• Aucun résultat trouvé

Linear error-block codes and applications

N/A
N/A
Protected

Academic year: 2021

Partager "Linear error-block codes and applications"

Copied!
123
0
0

Texte intégral

(1)

UNIVERSITÉ MOHAMMED V – AGDAL

FACULTÉ DES SCIENCES

Rabat

Faculté des Sciences, 4 Avenue Ibn Battouta B.P. 1014 RP, Rabat – Maroc Tel +212 (0) 37 77 18 34/35/38, Fax : +212 (0) 37 77 42 61, http://www.fsr.ac.ma

N° d’ordre : 2614

THÈSE DE DOCTORAT

Présentée par

Rabiî DARITI

Discipline : Informatique et Mathématiques Appliquées

Spécialité : Codes Correcteurs et Sécurité de l'Information

Linear Error-Block Codes and Applications

Soutenue le 25 décembre 2012

Devant le jury

Président :

Jilali MIKRAM

Professeur à la Faculté des Sciences de Rabat

Examinateurs :

Mostafa BELKASMI Professeur à l’École Nationale d’Informatique

et d’Analyse des Systèmes, Rabat

Said EL HAJJI

Professeur à la Faculté des Sciences de Rabat

Abdelfattah HAILY Professeur à la Faculté des Sciences d’El-Jadida

Omar KHADIR

Professeur à la Faculté des Sciences et Techniques

de Mohammedia

Ayoub OTMANI

Professeur à l'UFR Sciences et Techniques de

l’Université de Rouen (France)

(2)
(3)

Avant-propos

Les travaux pr´

esent´

es dans cette th`

ese ont ´

et´

e effectu´

es au laboratoire MIA

(Math´

ematiques,

Informatiques

et

Applications)

du

epartement

de

Math´

ematiques de la Facult´

e des Sciences de Rabat, Universit´

e Mohammed V

-Agdal, sous la direction du Professeur El Mamoun Souidi, auquel je tiens `

a

exprimer ma profonde gratitude pour sa disponibilit´

e, sa comp´

etence et ses

qualit´

es humaines.

J’adresse mes vifs remerciements `

a Monsieur Jilali Mikram, Professeur `

a la

Facult´

e des Sciences de Rabat, Universit´

e Mohammed V - Agdal, de m’avoir

fait l’honneur de pr´

esider le jury de th`

ese.

Mes remerciements sont destin´

es ´

egalement aux membres du jury en qualit´

e

de rapporteurs, Monsieur Said Elhajji, Professeur `

a la Facult´

e des Sciences de

Rabat,

Monsieur

Mostafa

Belkasmi,

Professeur

`

a

l’Ecole

Nationale

d’Informatique et d’Analyse des Syst`

emes, Universit´

e Mohammed V - Souissi

ainsi que Monsieur Ayoub Otmani, Professeur `

a l’UFR Sciences et Techniques

de l’Universit´

e de Rouen (France).

Je remercie ´

egalement Monsieur Omar Khadir, Professeur `

a la Facult´

e des

Sciences et Techniques de Mohammedia et Monsieur Abdelfattah Haily,

Professeur `

a la Facult´

e des Sciences d’El-Jadida, pour l’int´

erˆ

et qu’ils ont port´

e

`

a ma th`

ese et de m’avoir honor´

e par leur pr´

esence parmi les membres de jury.

Finalement, je tiens `

a remercier tous ceux qui ont contribu´

e, de pr`

es ou de

loin, `

a l’aboutissement de ce travail.

(4)
(5)

Linear Error-Block Codes and Applications Rabiˆı DARITI

(6)
(7)

vii

esum´

e ´

etendu

Cette th`ese, intitul´ee “Linear error-block codes and applications”, a ´et´e pr´epar´ee au sein du Laboratoire “Math´ematiques, Informatique et Applications” du D´epartement de Math´ematiques de la Facult´e des Sciences de Rabat, Universit´e Mohammed V - Agdal. Elle traite les codes en blocs d’erreurs qui sont une g´en´eralisation, apparue en 2006, des codes correcteurs classiques. Ce travail a fait l’objet de cinq publications (articles), et les r´esultats y inclus ont ´et´e pr´esent´es au cours de plusieurs conf´erences nationales et internationales.

Dans le premier chapitre de cette th`ese, nous commen¸cons par d´efinir les notions de composition et de partition d’un nombre entier. Ces notions sont n´ecessaires pour introduire les codes lin´eaires en blocs d’erreurs. En effet, consid´erons une partition d’un nombre entier n = Psi=1ni not´ee π = [n1][n2] . . . [ns]. Soit q une puissance d’un nombre premier et soit Fq le corps fini `a q ´el´ements. Notons Vπ = Fnq1 ⊕ Fqn2...⊕ Fnqs. Les vecteurs de Vπ sont aper¸cus comme une concat´enation de vecteurs vi ∈ Fnqi pour i = 1, 2, ..., s. La distance entre deux vecteurs u = (u1, u2, ..., us) et v = (v1, v2, ..., vs) de Vπ, appel´ee “π-distance”, est donn´ee par le nombre de leurs sous-vecteurs (blocs) diff´erents :

dπ(u, v) = ]{i|1 ≤ i ≤ s, ui6= vi}.

Un code en blocs d’erreurs (“linear error-block code” ou LEB code pour abr´eviation) est un sous espace vectoriel de Vπ, que nous munissons de la π-distance d´efinie ci-dessus. Le param`etre π est appel´e “type du code”. Les codes lin´eaires classiques sont la classe particuli`ere des LEB codes de type π = [1]n. Apr`es les d´efinitions, nous commen¸cons par la g´en´eralisation des principales propri´et´es des codes lin´eaires classiques aux LEB codes. Un premier probl`eme auquel nous r´epondons dans cette th`ese est de trouver un mod`ele de canal convenable `a ce type de codes, qui permet de les utiliser pour la correction d’erreurs. Ce probl`eme n’a pas ´et´e ´evoqu´e jusqu’`a pr´esent. Nous donnons une ´evaluation des performances des LEB codes dans la correction d’erreurs suivant ce mod`ele de canal. Ensuite, nous g´en´eralisons les algorithmes de d´ecodage classiques, `a savoir le d´ecodage par table standard et le d´ecodage par syndrome. En plus, nous pr´esentons quelques familles de LEB codes qui poss`edent des algorithmes de d´ecodage rapides.

Le deuxi`eme chapitre est consacr´e `a l’´etude des bornes sur les LEB codes. Nous commen¸cons par ´etendre les d´efinitions des rayons d’empilement et de recouvrement au cas de blocs d’erreurs. Nous ´etudions leurs propri´et´es et donnons quelques bornes sur les param`etres des LEB codes. Nous g´en´eralisons ´egalement quelques techniques de modification des codes, telles que la somme directe, la concat´enation ou encore l’extension et le poin¸connement. Nous ´etudions les bornes qui d´ecoulent de ces constructions.

Les codes parfaits sont minutieusement ´etudi´es dans le troisi`eme chapitre. Les LEB codes permettent de trouver des codes parfaits de π-distance minimale paire. Une contribution principale de cette th`ese consiste `a la caract´erisation des codes parfaits de distances minimales 3 et 4. Nous prouvons que certains de ces codes sont `a la fois parfaits et

(8)

MDS. Nous d´emontrons ´egalement qu’il existe une classe de param`etres qui pourrait permettre de trouver des codes parfaits de distance minimale 5. L’existence de ces codes et des codes parfaits de distance minimale sup´erieure `a 5 n’est pas discut´ee dans cette th`ese. Pour un future travail, nous proposons d’´etudier plutˆot des preuves de non existence.

Dans le quatri`eme chapitre, nous ´evoquons quelques familles particuli`eres de LEB codes. Notamment, nous introduisons la notion de LEB codes cycliques et quasi-cycliques. Ces codes permettent d’avoir une pr´esentation plus compacte, et peuvent ainsi ˆetre repr´esent´es par moins de donn´ees que d’habitude. Nous pr´esentons ´egalement la g´en´eralisation des codes de g´eom´etrie alg´ebrique au cas de blocs d’erreurs. Ces codes, et particuli`erement les codes de Goppa, sont connus dans le cas classique pour leur r´esistance dans les sch´emas de chiffrement.

Le cinqui`eme chapitre d´ecrit une application des LEB codes en st´eganographie. La m´ethode que nous d´eveloppons g´en´eralise l’id´ee classique de Crandall, et permet d’exploiter plus de donn´ees de l’objet de couverture. Nous prenons l’exemple de dissimulation de l’information dans une image en niveaux de gris. La m´ethode que nous proposons permet d’utiliser non seulement les bits de poids faible, mais aussi des bits de poids plus fort. La probabilit´e qu’un bit soit chang´e est li´ee `a son influence sur la qualit´e de l’image. Les LEB codes permettent, grˆace `a leur structure en blocs, de g´erer en mˆeme temps les diff´erents types de bits. Nous avons impl´ement´e cette m´ethode en utilisant le logiciel MATLAB. Les r´esultats obtenus montrent que l’on peut dissimuler une quantit´e d’information plus grande que dans le cas classique tout en maintenant une bonne qualit´e d’image.

Le sixi`eme chapitre ´evoque l’utilisation des LEB codes dans le domaine de la cryptographie. Nous donnons des analogues des cryptosyst`emes de McEliece et de Niederreiter qui fonctionnent avec des LEB codes. La s´ecurit´e de ces cryptosyst`emes parait ˆetre renforc´ee par l’utilisation du nouveau param`etre π comme cl´e secr`ete. Ceci permettrait d’utiliser des codes de param`etres plus petits, produisant ainsi des cl´es plus courtes. Cependant, l’´evaluation concr`ete de la s´ecurit´e de ces cryptosyst`emes reste un probl`eme ouvert. Nous proposons ´egalement une g´en´eralisation du sch´ema de signature CFS, susceptible d’augmenter l’efficacit´e de ce sch´ema. Notamment, les LEB codes permettent de r´eduire le nombre de tentatives requises pour trouver un hach´e d´ecodable.

Cette th`ese introduit des nouveaux r´esultats sur les linear error-block codes, ainsi qu’un survol de tous les r´esultats connus dans la litt´erature. A notre connaissance, jusqu’`a la r´edaction de cette th`ese, les travaux existant dans la litt´erature n’avaient ´evoqu´e que des aspects th´eoriques et quelques applications dans d’autres th´eories, comme la “conception d’exp´eriences” (experimental design) et l’int´egration num´erique. Au fait, les LEB codes pr´esentent l’inconv´enient que la π-distance est plus grossi`ere que la distance de Hamming (le π-poids de tout vecteur est inf´erieur ou ´egal au poids de Hamming du mˆeme vecteur). Ceci favorise l’utilisation de la distance de Hamming et rend l’application directe des LEB codes en informatique semblablement sans int´erˆet. Par cons´equent, les recherches pr´esent´ees dans cette th`ese donnent des solutions innovantes pour l’utilisation de ces codes dans certaines disciplines, notamment la correction d’erreurs, la st´eganographie, la cryptographie et la signature num´erique.

(9)

Contents

Avant-propos . . . iii

R´esum´e ´etendu . . . vii

Contents . . . ix

Introduction . . . 1

1. Linear Error-Block Codes . . . 5

1.1 Partitions and the π-metric . . . 5

1.1.1 Compositions and partitions. . . 5

1.1.2 The π-metric . . . 8

1.2 Linear error-block codes . . . 9

1.2.1 Definitions and properties . . . 9

1.2.2 Matrix representation . . . 11

1.3 Error correction using linear error-block codes . . . 12

1.3.1 Channel model . . . 13

1.3.2 Encoding . . . 15

1.3.3 Error correction performance of LEB codes . . . 15

1.4 Decoding linear error-block codes . . . 17

1.4.1 Hardness of decoding. . . 17

1.4.2 Maximum likelihood decoding for LEB codes . . . 18

1.4.3 Standard array decoding. . . 19

1.4.4 Syndrome decoding . . . 21

1.4.5 LEB codes with fast decoding algorithms . . . 22

2. Bounds on Parameters of Linear Error-Block Codes . . . 25

2.1 Packing and covering radii of LEB codes . . . 26

2.1.1 The π-packing radius . . . 26

2.1.2 The π-covering radius . . . 27

2.2 Bounds on a given LEB code . . . 27

(10)

2.2.2 Sphere packing and sphere covering bounds . . . 28

2.2.3 Extended Hamming bound and extended decoding . . . 29

2.2.4 Singleton bound . . . 31

2.2.5 Redundancy bound. . . 31

2.2.6 Gilbert bound . . . 31

2.2.7 Gilbert-Varshamov bound . . . 32

2.2.8 Plotkin bound . . . 33

2.3 Bounds on a LEB code constructed from other LEB codes . . . 35

2.3.1 Lower bounds . . . 35

2.3.2 Upper bounds. . . 37

3. Perfect and MDS Linear Error-Block Codes . . . 41

3.1 Definitions and particularities . . . 42

3.2 Perfect LEB codes with minimum π-distance 3 . . . 44

3.3 Perfect LEB codes with minimum π-distance 4 . . . 46

3.4 Perfect LEB codes of minimum π-distance 5 . . . 49

3.5 Perspective . . . 50

4. Particular Classes of Linear Error-Block Codes . . . 51

4.1 Cyclic and quasi-cyclic LEBC . . . 51

4.2 Algebraic-geometric error-block codes . . . 54

5. Application of Linear Error-Block Codes in Steganography . . . 59

5.1 Preliminaries . . . 60

5.2 Linear error correcting codes in steganography . . . 61

5.3 Motivation for using LEB codes . . . 62

5.4 Quality improvement . . . 63

5.5 Handling cover bits with LEB codes . . . 66

5.6 Results. . . 68

5.7 Conclusion . . . 69

6. Perspective for Applying Linear Error-Block Codes in Cryptography . . . 71

6.1 The McEliece cryptosystem . . . 72

6.2 The Niederreiter cryptosystem . . . 75

6.3 The CFS signature scheme . . . 76

Conclusion . . . 79

Appendix 81 A. Implementation of some tools . . . 83

A.1 Minimum π-distance and minimum π-weight codeword . . . 83

A.2 Standard array . . . 85

(11)

Contents xi

B. Essential functions of the proposed steganographic scheme . . . 89

B.1 Cover preparation . . . 89 B.2 Message preparation . . . 90 B.3 Embedding . . . 91 B.4 Cover remaking . . . 92 B.5 Retrieval. . . 93 Bibliography . . . 95 Index . . . 101 Abstract. . . 105 R´esum´e . . . 107

(12)
(13)

List of Figures

1.1 Ferrers diagram for 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1. . . 6

1.2 Young diagram for 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1. . . 7

1.3 Transmission system with channel encoding. . . 13

1.4 Binary symmetric channel.. . . 14

1.5 Encoding with LEB codes.. . . 15

5.1 Switching to 1 the 4th plane bits of an 8 × 8 pixel square in two different areas of Lena gray-scale image. . . 63

5.2 “Lena.bmp” image with different bit planes switched to 0 or 1. . . 63

5.3 Overview of our embedding method. . . 64

5.4 Neighbour pixels of a pixel p. . . 65

5.5 Heterogeneity levels . . . 66

5.6 Pixel levels matrix. . . 66

5.7 The message image. . . 68

(14)
(15)

List of Tables

1.1 Correction performance of the code C1 with different types. . . 16

1.2 Correction performance of the code C2 with different types. . . 16

1.3 Correction performance of the code C3 with different types. . . 16

1.4 Standard array of the code C defined in Example 4 . . . 20

1.5 Syndrome table of the code C defined in Example 5 . . . 22

5.1 Syndrome table of the code C defined in Example 16 . . . 68

5.2 Steganography performance of a [7, 3] LEB code. . . 69

(16)
(17)

Introduction

oding theory has appeared with the invention of the new information and communication techniques in the late 40’s of the last century thanks to the works of Claude Shannon and Richard Hamming. The main objective was to allow a computer to detect and correct its own errors which were caused generally by hardware failures. This innovative idea made possible such applications as modems, compact disks and satellite communications. Nowadays, this science is getting a more and more polyvalent role. Further to error correction, codes are used in data compression, statistics, cryptography, data hiding and the list goes on.

Linear error-block codes, or LEB codes for abbreviation, were introduced by Feng, Xu and Hickernell in 2006 [FXH06]. They are a natural generalization of classical error correcting codes that we can present as follows. Let q be a prime power and Fq be the finite field with q elements. The space Fn

q, where n is a positive integer, is considered as a direct sum of spaces Fni

q where ni (i = 1, 2, ..., s) are positive integers satisfying n = Psi=1ni. Vectors in Fn

q are seen as a concatenation of s blocks; v = (v1, v2, ..., vs) where vi ∈ Fnqi. Any change that happens inside a block causes a single error in the vector regardless to its magnitude. A LEB code is a linear subspace of Fni

q endowed with the metric that measures the number of distinct blocks. This metric, clearly related to the integers ni (lengths of blocks), is called the π-metric where π is the partition of n noted π = [n1][n2]...[ns] and called the type of the code. Classical linear error correcting codes are a special family of LEB codes for which ni= 1 for i = 1, 2, ..., s.

Up to date publications on LEB codes involve determining and constructing optimal codes. The pioneering paper by Feng et al. [FXH06] defined the Hamming and the Singleton bounds for LEB codes, and gave some specific constructions of perfect and MDS LEB codes. It further introduced a generalization of the algebraic geometric codes. In its concluding section, a few open problems are stated. Starting from those problems, Ling and ¨Ozbudak [L ¨O07] obtained new bounds on the parameters of LEB codes and gave new constructions. Namely, they presented a Gilbert–Varshamov type construction. Using their bounds and constructions they introduced some infinite families of optimal LEB codes over F2. They also studied the asymptotic behavior of LEB codes.

(18)

maximal dimension codes and maximal minimum π-distance codes. First perspective on optimizing a code is by studying lower bounds and upper bounds on the dimension of a code. Various bounds were developed providing tools used in obtaining more efficient codes which in some cases lead to optimal codes. The latter approach is by modifying suitable existing LEB codes so that the optimal ones are rewarded.

Another trend in the research of optimal LEB codes involves looking for an adaptation of the metric used in order to provide such constructions. An idea was given in [APF08], it aims to study combinations between the π-metric, used with LEB codes, and the poset metric, introduced in [BGL95], in order to turn some classical codes into perfect codes. Another idea was developed in [Jai11], it consists of endowing LEB codes with a metric which is more suitable for non binary channels. The given metric was called Arihant metric. It is a block metric combining and generalizing both the π-metric and the classical Lee metric [Lee58].

Before the conception of LEB codes, there was another generalization of classical error-correcting codes, called poset codes. It was initiated by Niederreiter and Xing [NX01] and developed by Hyun and Kim [HK04] and Lee [Lee04]. For poset codes, the coordinates {1, 2, ..., n} are considered to be a partially ordered set so that the codes have a more combinatorial flavor. LEB codes have both combinatorial and algebraic behaviors which we will investigate thoroughly in this thesis. The algebraic aspect shows how many algebraic methods used in the classical case can be shifted directly to constructing good LEB codes.

The π-metric causes a controversial drawback to LEB codes; actually, the π-metric is more coarse than the classical Hamming metric. This means the minimum π-distance of any code is at most equal to its (classical) minimum distance. Therefore one would think that the most interesting code type is [1]n. We show in this thesis that, even though, there are numerous theoretical results and several applications where LEB codes are of particular interest.

A first result involves a link between LEB codes and experimental designs [CCC92]. Feng et al. claimed in [FXH06] that LEB codes yield mixed-level orthogonal arrays which are used for experimental design. For an [n, k, d]q LEB code C of type π, let M be the qn−k× n matrix over Fq such that its qn−k rows are the codewords of the dual code C⊥. The matrix M may be written in block form M = [M1, M2, ..., Ms], where each qn−k × nj block Mj has elements mijh where i = 1, 2, ..., qn−k and h = 1, 2, ..., nj. From this matrix M one may construct a qn−k× s matrix A with elements a

ij = mij1qnj−1+ ... + mij,nj. The matrix A is an orthogonal array of strength d− 1 with s factors and qnj levels for factor j. We refer

to [HSS99] for further details on orthogonal arrays.

Suppose that one chooses any d − 1 distinct columns of A, indexed by j1, ..., jd−1. The fact that A is an orthogonal array means that the sub-matrix formed by these columns contains exactly qn−k−nj1−...−njd−1 copies of every row of the form (c

1, ..., cd−1) where ch = 0, ..., qnjh − 1. Classical error-correcting codes yield orthogonal arrays with the same number of levels per factor, thus LEB codes provide a more general construction of orthogonal arrays.

In a private communication, Fred Hickernell (one of the authors of [FXH06]) explained that there exist connections between LEB codes and digital nets, a sampling scheme used in

(19)

3

experimental design and high-dimensional numerical integration. In these two fields it is seen that placing points evenly in the domain of interest (typically a cube) gives good results. For experimental design points of low discrepancy (even distribution) minimize aliasing. See e.g. [FLWZ00, HL02]. In high-dimensional numerical integration the use of evenly spread of points is called quasi-Monte Carlo methods. One might look at the monograph [DF10].

LEB codes were also claimed to have application in designing cryptographic schemes. In our knowledge, there was no paper dealing with this extension. In a private communication with Christian Wieschebrink, we studied several possibilities to construct a public key cryptosystem based on LEB codes as was done with the classical error correcting codes in the construction of McEliece [McE78] and Niederreiter [Nie86]. Unfortunately, the discussed ideas did not come to a well constructed cryptosystem.

Further to the works mentioned above, we have contributed in both theoretic and application aspects of LEB codes. We started in [DS11a] by introducing the error correction properties of LEB codes and giving decoding algorithms. This was not evoked so far. Moreover, we gave some families of LEB codes which admit fast decoding algorithms. Also, we presented a matrix description of cyclic and quasi-cyclic LEB codes.

Perfect codes, as a particularly interesting class of codes, was thoroughly studied in [DSss]. Very few perfect codes are known to exist over any alphabet. Namely the Golay codes, the Hamming codes and the repetition codes of odd length. It has been proved in [Tie73] that there is no other parameters set for which a classical perfect code can exist. In addition to these classical codes, which are also perfect LEB codes, we introduced further and larger families of perfect LEB codes. We gave a characterization of perfect LEB codes of minimum π-distance 3 and 4, and found parameters of perfect LEB codes of minimum π-distance 5 for which the existence is not yet discussed. Some of the introduced codes are also MDS codes.

In [DS13], we extended the definitions of packing and covering radii to linear error-block codes. We generalized some results on these parameters and studied their properties when a code undergoes some specific modifications or combinations with another code. We gave a few bounds on the packing and the covering radii of these codes which were not studied in the earlier papers [FXH06,L ¨O07,UJ10].

As for application of LEB codes, we introduced in [DS11b], and developed in [DS12], a new steganographic protocol based on Crandall’s idea called matrix encoding [Cra98]. Our goal was to increase embedding capacity by exploiting more bits from the cover, in such a way that the probability for each bit to be flipped is related to its influence on the image quality. For example, least significant bits (LSB) are the most exposed to alteration. LEB codes, as a generalization of linear error correcting codes, provide larger and better choices of codes to be used. The results show that with a good choice of parameters, the change rate can also be reduced for an acceptable image quality.

While writing this thesis, we have determined more properties and applications of LEB codes. Namely, an appropriated channel model for LEB codes (Section 1.3.1), error correction performance of LEB codes (Section 1.3.3), and a promising solution to design public key cryptosystems and digital signature schemes based on LEB codes, which we present in Chapter6 of this thesis. There are two papers related to these topics that will be submitted soon for publication.

(20)

This thesis is organized as follows. In chapter 1 we introduce the concept of linear error-block codes and give their essential properties. Chapter 2 is devoted to study the bounds on the parameters of LEB codes in both cases of modifying a LEB code and combining two LEB codes. Chapter 3 is a survey of perfect and MDS LEB codes, including the new constructions we have introduced. Chapter 4 describes some special classes of LEB codes, namely cyclic and quasi-cyclic LEB codes, and algebraic geometry LEB codes. In chapter 5, we introduce our new steganographic scheme based in LEB codes. Finally, in chapter 6, we study the application of LEB codes in designing public key cryptosystems and a digital signature scheme.

(21)

Chapter 1

Linear Error-Block Codes

his chapter is devoted to describe the concept of LEB codes. We start by defining the partition of an integer and give some of its properties. It is used to define the block metric, also called the π-metric, which endows the vector space where LEB codes are defined. Next we define LEB codes and introduce their basic properties. So far, the error correction abilities of LEB codes were not studied yet in the literature. Our main contribution in this chapter consists of finding the adequate channel model for LEB codes, and starting from this, studying error correction with LEB codes. We review some problems related to decoding linear codes and recall their complexity. The hardness of these problems makes possible the application of LEB codes in several domains such as cryptography and digital signing. Primitive decoding algorithms, i.e. standard array and syndrome decoding, are easily readapted to LEB codes. We evoked the question of decoding in [DS11a] and we will submit soon another paper devoted to the channel model issue. Despite the primitive decoding algorithms are slow and impractical for big parameters, we use them to experience applying LEB codes in steganography and cryptography. This applications will be seen in Chapter5and Chapter6respectively. Finally, we show that we can avail of classical codes with fast decoding algorithms to construct families of LEB codes which also admit a fast decoding algorithm. This was also published in [DS11a]. This chapter is organized as follows. Section 1.1 recalls the notions of partition and composition of a positive integer, and explains the concept of the π-metric. Section 1.2

introduces LEB codes and presents their main properties. In Section1.3we study the channel model for LEB codes and discuss how they can be used in error correction. Section1.4involves decoding LEB codes and introduces some families which have a fast decoding algorithm.

1.1

Partitions and the

π-metric

1.1.1 Compositions and partitions

Definition 1.1. A composition π of a positive integer n is given by n = n1+ n2+ · · · + ns, where s, n1, n2, . . . , ns are integers ≥ 1. It is denoted

π = [n1][n2]...[ns]

(22)

For example, the integer 5 has sixteen compositions which are: 5, 4+1, 3+2, 3+1+1, 2+3, 2+2+1, 2+1+2, 2+1+1+1, 1+4, 1+3+1, 1+2+2, 1+2+1+1, 1+1+3, 1+1+2+1, 1+1+1+2, and 1+1+1+1+1. So there are five compositions of 5 into distinct terms: 5, 4+1, 3+2, 2+3, and 1+4.

Definition 1.2. If the terms of a partition π satisfy n1 ≥ n2 ≥ · · · ≥ ns≥ 1 then π is called a partition.

There are seven partitions of 5 : 5, 4+1, 3+2, 3+1+1, 2+2+1, 2+1+1+1, and 1+1+1+1+1. So the three partitions of 5 into distinct terms are: 5, 4+1, and 3+2.

Definition 1.3. The partition function p(n) is the number of partitions of n.

The function p(n, k) presents the number of partitions of n whose largest part is k (or equivalently, the number of partitions of n with k parts).

As we have seen, 5 can be written with 3 different partitions, so p(5) = 3. The partition function increases quite rapidly with n. For example, p(10) = 42, p(20) = 627, p(50) = 204226, p(100) = 190569292, and p(200) = 3972999029388 (see [Bot]).

A very useful tool for visualizing partitions is given by the Ferrers diagram. Named in honor of Norman Macleod Ferrers (1829-1903), the Ferrers diagram of an integer partition is helpful for proving some identities. It is constructed by stacking left-justified rows of cells, where the number of cells in each row corresponds to the size of a part. The first row corresponds to the largest part, the second row corresponds to the second largest part, and so on. As an illustration, the Ferrers diagram for the partition 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1 is shown in Figure1.1. o o o o o o o o o o o o o o o o o o o o o o o o o o

Fig. 1.1: Ferrers diagram for 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1.

An alternative visual representation of an integer partition is its Young diagram (called also Young tableaux), named after the British mathematician Alfred Young. Rather than representing a partition with dots, as in the Ferrers diagram, the Young diagram uses boxes. Thus, the Young diagram for the partition 26 = 10+7+3+2+2+1+1 is shown in Figure1.2. Partitions have played an important role in many aspects of combinatorics, Lie theory, physics, and representation theory. This has been studied at length by the best mathematical minds of all times. They were first studied by Euler (1707, 1783) [Ald69]. For many years, one of the most intriguing and difficult questions about partitions was determining the asymptotic properties of p(n) as n got large. This question was finally answered quite completely by the genius Indian researcher Srinivasa Ramanujan (1887-1920)

[Har99]. An example of a problem in the theory of integer partitions that remains unsolved,

(23)

1.1. Partitions and the π-metric 7 6 (10) (7) (3) (2) (2) (1) (1)

Figure 1: Ferrers diagram for 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1

We define the function p(n, k) to be the number of partitions of n whose largest part is k (or equivalently, the number of partitions of n with k parts).

We will now derive Euler’s generating function for the sequence{p(n)}∞

n=0. In other

words, we are looking for some nice form for the function which gives us P∞ n=0p(n)xn.

Consider, (or as that word often implies “look out, here comes something from left field”): (1 + x + x2+ x3

· · ·)(1 + x2+ x4+ x6

· · ·)(1 + x3+ x6

· · ·)(1 + x4+ x8

· · ·) · · · (1) We claim that by expanding this product, we obtain the desired result, namelyP∞

n=0p(n)xn.

It is important to understand why this is true because when we look at several variations, they will be derived in a similar manner. To illustrate, consider the coefficient of x3. By choosing

x from the first parenthesis, x2from the second, and 1 from the remaining parentheses, we

obtain a contribution of 1 to the coefficient of x3. Similarly, if we choose x3from the third

parenthesis, and 1 from all others, we will obtain another contribution of 1 to the coefficient of x3. So how does this relate to integer partitions?

Let the monomial chosen from the i-th parenthesis 1+xi+x2i+x3i· · · in (1) represent the

number of times the part i appears in the partition. In particular, if we choose the monomial xciifrom the i-th parenthesis, then the value i will appear c

itimes in the partition. Each

selection of monomials makes one contribution to the coefficient of xnand in general, each

contribution must be of the form x1c1· x2c2· x3c3· · · = xc1+2c2+3c3···. Thus the coefficient of

xnis the number of ways of writing n = c

1+ 2c2+ 3c3+· · · where each ci≥ 0. Notice that

this is just another way to represent an integer partition. For example, the partition 25 = 6+4+4+3+2+2+2+1+1 could be represented by 25 = 1(2)+2(3)+3(1)+4(2)+5(0)+6(1). Thus, there is a 1-1 correspondence between choosing monomials whose product is xnout of

Fig. 1.2: Young diagram for 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1.

p(n) is even or odd. Though values of p(n) have been computed for n into the billions, no pattern has been discovered to date. Many other interesting problems in the theory of partitions remain unsolved today. We refer the reader to [And84,Wil00] for further details on the theory of partitions. It is also worth visiting the online partition and composition calculator by Henry Bottomley [Bot].

For simplicity, we shall use in this thesis a notation that makes explicit the number of times that a particular integer occurs as a part. Thus if n = l1m1+ l2m2+ · · · + lrmr where r, l1, l2,. . . , lr, m1, m2, . . . , mr are integers ≥ 1, we sometimes write

π = [m1]l1[m2]l2. . . [mr]lr. Also, if π1 = [n11], [n12]...[n1s1] and π2 = [n

2

1], [n22]...[n2s2] are compositions of two integers n 1 and n2, then we note the concatenation of the partitions π

1 and π2 by π = π1π2. It is the composition of n1+ n2 given by

π = π1π2 = [n11] . . . [n1s1][n 2

1] . . . [n2s2].

Definition 1.4. Let n be a positif integer and Πn be the set of all possible partitions of n. We define a partial order relation “” between two elements π = [n1][n2]...[ns] and π0 = [n0

1][n02]...[n0s0] of Πn as follows

π0  π if and only if For all i = 1, 2, ..., s0 there exist (l

i)0≤i≤s0 such that n0 i=

li X j=li−1+1

nj with l0 = 0 and ls0 = s. In other words, each term of π0 is the concatenation of one or more consecutive terms of π. Proposition 1.1. We keep the notations of Definition 1.4. We have the following results.

• For all π ∈ Πn we have [n]  π  [1]n. • If π0  π then s0 ≤ s.

• π0  π if and only if for all i = 1, 2, ..., s0 there exist πi∈ Πn0

i such that π = π1π2...πs0. Proof. The first and the second points come straightforward from Definition 1.4. The third point gives an equivalent definition for the partial order relation. Actually, the partitions πi∈ Πn0

i (i = 1, 2, ..., s

0) define the integers (li)

(24)

Example 1. Let n = 7, consider the two partitions π0 = [5][2] and π = [3][2][1][1]. We have [5] = [3][2] and [2] = [1][1]. Thus [5][2]  [3][2][1][1].

1.1.2 The π-metric

Let us first recall the definition of the Hamming metric.

Definition 1.5. Let n be a positive integer, q be a prime power and Fq be the finite field of q elements. For any u = (u1, . . . , un) and v = (v1, . . . , vn) in Fnq, the Hamming distance dH(u, v) between u and v is defined by

dH(u, v) = ]{i|1 ≤ i ≤ n, ui 6= vi}. (1.1) The Hamming weight wH(u) of a vector u is defined by

wH(u) = dH(u, 0) = ]{i|1 ≤ i ≤ n, ui6= 0}. (1.2) Now, we generalize the Hamming metric to the π-metric as follows. Let s, n1, n2, . . . , ns be the non negative integers given by a partition π = [m1]l1[m2]l2. . . [mr]lr as follows

s = l1+ · · · + lr, n1 = n2= · · · = nl1 = m1 nl1+1 = nl1+2= · · · = nl1+l2 = m2

...

nl1+···+lr−1+1 = nl1+···+lr−1+2 = · · · = ns= mr

Let Vi = Fnqi for 1 ≤ i ≤ s and Vπ = V1⊕ V2⊕ . . . ⊕ Vs. Each vector v ∈ Vπ can be written uniquely as v = (v1, . . . , vs), vi∈ Vi (for 1 ≤ i ≤ s).

Definition 1.6. For any u = (u1, . . . , us) and v = (v1, . . . , vs) in Vπ, the π-distance dπ(u, v) between u and v is defined by

dπ(u, v) = ]{i|1 ≤ i ≤ s, ui6= vi}. (1.3) In other words, the π-distance between two vectors u and v is the number of blocks where u and v differ. For example, we can see a vector x as a string x1x2...xs of s alphabet letters, each letter xi is presented by an array of ni q-tuples. So the distance between u end v is the number of different letters.

It is easy to verify that the π-distance is a metric. We have actually • dπ(u, v) = 0 ⇔ u = v, since for all i = 1, 2, ..., s, ui= vi,

• dπ(u, v) = dπ(u, v) for all u, v ∈ Vπ,

• dπ(u, v) ≤ dπ(u, w) + dπ(w, v) for all u, v, w ∈ Vπ.

The third assertion comes from the following. Let I, J and K be the sets of block positions where ui 6= vi, ui 6= wi and wi 6= vi respectively. Let i ∈ I, we have ui 6= vi. If ui = wi then wi 6= vi which means i ∈ K. Otherwise i ∈ J. It follows that I ⊂ J ∪ K, hence ](I)≤ ](J) + ](K). This yields the result.

(25)

1.2. Linear error-block codes 9

Definition 1.7. The π-weight related to the π-distance is defined for a vector u ∈ Vπ by wπ(u) = dπ(0, u) = ]{i|1 ≤ i ≤ s, ui6= 0 ∈ Vi}. (1.4) The π-weight of a vector u ∈ Vπ is the number of its non-null blocks. This means that a fixed vector can be of different π-weights if we change π. For example, consider the word v = 1010001101 of length 10 and the two partitions of the number 10: π = [3][2]3[1] and π0 = [3]2[2][1]2. We have w

π(v) = 4 while wπ0(v) = 3. Remark 1.1. Hamming distance over Fn

q is the particular case of π-distance where ni = 1 for all i ∈ {1, 2, ..., s}, i.e. π = [1]n.

The following result shows that the π-metric is more coarse than the Hamming metric. Proposition 1.2. For all u ∈ Fn

q and for all partitions π and π0 of an integer n, if π0  π then wπ0(u) ≤ wπ(u).

Proof. Let u be a non null vector of Vπ and let ui be a non null block of u regarding π0 (i is fixed in {1, 2, ..., s0}). We can write u

i = ui1, ui2, ..., uil where uij for j = 1, 2, ..., l are the blocks of ui regarding π. Since ui is non null it follows that at least one of its blocks uij0 is non null. Therefore, for each vector u, the number of non null blocks of u regarding π0 is at most equal to the number of non null blocks of u regarding π. This concludes the proof. Corollary 1.1. For all u ∈ Fn

q and for all partitions π of n we have

wπ(u) ≤ wH(u) (1.5)

where wH denotes the Hamming weight.

Proof. Let π be any partition of an integer n. We have π  [1]n. Proposition1.2 yields the result.

The π-metric is not widely used in the literature. Among the few papers developing its theory we cite [APF08] and [AP09], which are principally motivated by the newly appearing concept of LEB codes.

1.2

Linear error-block codes

1.2.1 Definitions and properties

Definition 1.8. An Fq-linear subspace C of Vπ is called an [n, k]q linear error-block code of type π over Fq, where k = dimFq(C). For abbreviation we call a LEB code.

Remark 1.2. A classical linear error correcting code is a LEB code of type π = [1]n, called the classical type. The corresponding π-distance to the classical type is actually the Hamming distance.

Definition 1.9. The minimum π-distance of a LEB code C is defined as d = dπ(C) = min{dπ(c, c0)|c, c0 ∈ C, c 6= c0}

= min{wπ(c)|0 6= c ∈ C}. (1.6)

(26)

We introduce in Appendix A.1 an implementation using Scilab [sci] of a function which computes the minimum π-distance of any given LEB code. This function finds also a codeword of minimum π-weight.

Proposition 1.3. The minimum distance of a LEB code C of type π is the least π-weight of its nonzero codewords.

Proof. Let d be the minimum π-distance of C. There exist two codewords u and v such that dπ(u, v) = d. It suffices to take c = u − v. If there exists a nonzero codeword c0 satisfying wπ(c0) < d then we could have dπ(c0, 0) < d which is absurd.

Example 2. Let π be the partition π = [3][2][1]2. The code C given by C = {0000000, 1011010, 0111100, 1100110}

is a [7, 2] code of type π. Its minimum π-distance is the least π-weight of its nonzero codewords which is wπ(011

^

11^0^^0) = 2.

If we consider C0 as the same code C but with type π0 = [2]2[1]3 then its minimum π0 -distance is wπ0(01

^11^1^0^^0) = 3.

Now we come to the most controversial fact on the π-metric and the LEB codes. As the π-metric is more coarse than the Hamming metric (Proposition1.2), we have the following. Proposition 1.4. If π0  π (see Definition 1.4) then d

π0 ≤ dπ. Particularly dπ ≤ d for all π, where d is the minimum distance of the code using Hamming distance.

Proof. Let c0 ∈ C be a codeword of minimum π-weight. We have dπ0 ≤ wπ0(c0) ≤ wπ(c0) = dπ.

Actually this proposition shows a drawback of LEB codes. As we will see in Chapter 2, an optimality criterion of a code consists of making its minimum distance the largest possible for fixed length and dimension. Nevertheless, we will see in Section 1.3.1that the code type is a parameter imposed by the transmission channel, namely at the source level. Hence the optimality criterion should suppose that the type, as well as the length and the dimension, is to be fixed. Furthermore, as the inequality is not strict, there exist interesting classes of LEB codes which satisfy equality, as shown in Example 3. Although the type of such codes is generally close to the classical type, the number of blocks is smaller. In Chapter2, Proposition2.6, we will see that this yields better covering properties, which are suitable in some applications such as steganography and digital signature. Those applications are evoked later in Chapter5 and Chapter6 of this thesis.

Example 3. Consider the code C = {00000, 01110, 10101, 11011}. Using Proposition 1.3 we can easily compute the π-minimum distances for different types π as in the following table.

Type Minimum π-distance

[1]5 3 [2][1]3 3 [1]2[2][1] 2 [1]3[2] 3 [1]2[3] 2 [1][3][1] 1 [3][2] 2

(27)

1.2. Linear error-block codes 11

Definition 1.10 (Equivalent codes). Two linear q-ary codes are equivalent if one can be obtained from the other by a combination of

(i) permutations of blocks,

(ii) permutations of coordinates inside a given block,

(iii) multiplications of symbols appearing in a fixed coordinate by a nonzero element of Fq. Remark 1.3. For all LEB codes C with a composition type there exists a LEB code C0 with a partition type such that C and C0 are equivalent.

1.2.2 Matrix representation

Definition 1.11. A generator matrix of an [n, k] code, regardless to its type, is a k ×n matrix whose rows are a basis of the code in Fn

q.

Proposition 1.5. A code C is completely defined by one of its generator matrices G as follows.

C = {aG|a ∈ Vk} . (1.7)

A generator matrix G can be written in a block form corresponding to the code type π as G = [G1G2...Gs], where Gi is the ith block of G of size k × ni. A generator matrix is not unique. Elementary operations over the lines of G, permutations of the blocks Gi, or column permutations inside each of given blocks, produce other generator matrices for some code C0. The codes C and C0 are equivalent.

Since a generator matrix is of rank k, it is helpful to construct a generator matrix of the form (Ik|A), where Ik is the k × k identity matrix. This is called the standard form. Among its advantages is that the code is presented with less data (only the (n − k) × k entries of A). But generally, a generator matrix of a LEB code cannot be written in the standard form. We give a counterexample in the following.

Counterexample 1. Consider the binary [5, 2] code C = {00000, 00011, 11100, 11111} of type π = [3][2]. The code C has generator matrix

G = 

0 0 0 1 1 1 1 1 0 0



Any permutation inside the same block gives the same matrix G, while permuting the two blocks gives the matrix

G0 = 

1 1 0 0 0 0 0 1 1 1



Therefore, there exists no permutation that allows to get the standard form.

Definition 1.12. A parity-check matrix of a code, regardless to its type, is an (n − k) × n matrix whose rows are linearly independent and are orthogonal with the code.

Proposition 1.6. A code C is completely defined by one of its parity-check matrices H as follows.

c∈ C ⇔ HcT = 0T. (1.8)

(28)

A parity-check matrix H can be written in the split form H = [H1H2...Hs], where Hi, having size (n − k) × ni, is the ith block of H. We have HGT = 0 where G is the generator matrix of C. As we saw earlier, a generator matrix of a LEB code cannot always be written in the standard form (Ik|A), but if it could, a parity-check matrix would be given by H = (−AT|In−k).

The minimum π-distance of a LEB code is directly determined using a parity-check matrix by the following.

Proposition 1.7. The minimum distance of an [n, k] LEB code is dπ if and only if (i) The columns of any dπ− 1 blocks of H are linearly independent,

(ii) There exist dπ blocks of H of which the columns are linearly dependent.

Proof. ⇒) Any linear combination of columns of dπ− 1 blocks of H or less can be written as HvT where v ∈ V

π and wπ(v) ≤ dπ− 1. By Proposition1.3, since the minimum π-distance of C is dπ we have v 6∈ C. It follows that HvT 6= 0. To prove (ii) let c be a codeword of minimum π-weight inC. We have wπ(c) = dπ and HcT = 0. This means H has dπ blocks of which the columns are linearly dependent.

⇐) Point (i) means that for all vectors v ∈ Vπ if wπ(v) ≤ dπ− 1 then v 6∈ C, while point (ii) confirms that there exists a vector e of π-weight dπ such that He = 0. Hence eT is a codeword and the least π-weight a codeword may have is dπ. Proposition 1.3concludes the proof. Definition 1.13. For a linear code C in Fn

q, there exists a dual code C⊥ of C, defined by C⊥= {v ∈ Fnq|hv, ci = 0 for all c ∈ C},

where the inner product is hv, ui = Pn i=1

viui ∈ Fq for v = (v1, ..., vn), u = (u1, ..., un) ∈ Fnq. Remark 1.4. The type of the code is not taken into account in the definition of dual codes, since we deal with codes as linear subspaces without evoking the endowing metric.

Proposition 1.8. Let C be an [n, k] code of type π, of generator matrix G and parity-check matrix H. The dual of C is an [n, n − k] code of type π, generator matrix H and parity-check matrix G.

Proof. If (c1, ..., ck) is a basis of C and (c1, ..., ck, ck+1, ..., cn) is a basis of Fnq then it is clear that (ck+1, ..., cn) is a basis of C⊥. Therefore C⊥ is of dimension n − k. Let c0 ∈ C⊥. From the definition it follows immediately that c0GT = 0, hence G is a parity-check matrix of C. Let hi (i = 1, 2, ..., n − k) be the rows of H. They satisfy hhi, ci = 0 for all c ∈ C. Therefore hi ∈ C⊥. As they are linearly independent, H is a generator matrix of C⊥.

1.3

Error correction using linear error-block codes

The theory of error correction is concerned with sending information reliably over a “noisy channel” that introduces errors into the transmitted data. The goal of this theory is to design coding schemes which are capable of detecting and correcting such errors. The setting is usually modeled as follows: a sender starts with some message, which is represented as a string of symbols over some alphabet. The sender encodes the message into a longer string

(29)

1.3. Error correction using linear error-block codes 13

over the same alphabet, and transmits the data over a channel. The channel introduces errors (or noise) by changing some of the symbols of the transmitted data, and then delivers the corrupted data (with the same length) to the recipient. Finally, the recipient attempts to decode the data using the symbols added by encoding, hopefully to find back the intended message. This scheme is illustrated in Figure1.3.

6 CHAPTER 1. INTRODUCTION

Figure 1.2: A more specific model

-Message k-tuple Encoder -Codeword n-tuple Channel -Received n-tuple Decoder

-- Estimate of:Message k-tuple or

Codeword n-tuple

6

Noise

letters have di↵erent probabilities of occurrence, source coding produces more compact output in which frequencies have been levelled out. In a typical string of Morse code, there will be roughly the same number of dots and dashes. If the letter “e” was mapped to two dots instead of one, we would expect most strings to have a majority of dots. Those strings rich in dashes would be e↵ectively ruled out, so there would be fewer legitimate strings of any particular reasonable length. A typical message would likely require a longer encoded string under this new Morse code than it would with the original. Shannon made these observations precise in his Source Coding Theorem which states that, beginning with an ergodic message source (such as the written English language), after proper source coding there is a set of source encoded k-tuples (for a suitably large k) which comprises essentially all k-tuples and such that di↵erent encoded k-tuples occur with essentially equal likelihood.

1.2.2

Encoder

We are concerned here with block coding. That is, we transmit blocks of symbols

block coding

of fixed length n from a fixed alphabet A. These blocks are the codewords, and that codeword transmitted at any given moment depends only upon the present message, not upon any previous messages or codewords. Our encoder has no memory. We also assume that each codeword from the code (the set of all possible codewords) is as likely to be transmitted as any other.

Some work has been done on codes over mixed alphabets, that is, allowing the symbols at di↵erent coordinate positions to come from di↵erent alphabets. Such codes occur only in isolated situations, and we shall not be concerned with them at all.

Convolutional codes, trellis codes, lattice codes, and others come from en-Fig. 1.3: Transmission system with channel encoding.

Two quantities are of particular interest in this setting. The first one is the information rate, which is the ratio of the message length to the encoded data length. This is a measure of how much “actual message data” is carried by each transmitted symbol. The second is the error rate, which is the ratio of the number of errors to the data length. This is a measure of how “noisy” the channel is, i.e. how much data it corrupts. Good coding schemes are those which tolerate high error rates while simultaneously having large information rates. In practice, smaller alphabets are desirable too, as most digital communication devices are, at their lowest levels, capable of interpreting only binary digits (bits).

1.3.1 Channel model

We begin with Shannon’s model of a general communication system (Figure 1.3). This setup is sufficiently general to handle many communication situations. Most other communication models, such as those requiring feedback, will start with this model as their base.

Linear error-block codes are concerned with block coding. That is, we transmit blocks of symbols of fixed length n. These blocks are the codewords, and each codeword c is a list of s symbols (c1, c2, ..., cs) such that the ith symbol ci is an element from a fixed alphabet Fnqi (where q is a prime power, Fq is the finite field of q elements and ni is a non null integer). The codeword transmitted at any given moment depends only on the present message, not on any previous messages or codewords. We further assume in our model that each codeword is as likely to be transmitted as any other, since the source also is assumed to produce the messages with equal probabilities.

Let us consider a classical source which produces elements of the alphabet F2. A mathematical model of a channel that transmits binary data is called the binary symmetric channel (or BSC by abbreviation). It is characterized with its crossover probability p and is

(30)

illustrated in Figure1.4. If 0 or 1 is sent, the probability it is received without error is 1 − p; if a 0 (respectively 1) is sent, the probability that a 1 (respectively 0) is received is p. In most practical situations p is very small.

-Q Q Q Q Q Q Q Q Q Q s         3 0 0 1 1 p 1 − p 1 − p p

Fig. 1.4: Binary symmetric channel.

In general, linear error-block codes are not practical in a binary symmetric channel, since the message data consists of bit lists (blocks) of different lengths. Thus, to use LEB codes in a binary symmetric channel we have to consider that all the blocks are of length 1, which means that our LEB codes should have type [1]n. Therefore BSC is of use only with classical codes.

Now we look at the generalization of BSC to alphabets of size m ≥ 2. Let 0 ≤ p ≤ 1 − 1 m . The m-ary symmetric channel with crossover probability p is defined by its transition matrix M given by

M (x, y) = 1 − p if y = xp m−1 if y 6= x

(1.9) where x (respectively y) is any transmitted (respectively received) symbol. This means that every symbol is left untouched with probability 1 − p and is altered to each of the m − 1 possible different symbols with equal probability.

The m-ary symmetric channel, though it generalizes BSC, is still not practical for LEB codes, as it can be used only with codes of type [m]l.

By using LEB codes, the symbols at different coordinate positions may come from different alphabets following the type of the code. The alphabets are the sets Vi= Fnqi, for i = 1, 2, ..., s. The source produces a message as a list of k symbols of the alphabet Fq. This list is coded into another list of s symbols. The ith generated symbol of a codeword belongs to the alphabet Fni

q bits. Note that the crossover probability depends on the block length ni. The transition matrix for each block i of length ni is given by

Mi(x, y) = 1 − p if y = xp ni−1 if y 6= x

(1.10) Therefore, we claim that LEB codes are codes over mixed alphabets, for which we adopt the ni-ary symmetric channel for each block i.

Remark 1.5. From the LEB codes channel model, the m-ary symmetric channel is found back if ni = m for i = 1, 2, ..., s, and BSC is found back if, further, ni = 1 and q = 2.

(31)

1.3. Error correction using linear error-block codes 15

1.3.2 Encoding

The original information is written as vectors of k bits. Encoding with a LEB code of type π consists of assigning to the original information a vector of n bits split into s blocks, each block is of size ni given by the code type π (See Figure 1.5). A generator matrix G of a code C defines a one-to-one application between the space of messages Fk

q and the code. Thus, each vector a of the qk possible vectors in Fk

q is presented by a single vector in C which is c = aG = (c1, c2, ..., cs). k bit vector Encoding (xG) (Adding redundancy) n bit vector

n1 bits n2 bits ns bits

Fig. 1.5: Encoding with LEB codes.

1.3.3 Error correction performance of LEB codes

The encoding procedure adds n − k bits of redundancy to allow detecting and correcting eventual errors. Therefore, the information rate of a LEB code may be evaluated by two expressions. First one is the ratio between the original information size and the codeword size, that is k

n. This parameter does not depend on the type of the code. In this case we shall assume that the type is determined by the source. Otherwise, we can generalize the information rate as follows. We consider the original information as blocks of size 1. The question is how many blocks (without taking their size into consideration) must we add to encode the information. This ratio is defined by k

s. Partitions (or compositions) with a number of blocks less than code dimension yield an information rate greater than 1.

We want the information rate to be as big as possible. This requires a small number of blocks, which causes some block sizes to be large. Thus the minimum π-distance is to be smaller. A good LEB code compromises between the information rate k

s, and the minimum π-distance dπ. Since this latter is also related to the type π, we define another parameter as the ratio of the number of error-blocks the code can detect to the total number of blocks:

dπ−1

s . We call it the detection rate. This parameter is tightly related to the correction rate which we define as tπ

s where tπ = bdπ2−1c is the correction capacity of the code.

We give in the following, a comparison of these parameters by considering three codes and varying their types. Let C1 be the [6, 3] LEB code of generator matrix

G1 =  1 0 1 0 0 10 1 0 1 0 1 1 1 0 0 1 1   .

(32)

The code C1 looks more efficient with the type [2][1]4 (see Table 1.1). Its parameters are better than the classical type illustrated in the first line. Actually, it is a perfect LEB code with type [2][1]4 (as we will see in Section3.2Page 44).

π s dπ nk kss−1 tsπ [1]6 6 3 0.5000 0.3333 0.3333 0.1666 [2][1]4 5 3 0.5000 0.6000 0.4000 0.2000 [3][1]3 4 2 0.5000 0.7500 0.2500 0 [3][2][1] 3 2 0.5000 1.0000 0.3333 0 [5][1] 2 1 0.5000 1.5000 0 0

Tab. 1.1: Correction performance of the codeC1 with different types

Let C2 be the [7, 3] LEB code of generator matrix G2 =  1 0 0 0 0 1 10 1 0 0 1 0 1 0 0 1 1 0 1 1   . π s dπ kn kss−1 tsπ [1]7 7 3 0.4285 0.4285 0.2857 0.1428 [2][1]5 6 3 0.4285 0.5000 0.3333 0.1666 [2]2[1]3 5 2 0.4285 0.6000 0.2000 0 [3][2][1]2 4 2 0.4285 0.7500 0.2500 0 [4][2][1] 3 1 0.4285 1.0000 0 0

Tab. 1.2: Correction performance of the codeC2 with different types

For the code C2, we can see that the best type is [2][1]5. It provides high detection rate together with a good information rate. It is worth noting that a [7, 3, 3] binary code of type [2][1]5 is perfect. This confirms the optimality of its performance.

Finally let C3 be the [9, 3] LEB code of generator matrix G3=  1 0 0 0 0 1 1 1 10 1 0 0 1 0 1 1 0 0 0 1 1 0 1 1 0 0   . π s dπ nk kss−1 tsπ [1]9 9 4 0.6666 0.3333 0.3333 0.1111 [2]2[1]5 7 3 0.6666 0.4285 0.2857 0.1428 [3][2][1]4 6 4 0.6666 0.5000 0.5000 0.1111 [3][2]2[1]2 5 3 0.6666 0.6000 0.4000 0.2000 [4]2[1] 3 2 0.6666 1.0000 0.3333 0

Tab. 1.3: Correction performance of the codeC3 with different types

For the code C3, the type [3][2][1]4 provides the best minimum π-distance and detection rate together with a good information rate. Besides, this code is perfect (see Section 3.3

(33)

1.4. Decoding linear error-block codes 17

1.4

Decoding linear error-block codes

1.4.1 Hardness of decoding

Decoding with a code C is the action of associating a codeword of C to a given word of the vector space Vπ. We seek most often to decode by associating to the considered word (one of) the nearest codeword(s). However, we must decide about the meaning we want to give to the expression “nearest”. If we want to decode a message transmitted along a noisy channel, we are interested mainly in maximum likelihood decoding. This is to always associate the codeword that has the highest probability of giving the word transmitted over the channel. Obviously, decoding will not have the same meaning depending on the nature of the channel. As we saw previously, the communication channel we use with LEB codes is the m-ary symmetric channel with mixed alphabets. The crossover probability p is usually considered close to 0. Therefore, maximum likelihood decoding aims to find the codeword which has the most common blocks (symbols of the alphabet Vi, 1 ≤ i ≤ s) with the received word. This means that we have to find the codeword which is within the least π-distance to the received word. This gives us the meaning of the expression “nearest”.

There are many algorithmic problems in coding theory whose computational hardness is important to understand. Formally, LEB codes as codes over mixed alphabets do not look to provide special solutions to these problems in general. This can be seen by fixing the code type and trying to resolve someone of these problems. If one could do so, he will be able to resolve the same problem fir a classical code which is a particular case.

The Nearest Codeword Problem (NCP) is probably the most fundamental computational problem on linear codes. It is stated as follows.

Problem 1. Given a code C, and a received word x, find a codeword nearest to x.

No efficient solution to this problem is known in general, and the problem was proven to be NP-hard [BMvT78]. Even its approximation for any constant factor is NP-hard

[ABSS97, BN90]. Typical NP-hardness results for the nearest codeword problem apply only

to the most general version of the problem, where one wants to correct arbitrarily many errors in an arbitrary code. In contrast, most positive results in algorithmic coding theory apply to specific classes of codes with known structure (e.g., Reed-Solomon codes), when the number of errors is limited (less than half the minimum distance of the code).

We are going to see in the upcoming Subsection 1.4.4 that the syndrome decoding algorithm is more practical than any other decoding algorithm for a random linear code. Though, it was shown in [BMvT78] that the problem related to syndrome decoding is also NP-hard.

Problem 2. Given a code with an (n − k) × n parity-check matrix H, a word s of Fn−k q , and an integer t > 0, find a word e ∈ Fn

q such that w(e) ≤ t and HeT = s.

Another problem which is closely related to the NCP is the problem of finding minimum weight words. It is stated as follows.

(34)

Most of the algorithms for finding minimum weight words can be easily modified to solve a decoding problem and vice versa. As in the classical case, any generic minimum weight word finding algorithm can be transformed to a generic error decoding algorithm [Cha94, CC98]. Let C be an [n, k] code with correction capacity t, and assume x 6∈ C is a word in Fn

q with d(x,C) < t. Write x = y + e with y ∈ C and w(e) ≤ t. Now, note that the [n, k + 1] linear code C0 = C⊕ < x > contains e, and that for all c0 ∈ C0 different than e there exist c ∈ C such that w(c0) = w(c − x) = d(x, c) > d(x, C) = w(e). Hence e is the unique minimum weight word in C0. So decoding can be done by constructing C0 and then finding the minimum weight word in C0. This will solve the decoding problem.

An inverse conversion is also possible. Let C be the code of which we want to find the minimum weight codeword. Let (x1, x2, ..., xk) be a basis of C. Pick any vector xi of this basis and construct the code Ci such that C = Ci⊕ < xi >. Then decode xi in Ci, i.e. find ci and e such that xi = ci+ e. If we are able to decode then the vector e will be the minimum weight vector in the coset Ci+ xi, therefore it is also a minimum weight word in C up to a constant since C = Ci⊕ < xi >. If ci could not be decoded then we just pick a different element xi from the basis of C and repeat the process. Thus, the minimum weight vector of C is found within at most k decoding attempts.

A more restricted version of the problems stated above is given by the Bounded-Distance Decoding, where we simply try to decode up to a given bound which is less than the correction capacity of the code.

Problem 4. Given an integer d, an (n − k) × n parity-check matrix H, a word s of Fn−k q , and an integer 0 < t ≤ b(d − 1)/2c, find a word e ∈ Fn

q such that w(e) ≤ t and HeT = s. For many years, it seemed that the bounded distance decoding problem is not as hard. It looked not NP due to the condition on H which is already NP-hard to check (H must have d blocks for which at least one column of each block are linearly independent). However several prominent authors conjecture that this problem is NP-hard [BMvT78, Concluding remarks]. Finally, it was proven in [Var97] that, actually, the bounded decoding problem is NP-hard.

1.4.2 Maximum likelihood decoding for LEB codes

Let C be an [n, k, d]qLEB code of type π. Assume that a word v ∈ Vπis received. Decoding v consists of finding c∈ C such that

dπ(v, c) = min

a∈C dπ(v, a).

In other words, the error vector e = v − c must be of minimum π-weight. The following proposition shows that the minimum π-distance of a LEB code determines how many errors it can detect (detection capacity) and how many errors it can correct (correction capacity). Proposition 1.9. A linear error-block code detects up to dπ − 1 errors and corrects up to dπ−1

2 

errors where bxc denotes the biggest integer less than or equal to x.

Proof. Detection. Suppose we receive a word x ∈ Vπ which contains at most dπ − 1 errors. This means there exists a codeword c satisfying x = c + e where e ∈ Vπ and wπ(e) ≤ dπ− 1. We have dπ(x, c) = wπ(e) ≤ dπ − 1. Therefore x 6∈ C, since the distance between any two codewords cannot be less than dπ.

(35)

1.4. Decoding linear error-block codes 19

Correction. Suppose we receive a word x ∈ Vπ which contains at most dπ−1

2 

errors. This means there exists a codeword c satisfying x = c + e where e ∈ Vπ and wπ(e) ≤

dπ−1 2  . If c0 is a codeword satisfying dπ(x, c0) ≤ dπ−1 2  then dπ(c, c0) ≤ dπ(c, x) + dπ(c0, x) ≤ 2.  dπ− 1 2  ≤ dπ− 1.

This means c0 = c, since there exists no other codeword with distance to c less than d π. Remark 1.6. The correction capacity of a LEB code in term of bits depends on the blocks lengths. The minimum number of correctable bits occurs for an error vector which contains t error-blocks with only one bit modified in each block. In this case, the code corrects t bits. The maximum number occurs for an error vector for which the t modified blocks are of maximum lengths (i.e. ns−t+1, ..., ns) and all their bits are modified. Therefore, the correction capacity of a LEB code lies between t and Pt

i=1

ni bits where t = dπ−1

2 

. For the same length and dimension, a classical code corrects up to d−1

2 

bits where dπ ≤ d. Therefore, the class of LEB codes which satisfy dπ = d provides better correction capacity (see Section 1.3.3).

We describe in the following two naive implementations of Maximum likelihood decoding, which are the standard array and the syndrome decoding algorithms. It is well known that these are exponential time algorithms, but we present them here to show that they can be used with LEB codes and, as simple algorithms, they allow to formally implement some applications of LEB codes that require a decoding algorithm.

1.4.3 Standard array decoding

Just like the classical case, a standard array can be constructed to decode any LEB code up to t = bdπ−1

2 c error-blocks even if the minimum π-distance dπ is not known. The following results hold regardless to the code type.

Definition 1.14. Let C be a LEB code over Fn

q. Let a be any vector in Fnq. The set a + C = {a + x, x ∈ C} is called a coset of C.

Lemma 1.1. Suppose that a+C is a coset of a LEB code C and b ∈ a+C. Then b+C = a+C Proof. Since b ∈ a + C, then b = a + x for some x ∈ C. Consider any vector b + y ∈ b + C, with y ∈ C. Then b + y = (a + x) + y = a + (x + y) ∈ a + C, so b + C ⊂ a + C.

Furthermore a = b + (−x) ∈ b + C, so the same argument implies a + C ⊂ b + C. Hence b +C = a + C.

The following theorem from group theory states that Fn

q is just the union of qn−k distinct cosets of an [n, k] LEB code C, each containing qk elements.

Theorem 1.1. Suppose C is an [n, k] code in Fn q. Then (i) every vector of Fn

q is in some coset of C, (ii) every coset contains exactly qk vectors,

(36)

(iii) any two cosets are either equivalent or disjoint. Proof.

(i) a = a + 0 ∈ a + C for every a ∈ Fn q.

(ii) Since the mapping x 7→ a + x is one-to-one, ](a + C) = ](C) = qk.

(iii) Let a, b ∈ C. Suppose that the cosets a + C and b + C have a common vector v = a + x = b+y, with x, y ∈ C. Then b = a+(x−y) ∈ a+C, so by Lemma1.1we have b+C = a+C. Definition 1.15. Words which have the minimum π-weight in their cosets are called coset leaders.

The standard array of a linear [n, k] code C in Fn

q is a qn−k× qk array listing all the cosets of C regardless to its type. The first row consists of the codewords of C themselves, listed with 0 appearing in the first column. Subsequent rows contain the cosets of C, beginning with a vector of minimal π-weight that has not already been listed in previous rows. The rest of the row is constructed such that the entry in position (i, j) is the sum of the entries in position (i, 1) and position (1, j). The vectors in the first column of the array are the coset leaders.

Standard array decoding is performed in the following way. We first locate the received vector r in the standard array. Then the error vector is the coset leader; the best guess of the transmitted word is the codeword at the top of the column. Since the coset leaders are vectors of the smallest weight, this gives the Maximum Likelihood decision.

Example 4. Let us consider the [5, 2, 3] LEB code of type [2][1]3 C = {00000, 01110, 10101, 11011} with generator matrix

G =  1 0 1 0 1 0 1 1 1 0  .

The standard array for C is a 8 × 4 array of cosets given in Table 1.4 in three groups of increasing coset leader weight.

00000 01110 10101 11011 10000 11110 00101 01011 01000 00110 11101 10011 00100 01010 10001 11111 00010 01100 10111 11001 00001 01111 10100 11010 11000 10110 01101 00011 11100 10010 01001 00111

Figure

Figure 1: Ferrers diagram for 26 = 10 + 7 + 3 + 2 + 2 + 1 + 1
Figure 1.2: A more specific model
Fig. 1.4: Binary symmetric channel.
Fig. 1.5: Encoding with LEB codes.
+7

Références

Documents relatifs

The code optimization using the search tree relies on bounds on the free distance of partially defined codebooks.. Definition 3: An EC-VLC is an incomplete codebook (IC) if

Each node N i in the encoding graph will correspond to a state S i of the source with memory denoted in the following with (X|S), because the providing probabilities of

In order to avoid the reduction of the code rate due to the periodic preamble, for small values of n it is interesting to investigate to possibility to exploit the periodicity

Based on the statistical properties of the new statistic presented in Section III, a proposed upper bound on the error performance of order−I OSD is derived in Section IV..

We show that the improved FFH method employing Wang Landau algorithm based on a Markov Chain Monte Carlo (MCMC) sampler reduces the simulation time of the performance evaluation

We propose a quantum error correcting code which takes advantage of this asymmetry and shows good performance at a relatively small cost in redundancy, requiring less than a doubling

L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des

The main tools are the notion of trace dual bases, in the case of linear codes, and of normal bases of an extension ring over a ring, in the case of cyclic codes.. Keywords: Finite