexity that produces binary codes of length with parameters close to the binary G–V bound. VI. BASIS FUNCTIONS FOR CODES FROM THE FIRST THREE LEVELS FOR GENERAL In this section, we present explicit basis functions for the and . The results are valid for second and third levels any characteristic and any prime power . An approach different from the pole canceling approach was used to derive these results and proofs can be found in [18]. At the late stage of preparation of this paper, the authors discovered that the result in this section had already been found by Pellikaan in [20]. Theorem 8: The functions
are basis functions for the ring
of the function field
.
2This example was presented by I. Duursma at the Oberwolfach Conference on Coding Theory, April 30–May 4, 2000.
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
For the third level ement
, we need the some definitions. The el-
2235
APPENDIX A. Estimating Complexity of the Algorithm
has weight . Define the step function if if else. less than Theorem 9: In , the pole numbers of correspond to weights of powers of . If is an integer larger ( is a pole number), we can find , than or equal to , and such that
with
To estimate the complexity of row reduction, we will need to know the number of rows and columns of . From (19), we is no more than . The have that the number of rows in has columns and so it remains to submatrix of determine the number of columns of the matrix . 1) Counting the Number of Columns of : a) Maximal pole order: To determine the number of in columns in , we need to determine at every place , the largest pole order at of any q-r function. In determining the pole order of a q-r function, we may disregard powers of as is a unit at the places of interest. , is and the The only pole of the element , corresponding pole divisor is
and . If , then is a regular function with weight . Otherwise The zeros of are confined to , then the valuation of place in
, at
. If
is a
is
is a regular function with weight . We illustrate the theorem by presenting the basis functions , as an example. In the table below, we use to for , denote a regular function of weight .
We consider two cases. : Let be a fixed place in the region of ramifi, i.e., with . Then we cation above have
where
Hence, for
(20) Thus, the maximum pole order of q-r functions at any place in with is upper-bounded by the quantity defined above. : Similarly, for with , we have
2236
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
where
This leads to, for (21) with so that the maximum pole order at any place in is once again upper-bounded by the quantity is common expression for for
The complexity is measured in terms of the number of multiplications and divisions required over the finite field . It turns out that this complexity varies with but is the same for all . places within the same set Degree of Places and Finite Field Operations: From Theequals where orem 1, the degree of a place in satisfies if
. A
if (22)
: As mentioned earlier, b) Total degree of places in in of degree , this place splits into given a place places under the constant field extension . At any of the places , the coefficients in the . It is sufficient to p-s expansion of a q-r function belong to carry out pole cancellation at any one of the places . As a result, the number of columns of can be obtained by , of the maximal forming the product for each place in pole order of a q-r function at that place times the degree of that . place and then summing this product over all places of From the previous subsection, we see that our upper bounds given by (20) and (21) on the maximal pole order of a q-r funcare a function only of and are, therefore, tion at a place in . For this independent of the choice of particular place in is of interest. This reason, the sum of degree of places in sum equals for for
.
as a p-s in a local Thus, when one expands a function , the coefficients in this powerparameter at a place of series expansion belong, in general, to the extension of degree . To be able to measure complexity in terms of the number of operations over , we represent each element in as a vector with components over by selecting as the set a vector space basis for
where is a primitive element in the finite field . Under this representation it can be verified that a multiplication of two can be carried out using no more than twice elements in the square of the degree of the extension multiplications over multiplications over the the field , i.e., no more than can be performed field . Division of two elements in multiplications over . with no more than Number of Significant Terms: The entries in the matrix correspond to the principal part of the p-s of a q-r function at . When we speak of the first significant a place terms in a p-s
From the above, it follows that the number of columns in is upper-bounded by we refer to the partial sum
We only sum from to in the equation above, since of our dual from Section IV, we know that the elements . With this, the total number of basis have poles only in is given by columns in the matrix
2) Power Series Computation: The goal in this subsection is to estimate the complexity of setting up the entries of the matrix in Section IV-A, i.e., the complexity of determining p-s expansion in terms of the local parameter for every q-r function over every place in
As far as setting up of the matrix is concerned, the number of significant terms of interest in the p-s of a q-r function at a place equals the pole order of the q-r function at that place. On the way to computing this p-s, the p-s of several other intermediate functions have to be computed. The question arises as to the number of significant terms needed in the case of a function computed at an intermediate stage. It can be verified that if we to significant terms then we also know the know the p-s of , to significant terms. If the valuations of and p-s of at a place are different, then the same goes for any linear comwhere belong to some finite extension bination of . However, if and have the same valuation at a place , then it is possible for the linear combination to have significantly larger valuation which means that we know to a lesser degree of precision. It turns out that in our computation, there are some additions during which this loss of precision does, in fact, take place. However, as it turns out, this loss in precision can be compensated for by doubling the precision, i.e., by
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
starting out with twice the number of significant terms needed. This is explained below (see also [18]). Use of Double Precision: As explained above, when adding two power series corresponding to elements having the same valuation, it can happen that the sum is known to lesser precision than the summands. In the p-s program (see the latter part of the Appendix), there are two instances when this precision loss occurs and both correspond essentially to the same computation given in (27) and (28). The first instance when one computes the sum in corresponds to , but (27). We have
if Thus, we have incurred a loss in precision equal to terms. The second instance of precision loss corresponds to the computations in (27) and (28) where we attempt to calculate the power for . While both terms series of
2237
In the process of dividing a p-s by a second nonzero p-s to , if the leading coefficient of , i.e., the coefficient compute of the smallest degree nonzero term in is , it takes multiplications over and no division is required at all. In general, division of p-s reduces to the special case mentioned above after dividing each coefficient of by the leading coefficient. Thus, division of p-s requires no more than multiplications and divisions over . The complexity of p-s division in terms of -multiplications is thus less than
It was shown earlier in this section that . The minimum of significant terms is at least requirement for the number . Therefore, is bounded above by , and p-s division has multiplications over , which is complexity less than . equivalent to multiplications over to the th In the algorithm, we will need to raise a p-s over power. This can be done quite simply by raising each coefficient to the th power and multiply the exponents of uniformizer by
and in (27) have the same negative valuation , their sum has positive valuation. However, some of this loss in precision is regained in (28) in the addition of and where the first term has negative valuation and the second term has nonnegative valuation. Thus, when , the overall loss in precision equals
For , the loss in precision equals . The table at the bottom of this page tabulates the loss in prefor cision during the entire power series calculation in . It is assumed that we start with significant terms in . To compensate for this loss, it is enough to simply start out than the precision needed. with a precision that is larger by Since the maximal pole order of a q-r function at a place equals for , it suffices to use “double precision,” and carry out all computations to significant terms from the outset. Power Series Operations: Suppose and are p-s with of . It can be verified that coefficients in an extension field if both and are known to precision , i.e., to significant can be computed to precision using terms, then multiplications over the field .
Variable Precision
However, given that one wishes to retain only significant terms, it is only necessary to apply the th-power operation to terms. The complexity of raising a p-s to the th the first multiplications over . power is thus less than In summary, we may upper-bound the complexity of either p-s multiplication or p-s division by multiplications over and the complexity of raising a p-s to the th power by multi. plications over Symmetry of the Tower: The tower has a certain symmetry that can be exploited to simplify computations. Namely, that the equations of the tower remain unchanged if we make the substitution
At the same time, this mapping also establishes a one-to-one correspondence between places in the sets
As a result, given the p-s expansion for , at a place , , one can compute the p-s expansion at the corresponding place in simply by inverting for this p-s. a) Procedure for computing the power series: We begin of no ramificahere by considering first, the region above tion, i.e., by considering the complexity of determining the p-s , . The symmetry of the tower at a place
2238
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
can then be used to determine power series expansions at places corresponding to ramification. above : It can be checked that every place in for in this range, has as local parameter. The p-s of all the is computed in stages. q-r functions at a fixed place In the first stage, we determine in sequence the p-s expansions in that order. of . Given , and a p-s expansion for Let at in terms of the local parameter , we set
Power Series of the q-r Functions: Having computed the p-s of at every place in , we are now ready to calculate the p-s of the q-r functions
(23)
To go from one function to the function having the next highest weight, we typically need one multiplication as for example
The defining equation for
Since
has a zero at
can be written in the form
, the p-s of
can be computed using (24)
The addition is repeated until significant terms are obtained where is the number of significant terms desired in the powerseries expansion. By iterating this process, we will have com. puted the p-s of is only The procedure for computing the p-s in case of for some slightly different. We know that . We can write (25) which yields (26) To compute the p-s of
for
, we use the relationship
contained in Theorem 1, where is a solution to the tower of linearized equations in Theorem 1. This allows us to write
(27) where puted as
has a zero at
This computation can be set up sequentially, in the order of increasing weight, starting with the function
. The p-s of
can then be com-
(28) : As mentioned earlier, the symmetry in the tower at a place can be used to compute the p-s of , simply by taking reciprocals and index in reversal.
However, when the present function corresponds to an expoand the function with the next highest weight nent , then one needs to multiply by in to an exponent to obtain , addition to multiplying with some variable i.e.,
This requires two multiplications. Thus, in summary, given and also for each of the varipower series expansions for , the p-s computation of the q-r ables functions can be carried out sequentially in such a way that each additional q-r function can be computed with at most two p-s multiplications. Below, we provide a “program” for computing the power series. It is assumed in the program that all solutions to the tower of linearized equations in Theorem 1 have been precomputed. Also, in the program, given a of some degree , when we speak of computing place the p-s at , we mean the computation of the p-s at one of of degree one lying above the places in the constant field extension . Each place is in one-to-one correspondence with the solutions of (8) and one of them is chosen arbitrarily. Program Outlining Procedure for Power Series Computation: In the text, we will refer to this program as simply, the p-s program. terms in 1 Power series precision 2 for /* Unramified region */ 3 for each place in 4 for 5 6 7 end for 8 9 10 for 11 compute and in (27) and (28) 12 end for for 13 save 14 save 15 end for
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
end for for in the range for each place in for ; end for end for end for Reduce the p-s precision to In each place in
2239
Lines 1–23: The nested for-loops between line 16 and 23 require
/*Ramified region*/
multiplications over the finite field . Thus, the total number -multiplications between line 1 and 23 has the upper of bound
terms in , do
for Since one multiplication in translates into tiplications over , in terms of multiplications in bound on multiplication count equals
end for for Compute the p-s at of the th q-r function end for end do Repeat steps 25–33, for every code
where 3) Upper Bound for the Overall Complexity: In the following, we use the word p-s operation to indicate either a p-s multiplication or a p-s division. When we speak of a certain , we will p-s operation as requiring multiplications in mean that the p-s operation will require multiplication and , equivalent in effort to possibly division of elements in multiplications in . , p-s multiplicaLines 4–7: Given the p-s for in suctions are required to compute as a by-product. In cession and we obtain is computed by raising to successive line 6, the p-s of th powers and then taking the sum of these powers. Since the significant terms, the operation of raising power series has multiplithe p-s to the th power is equivalent in effort, to cations. By considering valuations at , it can be seen that there terms in the summation. Thus, lines 5 and 6 toare at most multiplications in the extension gether require . field Lines 8–9: Similarily lines 8 and 9 require multiplications in . Lines 11–12: In line 11, after computing the powers
two additional p-s operations are needed to compute using multiplications to (27) and (28). Thus, it takes execute the for loop between lines 10 and 12. Lines 3–15: Combining the above, we see that the number involved in executing lines 3–15 of multiplications over does not exceed (29)
mul, the upper
is the constant (30)
The constant can be interpreted as a count of the number of multiplications in required to perform one p-s operation at when the power series coefficients each of the places in and there are significant terms in the p-s. lie in and After executing line 23, we have the p-s for . In lines 24 and beyond, there are no further additions to be performed and it is, therefore, safe to use single terms in each precision, i.e., retain only the most significant . power series rather than Lines 25–34: The for-loop between lines 27 and 29 rep-s operations. The computation of in Line 30 quires p-s operations. As mentioned earlier, the calalso needs culation in line 32 requires at most two power series multiplications per function. Since the number of functions is less then , the complexity of executing lines 25–34 does not exceed
multiplications in . Line 35: To construct the matrix , lines 26–33 are repeated for each code place. Here we are given the coordinates of a code place and are required to compute the value of the corresponding q-r function at that place. This value is computed by computing in succession, the values of the functions listed in lines 25–34. Thus, this step does not involve any p-s compucan tations. The computation of each multiplications over (required to combe done using ). Given , it takes a further multiplications pute to compute and an additional -multiplicaover tions to obtain . Each column of is constructed sequentially from the top to the bottom row and each entry requires for the
2240
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
same reasons as before, at most two -multiplications. Thus, the complexity of executing line 35 equals
We can rewrite the second term in the above equation as
number of code places
Overall Complexity of Computing Power Series: The overall complexity in terms of -multiplications, required to set up the p-s as well as the entries in , is, therefore, upper-bounded by
The total number of by
-multiplications is now upper bounded
(31) To calculate , note that in (30) by one of the factors
. Replacing we obtain
The first inequality above holds when and . For , explicit basis functions are available (see Section V), and the generator matrix of the corresponding AG code can be computed explicitly and efficiently. This proves Theorem 7 in Section IV. REFERENCES
The first inequality above is obtained by extending the summa. The second inequality follows tion by running from to . from the assumption that From (31) and the above upper bound on , we obtain the following upper bound on the complexity of the p-s setup in terms of -multiplications: (32) Note that the last term within square brackets in (31) dominates, and we still have an upper bound if we ignore the other terms in the square brackets. The inequality in (32) is obtained by by , and it holds for . replacing -multiplications in the row reduction The number of process is less than the square of number of rows times the number of columns
(The number of divisions over required in row reduction is negligible in comparison with the number of multiplications.) As a result, the total number of -multiplications including both power series computation and row reduction phases is bounded above by (33)
[1] R. J. McEliece, E. R. Rodemich, H. C. Rumsey, Jr., and L. R. Welch, “New upper bounds on the rate of a code via the Delsarte–MacWilliams inequalities,” IEEE Trans. Inform. Theory, pp. 157–166, Mar. 1977. [2] V. D. Goppa, “Codes on algebraic curves,” Sov. Math.–Dokl., vol. 24, pp. 170–172, 1981. [3] M. A. Tsfasman, S. G. Vl˘adut¸, and T. Zink, “Modular curves, Shimura curves and Goppa codes better than the Varshamov–Gilbert bound,” Math. Nachrichtentech., vol. 109, pp. 21–28, 1982. [4] M. A. Tsfasman and S. G. Vl˘adut¸, Algebraic Geometric Codes. Dordrecht, The Netherlands: Kluwer, 1991. [5] B. López, “Codes on Drinfeld modular curves,” in Coding Theory, Cryptography and Related Areas, J. Buchmann et al., Eds. Heidelberg, Germany: Springer, 1998, pp. 175–183. [6] A. Garcia and H. Stichtenoth, “A tower of Artin–Schreier extensions of function fields attaining the Drinfeld–Vl˘adut¸ bound,” Invent. Math, vol. 121, pp. 211–222, 1995. [7] , “On the asymptotic behavior of some towers of function fields over finite fields,” J. Number Theory, vol. 61, no. 2, pp. 248–273, Dec. 1996. [8] N. Elkies, “Explicit modular towers,” in Proc. 35th Annu. Allerton Conf. Communication, Control and Computing, Urbana, IL, 1997. [9] P. Solé, “Towers of function fields and iterated means,” IEEE Trans. Inform. Theory, vol. 46, pp. 1532–1535, July 2000. [10] C. Voss and T. Høholdt, “An explicit construction of a sequence of codes attaining the Tsfasman–Vl˘adut¸–Zink bound the first steps,” IEEE Trans. Inform. Theory, vol. 43, pp. 128–135, Jan. 1997. [11] D. Umehara and T. Uyematsu, “On codes from Artin–Schreier extensions of Hermitian function fields,” preprint. [12] G. Haché, “Construction effective des codes géométriques,” Ph.D. dissertation, Univ. Pierre et Marie Curie Paris VI, Paris, France, 1996. [13] R. Pellikaan, H. Stichtenoth, and F. Torres, “Weiestrass semigroups in an asymptotically good tower of function fields,” Finite Fields their Applic., vol. 4, pp. 381–392, 1998. [14] I. Aleshnikov, V. Deolalikar, P. V. Kumar, and H. Stichtenoth, “Toward a basis for the space of regular functions in a tower of function fields meeting the Drinfeld–Vl˘adut¸ bound,” in Proc. 5th Int. Conf. Finite Fields and Applications, University of Augsburg, Germany, Aug. 1999. [15] D. Leonard, “Finding the defining functions for one-point AG codes,” preprint. [16] H. Stichtenoth, Algebraic Function Fields and Codes. Berlin Heidelberg, Germany: Universitext. Springer-Verlag, 1993. [17] I. Aleshnikov, P. V. Kumar, K. Shum, and H. Stichtenoth, “On the splitting of places in a tower of function fields meeting the Drinfeld–Vl˘adut¸ bound,” IEEE Trans. Inform. Theory, vol. 47, pp. 1613–1619, May 2001. [18] K. Shum, “Low-complexity construction of algebraic geometric codes better than the Gilbert–Varshamov bound,” Ph.D. dissertation, Univ. Southern Calif., Los Angeles, 2000. [19] H. Chen, “Codes on Garcia–Stichtenoth curves with true distance greater than Feng–Rao distance,” IEEE Trans. Inform. Theory, vol. 45, pp. 706–708, Mar. 1999.
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
[20] R. Pellikaan, “On the missing functions of a pyramid of curves,” in Proc. 35th Allerton Conf. Communication, Control and Computing, Sept. 29–Oct. 1, 1997, pp. 33–40. [21] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes. Amsterdam, The Netherlands: Elsevier, 1977, Number 16 in North-Holland Mathematical Library.
2241
[22] G. L. Katsman, M. Tsfasman, and S. G. Vl˘adut¸, “Modular curves and codes with a polynomial construction,” IEEE Trans. Inform. Theory, vol. 30, pp. 353–355, Mar. 1984. [23] V. Pless and W. Huffman, Handbook of Coding Theory. Amsterdam, The Netherlands: North Holland, 1998.
2225
A Low-Complexity Algorithm for the Construction of Algebraic-Geometric Codes Better Than the Gilbert–Varshamov Bound Kenneth W. Shum, Student Member, IEEE, Ilia Aleshnikov, P. Vijay Kumar, Senior Member, IEEE, Henning Stichtenoth, and Vinay Deolalikar
Abstract—Since the proof in 1982, by Tsfasman Vl˘adut¸ and Zink of the existence of algebraic-geometric (AG) codes with asymptotic performance exceeding the Gilbert–Varshamov (G–V) bound, one of the challenges in coding theory has been to provide explicit constructions for these codes. In a major step forward during 1995–1996, Garcia and Stichtenoth (G–S) provided an explicit description of algebraic curves, such that AG codes constructed on them would have performance better than the G–V bound. We present here the first low-complexity algorithm for obtaining the generator matrix for AG codes on the curves of G–S. The symbol alphabet of the AG code is the finite field of 2 , 2 49, elements. The complexity of the algorithm, as measured in terms of multiplications and divisions over the finite field GF ( 2 ), is upper-bounded by [ log ( )]3 where is the length of the code. An example of code construction using the above algorithm is presented. By concatenating the AG code with short binary block codes, it is possible to obtain binary codes with asymptotic performance close to the G–V bound. Some examples of such concatenation are included. Index Terms—Algebraic-geometric (AG) codes, concatenated codes, function field tower, Gilbert–Varshamov (G–V) bound.
I. INTRODUCTION
L
ONG codes are judged on the basis of their parameters where is the relative minimum distance and is are the length, dimension the code rate, i.e., if and minimum distance of the code, respectively, then and The best long codes lie in the region defined by the Gilbert–Varshamov (G–V) lower bound and the McEliece, Rodemich, Rumsey, and Welch [1] upper bound (see Fig. 1). One of the challenges in coding theory has been the construction of codes with symbol alphabet size fixed at and growing length whose Manuscript received November 6, 2000; revised March 2, 2001. This work was supported by the National Science Foundation under Grant CCR-0073555. K. W. Shum and P. V. Kumar are with the Department of Electrical Engineering-Systems, University of Southern California, Los Angeles, CA 90089-2565 USA (e-mail: [email protected]; [email protected]). I. Aleshnikov and H. Stichtenoth are with Mathematik und Informatik, Universität GH Essen, Fachbereich 6, D-45117 Essen, Germany (e-mail: [email protected]; [email protected]). V. Deolalikar is with the Information Theory Research Group, HewlettPackard Research Laboratories, Palo Alto, CA 94306 USA (e-mail: vinayd@ exch.hpl.hp.com). Communicated by J. Justesen, Associate Editor for Coding Theory. Publisher Item Identifier S 0018-9448(01)05463-3.
Fig. 1. Upper and lower bound for asymptotic code parameters over GF (2).
performance exceeds that of the G–V bound. It is desirable to keep small as this allows for simpler encoding and decoding. alternant While it is known that there exist long binary and concatenated codes that meet the G–V bound, no explicit description of these codes exists. It is an open question as to whether there exist long binary codes with performance improving upon the G–V bound. A similar statement was true in case until the early 1980s. Around 1980, the nonbinary V. D. Goppa [2] used the theory of algebraic curves to construct a new family of codes, now referred to as algebraic-geometric (AG) codes. of an AG code defined over a curve of genus The length , is roughly equal to the number of rational points on the curve, i.e., equal to the number of points having coordinates in of elements over which the curve is defined. the finite field The performance of an AG code of length is governed by the equation
and thus depends upon the ratio . Good codes result when is small. However, the Drinfeld–Vl˘adut¸ (D–V) the ratio bound states that this ratio cannot be too small
0018–9448/01$10.00 © 2001 IEEE
2226
Fig. 2.
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
G–V bound and T–V–Z bound over GF (256).
In 1982, Tsfasman, Vl˘adut¸, and Zink (T–V–Z) [3] showed for the case when is a perfect square, the existence of curves, ratio achieves the D–V known as modular curves, whose , the resulting AG codes had performance bound. For exceeding that of the G–V bound, a result that caused considerable excitement in the coding community (Fig. 2). However, the modular curves in [3] did not have an explicit description. An is given algorithm for code construction of complexity in [4, Ch. 4.3]. This complexity has since been reduced in [5] to . In a major step forward in 1996, Garcia and Stichtenoth (G–S) [6], [7], building on ideas of Feng and Pellikaan, showed that two explicitly described sequences of curves also achieve the D–V bound. More recently, other examples of asymptotically optimal towers have been given by Elkies [8]. See [9] for an interesting connection between asymptotically optimal towers of function fields and iterated means. The two curves described by Garcia and Stichtenoth in [6], and take [7] are defined over , a perfect square, i.e., on the form in both cases, of a sequence of curves of increasing satisfying genus and number of rational points
In [10], Voss and Høholdt provide generator matrices for codes constructed on the first three curves in the first sequence of curves of Garcia and Stichtenoth. Some additional details are provided in [11]. In [12], Haché extends this result to the fourth . curve in the same sequence for the particular case The focus of the present paper is on the second sequence of curves. The th curve in this sequence is defined by the equations (1) It is common to think of this sequence of curves as a tower of curves where is the -level
tower, i.e., the tower defined by the first equations. The oneis taken to be the projective line over . level curve In the typical construction of a code on an algebraic curve, on an algebraic curve is singled a particular rational point out. The collection of all functions defined on the curve, whose only pole is with pole order upper-bounded by a fixed integer , forms a vector space . The integer is a parameter of code construction, one that governs the dimension and minis a basis imum distance of the AG code. If for this vector space, then the th, row of over generator matrix of the AG code constructed the on the curve is obtained by evaluating the function at all or a subset of the rational points on the curve other than . AG codes constructed in this way are referred to as “one-point” codes. Thus, given a curve and a rational point on the curve, one to needs to find a basis for the vector spaces be able to build codes of varying dimension and minimum distance. The problem of finding a basis for the spaces in the case of the curves exhibited by Garcia and Stichtenoth has proved to be a challenging one. In [13], Pellikaan, Stichtenoth, and Torres determine, for every integer , the dimension of the for a particular choice of . In [14], Aleshvector space nikov, Deolalikar, Kumar, and Stichtenoth identify a simply described set of functions whose span includes the vector spaces . By this we mean that any function in any of the vector can be expressed as a linear combination of the spaces elements of . Given a suitable set that contains all regular functions, an alternative Groebner-basis based approach to identifying the regular functions within this set is presented in [15]. The present paper also deals with “one-point” AG codes. As a first and crucial step in code construction, we identify, as in [14], a set of functions with the property that their span includes the . The difference here is that the size of the vector spaces set is roughly the square root of the size of the set used in [14]. It is the smaller size of this set that allows us to provide a low-complexity algorithm for constructing the generator matrix of the AG code. The set is identified by viewing the vector space
as the integral closure of the polynomial ring and using the theory of dual basis [16]. Identification of the set is perhaps the principal contribution of this paper. Having identified the set , the algorithm then proceeds as happen to have undesired poles follows. The functions in at a collection of points on the curve distinct from . The common approach in such situations, which we adopt here, is pole cancellation via power series expansions. A power series expansion is determined for each function at each of the points in . Simple Gaussian elimination is then used to carry out pole cancellation, i.e., is used to determine the precise linear combinations of elements in whose poles are confined to the single rational point . The functions so obtained can be shown to . A minor complicaform a basis for the vector spaces tion that arises in the case of the G–S curve is that at some points but in , the coefficients in the power series belong not to
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
to an extension field. This property of the curves is discussed in detail in [17]. However, in such cases, one can continue to by replacing each coefficient work in the preferred field of , by a vector over that belongs to an extension field , i.e., by treating as a vector space over . The overall complexity of this algorithm, measured in terms of multiplicais upper-bounded by tions and divisions over the finite field where is the code length. We emphasize that this figure is an upper bound on the complexity, rather than an estimate of the order of complexity. was imThe algorithm outlined above for the case plemented in PARI/GP and made to yield a basis for the vector in the case of the three- and four-level towers spaces and ( and in (1)), respectively. For the sake of are presented here, the results for brevity, only the results for may be found in [18]. Using a separate approach, a closed-form expression for the on the three-level tower ( bases of the spaces in (1)) are derived in [18] that hold for arbitrary . These results are presented here without proof. After the initial preparation of this paper, we learned that the same closed-form expression had been obtained earlier by Pellikaan [20]. Apart from results relating to basis construction, the paper also studies through examples, the performance of codes constructed on the G–S tower. , the genus and the number of code places of the When are tabu“one-point” AG code obtained from the tower denotes the genus of the curve lated below. In the table, corresponding to the -level tower and , the length of the corresponding AG code.
2227
magnetic recording, optical communications, and in the broadcasting of digital TV signals by satellite, where bit error rates smaller than are desired. The asymptotic performance of the resulting binary codes is presented in Fig. 4. The presentation of the paper is in the language of function fields. Here one views the curve from the viewpoint of the field of functions defined on the curve. At times, in the analysis of the G–S curve, one is forced to distinguish between the three cases odd, , and , even. For the sake of simplicity, we adopt the following approach. Where no separation of cases is necessary, we treat the general case. Where there is a difference, , even, as this is the case of we discuss only the case greatest current practical interest. The discussion in the other cases differs only in technical details and details may be found in [18]. Section II provides background on the curves of Garcia and Stichtenoth. The set of functions is identified in Theorem 5 of Section III. The algorithm for pole cancellation is presented in the next section, Section IV, which also presents an example imis the code plementation of the algorithm for the case when symbol alphabet. Concatenation with binary codes is discussed in Section V. The closed-form expression for the basis for the is presented in Section VI. The complexity three-level tower of the algorithm is estimated in the Appendix. II. BACKGROUND AND NOTATION We introduce the G–S curves in the language of function fields. From this viewpoint, the G–S curves form a tower of Artin–Schreier extensions of the rational , given by function field (2) (3) where (4)
As expected, the ratio approaches . The code rates and relative minimum distances of the AG codes obtained are plotted in Fig. 3. Note that the performance curves take on the form of straight lines that converge from above to a limit that exceeds the G–V bound in some region. Since the code length increases exponentially in the parameter , only codes from the first few levels are expected to be of current practical interest. Improved estimates of the true minimum distance can be found in [19]. Also studied, are the binary codes obtained by concatenating AG codes on the second G–S tower with suitably chosen short binary block codes. For practical reasons, we restrict the size of the symbol alphabet of the outer AG code to . The large minimum distance of these binary concatenated codes could cause them to be of interest in applications such as
In general, if is a set of places belonging to , we will lying above a place in , simply as refer to places in , places in that lie above . A similar interpretation holds for the case when we speak of places lying below a collection of attached to a place will be places. Also, the superscript used to indicate that the place belongs to the th function field . , , denote the unique zero of in . Let Let denote the unique pole of in . The place is totally ramified in the function field tower. The behavior in the is more complicated and tower of the places lying above be the unique is discussed in the subsection below. Let lying above . Some known properties of the place in G–S tower, taken mostly from [7] are listed below. is the full constant field for Field of Constants: . all , Ramification: Let
2228
Fig. 3. Performance of AG codes over
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
for the first five levels.
Fig. 4. Concatenation with five binary codes.
Ramification in the tower takes place only above the places and , . The places and for are totally to ramified throughout the tower (see Fig. 5). We define places of degree one that are zeros of denote the and denote by , , the places in that . Ramification behavior above the place is lie above , the discussed in the subsection below. For every
places in are either unramified in or else, are totally (and wildly) ramified. of is given by Genus: The genus
Thus
.
for
odd
for
even.
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
Fig. 5.
2229
The place splits completely in . Thus, there . Each of these are places of degree in that lie above places is a zero of for some . The place is . We use to one of these places and corresponds to places in that lie above and that are denote the , . Note that the place is excluded zeros of , let denote the set of from this set. For any that lie above ; in particular, is the set all places in which are zeros of for some . of all places of , , the places in are unramified in For . For , the places in are totally . For , , the places in ramified in are unramified in . For any , the places for could have degree larger than one. in This aspect is discussed below in greater detail.
Ramification diagram for the tower.
C. Degree Expansion Above Number of Places of Degree One: The places split completely in . Thus, the number . Since of degree satisfies
, of places
the tower asymptotically meets the D–V bound. The exact is given by (see [17]) number of places of degree for for odd for even
.
Rings of Functions: Define integral closure of
in
Then, is the ring of functions that have pole only at has the alternative description
We will refer to an element of
The material in this subsection is taken from [17], [18]. The behavior with respect to splitting and degree expansion of places turns out to depend upon whether is odd, lying above , or is even and . We focus here on the case , even as this is the case of greatest current, practical interest. The other cases are treated in [18]. to denote the Given a place in function field , we use associated valuation function
and
as a regular function.
We will follow [7] and use to denote an element in having valuation equal to or larger than the valuation of , i.e., means that . The theorem in this section explains the splitting behavior of , as we go up the tower from to (see places in Fig. 6). More precisely, focus is on the splitting behavior from to where since we know that when , the places in above are totally ramified. For any nonnegative integer , we define unique integer
A. The Code Places , lying above for some A place will be called a code place, because an AG code is obtained by evaluating regular functions at the code places. From [7], it is , the place splits completely and that known that in code places, all of degree there are, consequently, to denote the set of all code places. one, in . We use B. Behavior Above Fig. 5 illustrates much of the notation and behavior described lying above are conveniently partihere. The places in as follows. tioned into disjoint sets , denote the unique place in that Let . The choice of subscript rather than may is a zero of puzzle the reader at this point, but turns out to be more conve, nient. The degree of this place is one. When coincides with . For , is also a zero of . We will sometimes treat , as if it were a set consisting of a single place.
given by
and set
, i.e.,
We use , particular,
to denote the extension GF . We also set .
of
. In
. Theorem 1: Let be an integer, so i) Let be an integer in the range . Let be the constant field that , . In , all places extension lying above are of degree one and there are such places. These places are in one-to-one , correspondence with solutions to the equations (5) (6) (7) (8)
2230
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
A. The Desired Basis For
, let if if
The valuations of the above functions at the various places in of interest are tabulated in Table I. As an example, the upper is equal to . left entry means that the valuation of at The sections to follow will often make use of these valuations. Lemma 2: The following are a pair of dual basis for ,
Fig. 6.
Splitting of place S
ii) At the place
Proof: The minimal polynomial of
is
, we have the expansions (9) (10)
for
The result now follows from the proof of [16, Sec. III.5.10]. Upon multiplication and division by the constant see that the pair
, we
(11)
, all places in lying above are of iii) For and there are such places. degree . There are places of degree one in lying above iv) Suppose
over
.
also form dual bases for
over
. Setting for all
we obtain the following.
. All places lying above in , , have degree and there are such places.
Theorem 3: The -fold products (12)
III. AN EXPRESSION FOR REGULAR FUNCTIONS Let be a vector space basis for denote the dual basis, i.e.,
over
form a basis for
having dual
given by
and let
for else is the trace function. If a basis can where : , i.e., be found where all of whose elements are contained in , then by [16, Theorem are regular everywhere except at III.3.4], we have
(13) It is known from [13], that the functions . Thus, every element in is regular. only at of
Lemma 4: If are confined to
, the only pole of is .
have pole
, and the zeros
B. The Desired Expression As pointed out above, by [16, Theorem III.3.4 ], we have that can be expressed in the form every regular function in
which tells us that every element in has expression as a linear with coefficients combination of elements in the dual basis . Our goal in this section is to idenin the polynomial ring . This will be the first step toward obtaining tify such a basis the desired expression for regular functions.
(14) with coefficients
. Our next goal is to show that
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
2231
TABLE I VALUATION TABLE
Let
be a place in . Since is totally ramified in must be a multiple of for any polynomial have valuation The variables ,
, .
respectively. It follows that each term in the summation in (14) has a distinct valuation at . For the sum in (14) to have nonnegative valuation at , it follows from the Strict Triangle Inequality that each term must have nonnegative valuation at as well, i.e.,
Using the fact that
for
, this implies
It follows that must divide and since this is , we have that . As a result, every true for all has an expression of the form function in
(15)
2232
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
where
. Note, moreover, that since the pole orders of are distinct powers of , every term in the summa. tion in (15) has distinct pole order at We next show how one can place an upper bound on the exponent of . We define the weight of an element as the negative of the valuation of at
The weights of the regular functions of are precisely the . The pole numbers at are known pole numbers at to form a commutative semigroup1 under addition [13]. This semigroup has a conductor (i.e., the smallest pole number such that all succeeding integers are pole numbers)
The elements , have a pole only at of order , , respectively. A basis for over can, therefore, also be found by finding a basis for functions in with weight bounded above by where
IV. POLE CANCELING ALGORITHM We continue with our assumption that denote the set of -tuples Let satisfying
is even.
respectively. Arguing as in Section III-B, one can show that must divide when . For , there is no change must divide . This leads to an and we still have that . alternative expression for the functions in Theorem 6: Every function in form
has an expression of the
(16) and then multiplying these basis functions by various powers of . We have
(18) and . Moreover, the weights of the sumwhere mands are pairwise distinct.
Clearly, we can limit the exponent such that the weight of
of
is less than or equal to the conductor plus following upper bound on :
to the largest value
. This leads to the
The above expression has the advantage over (17) that every . We will refer to each summand is regular at all places in summand in (18) as a quasi-regular (q-r) function. It can be verified that each q-r function is also regular at each place in . Thus, the poles of a q-r function are confined to
From (17), the number
of q-r functions is no more than (19)
denote the set of q-r functions arLet has the maximal ranged in order of increasing weight, i.e., weight. Setting
i.e.,
We thereby have the bound . This leads to the desired expression for regular functions. has an expression of the Theorem 5: Every function in form (17) and . Moreover, the weights of the sumwhere mands are pairwise distinct. 1A semigroup is a nonempty set together with a binary operation which is associative.
we have that the poles of a q-r function are confined to . The poles in are undesirable. of degree one, we can expand as For any place is a power series (p-s) in terms of a uniformizer of . If a pole of , the principal part of the p-s, i.e., the portion with has weight that is a nongap negative degrees, is nonzero. If , then there must be a in the Weierstrass semigroup of regular function with the same weight that can be expressed with coefficients . This folin the form is contained in the finitely generlows from the fact that together with the observation that ated -module the weights of ’s are pairwise distinct. The same summation
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
, with replaced by its p-s, is a p-s with no principal has resulted in a part. Thus, the linear combination “cancellation” of the poles at the place . A small complication arises when the degree of a place is larger than one. Under an appropriate constant , splits completely into places of defield extension gree one. One approach is to treat as places and carry out power series expansions for each of the places. The power series expansion coefficients would, in general, have coefficients of . However, the folbelonging to the extension field lowing observation can be used to reduce the computational workload. be any place lying above . For any element Let , we have
because the extension is unramified and Galois. In particular, has a pole at if and only if it has a pole in every lying above in the constant field extension place [16, Secs. III.5.2, III.7.1]. It follows from this that it is sufficient lying to do pole cancellation in only one of the places above . The above discussion suggests the following pole canceling algorithm. A. The Algorithm The algorithm proceeds in two stages. Step 1: In the first stage, a matrix having rows is set up. Each row of this matrix is associated to is no larger than a distinct q-r function whose pole order at defined in (16). Thus, in building up the mathe quantity trix , we specifically discard those q-r functions whose pole exceeds . The columns of are in one-to-one order at and each row of correspondence with the code places in is obtained by evaluating the respective q-r function at all code places. Each row of the matrix on the left represents a concatenation of the p-s expansions, of the q-r function attached to lying above that also belong that row at the places in . We will show in the Appendix that the number of to . columns of is upper-bounded by These p-s expansions are always in terms of local parameters of the respective place. The entries in correspond to coefficients in the principal part of the p-s. In general, the coefficients of with the degree in the p-s belong to a finite extension of this extension equaling the degree of the respective place. To keep track of the complexity of our algorithm, it will be found as a vector with convenient to express each coefficient in components corresponding to an expansion with re. Thus, with this vector representation, spect to a basis for all entries in belong to . is Step 2: In the second stage of our algorithm, the matrix then row reduced using elementary row operations to produce a matrix of the form
2233
The zeros in below correspond to linear combinations of q-r functions that are regular everywhere except at infinity. Row reduction can be carried out in such a way that the rows of corresponding to regular functions have increasing weight as we go down the rows, so that the last row has largest weight . Thus, the rows of are the values at the code places, at of regular functions having weight corresponding to elements that are less than or equal to of the numerical semigroup at The matrix can now be used as a template that can be made to yield the generator matrices of one-point AG codes of varying dimension. If the AG code has parameter (see Sec, i.e., the generator matrix of the AG code tion I) and , then by approis obtained by evaluating functions in one recovers a generator matrix of priately deleting rows in , then one needs to augment with the AG code. If rows. an additional , would correspond to the The th row, values of some function belonging to the set But, as shown earlier, such a function can be found by multiplying a q-r function by a suitable power of and so obtaining these additional rows is a task of low complexity. An estimate of the complexity of the algorithm can be found in the Appendix. This Appendix shows that the number of operations over has the upper bound stated below. Theorem 7: The generator matrix of the AG codes of length associated to can be computed using operations in the field when is even. (it covers all the cases of current practical If interest when is large), the complexity is upper-bounded by . The above algorithm can be refined as discussed in [18]. However, this refinement improves the above estimate by at most a constant factor that depends only on the value of . Also, replacing Gaussian elimination by a more efficient algorithm does not that makes use of the special structure of the matrix significantly decrease the overall complexity of the algorithm since the complexity of computing power series is comparable to the overall complexity of the algorithm. B. Computational Results The above pole canceling algorithm was implemented using , i.e., PARI/GP for the case of code symbol alphabet . The resulting basis for the vector space
over
of all regular functions with weight upper bounded by in the function field appears below. The basis for regcan be found in [18] ular functions at the next level
2234
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
binary
parity-check code, resulting in a binary code. With , we have a binary code. The relative rate. distance is The parameters of the binary codes in Examples 1 and 2 are presented along with the G–V bound in Fig. 4. At rate , the numerical value of the G–V bound equals . We next compare the binary codes in Examples 1 and 2 with Bose–Chaudhuri–Hocquenghem (BCH) codes. A binary BCH code is obtained by letting be a primitive element in GF and be the roots of the generator polynomial. After shortbinary code. ening, we obtain a be a primitive element in GF . The generator Let generates a binary polynomial with roots BCH code, which can be shortened to code. a binary The next example2 generalizes Example 1 to a sequence of codes. V. CONCATENATION WITH BINARY CODES One can obtain efficient and long binary codes by concatenating nonbinary AG codes with suitably chosen short binary block codes [21, Ch. 18, Par. 8], [22]. Concatenation of an AG code constructed on the function ( even) with an binary code yields an field binary code. To achieve an . The asymptotic overall rate , one simply picks parameters of the resulting binary codes are
AG Example 3: Concatenation of the with the parity-check code yields codes from binary code. If a ratecode a . The minimum distance is then is desired, we pick greater than
We, thus, have a sequence of ratebinary codes whose lim. iting relative minimum distance is greater than Let denote the relative minimum distance in the limit as the length goes to infinity. Then and satisfy the relation
This performance is plotted in Fig. 4 for various choices of inner . In our examples, we have for praccode parameters . tical reasons, limited the size of the outer code alphabet to For a more general discussion on the performance of binary codes obtained through concatenation with an outer AG code, see [23, Ch. 7, pp. 672–677 and Ch. 23, pp. 1948–1954]. The results of the present paper can be seen to answer Open Problem 4.9, in [23, Ch. 23, p. 1953] in the affirmative. has genus , Example 1: The function field has paand the associated AG code with alphabet . After puncturing this code rameters code and concatenating with to a parity-check code, we obtain a binary the binary code. With , this becomes binary code. The relative a rate. distance equals has genus . Example 2: The function field with parameWe can construct an AG code over . We concatenate it with the ters
We will show in Appendix A that the complexity of conis upper-bounded by , structing AG codes on is the length of code. Through concatewhere nation, this yields an algorithm of complexity that produces binary codes of length with parameters close to the binary G–V bound. VI. BASIS FUNCTIONS FOR CODES FROM THE FIRST THREE LEVELS FOR GENERAL In this section, we present explicit basis functions for the and . The results are valid for second and third levels any characteristic and any prime power . An approach different from the pole canceling approach was used to derive these results and proofs can be found in [18]. At the late stage of preparation of this paper, the authors discovered that the result in this section had already been found by Pellikaan in [20]. Theorem 8: The functions
are basis functions for the ring
of the function field
.
2This example was presented by I. Duursma at the Oberwolfach Conference on Coding Theory, April 30–May 4, 2000.
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
For the third level ement
, we need the some definitions. The el-
2235
APPENDIX A. Estimating Complexity of the Algorithm
has weight . Define the step function if if else. less than Theorem 9: In , the pole numbers of correspond to weights of powers of . If is an integer larger ( is a pole number), we can find , than or equal to , and such that
with
To estimate the complexity of row reduction, we will need to know the number of rows and columns of . From (19), we is no more than . The have that the number of rows in has columns and so it remains to submatrix of determine the number of columns of the matrix . 1) Counting the Number of Columns of : a) Maximal pole order: To determine the number of in columns in , we need to determine at every place , the largest pole order at of any q-r function. In determining the pole order of a q-r function, we may disregard powers of as is a unit at the places of interest. , is and the The only pole of the element , corresponding pole divisor is
and . If , then is a regular function with weight . Otherwise The zeros of are confined to , then the valuation of place in
, at
. If
is a
is
is a regular function with weight . We illustrate the theorem by presenting the basis functions , as an example. In the table below, we use to for , denote a regular function of weight .
We consider two cases. : Let be a fixed place in the region of ramifi, i.e., with . Then we cation above have
where
Hence, for
(20) Thus, the maximum pole order of q-r functions at any place in with is upper-bounded by the quantity defined above. : Similarly, for with , we have
2236
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
where
This leads to, for (21) with so that the maximum pole order at any place in is once again upper-bounded by the quantity is common expression for for
The complexity is measured in terms of the number of multiplications and divisions required over the finite field . It turns out that this complexity varies with but is the same for all . places within the same set Degree of Places and Finite Field Operations: From Theequals where orem 1, the degree of a place in satisfies if
. A
if (22)
: As mentioned earlier, b) Total degree of places in in of degree , this place splits into given a place places under the constant field extension . At any of the places , the coefficients in the . It is sufficient to p-s expansion of a q-r function belong to carry out pole cancellation at any one of the places . As a result, the number of columns of can be obtained by , of the maximal forming the product for each place in pole order of a q-r function at that place times the degree of that . place and then summing this product over all places of From the previous subsection, we see that our upper bounds given by (20) and (21) on the maximal pole order of a q-r funcare a function only of and are, therefore, tion at a place in . For this independent of the choice of particular place in is of interest. This reason, the sum of degree of places in sum equals for for
.
as a p-s in a local Thus, when one expands a function , the coefficients in this powerparameter at a place of series expansion belong, in general, to the extension of degree . To be able to measure complexity in terms of the number of operations over , we represent each element in as a vector with components over by selecting as the set a vector space basis for
where is a primitive element in the finite field . Under this representation it can be verified that a multiplication of two can be carried out using no more than twice elements in the square of the degree of the extension multiplications over multiplications over the the field , i.e., no more than can be performed field . Division of two elements in multiplications over . with no more than Number of Significant Terms: The entries in the matrix correspond to the principal part of the p-s of a q-r function at . When we speak of the first significant a place terms in a p-s
From the above, it follows that the number of columns in is upper-bounded by we refer to the partial sum
We only sum from to in the equation above, since of our dual from Section IV, we know that the elements . With this, the total number of basis have poles only in is given by columns in the matrix
2) Power Series Computation: The goal in this subsection is to estimate the complexity of setting up the entries of the matrix in Section IV-A, i.e., the complexity of determining p-s expansion in terms of the local parameter for every q-r function over every place in
As far as setting up of the matrix is concerned, the number of significant terms of interest in the p-s of a q-r function at a place equals the pole order of the q-r function at that place. On the way to computing this p-s, the p-s of several other intermediate functions have to be computed. The question arises as to the number of significant terms needed in the case of a function computed at an intermediate stage. It can be verified that if we to significant terms then we also know the know the p-s of , to significant terms. If the valuations of and p-s of at a place are different, then the same goes for any linear comwhere belong to some finite extension bination of . However, if and have the same valuation at a place , then it is possible for the linear combination to have significantly larger valuation which means that we know to a lesser degree of precision. It turns out that in our computation, there are some additions during which this loss of precision does, in fact, take place. However, as it turns out, this loss in precision can be compensated for by doubling the precision, i.e., by
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
starting out with twice the number of significant terms needed. This is explained below (see also [18]). Use of Double Precision: As explained above, when adding two power series corresponding to elements having the same valuation, it can happen that the sum is known to lesser precision than the summands. In the p-s program (see the latter part of the Appendix), there are two instances when this precision loss occurs and both correspond essentially to the same computation given in (27) and (28). The first instance when one computes the sum in corresponds to , but (27). We have
if Thus, we have incurred a loss in precision equal to terms. The second instance of precision loss corresponds to the computations in (27) and (28) where we attempt to calculate the power for . While both terms series of
2237
In the process of dividing a p-s by a second nonzero p-s to , if the leading coefficient of , i.e., the coefficient compute of the smallest degree nonzero term in is , it takes multiplications over and no division is required at all. In general, division of p-s reduces to the special case mentioned above after dividing each coefficient of by the leading coefficient. Thus, division of p-s requires no more than multiplications and divisions over . The complexity of p-s division in terms of -multiplications is thus less than
It was shown earlier in this section that . The minimum of significant terms is at least requirement for the number . Therefore, is bounded above by , and p-s division has multiplications over , which is complexity less than . equivalent to multiplications over to the th In the algorithm, we will need to raise a p-s over power. This can be done quite simply by raising each coefficient to the th power and multiply the exponents of uniformizer by
and in (27) have the same negative valuation , their sum has positive valuation. However, some of this loss in precision is regained in (28) in the addition of and where the first term has negative valuation and the second term has nonnegative valuation. Thus, when , the overall loss in precision equals
For , the loss in precision equals . The table at the bottom of this page tabulates the loss in prefor cision during the entire power series calculation in . It is assumed that we start with significant terms in . To compensate for this loss, it is enough to simply start out than the precision needed. with a precision that is larger by Since the maximal pole order of a q-r function at a place equals for , it suffices to use “double precision,” and carry out all computations to significant terms from the outset. Power Series Operations: Suppose and are p-s with of . It can be verified that coefficients in an extension field if both and are known to precision , i.e., to significant can be computed to precision using terms, then multiplications over the field .
Variable Precision
However, given that one wishes to retain only significant terms, it is only necessary to apply the th-power operation to terms. The complexity of raising a p-s to the th the first multiplications over . power is thus less than In summary, we may upper-bound the complexity of either p-s multiplication or p-s division by multiplications over and the complexity of raising a p-s to the th power by multi. plications over Symmetry of the Tower: The tower has a certain symmetry that can be exploited to simplify computations. Namely, that the equations of the tower remain unchanged if we make the substitution
At the same time, this mapping also establishes a one-to-one correspondence between places in the sets
As a result, given the p-s expansion for , at a place , , one can compute the p-s expansion at the corresponding place in simply by inverting for this p-s. a) Procedure for computing the power series: We begin of no ramificahere by considering first, the region above tion, i.e., by considering the complexity of determining the p-s , . The symmetry of the tower at a place
2238
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
can then be used to determine power series expansions at places corresponding to ramification. above : It can be checked that every place in for in this range, has as local parameter. The p-s of all the is computed in stages. q-r functions at a fixed place In the first stage, we determine in sequence the p-s expansions in that order. of . Given , and a p-s expansion for Let at in terms of the local parameter , we set
Power Series of the q-r Functions: Having computed the p-s of at every place in , we are now ready to calculate the p-s of the q-r functions
(23)
To go from one function to the function having the next highest weight, we typically need one multiplication as for example
The defining equation for
Since
has a zero at
can be written in the form
, the p-s of
can be computed using (24)
The addition is repeated until significant terms are obtained where is the number of significant terms desired in the powerseries expansion. By iterating this process, we will have com. puted the p-s of is only The procedure for computing the p-s in case of for some slightly different. We know that . We can write (25) which yields (26) To compute the p-s of
for
, we use the relationship
contained in Theorem 1, where is a solution to the tower of linearized equations in Theorem 1. This allows us to write
(27) where puted as
has a zero at
This computation can be set up sequentially, in the order of increasing weight, starting with the function
. The p-s of
can then be com-
(28) : As mentioned earlier, the symmetry in the tower at a place can be used to compute the p-s of , simply by taking reciprocals and index in reversal.
However, when the present function corresponds to an expoand the function with the next highest weight nent , then one needs to multiply by in to an exponent to obtain , addition to multiplying with some variable i.e.,
This requires two multiplications. Thus, in summary, given and also for each of the varipower series expansions for , the p-s computation of the q-r ables functions can be carried out sequentially in such a way that each additional q-r function can be computed with at most two p-s multiplications. Below, we provide a “program” for computing the power series. It is assumed in the program that all solutions to the tower of linearized equations in Theorem 1 have been precomputed. Also, in the program, given a of some degree , when we speak of computing place the p-s at , we mean the computation of the p-s at one of of degree one lying above the places in the constant field extension . Each place is in one-to-one correspondence with the solutions of (8) and one of them is chosen arbitrarily. Program Outlining Procedure for Power Series Computation: In the text, we will refer to this program as simply, the p-s program. terms in 1 Power series precision 2 for /* Unramified region */ 3 for each place in 4 for 5 6 7 end for 8 9 10 for 11 compute and in (27) and (28) 12 end for for 13 save 14 save 15 end for
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
end for for in the range for each place in for ; end for end for end for Reduce the p-s precision to In each place in
2239
Lines 1–23: The nested for-loops between line 16 and 23 require
/*Ramified region*/
multiplications over the finite field . Thus, the total number -multiplications between line 1 and 23 has the upper of bound
terms in , do
for Since one multiplication in translates into tiplications over , in terms of multiplications in bound on multiplication count equals
end for for Compute the p-s at of the th q-r function end for end do Repeat steps 25–33, for every code
where 3) Upper Bound for the Overall Complexity: In the following, we use the word p-s operation to indicate either a p-s multiplication or a p-s division. When we speak of a certain , we will p-s operation as requiring multiplications in mean that the p-s operation will require multiplication and , equivalent in effort to possibly division of elements in multiplications in . , p-s multiplicaLines 4–7: Given the p-s for in suctions are required to compute as a by-product. In cession and we obtain is computed by raising to successive line 6, the p-s of th powers and then taking the sum of these powers. Since the significant terms, the operation of raising power series has multiplithe p-s to the th power is equivalent in effort, to cations. By considering valuations at , it can be seen that there terms in the summation. Thus, lines 5 and 6 toare at most multiplications in the extension gether require . field Lines 8–9: Similarily lines 8 and 9 require multiplications in . Lines 11–12: In line 11, after computing the powers
two additional p-s operations are needed to compute using multiplications to (27) and (28). Thus, it takes execute the for loop between lines 10 and 12. Lines 3–15: Combining the above, we see that the number involved in executing lines 3–15 of multiplications over does not exceed (29)
mul, the upper
is the constant (30)
The constant can be interpreted as a count of the number of multiplications in required to perform one p-s operation at when the power series coefficients each of the places in and there are significant terms in the p-s. lie in and After executing line 23, we have the p-s for . In lines 24 and beyond, there are no further additions to be performed and it is, therefore, safe to use single terms in each precision, i.e., retain only the most significant . power series rather than Lines 25–34: The for-loop between lines 27 and 29 rep-s operations. The computation of in Line 30 quires p-s operations. As mentioned earlier, the calalso needs culation in line 32 requires at most two power series multiplications per function. Since the number of functions is less then , the complexity of executing lines 25–34 does not exceed
multiplications in . Line 35: To construct the matrix , lines 26–33 are repeated for each code place. Here we are given the coordinates of a code place and are required to compute the value of the corresponding q-r function at that place. This value is computed by computing in succession, the values of the functions listed in lines 25–34. Thus, this step does not involve any p-s compucan tations. The computation of each multiplications over (required to combe done using ). Given , it takes a further multiplications pute to compute and an additional -multiplicaover tions to obtain . Each column of is constructed sequentially from the top to the bottom row and each entry requires for the
2240
IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 6, SEPTEMBER 2001
same reasons as before, at most two -multiplications. Thus, the complexity of executing line 35 equals
We can rewrite the second term in the above equation as
number of code places
Overall Complexity of Computing Power Series: The overall complexity in terms of -multiplications, required to set up the p-s as well as the entries in , is, therefore, upper-bounded by
The total number of by
-multiplications is now upper bounded
(31) To calculate , note that in (30) by one of the factors
. Replacing we obtain
The first inequality above holds when and . For , explicit basis functions are available (see Section V), and the generator matrix of the corresponding AG code can be computed explicitly and efficiently. This proves Theorem 7 in Section IV. REFERENCES
The first inequality above is obtained by extending the summa. The second inequality follows tion by running from to . from the assumption that From (31) and the above upper bound on , we obtain the following upper bound on the complexity of the p-s setup in terms of -multiplications: (32) Note that the last term within square brackets in (31) dominates, and we still have an upper bound if we ignore the other terms in the square brackets. The inequality in (32) is obtained by by , and it holds for . replacing -multiplications in the row reduction The number of process is less than the square of number of rows times the number of columns
(The number of divisions over required in row reduction is negligible in comparison with the number of multiplications.) As a result, the total number of -multiplications including both power series computation and row reduction phases is bounded above by (33)
[1] R. J. McEliece, E. R. Rodemich, H. C. Rumsey, Jr., and L. R. Welch, “New upper bounds on the rate of a code via the Delsarte–MacWilliams inequalities,” IEEE Trans. Inform. Theory, pp. 157–166, Mar. 1977. [2] V. D. Goppa, “Codes on algebraic curves,” Sov. Math.–Dokl., vol. 24, pp. 170–172, 1981. [3] M. A. Tsfasman, S. G. Vl˘adut¸, and T. Zink, “Modular curves, Shimura curves and Goppa codes better than the Varshamov–Gilbert bound,” Math. Nachrichtentech., vol. 109, pp. 21–28, 1982. [4] M. A. Tsfasman and S. G. Vl˘adut¸, Algebraic Geometric Codes. Dordrecht, The Netherlands: Kluwer, 1991. [5] B. López, “Codes on Drinfeld modular curves,” in Coding Theory, Cryptography and Related Areas, J. Buchmann et al., Eds. Heidelberg, Germany: Springer, 1998, pp. 175–183. [6] A. Garcia and H. Stichtenoth, “A tower of Artin–Schreier extensions of function fields attaining the Drinfeld–Vl˘adut¸ bound,” Invent. Math, vol. 121, pp. 211–222, 1995. [7] , “On the asymptotic behavior of some towers of function fields over finite fields,” J. Number Theory, vol. 61, no. 2, pp. 248–273, Dec. 1996. [8] N. Elkies, “Explicit modular towers,” in Proc. 35th Annu. Allerton Conf. Communication, Control and Computing, Urbana, IL, 1997. [9] P. Solé, “Towers of function fields and iterated means,” IEEE Trans. Inform. Theory, vol. 46, pp. 1532–1535, July 2000. [10] C. Voss and T. Høholdt, “An explicit construction of a sequence of codes attaining the Tsfasman–Vl˘adut¸–Zink bound the first steps,” IEEE Trans. Inform. Theory, vol. 43, pp. 128–135, Jan. 1997. [11] D. Umehara and T. Uyematsu, “On codes from Artin–Schreier extensions of Hermitian function fields,” preprint. [12] G. Haché, “Construction effective des codes géométriques,” Ph.D. dissertation, Univ. Pierre et Marie Curie Paris VI, Paris, France, 1996. [13] R. Pellikaan, H. Stichtenoth, and F. Torres, “Weiestrass semigroups in an asymptotically good tower of function fields,” Finite Fields their Applic., vol. 4, pp. 381–392, 1998. [14] I. Aleshnikov, V. Deolalikar, P. V. Kumar, and H. Stichtenoth, “Toward a basis for the space of regular functions in a tower of function fields meeting the Drinfeld–Vl˘adut¸ bound,” in Proc. 5th Int. Conf. Finite Fields and Applications, University of Augsburg, Germany, Aug. 1999. [15] D. Leonard, “Finding the defining functions for one-point AG codes,” preprint. [16] H. Stichtenoth, Algebraic Function Fields and Codes. Berlin Heidelberg, Germany: Universitext. Springer-Verlag, 1993. [17] I. Aleshnikov, P. V. Kumar, K. Shum, and H. Stichtenoth, “On the splitting of places in a tower of function fields meeting the Drinfeld–Vl˘adut¸ bound,” IEEE Trans. Inform. Theory, vol. 47, pp. 1613–1619, May 2001. [18] K. Shum, “Low-complexity construction of algebraic geometric codes better than the Gilbert–Varshamov bound,” Ph.D. dissertation, Univ. Southern Calif., Los Angeles, 2000. [19] H. Chen, “Codes on Garcia–Stichtenoth curves with true distance greater than Feng–Rao distance,” IEEE Trans. Inform. Theory, vol. 45, pp. 706–708, Mar. 1999.
SHUM et al.: A LOW-COMPLEXITY ALGORITHM FOR THE CONSTRUCTION OF ALGEBRAIC-GEOMETRIC CODES
[20] R. Pellikaan, “On the missing functions of a pyramid of curves,” in Proc. 35th Allerton Conf. Communication, Control and Computing, Sept. 29–Oct. 1, 1997, pp. 33–40. [21] F. J. MacWilliams and N. J. A. Sloane, The Theory of Error-Correcting Codes. Amsterdam, The Netherlands: Elsevier, 1977, Number 16 in North-Holland Mathematical Library.
2241
[22] G. L. Katsman, M. Tsfasman, and S. G. Vl˘adut¸, “Modular curves and codes with a polynomial construction,” IEEE Trans. Inform. Theory, vol. 30, pp. 353–355, Mar. 1984. [23] V. Pless and W. Huffman, Handbook of Coding Theory. Amsterdam, The Netherlands: North Holland, 1998.
