1 / 36

Minimal Polynomials

Minimal Polynomials. The minimal polynomial of element  of is the monic polynomial h(x) of least degree in GF p [x] such that h() = 0 when evaluated in Notation: the minimal polynomial of  is denoted m  (x). Minimal Polynomials.

ownah
Download Presentation

Minimal Polynomials

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Minimal Polynomials • The minimal polynomial of element  of is the monic polynomial h(x) of least degree in GFp[x] such that h() = 0 when evaluated in • Notation: the minimal polynomial of  is denoted m(x)

  2. Minimal Polynomials TheoremLet f(x) be a monic polynomial with coefficients in GFp and let   Then f(x) is the minimal polynomial of  if and only if 1. f() = 0 when evaluated in 2. f(x) is an irreducible polynomial over GFp. Proof. First we show, by contradiction, that m(x) is irreducible. Thus suppose m(x) = a(x)b(x) where neither a(x) nor b(x) is a constant. Then degree of each of a(x) and b(x) is less than the degree of m(x). Also, a()b() = m() = 0 Since a() and b() are elements of the field , a() = 0 or b() = 0 In either case,  is a zero of a polynomial of degree less than that of m(x) But this is not possible since m(x) is the minimal polynomial of . We may thus conclude that m(x) must, in fact, be irreducible.

  3. Minimal Polynomials TheoremLet f(x) be a monic polynomial with coefficients in GFp and let   Then f(x) is the minimal polynomial of  if and only if 1. f() = 0 when evaluated in 2. f(x) is an irreducible polynomial over GFp. Proof continued Now suppose that f(x) is an irreducible polynomial in GFp[x] and that f() = 0. Then the degree of m(x) is  the degree of f(x) Write f(x) = q(x) m(x) + r(x) where r(x) is either 0 or has degree < deg m(x) Then r(x) = f(x) - q(x) m(x), hence r() = f() - q() m() = 0. If r(x) is not zero, it is a polynomial of lower degree than m(x) Since  would then be a root of r(x), this is not possible Thus r(x) = 0, so f(x) = q(x) m(x). Since f(x) is irreducible and m(x) is nonconstant, q(x) must be a constant Since f(x) and m(x) are both monic, q(x) = 1 and thus f(x) = m(x).

  4. Finding Minimal Polynomials • Recall that we showed that, for every element  of , and hence • Therefore  is a root of the polynomial • If we were to factor the above polynomial as a product of irreducible polynomials, then  would have to be a root of one of the factors • By our previous theorem, that irreducible factor would be the minimal polynomial of . • In the case p = 2, the polynomial takes on the form since -x = +x mod 2. • Example: using the Maple command Factor(x^8 + x) mod 2,we get (x^3+x+1)*(1+x)*(x^3+x^2+1)*x • Thus in GF8, x is the minimal polynomial of 0; x+1 is the minimal polynomial of 1; and the minimal polynomial of every other element is either x3 + x + 1 or x3 + x2 + 1

  5. Minimal Polynomials of Elements of GF8 • Recall that the nonzero elements of GF8 form a group under multiplication, denoted GF8* • By definition, the order of an element of a group is the least power n such that an = 1. • By Lagrange’s theorem, the order of an element must divide the cardinality of the group • Thus, the order of an element of GF8*must divide 7, hence is either 1 or 7 • The only element of order one is the multiplicative identity 1 and thus every other element has order 7 • Suppose we use the polynomial x3 + x + 1 to construct GF8 • Then there is an element  of GF8, such that 3 +  + 1 = 0 (namely, x renamed ) • Since  1, every nonzero element of GF8 is a power of . • Since 3 +  + 1 = 0 and x3 + x + 1 is irreducible, the minimal polynomial of  is x3 + x + 1.

  6. Minimal Polynomials of Elements of GF8 • We can use a simple trick to find minimal polynomials in GF8 (and other powers of 2). • If u is an element of GF2, then u2 = u (there are only two cases!) • Moreover, if  and  are elements of for any positive integer n, then ( + )2 = 2 + 2 + 2 = 2 + 2 • Recall that, inGF8 = GF2 /(x3 + x + 1), there is an element  having minimal polynomial x3 + x + 1 such that every other nonzero element is a power of  • Since 0 = 02 = ( 3 +  + 1)2 = (3)2 + 2 + 1 = (2)3 + 2 + 1, we see that x3 + x + 1 is also the minimal polynomial of 2 • Similarly, x3 + x + 1 is the minimal polynomial of 4 • The fun stops here, since 8 = .

  7. Minimal Polynomials of Elements of GF8 • You can verify that x3 + x2 + 1 is the minimal polynomial of 3 =  + 1, and from that it is also the minimal polynomial of 6 and 12 = 5 • Thus, we have accounted for all elements of GF8. • The above techniques are generalized and justified by the following sequence of lemmas

  8. The Powers Lemma Lemma P1If p is a prime and 1  i  p-1, then p 0 Lemma P2Let p be a prime and let f(x), g(x) be elements of GFp[x]. Then (f(x) + g(x))p = f(x)p + g(x)p mod p Lemma P3Let p be a prime and let h(x)  GFp[x] be given by anxn+an-1xn-1++a1x+a0Then (h(x))p = anxpn+an-1xp(n-1)++a1xp+a0 mod p = h(xp).

  9. The Squaring Lemma LemmaSuppose h(x)  GFp[x] and   . Then, when evaluated in , for every integer i. CorollarySuppose h(x)  GF2[x] and   . Then if  is a zero of h(x), so is for every positive integer i.

  10. Error-Control Codes • Error-control codes are designed to deal with low-probability errors in communications over a data channel • Shannon’s Model: • Assumption: channel is noisy, so that changes will be made with some positive probability between the encoder and the decoder • Idea: add enough redundant information so that errors can be detected and/or corrected Sender Encoder Channel Decoder Receiver

  11. Error-Control Codes • Example: triple-repetition code • Each binary bit is repeated three times and a simple majority rule is used for decoding • Thus the word 01101 would be encoded as 000111111000111 • Transmission and decoding:Original 0 1 1 0 1      Encoded 000 111 111 000 111      Received 010 111 110 000 101      Decoded 0 1 1 0 1

  12. Binary Symmetric Channels • Triple repetition codes are very inefficient in that a great deal of extra bits are inserted • We will explore more efficient codes • Assumption: binary symmetric channel The message will be a stream of zeros and ones, the only errors are bit reversals and the probability of 0 changing to 1 is the same as that of 1 changing to 0 • In particular, if the probability of a change is p, then the probability of no change is 1-p • The four possible events in a binary symmetric channel no error error

  13. Hamming Distance • Encoders will work on blocks of binary words u = (u1,u2,…,un) where each ui is either 0 or 1 DefinitionThe weight w(u) of a word u = (u1,u2,…,un) is the number of nonzero components of u. • The weight of word u = (01101000) is 3 DefinitionThe Hamming distance d(u,v) between binary words u = (u1,u2,…,un) and v = (v1,v2,…,vn) is the number of coordinates in which the words differ. DefinitionThe sum u+v of binary words is the vector sum modulo 2. Example(0,0,1,0,1,1,0,1,0,0,1) + (1,1,1,0,1,1,0,1,0,0,0) = (1,1,0,0,0,0,0,0,0,0,1)

  14. Hamming Distance • Note: 1d(u,v) = w(u+v) 2 uu = w(u)(vector dot product) Theorem If u, v and w are codewords, then (i) d(u,u) = 0 (ii) d(u,v) = d(v,u) (iii) d(u,v)  d(u,w) + d(w,v)

  15. Maximum Likelihood Decoding • Suppose the minimum distance between codewords is 3. • Then if a single error occurs, the result is not a codeword and there is exactly one codeword at distance 1 from the given word • Thus, we can correct the error by choosing the closest codeword • This is known as maximum likelihood decoding

  16. Hamming Codes • The (7,4)-Hamming code uses three parity bits for a 4-bit message • The encoder uses matrix multiplication with the following matrix • The codeword v for the 4-bit message word u is given by v = uH • Note that the first 4 bits of v are exactly the bits of u; bits 5, 6, and 7 are parity bits

  17. Hamming Codes • Example: suppose the message word is u = (0 0 1 1) Then the codeword is given by • The codeword v for the 4-bit message word u is given by v = uH • Note that the first 4 bits of v are exactly the bits of u; bits 5, 6, and 7 are parity bits

  18. Hamming Codes • What is the minimum distance between codewords in the (7,4) Hamming code? • Every codeword is a linear combination of rows of H and the rows have weights 3,3,3 and 4, respectively. • The sum of any two rows is at least 3: 2 from the first four columns and at least one from the parity columns • Similarly, the sum of any three of the rows is at least 3 and the sum of all four rows is 7 • Thus, the (7,4) Hamming code can correct 1 error • See the text for the decoding method

  19. Hamming Codes HW • Pages 125-126, # 2, 4, 8

  20. Binary BCH Codes • The idea behind BCH codes is to use polynomials over a field to represent plaintext words • Encoding is then done by multiplying by a fixed polynomial • Thus a binary plaintext word arar-1  a0 is represented by the polynomial a(x) = arxr + ar-1xr-1 + + a1x + a0 • If g(x) is the encoding polynomial, then we write the product a(x)g(x) = cnxn + cn-1xn-1 + + c1x + c0, and the code word for the original binary plaintext is the word cncn-1  c0 • The choice of the field and the polynomial g(x) are the key to the error-correcting capabilities of the code. • The methodology is captured in the fundamental theorem by discovered and proved by Bose and Chaudhury and independently by Hocquenghem.

  21. The BCH Theorem Theorem 90 (page 243)Construct using a degree-n, irreducible polynomial q(x) GFp[x]. Let  be a primitive element of , let t be a positive integer and letmi(x) be the minimal polynomial of i for i = 1, 2, … , 2t. Define g(x) to be the least common multiple of m1(x), m2(x), … , m2t(x) and let k = deg( g(x) ). Then the minimum weight of the codewords corresponding to the polynomials in {a(x)g(x) : a(x) is a plaintext polynomial of degree at most pn-k-2 }is at least d = 2t. Thus, for such codewords, at least t errors can be corrected. Notation: the polynomial g(x) above is called a generator for the code.

  22. Properties of BCH Codes • The way we constructed the generator polynomial has some consequences which are important in decoding received code polynomials • Since g(x) is the least common multiple of the minimal polynomials of the first 2t powers of , we know that g(i) = 0 for i = 1, 2, …, 2t. • That means that if we encode a plaintext polynomial a(x) by setting c(x) = a(x)g(x), we also know that c(i) = 0 for i = 1, 2, …, 2t • Suppose codeword c(x) is transmitted over a line and the received codeword is r(x). • No errors if r(x) mod g(x) = 0 and then we can decode a(x) = r(x)/g(x) • If there were errors, then the error polynomial is defined to be e(x) = r(x) – c(x) • If we compute e(x), we can recover c(x) as r(x) + e(x) • Note that e(i) = r(i) – c(i) = r(i) for i = 1, 2, …, 2t . • The values e(), e(2), e(3), …, e(2t) can be used to decode the received message with at most t errors.

  23. BCH Code Example • We will use GF16 to construct a double-error-correcting code. • Let q(x) = x4 + x + 1 and construct GF16 as GF2 / q(x) • Let  be a root of q(x) in GF16 so that 4 +  + 1 = 0 and hence 4 =  + 1. • Since the multiplicative order of   1 must divide |GF16 -{0}| = 15, the order must be 3, 5 or 15. • Since 3 1 and 5 = 4 = (+ 1) = 2 +   1, the order of  is 15 • Thus every nonzero element of GF16 is a power of  • Now we know that x4 + x + 1 is the minimal polynomial of  and hence is the minimal polynomial of 2, 4 and 8 . • Thus m1(x) = m2(x) = m4(x) = m8(x) = q(x) = x4 + x + 1. • Since q(x) has degree 4, it must be the case that q(x) = (x-)(x-2 )(x-4)(x-8),which can be verified by carrying out the multiplication in GF16.

  24. BCH Code Example • Since we want to build a code capable of correcting at least 2 errors, we need the minimal polynomial of the first 4 powers of . • We already have m1(x), m2(x) and m4(x), so we need m3(x). • We know that m3(x) is the minimal polynomial of 3, 6, 12 and 24 = 9 • Thus m3(x) is divisible by the polynomial (x-3)(x-6)(x-12) (x-9) = x4 + (3 + 6 + 9 + 12)x3 + (9 + 12 + 1 + 1 + 3 + 6)x2 + (3 + 6 + 9 + 12)x + 1 = x4 + (3 + 6 + 9 + 12)x3 + (3 + 6 + 9 + 12)x2 + (3 + 6 + 9 + 12)x + 1 Since 3 + 6 + 9 + 12 = 3 + (3 + 2) + (3 + ) + (3 + 2 +  + 1) = 1 We have that m3(x) is divisible by x4 + x3 + x2 + x + 1 But this polynomial is in GF2[x] and has 3 as a root. Since m3(x) is the polynomial in GF2[x] of least degree that has 3 as a root, m3(x) = x4 + x3 + x2 + x + 1

  25. BCH Code Example • Now that we have found the minimal polynomials of the first 4 powers of , we need to compute their least common multiple • Since all the polynomials are irreducible, the lcm is just the product of the distinct polynomials in the list: g(x) = (x4 + x + 1)(x4 + x3 + x2 + x + 1)= x8 + x7 + x6 + x4 + 1 • Since the degree of g(x) is 8, the plaintext polynomial must have degree less than or equal to 24 – deg(g(x)) – 2 = 16 – 8 – 2 = 6 • In particular, if the plaintext word is a6a5a4a3a2a1a0 = 1011001, then a(x) = x6 + x4 + x3 + 1 and a(x)g(x) = x14 + x13 + x10 + x9 + x3 + 1 and hence the codeword is transmitted as 110011000001001

  26. BCH Decoding • Now suppose we received the message 11101000101111 • The corresponding to the polynomial is r(x) = x14 + x13 + x12 + x10 + x6 + x4 + x3 + x2 + 1 • Suppose a single error occurred at bit position k • Then r(x) = c(x) + xk. Why? • If the original bit at position k was 0, then there is no xk in c(x) • Changing that 0 to a 1 corresponds to adding the term xk. • If the original bit at position k was 1, then xk is a term of c(x) and the coefficient of xk in r(x) is 0. • Since addition is done mod 2, if we add xk to c(x), the xk term will have coefficient 2; when we reduce modulo 2, that term disappears • In other words, the kth bit has changed to the correct value: 0 • Since addition is done mod 2, we can recover c(x) by adding xk to r(x) • Of course, we first must find the value k, which is to say the position where the bit reversal occurred during transmission

  27. Single-error Correction • We can find the bit error position k if we can find k. • r() = c() + k = 0 + k = k = (14 + 13 + 12 + 10 + 6 + 4 + 3 + 2 + 1 mod(q()) ) mod 2 = 3 + 2 +  • Checking the list of powers of , we see that 3 + 2 +  = 11 • Thus k = 11 and we recover the codeword that was sent as c(x) = r(x) + x11 = x14 + x13 + x12 + x11 + x10 + x6 + x4 + x3 + x2 + 1 • Dividing c(x) by g(x), we get a(x) = x6 + x3 + x2 + 1 • The corresponding bit string is 000000001001101

  28. Single-error Correction HW Problem 2, page 257

  29. Correcting Two Errors • If errors occur at two bit positions, say j and k, then the error polynomial will be e(x) = xj + xk. • Obviously, decoding in this situation is more complicated than in the case of a single error. • As before, we have r() = c() + e() = 0 + j + k = j + k • Our goal will be to find j + k and j+k by computing the polynomial (xj +1)(xk +1) = x2j+k + x(j + k) + 1 • After that we express j + k as a power of  • This information will be enough to determine j and k • For this example, suppose r(x) = c(x) + e(x) = x14 + x11 + x10 + x5 + x +1 and assume that exactly two errors occurred.

  30. Correcting Two Errors • Since g(x) is the least common multiple of the first 2t = 4 powers of , we know that g() = g(2) = g(3) = g(4) = 0 • We then obtain the following: r() = c() + e() = a()g() + e() = a()0 + j + k = j + k r(2) = c(2) + e(2) = a(2)g(2) + e(2) = a(2)0 + 2j + 2k = 2j + 2k r(3) = c(3) + e(3) = a(3)g(3) + e(3) = a(3)0 + 3j + 3k = 3j + 3k r(4) = c(4) + e(4) = a(4)g(4) + e(4) = a(4)0 + 4j + 4k = 4j + 4k • From this we have j + k = r() = 14 + 11 + 10 + 5 +  +1 • Since we are evaluating the expression in GF16, we must reduce the expression mod 4 +  +1 and also mod 2 • Then, since we are interested in finding the exponents i and j, we express each of the above values as a power of 

  31. Correcting Two Errors • Carrying out the evaluations and reductions described on the previous slide, we get: j + k = 2 + 1 = 8 2j + 2k = 3j + 3k= 3 + 2 +  = 11 4j + 4k =2

  32. Correcting Two Errors • We have derived the following information j + k= 82j + 2k=  3j + 3k= 114j + 4k = 2 • Now for the algebraic “insight” when computing mod 2: (j + k) j+k + (2j + 2k) (j + k) = 3j + 3k (2j + 2k) j+k + (3j + 3k) (j + k) = 4j + 4k • We want to solve for j+kand j + k, so let u = j+kand v = j + k • Substituting these values and the values calculated above, the equations become 8u + v = 11 u + 11v = 2

  33. Correcting Two Errors • It will be useful to express the equations 8u + v = 11 u + 11v = 2 in terms of matrices: Convert the above to the augmented matrix: Now we can solve the equations by row operations

  34. Correcting Two Errors • Solving for j+k and j + k : From the above, we have j + k = 8 and j+k = 9

  35. Correcting Two Errors • We have j + k = 8 and j+k = 9 • We know that j+k = 9, so we check the possible values of j,k: • Therefore, we see that j = 4 and k = 5 and thus the corrected code polynomial is c(x) = r(x) + e(x) = (x14 + x11 + x10 + x5 + x +1) + x4 + x5 = x14 + x11 + x10 + x4 + x +1 a(x) = c(x)/g(x) = x6 + x5 + x +1

  36. Double Error Correcting HW • The polynomial x4 + x + 1 was used to construct GF16 and used to construct a double-error correcting code as in the slides. The polynomial r(x) = x13 + x11 + x9 + x8 + x7 + x2 + 1 with at most 2 errors. Find the plaintext polynomial that was sent.

More Related