See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/232735362

Synthesis-by-analysis of BCH Codes

Article · October 2012

Source: arXiv

CITATIONS READS
0 101

2 authors, including:

Hafiz Atta Ul Mustafa

University of Surrey
10 PUBLICATIONS   104 CITATIONS   

SEE PROFILE

All content following this page was uploaded by Hafiz Atta Ul Mustafa on 25 November 2015.

The user has requested enhancement of the downloaded file.


Synthesis-by-analysis of BCH Codes
Atta Ul Mustafa and Ghulam Murtaza
Department of Electrical Engineering, FAST, Islamabad, Pakistan
National University of Sciences and Technology, Islamabad, Pakistan
[email protected]
,
[email protected]
Abstract—In this paper we propose a technique to blindly
synthesize the generator polynomial of BCH codes. The proposed
arXiv:1210.7906v1 [cs.IT] 30 Oct 2012
technique involves finding Greatest Common Divisor (GCD)
among different codewords and block lengths. Based on this
combinatorial GCD calculation, correlation values are found. For
a valid block length, the iterative GCD calculation results either
into generator polynomial or some of its higher order multiples.
These higher order polynomials are factorized under modulo-2
operation, and one of the resulting factors is always the generator
polynomial which further increases the correlation value. The
resulting correlation plot for different polynomials shows very
high values for correct block length and valid generator polyno-
mial. Knowing the valid block length and generator polynomial,
all other parameters including number of parity-check digits
(n − k), minimum distance dmin and error correcting capability
t are readily exposed.
Index Terms—GCD, blind estimation, generator polynomial,
correlation value.
I. I NTRODUCTION
Error control coding is mandatory to combat unavoidable
random and burst errors in digital communication channel.
There exist various error control codes amongst which Bose-
Chaudhuri-Hocquenghem (BCH) cyclic codes are very famous
and widely used in digital communication channels. These
codes are characterized by block length n, number of parity-
check digits (n−k) and minimum distance dmin .The generator
polynomial of BCH codes is specified as Least Common Mul-
tiple (LCM) of minimal polynomials φi (X) where 1 ≤ i ≤ 2t,
t being error correcting capability of the code.
In a problem of eavesdropping a communication channel,
no prior knowledge is available except the eavesdropped
bitstream. The source information is packed into a number
of different layers before sending it to the communication
channel. In this scenario, one has to blindly estimate different
parameters at each layer. Very few papers deal with the
problem of synthesis and reconstruction of error control codes
from eavesdropped bitstreams. Rice [1] presented a technique
to estimate the parameters of rate 1/n convolutional code
which was generalized by Filiol [2] for other rates as well as
for punctured convolutional codes. Burel [3] suggested blind
estimation of encoder and interleaver characteristics based on
linear algebra theory. Barbier [4] analyzed different techniques
to blindly recover the parameters of turbo-code encoder. In
2006, Cluzeau [5] introduced a version of Gallager algorithm
with weighted parity-check equations to recover LDPC and
other block codes.
1
In this paper, synthesis-by-analysis of BCH codes is pre-
sented. The proposed technique focuses on the parameter
estimation at channel coding layer in general and on BCH
codes in particular. In our work, the key parameter to be
estimated is the generator polynomial for a valid block length
n. Knowing the valid block length n and generator polynomial
g(X), all other parameters can be readily found and BCH
codes can be decoded without any prior knowledge of the
transmission side.
We assume that we have access to the eavesdropped BCH
encoded bitstream. This assumption is simulated by generating
test vectors for a range of BCH codes (n, k, t). For a specific
(n, k, t) code, the test vectors are passed to the proposed
algorithm and GCD is found for two codewords in first
iteration. The algorithm then steps through different available
codewords in a combinatorial manner. For each combination
of codewords, the GCD value is used to find correlation for
different candidate polynomials. For valid block length and
correct generator polynomial, this correlation accumulates to
a very high value. For some pair of codewords the generator
polynomial is not exposed, however by factorizing the detected
polynomial under modulo-2 operation, the desired generator
polynomial is retrieved and the correlation value increases fur-
ther. Upon plotting the correlation values, the desired generator
polynomial for valid block length is exposed very explicitly.
The proposed technique exploits the cyclic relationship
between codewords of BCH codes. This technique works
perfectly for noiseless bitstream. However, it is equally valid
if there are certain errors in some of the codewords. Since this
is an analysis technique unlike realtime decoding, the effects
of noisy codewords can be reduced by increasing the number
of codewords. The correlation value accumulates for increased
number of test vectors with very mild increase in processing
and hence the algorithm works for noisy bitstream as well.
This paper is organized as follows. In Section II, we recall
the principles of BCH code construction along with standard
procedure to generate test vectors. Section III gives a refresher
about GCD and Euclid’s algorithm following the detection of
generator polynomial mathematics in Section IV. Simulation
results are shown in Section V.
II. BCH CONSTRUCTION
Given any positive integer m (m ≥ 3) and error correcting
capability t (t < 2m−1 ), a BCH code can be generated with
the following parameters:-
Block Length: n = 2m−1 ,

Minimum distance: dmin ≥ 2t + 1,
Number of parity-check digits: n − k ≤ mt,
The generator polynomial g(X) is
φ1 (X), φ2 (X), · · ·, φ2t (X) :
g(X) = LCM {φ1 (X), φ2 (X), · · ·, φ2t (X)}
Since every even power of primitive element α has the same
minimal polynomial as some preceding odd power of α, hence
(1) can be reduced to:-
g(X) = LCM {φ1 (X), φ3 (X), · · ·, φ2t−1 (X)}
Test vectors (encoding in systematic form) are generated by
following the standard encoding steps [6] which are:-
1) Pre-multiply, k information digits, message polynomial
with X n−k i.e. X n−k u(X).
2) Calculate parity check polynomial b(X) from dividing
X n−k u(X) by g(X).
3) Append b(X) with X n−k u(X) to obtain the code poly-
nomial v(X) = b(X) + X n−k u(X).
The above steps can be realized by a division circuit based
on linear (n−k) stage shift register with feedback connections
based on g(X) as shown in Figure 1.
Gate
g1 g2 gn-k-1
b0 + b1 + b2 + bn-k-1
Message X n-k
Fig. 1. Encoding circuit for an (n, k) cyclic code with generator polynomial
g(X) = 1 + g1 X + g2 X 2 + · · · + gn−k−1 X n−k−1 + X n−k
The operation of the encoding circuit [6] is described as
follows:
1) Initially, the gate is turned on. The, k information digits,
message polynomial u(X) = u0 +u1 X+···+uk−1 X k−1
is fed to the circuit as well as transmitted into the
channel. Feeding the k information digits into the circuit
is equivalent to pre-multiplying u(X) by X n−k . When
all k information digits are shifted into the circuit, the
(n − k) digits in the register form the remainder.
2) The gate is then turned off, since the register now
contains the desired (n − k) parity check digits.
3) Selector is changed to the right position to send parity
check digits into the channel. These (n−k) parity check
digits along with k information digits form the cyclic
codeword in systematic form.
III. G REATEST C OMMON D IVISOR
To have insight into the detection algorithm, some basic
definitions [7] are described as follows:-
• Common Divisor: An element a is a common divisor
of a collection of elements b1 , b2 , · · ·, bn if a divides all
elements of bi for i = 1, 2, · · ·, n with remainder zero.
2
• Greatest Common Divisor: If d is a common divisor of
bi and all other common divisors are less than d, then d
is called the greatest common divisor (GCD) of the bi .
the LCM of
Euclid’s algorithm [7] is very famous for fast GCD calcu-
lations. This algorithm is outlined as follows:-
(1) 1) Let a, b be two elements where a > b.
2) Let ri take on initial value r−1 = a and r0 = b.
3) If ri−1 6= 0, then define ri using ri−2 + qi ri−1 = ri ,
where ri < ri−1 .
4) If ri = 0, then ri−1 = GCD(a, b), else goto step 3.
(2) In our work, Euclid’s algorithm over polynomials is used
to find GCD among different code polynomials. The code
polynomials are passed to the algorithm in a combinatorial
manner to maximize the correlation value for desired generator
polynomial.
IV. D ETECTION OF G ENERATOR P OLYNOMIAL
For cyclic codes, every codeword in code space C is ob-
tained by polynomial multiplication of message and generator.
So this algebraic structure can readily reveal the generator
polynomial in code polynomials. For the sake of clarity, we
prove the following:-
Proposition: The GCD polynomial, dc (X) of any two code
polynomials from code space C contains generator polyno-
mial, g(X) as one of its factor.
Proof: Let GCD(m1 (X), m2 (X)) = dm (X)
where 1 ≤ dm (X) ≤ min(m1 (X), m2 (X)) for any
Parity Check m1 (X), m2 (X) ∈ M
digits
+
u(X) By definition of cyclic codes, we have c1 (X) =
Codeword m1 (X)g(X) and c2 (X) = m2 (X)g(X)
Therefore
GCD(c1 (X), c2 (X)) = GCD(m1 (X)g(X), m2 (X)g(X))
= g(X).GCD(m1 (X), m2 (X))
= g(X).dm (X)
= dc (X)
Hence the proof.
Corollary: If m1 (X) and m2 (X) are co-prime, then
GCD(m1 (X), m2 (X)) = 1 then cd = g(X)
For illustration purpose, (7, 4) cyclic code generated by
g(X) = 1 + X + X 3 is chosen. Some of the message vectors,
code vectors and code polynomials are shown in Table I.
Each code polynomial of cyclic code carry the shift relation-
ship, imparted by g(X), which can be exploited by calculating
the GCD for any two code polynomial. Let two non-zero
noiseless dissimilar code polynomials v1 (X) and v2 (X) are
transmitted. The received code polynomials are:-
r1 (X) = v1 (X) + e1 (X)
(3)
r2 (X) = v2 (X) + e2 (X)
Since code polynomials are assumed to be noise-free hence
e1 (X) = e2 (X) = 0 and (3) are reduced to:-
r1 (X) = v1 (X)
(4)
r2 (X) = v2 (X)
 3

TABLE I
C ODE P OLYNOMIALS FOR (7,4) CYCLIC CODE Hence GCD exploited the cyclic shift relation between code-
words along with factorization (if needed) under modulo-2
Message Code Code operation to detect generator polynomial.
Vector Vector Polynomials
1000 1101000 X 3 + X + 1 = g(X)
V. S IMULATION R ESULTS
1010 0011010 X 5 + X 3 + X 2 = X 2 g(X)
The algorithm is tested on a wide range of (n, k, t) com-
0110 1000110 X 5 + X 4 + 1 = (X 2 + X + 1)g(X)
binations of BCH codes. The code polynomials from the test
1110 0101110 X 5 + X 4 + X 3 + X = (X 2 + X)g(X) vector are stepped through the algorithm in a combinatorial
1001 0111001 X 6 + X 3 + X 2 + X = (X 3 + X)g(X) manner. The GCD of first code polynomial is calculated with
all other code polynomials in a descending order. Then GCD
0111 0010111 X 6 + X 5 + X 4 + X 2 = (X 3 + X 2 )g(X)
of second code polynomial is calculated with all other code
polynomials in a descending order. This process is continued
till GCD calculation of last two candidate code polynomials.
The GCD calculation on these noise-free code polynomials The resulting polynomials are correlated and the correlation
results into detection of g(X) either without factorization or value for the generator polynomial of test vectors is found to
with factorization under modulo-2 operation. be very high. For illustration purpose, fifty BCH codewords,
encoded by (31, k, t) parameter, are chosen. These code poly-
A. No Factorization for g(X) nomial are given to the algorithm for two different scenarios:-
Suppose r1 (X) = X 2 + X 4 + X 5 + X 6 and r2 (X) =
1 + X + X 3 from Table I are received . Division operation A. Known Block Length
will result in a(X) = q(X)b(X) + r(X), where a(X) and In first case, by fixing the block length, first fifty code
b(X) are first and second code polynomials respectively, q(X) polynomials are passed to the algorithm. The simulation results
is the quotient polynomial, r(X) is the remainder polynomial for (31, 26, 1), (31, 21, 2), (31, 16, 3) and (31, 11, 5) codes are
and + shows modulo-2 addition. shown in Figure 2. In these figures, polynomial (octal form)
X 2 + X 4 + X 5 + X 6 = X 3 .(1 + X + X 3 ) are plotted on horizontal axis and corresponding correlation
values are plotted on vertical axis.
+ (X2 + X3 + X5 ) ⇒ r(X) 6= 0
| {z } In Figure 2 {a, b, c & d}, correlation values of 929, 987,
Carry on with Euclid’s algorithm till r(X) becomes zero. 868 and 985 for polynomials p(X) = 45, p(X) = 3551,
p(X) = 107657 and p(X) = 5423325 are shown respectively.
X 2 + X 3 + X 5 = X 2 .(1 + X + X 3 ) These p(X) corresponds to generator polynomial g(X). The
+ |{z}
0 ⇒ r(X) = 0 above correlation values correspond to fifty noiseless code
polynomials. This value depends on number of code poly-
Since r(X) is zero, hence q(X) = 1 + X + X 3 is the nomials chosen and the noise present in code polynomials. In
greatest common divisor of r1 (X) and r2 (X). Hence GCD of case of noisy code polynomials, this value can be smaller and
two code polynomials directly results into g(X). it can possibly be increased by increasing the number of code
polynomials for GCD calculation. Correlation value found for
B. Factorization for g(X) p(X) = g(X) in different simulations is reasonably high as
Now suppose r1 (X) = X + X 2 + X 3 + X 6 and r2 (X) = compared to all other polynomials.
X + X 4 + X 5 + X 6 from Table I are received. The GCD
2 1) Competitive Polynomial Analysis: The competitive cor-
calculation will proceed as follows: relation values (Figure 2(a)) for octal polynomials 157, 261,
631, 373, 723, 1341, 1711, 1253, 2747 and 4331 can be 161,
X + X 2 + X 3 + X 6 = 1.(X 2 + X 4 + X 5 + X 6 ) 33, 21, 17, 9, 5, 4, 3, 2 and 1 respectively. For illustrative
+ (X + X3 + X4 + X5 ) purpose only unique correlation values and corresponding
| {z } polynomials are chosen for analysis. If the chosen polynomials
⇒ r(X) 6= 0 are factored under modulo-2 operation, they result into the
Carry on with second iteration. desired generator polynomial. This can be shown as follows:-

X 2 + X 4 + X 5 + X 6 = X.(X + X 3 + X 4 + X 5 )
+ |{z}
0 ⇒ r(X) = 0 p(X) = 157(oct)
= X + X + X3 + X2 + X + 1
6 5

Since r(X) is zero, hence q(X) = X + X 3 + X 4 + X 5 = (X + 1) (X5 + X2 + 1)

is the greatest common divisor of r1 (X) and r2 (X). At first | {z }
glance it looks very different from g(X) but it can be reduced p(X) = 261(oct)
to g(X) by factorization under modulo-2 operation. = X7 + X5 + X4 + 1
X + X 3 + X 4 + X 5 = (X3 + X + 1)(X 2 + X) = (X + 1)2 (X5 + X2 + 1)
| {z } | {z }
g(X) p(X) = 631(oct)
 4

1100 1100
987
1000 929 1000
900 900
800 800
Correlation

Correlation
700 700
600 600
500 500
400 400
300 300
161
200 200
100 33 5 17 3 5 3 21 4 2 9 2 1 1 1 2 3 3 1 1 4 1 3 1 3 1 1 1 1 2 100 59 6 5
56 15 10 48
5 6 6 1 3 5 1 3 1 3 3 1 1
0 0

3551

4673

244113

111013

406117

3330200401
107657
100575
45
261
157
1341
373
1253
2133
3775
631
1711
2747
723
3667
4331
30351
1165
12125
2021
2655
21043
67445
415
3443
5753
1427
3551
4100200401
50200401
400200401
22661
1077

15315

31363
70771

27527
42143
12037
36041
20605
45261
1442255

77453

66135

153000401
Generator Polynomial (Octal) Generator Polynomial (Octal)

(a) (31, 26, 1) BCH code (b) (31, 21, 2) BCH code

1100 1100
1000 1000 985
900 868 900
800 800
Correlation

Correlation
700 700
600 600
500 500
400 400
300 190 300
200 71 32 200 99
100 10 9 6 1 3 2 1 1 6 1 13 1 3 2 1 1 3 100 38 3 15 5 2 1 49 1 2 1 3 10 1 2 1 1 1 2 1
0 05423325
23536601
64743203
16465577
42656727
147363171
126003057
416017223
30570053
1631252351
205616043
113150321
172230207
77705451
713717713
747524543
6425530275
554757077
442224073
361043733
1327353401
107657
310361
2072537
530423
1751465
1171327
727115
21443561
3213571
7556045
2172421573
7676654053
3624705
123527525
1546153
7376707
16465577
1366611
3242176443
153563407
661200401

Generator Polynomial (Octal) Generator Polynomial (Octal)

(c) (31, 16, 3) BCH code (d) (31, 11, 5) BCH code

Fig. 2. Simulation results for (31, k, t) BCH code.

= X8 + X7 + X4 + X3 + 1 p(X) = 2747(oct)
= (X 3 + X 2 + 1) (X5 + X2 + 1) =X 10
+ X + X7 + X6 + X5 + X2 + X + 1
8
| {z }
= (X + 1)(X 4 + X 3 + 1) (X5 + X2 + 1)
p(X) = 373(oct) | {z }
= X7 + X6 + X5 + X4 + X3 + X + 1 p(X) = 4331(oct)
= (X 2 + X + 1) (X5 + X2 + 1) = X 11 + X 7 + X 6 + X 4 + X 3 + 1
| {z }
= (X + 1)(X 5 + X 4 + X 3 + X + 1) (X5 + X2 + 1)
p(X) = 723(oct) | {z }
= X8 + X7 + X6 + X4 + X + 1 Although g(X) = 4100200401(oct) seems to be very
= (X + 1)3 (X5 + X2 + 1) complicated but it gets factored and one part is again the
| {z }
desired polynomial.
p(X) = 1341(oct)
p(X) = 4100200401(oct)
= X9 + X7 + X6 + X5 + 1
= X 29 + X 24 + X 16 + X 8 + 1
= (X 2 + X + 1)2 (X5 + X2 + 1)
| {z } = (X 12 + X 11 + X 9 + X 5 + 1)
p(X) = 1711(oct) (X 9 + X 7 + X 6 + X 5 + X 4 + X 3 + 1)
9 8 7 6 3
=X +X +X +X +X +1 (X5 + X2 + 1) =⇒ g(X)
= (X + 1)(X 3 + X + 1) (X5 + X2 + 1) (X 3 + X 2 + 1)
| {z }
p(X) = 1253(oct) 2) Correlation for Incorrect block length: If the block
=X +X +X +X +X +1 9 7 5 3 length is incorrect, a very intuitive correlation trend can be
seen. It is obvious that g(X) = 1(oct) = 1 is a factor of
= (X 3 + X 2 + 1) (X5 + X2 + 1)
| {z } every higher order polynomial, so its correlation value has
 5

to be higher than all other polynomials. Similarly irreducible in a combinatorial manner and finds the corresponding maxi-
polynomials (1+X), (1+X 2), (1+X +X 2 ) etc can be factors mum correlation. It takes into account two possible scenarios
of some higher order polynomials and hence they will show of known and unknown prior knowledge of block length. The
higher correlation values as compared to other candidates. This simulation results show that the correlation for the noiseless
trend can be seen in Figure 3. code polynomials is very high as compared to other candidate
polynomials which are in fact not the competitive polynomials
1000 862 but they are some higher order multiples of generator polyno-
163 mial. These high order multiples can be reduced to generator
polynomial by factorization under modulo-2 operations.
Correlation (log10)

100 56
44 In simulation, only noiseless codewords are used, however
18 intuitively it can work on noisy codewords as well. The only
12
9 8 minute difference will be reduction in a correlation value due
10 5 6 6 6
4 to noise effects. This reduction in correlation value can be
3 3 3 3
2 2 2
taken care of by passing large number of codewords to the
1 1 1 1 1 1 1 1
1 algorithm.
1
3
13
35
37
45
51
5
17
21
47
67
33
55
7
11
57
1103
261
25
2147
215
457
345
15
421
200401
23
R EFERENCES
Generator Polynomial (Octal)
[1] B. Rice., “Determining the parameters of a rate 1/n convolutional encoder
over GF(q),” in Proc. Third International Conference on Finite Fields and
Fig. 3. Correlation trend for incorrect block length Applications, 1995.
[2] E. Filiol., “Reconstruction of convolutional encoders over GF(q),” in M.
Darnell, editor, Proc. 6th IMA Conference on Cryptography and Coding,
number 1355 in Lecture Notes in Computer Science. Springer Verlag,
B. Unknown Block Length 1997, pp. 100–110.
[3] G. Burel and R. Gautier, “Blind estimation of encoder and interleaver
The second scenario is simulated for g(X) = X 5 +X 2 +1 = characteristics in a non cooperative context,” in Proc. IASTED In-
45(oct) with a block length of 31. The algorithm is run by ternational Conference on Communications, Internet and Information
varying the block length for a range of values e.g. n = 25 to Technology. Citeseer, November, 17-19 2003, pp. 17–19.
[4] J. Barbier, “Reconstruction of turbo-code encoders,” in Proc. SPIE
50. Here maximum correlation (close to the desired polyno- Security and Defense, Space Communication Technologies Symposium,
mial) is found for g(X) = 1 as compliant to correlation trend vol. 5819, March 28-31 2005, pp. 463–473.
shown in Figure 3. It is obvious that g(X) = 1 cannot be a [5] M. Cluzeau, “Block code reconstruction using iterative decoding tech-
niques,” in 2006 IEEE International Symposium on Information Theory,
generator polynomial of binary primitive BCH code as it does 2006, pp. 2269–2273.
not meet n − k ≤ mt criterion. In Figure 4, correlation value [6] S. Lin et al., Error Control Coding. Prentice Hall, USA, 2004.
bar is plotted along with corresponding polynomial bar. Here [7] S. B. Wicker, ERROR CONTROL SYSTEMS for Digital Communication
and Storage. Prentice Hall, USA, 1995.
the polynomial bar is invisible for incorrect block lengths,
however polynomial bar along with corresponding correlation
bar is high enough to show that the correct block length is 31
with a generator polynomial g(X) = X 5 + X 2 + 1 = 45(oct).

Desired Generator 45 (Oct) is obvious amongst all other polynomials.

862 779 668 929 940 908868803 853928946 875795649 679 764
1000 734 797 783 930 787 823 890 715 737 563
Correlation (log10)

100
45

10

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1
1
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
Block Length n

Fig. 4. Correlation results for variable block length

VI. C ONCLUSION
The proposed algorithm exploits the cyclic relationship
between code polynomials of BCH codes. It calculates greatest
common divisor between different received code polynomials

View publication stats