Article

Analysis of Blind Reconstruction of BCH Codes

Soonhee Kwon and Dong-Joon Shin *

Department of Electronics and Computer Engineering, Hanyang University, Seoul 04763, Korea;

tnsgml1991@hanyang.ac.kr

* Correspondence: djshin@hanyang.ac.kr

Received: 16 October 2020; Accepted: 4 November 2020; Published: 5 November 2020

Abstract:In this paper, the theoretical lower-bound on the success probability of blind reconstruction of Bose–Chaudhuri–Hocquenghem (BCH) codes is derived. In particular, the blind reconstruction method of BCH codes based on the consecutive roots of generator polynomials is mainly analyzed because this method shows the best blind reconstruction performance. In order to derive a performance lower-bound, the theoretical analysis of BCH codes on the aspects of blind reconstruction is performed. Furthermore, the analysis results can be applied not only to the binary BCH codes but also to the non-binary BCH codes including Reed–Solomon (RS) codes. By comparing the derived lower-bound with the simulation results, it is confirmed that the success probability of the blind reconstruction of BCH codes based on the consecutive roots of generator polynomials is well bounded by the proposed lower-bound.

Keywords:blind reconstruction; BCH codes; galois field; galois field fourier transform; lower-bound;

RS codes

1. Introduction

In order to achieve reliable information transmission through noisy communication channels, the use of error-correcting codes (ECCs) in data-stream is indispensable [1]. By sharing the parameters of ECCs between the transmitter and the receiver, the errors occurred by communication channels can be detected or corrected at the receiver in a cooperative way. However, in a non-cooperative context, it is necessary to decode received (or intercepted) data without the knowledge of parameters of the used ECC. In other words, a blind reconstruction of the parameters of the used ECC should be performed by the receiver.

A blind reconstruction of ECCs has been studied in various ways [2–19]. The blind reconstruction schemes of linear block codes are studied in [2–9], the blind reconstruction schemes of Bose–Chaudhuri–Hocquenghem (BCH) codes are studied in [10–15], and the blind reconstruction schemes of convolutional codes are studied in [16–19]. Most of the blind reconstruction schemes of ECCs take the dual code approach to reconstruct the dual code space of the used code by using the received codewords. Valembois [2] proposed a detection and recognition algorithm for binary linear codes by using the dual code property and Cluzeau [3] proposed a blind reconstruction method based on iterative decoding techniques by using the dual code property. Moreover, most of the blind detection methods of BCH codes are also based on the dual code approach. By using the properties of BCH codes, their parity-check matrices can be constructed through applying Galois field Fourier transform (GFFT) on the received codewords and many of the blind reconstruction methods of BCH codes are based on GFFT [10–15]. In the same manner, most of the blind reconstruction methods of convolutional codes are also based on the dual code approach [16–19]. To reconstruct the generator polynomial or generator matrix of convolutional code, its dual code is recognized preferentially.

An analysis of the blind reconstruction of cyclic codes over binary erasure channel (BEC) is performed in [20]. Note that for BEC, the number and the locations of error bits in the received

Entropy2020,22, 1256; doi:10.3390/e22111256 www.mdpi.com/journal/entropy

data-stream are known to the receiver. By using this property of BEC, a blind reconstruction scheme of binary cyclic codes is proposed and a lower-bound on the detection probability of this scheme is analyzed in [20]. However, many blind reconstruction schemes consider the binary symmetric channel (BSC) where the number and the locations of error bits in the received data-stream are not unavailable.

Therefore, the analysis in [20] is not directly applicable to the blind reconstruction schemes considering the BSC.

In this paper, the blind reconstruction of BCH codes over q-ary symmetric channel is mainly considered because BCH codes are a most widely used class of cyclic codes, especially in communication and storage systems and q-ary symmetric channel is a general form of BSC.

Especially, the method in [15] shows the best blind reconstruction performance among the existing blind reconstruction methods of BCH codes, but the theoretical analysis of this method has not been performed yet. Therefore, by analyzing the properties of BCH codes on the aspects of blind reconstruction, a lower-bound on the success probability of the blind reconstruction method in [15]

is derived. More specifically, the distribution of GFFT values of the received codewords is analyzed and the blind reconstruction method is formulated by using the conjugacy classes. By comparing the derived lower-bound with the simulation results, it is confirmed that the success probability of the blind reconstruction is well lower-bounded. Furthermore, the analysis of BCH codes on the aspects of blind reconstruction may lay a foundation for an analysis of other blind reconstruction methods of BCH codes based on GFFT.

In Section2, definitions and properties of BCH codes and GFFT are briefly explained. In Section3, the theoretic analysis of the properties of BCH codes on the aspects of blind reconstruction is performed.

In Section4, the blind reconstruction method in [15] is explained, and a lower-bound on the success probability of this blind reconstruction method is derived. The simulation results confirm that the success probability of the blind reconstruction method is well-bounded by the derived lower-bound.

In Section5, conclusions are provided.

2. BCH Codes and Galois Field Fourier Transform

In this section, the BCH codes and the Galois field Fourier transform (GFFT) are briefly described.

2.1. BCH Codes

BCH codes is a class of linear block codes for forward error correction. LetGF(q)denote the Galois field (or finite field) ofqelements and letBCHq(n,k)denote the BCH code with lengthnand dimension koverGF(q). Note that the dimensionkis the same as the length of random message which also implies the number of codewords. Then, the generator polynomial ofBCHq(n,k)is defined as follows:

g(x) =LCM[M_αb(x),M_αb+₁(x),· · ·,M_αb+d−2(x)] (1) whereLCMdenotes the least common multiple function,αis a primitiven-th root of unity inGF(q^m), M_αi(x)is a minimal polynomial ofαⁱoverGF(q)_,bis an arbitrary positive integer smaller thann, andd is a designed distance. Note thatmis the smallest integer such thatndividesq^m−1. By the definition of generator polynomialg(x),α^b,α^b+1,· · ·,α^b+d−2are the roots ofg(x), i.e.,g(α^b) =g(α^b+1) =· · ·= g(α^b+d−2) =0. LetSrbe the set of the exponents of all roots ofg(x)as follows:

Sr =i|g(αⁱ) =0,i∈ {0, 1,· · ·,n−1} . (2) A message can be expressed in polynomial form asm(x) =m₀+m₁x+· · ·+m_k−1x^k−1and in vector form asm= (m0,m1,· · ·,mk−1), wheremi ∈ GF(q)fori∈ {0, 1,· · ·,k−1}. A codeword of BCHq(n,k)can be expressed in polynomial form asc(x) =c0+c1x+· · ·+cn−1xⁿ⁻¹and in vector form asc= (c₀,c₁,· · ·,cn−1), wherec_i ∈GF(q)fori∈ {0, 1,· · ·,n−1}. Then,c(x)can be obtained as follows:

c(x) =m(x)g(x). (3)

Since a codewordc(x)hasg(x)as a factor, all roots ofg(x)are also roots ofc(x), i.e.,c(αⁱ) =0 for all i∈Sr. In this paper, theq-ary symmetric channel with error probabilityeis considered. Channel error can be expressed in polynomial form ase(_x) = _e0+_e1x+· · ·+_en−1xⁿ⁻¹ and in vector form as e= (e0,e1,· · ·,en−1), whereei∈ GF(q)fori∈ {0, 1,· · ·,n−1}. Note that by the definition ofq-ary symmetric channel, Pr(e_i = 0) = 1−eand Pr(e_i = x) = e/(q−1)fori ∈ {0, 1,· · ·,n−1}and x∈ GF^∗(q)whereGF^∗(q) =GF(q)\ {0}. Then, a received codeword at the receiver is expressed in polynomial form as

r(x) =c(x) +e(x), (4)

or in vector form as follows:

r=c+e. (5)

Throughout the paper, the polynomial form and the vector form will be used interchangeably.

If there is no error (i.e.,e(x) =0),r(αⁱ) =0 for alli∈Srbecauser(x) =c(x). However, ife(x)6=0, we may haver(αⁱ)6=0 for somei∈Srbecause it can bee(αⁱ)6=0 for somei∈Sr.

2.2. Conjugacy Classes and Cyclotomic Cosets

LetU_βdenote a conjugacy class ofβ∈GF(q^m)_{. Then,}U_βconsists ofβand its conjugatesβ^q,β^q2, β^q3,· · ·. Note that the conjugacy classes of the elements in the same conjugacy class are the same.

The minimal polynomial ofαⁱ∈GF(q^m)overGF(q),M_αi(x), can be obtained by using the conjugacy classes as follows:

M_αi(x) =

∏

z∈Uαi

(x−z)_{. (6)}

The degree ofM_αi(x)is equal to|U_αi|, where|S|is the cardinality of a setS. Note that sinceM_αi(x) has all the elements inU_αi as its roots,g(x)in (1) has all the elements inU_αb,U_αb+1,· · ·,U_αb+d−2 as its roots. LetSNdenote the null spectrum of theBCHq(n,k)which has the generator polynomial in (1).

ThenS_Nis obtained as follows:

SN =

b+d−2 [

i=b

U_αi. (7)

Sr in (2) is also expressed as the set of the exponents of the elements inS_Nsuch asSr ={i|αⁱ ∈S_N}. Then, the complement ofSr, denoted bySrc, is obtained as follows:

Src={i|αⁱ∈GF^∗(q^m)\SN}. (8) It is clear thatSrc=Zn\Sr whereZn ={0, 1,· · ·,n−1}.

LetC_idenote the cyclotomic coset ofimodulonwith respect toGF(q). Then, the exponents of all the elements inU_αi make upC_iandSr =^Sb+d−2_i=b C_iby (2) and (7).

2.3. Galois Field Fourier Transform

The roots of a received codewordr(x)can also be obtained by performing the Galois field Fourier transform (GFFT) onr(x). The GFFT ofc(x), denoted asC(X), can be expressed in polynomial form as follows:

C(X) =c(α⁰) +c(α¹)X+· · ·+c(αⁿ⁻¹)Xⁿ⁻¹, (9) wherec(αⁱ)∈GF(q^m)fori∈ {0, 1,· · ·,n−1}. It is also expressed in vector form as follows:

C= C0,C1,· · ·,Cn−1

= c(α⁰),c(α¹),· · ·,c(αⁿ⁻¹). (10)

The GFFT matrixMGis defined as follows:

MG=

















α⁰ α⁰ α⁰ · · · α⁰ α⁰ α¹ α² · · · αⁿ⁻¹ α⁰ α² α⁴ · · · α²⁽ⁿ⁻¹⁾

... ... ... . .. ... α⁰ αⁿ⁻¹ α²⁽ⁿ⁻¹⁾ · · · α⁽ⁿ⁻¹⁾²

















. (11)

Then, the GFFT ofcis simply obtained byC=c×MG. By the definition ofg(x)in (1),C_b =C_b+1=

· · ·=Cb+d−2=0.

The GFFT ofr(x), denoted asR(X), can be expressed in polynomial form as follows:

R(X) =r(α⁰) +r(α¹)X+· · ·+r(αⁿ⁻¹)Xⁿ⁻¹, (12) wherer(αⁱ)∈GF(q^m)fori∈ {0, 1,· · ·,n−1}. The vector form ofR(X)is expressed as follows:

R= R0,R1,· · ·,Rn−1

= r(α⁰),r(α¹),· · ·,r(αⁿ⁻¹). (13) By using MG in (11), the GFFT of r is simply obtained by R = r×MG. In the error-free case (i.e.,e(x) =0),R_b= R_b+1=· · ·=Rb+d−2=0. However, ife(x)6=0, we may haveR_i 6=0 for some i∈ {b,b+1,· · ·,b+d−2}.

The GFFT ofe(x), denoted asE(X), can be expressed in polynomial form as follows:

E(X) =e(α⁰) +e(α¹)X+· · ·+e(αⁿ⁻¹)Xⁿ⁻¹, (14) wheree(αⁱ)∈GF(q^m)fori∈ {0, 1,· · ·,n−1}. The vector form ofE(X)is expressed as follows:

E= E₀,E₁,· · ·,En−1

= e(α⁰),e(α¹),· · ·,e(αⁿ⁻¹). (15) By using (5), (10) and (13), it is clear thatR=C+E= (c+e)M_G.

3. Theoretical Analysis of BCH Codes on the Aspects of Blind Reconstruction 3.1. GFFT of a Single Symbol Error

In this subsection, the GFFT values of a single symbol error is investigated. Letwt(a)denote the Hamming weight of a vectora, i.e.,wt(a)is the number of non-zero elements ina. Note that a single symbol errore(x)satisfieswt(e) =1.

Lemma 1. If a received codeword r(x)of BCHq(n,k)contains a single symbol error, then

r(αⁱ)6=0,∀i∈Sr. (16)

Proof. Lete(x) = e_jx^j for some j ∈ {0, 1,· · ·,n−1}ande_j ∈ GF^∗(q). Since the GFFT value of e(x)with respect toαⁱ isEi = e(αⁱ) = ejα^ij 6= 0 for alli ∈ {0, 1,· · ·,n−1}andCi = 0 fori ∈ Sr, Ri=Ci+Ei 6=0 fori∈Sr.

Lemma1shows that ifr(x)contains a single symbol error, any root ofg(x)cannot be a root of r(x). In the next subsection, the distribution of GFFT values ofc(x)is analyzed.

3.2. GFFT of Codewords

LetS_c(αi)denote the set of the GFFT values taken by all the codewordsc(x)ofBCHq(n,k)for x=αⁱas follows:

S_c(αi),c(αⁱ)|c(x)∈BCHq(n,k) . (17) Suppose that the minimal polynomialM_α(x)of a primitiven-th root of unityα∈GF(q^m)overGF(q) has a degreem⁰ wherem⁰|m. Then, anyαⁱ ∈ GF(q^m)can be expressed by a linear combination of α⁰,α¹,· · ·,α^m0−1as follows:

αⁱ =h0+h₁α+· · ·+h_m⁰−1α^m

0−1, (18)

where hi ∈ GF(q)for i ∈ {0, 1,· · ·,m⁰−1}. Moreover, based on (18), any αⁱ ∈ GF(q^m) can be expressed in vector form, denoted asv_αi, as follows:

v_αi = (h0,h1,· · ·,h_m⁰−1). (19) Note thatv_αi is a row vector. LetV_αi ∈GF(q)^n×m0be a matrix withv_(αi)⁰,v_(αi)¹,· · ·,v_(αi)ⁿ⁻¹as its rows, andrk(αⁱ)denote the rank ofV_αi overGF(q).

Lemma 2. Suppose that a message m(x)is generated uniformly at random, a codeword c(x)of BCHq(n,k)is encoded by g(x)as in (3), and k≥rk(αⁱ). Then, it is satisfied that

S_c(αi)={0},∀i∈Sr, (20)

|S_c(αi)|=q^rk(αi),∀i∈Src, (21) Pr c(αⁱ) =x

= ¹

|S_c(αi)|^,∀x ∈S_c(αi). (22) Proof. First of all, for anyi∈Sr, it is always true thatc(αⁱ) =0 due to the definition ofSr. Therefore, S_c(αi)={0}and Pr(c(αⁱ) =0) =1/|S_c(αi)|=1 for anyi∈Sr.

Second, in order to prove (21), letΓ ∈ GF(q)^qk×ndenote a matrix having all theq^kcodewords of BCHq(n,k)as its rows. Then, the GFFT values ofq^kcodewords can be expressed in vector form as follows:

Λ=Γ×V_αi, (23)

whereΛ ∈ GF(q)^qk×m0 is a matrix with the vector forms of all GFFT values ofq^kcodewords with respect toαⁱ as its rows. Note that the rank ofΓiskbecause all the rows ofΓare the codewords ofBCHq(n,k), and the rank ofV_αi isrk(αⁱ)by the definition. The matrixΓcan be decomposed as Γ = ∆×Gwhere∆ has all the elements of GF(q)^k as its rows and Gis the generator matrix of BCHq(n,k). Note that the rank ofΛ,rank(_Λ), is equal torank(_Γ×V_αi) =rank(_∆×G×V_αi). Since the size of∆isq^k×kandrank(_∆) =k,rank(_∆×G×V_αi) =rank(G×V_αi). Thej-th row ofG×V_αi is expressed asg_j×V_αi whereg_jis thej-th row ofG,j∈ {1, 2,· · ·,k}. Sinceg_j×V_αi 6=0 fori∈Srcand j∈ {1, 2,· · ·,k},g1,g2,· · ·,gkare linearly independent, andk≥rk(αⁱ), it is clear thatrank(G×V_αi) is equal tork(αⁱ). Therefore, the rank ofΛis also equal tork(αⁱ), which implies that there areq^rk(αi) distinct rows inΛand|S_c(αi)|=q^rk(αi)for anyi∈Src.

Lastly, in order to show (22), letx₀,x₁,· · ·,x_n1−1∈ GF(q)ⁿbe all distinct codewords such that x0(αⁱ) = x1(αⁱ) = · · · = xn₁−1(αⁱ) = x for giveniand x ∈ GF(q^m). Also, lety0,y1,· · ·,yn₂−1 ∈ GF(q)ⁿbe all distinct codewords such thaty0(αⁱ) =y1(αⁱ) =· · ·=yn₂−1(αⁱ) =yfor the sameiand y∈GF(q^m). These relations can be expressed in matrix multiplication as follows:











 x₀ x1

... xn₁−1













×M_G⁽ⁱ⁺¹⁾=











 x x ... x













, (24)











 y₀ y1

... yn₂−1













×M_G⁽ⁱ⁺¹⁾=











 y y ... y













, (25)

whereM_G⁽ⁱ⁺¹⁾is the(i+1)-st column ofM_Gin (11). In order to show Pr(c(αⁱ) =x) =1/|S_c(αi)|, it is enough to shown1=n2. Without loss of generality, suppose thatn1>n2. From (24), we can obtain













x₀−x₀ x1−x0

... xn₁−1−x0













×M⁽ⁱ⁺¹⁾_G =











 0 0 ... 0













. (26)

Note thatn1vectorsx_i−x0are all distinct. By addingy0to each row of the first matrix in LHS of (26), we obtain













y₀+x₀−x₀ y0+x1−x0

... y0+xn₁−1−x0













×M_G⁽ⁱ⁺¹⁾=











 y y ... y













. (27)

Note thatn₁vectorsy0+x_i−x0are still all distinct and they are valid codewords. According to (27), the number of codewords which haveyas the GFFT value with respect toαⁱisn₁, which is a contradiction to the assumptionn1>n2and hencen1=n2. Therefore, if GFFT is performed on all the codewords ofBCHq(n,k)with respect toαⁱ, all the elements ofS_c(αi)occur uniformly at random for the random messagem(x), which implies Pr(c(αⁱ) =x) =_1/|S_c(αi)|for anyi∈Src.

By Lemma2, it is clear thatc(αⁱ) = 0 fori ∈ Sr andc(αⁱ)fori ∈ Srctakes a value fromS_c(αi)

uniformly at random. In the next subsection, the distribution of GFFT values ofr(x)is analyzed.

3.3. GFFT of Received Codewords

Consider a received codewordr(x) =c(x) +e(x)having a single symbol error, i.e.,e(x) =e_jx^jwith e_j 6=0. LetS_e(αi)be the set of all GFFT values of a single symbol errore(x)with respect toαⁱas follows:

S_e(αi),e(αⁱ)|e(x) =e_jx^j,e_j ∈GF^∗(q)_,j∈ {0, 1,· · ·,n−1} . (28) By using Lemma2, the distribution of GFFT values ofr(x)with a single symbol error is analyzed as follows.

Corollary 1. Suppose that a message m(x)is generated uniformly at random, a codeword c(x)of BCHq(n,k) is encoded by g(x)as (3), e(x)is a single symbol error, and k≥rk(αⁱ). Then, it is satisfied that

S_e(αi)⊂S_c(αi),∀i∈Src. (29)

Proof. By Lemma2, ifk≥rk(αⁱ), it is clear that|S_c(αi)|= q^rk(αi)fori∈Src, which means thatS_c(αi)

contains all the linear combinations of(αⁱ)⁰_,(αⁱ)¹_,· · ·,(αⁱ)ⁿ⁻¹_overGF(q). Therefore,S_c(αi)contains S_e(αi)for anyi∈Srcand (29) holds.

LetS_r(αi)be the set of all GFFT values ofr(x)with a single symbol errore_jx^jwith respect toαⁱ as follows:

S_r(αi),r(αⁱ)|r(x) =c(x) +e_jx^j,e_j ∈GF^∗(q)_,c(x)∈ BCHq(n,k)_,j∈ {0, 1,· · ·,n−1} . (30) Lemma 3. Suppose that a message m(x)is generated uniformly at random, a codeword c(x)of BCHq(n,k)is encoded by g(_x)_{as (3), e}(_x)is a single symbol error, and k≥rk(αⁱ). Then, it is satisfied that

S_r(αi)=S_c(αi),∀i∈Src, (31) Pr r(αⁱ) =x

= ¹

q^rk(αi),∀x ∈S_r(αi),∀i∈Src. (32) Proof. Based on (30),S_r(αi)can be expressed as follows:

S_r(αi)=c(αⁱ) +e(αⁱ)|c(αⁱ)∈S_c(αi),e(αⁱ)∈S_e(αi) . (33) As shown in Corollary1, ife(x)is a single symbol error andk≥rk(αⁱ),S_e(αi)⊂S_c(αi)for anyi∈Src. Therefore,S_r(αi)is equal toS_c(αi)for anyi∈Src.

The probability in (32) is derived as follows:

Pr r(αⁱ) =x

=_{Pr c}(αⁱ) +_e(αⁱ) =_x

=

∑

y∈S_e(

αi)

Pr c(αⁱ) =x−y

Pr e(αⁱ) =y

(a)= ¹

|S_c(αi)|

∑

y∈S_e(

αi)

Pr e(αⁱ) =y

= ¹

|S_c(αi)|

= ¹

q^rk(αi)

(34)

forx∈S_r(αi)andi∈Src. The equality (a) holds by Lemma2.

Lemma3assumeswt(e) = 1, however, in practice, multiple errors also occur. If wt(e) > 1, Lemma1does not hold because r(αⁱ)can be 0 for somei ∈ Sr even thoughe(_x) 6= 0. Note that Pr e(αⁱ) =0,e(x)6=0,i∈Sr

is equal to the undetectable error probability of the BCH code which has{αⁱ|i∈Sr}as its null spectrum.

Lemma 4. Suppose that a message m(x)is generated uniformly at random, a codeword c(x)of BCHq(n,k)is encoded by g(x)as (3), e(x)is generated by q-ary symmetric channel with error probabilitye, and k≥rk(αⁱ). Then, it is satisfied that

S_r(αi)=S_c(αi),∀i∈Src, (35) Pr r(αⁱ) =x

= ¹

q^rk(αi),∀x ∈S_r(αi),∀i∈Src. (36)

Proof. Fori ∈Src,S_c(αi)contains all the linear combinations of(αⁱ)⁰,(αⁱ)¹,· · ·,(αⁱ)ⁿ⁻¹overGF(q). Since the errore(x)is not a single symbol error anymore,S_e(αi)is defined as follows:

S_e(αi)=

e(αⁱ)

|

e(x) =

n−1

∑

j=0

ejx^j,ej∈GF(q)

. (37)

S_e(αi) also contains all the linear combinations of(αⁱ)⁰_, (αⁱ)¹_, · · ·, (αⁱ)ⁿ⁻¹ _over GF(q) _{and hence} S_r(αi)=S_c(αi)for anyi∈Srcbecauser(αⁱ) =c(αⁱ) +e(αⁱ).

The probability in (36) is derived as follows:

Pr r(αⁱ) =x

=Pr c(αⁱ) +e(αⁱ) =x

=

∑

y∈S_e(

αi)

Pr c(αⁱ) =x−y

Pr e(αⁱ) =y

= ¹

|S_c(αi)|

∑

y∈Se(αi)

Pr e(αⁱ) =y

= ¹

|S_c(αi)|

= ¹

q^rk(αi)

(38)

forx∈S_r(αi)andi∈Src.

As you can see from Lemmas3and4, the conclusions (31) and (32) and (35) and (36) are the same.

It implies that if the encoded messagem(x)is generated uniformly at random, the GFFT ofr(x)with respect toαⁱtakes a value inS_r(αi)uniformly at random regardless of the distribution ofe(x)fori∈Src. By Lemma4, the probability thatr(x)hasαⁱ as its root fori ∈ Srcis 1/q^rk(αi). Based on Lemma4, the performance of blind reconstruction method of BCH codes [15] is analyzed in the next section.

4. Analysis of Blind Reconstruction Method of BCH Codes 4.1. Blind Reconstruction Method of BCH Codes

In this subsection, the blind reconstruction method of BCH codes based on consecutive roots of generator polynomials [15] is described. In order to perform this method, it is assumed that the codeword synchronization is perfectly done and the code length n is known to the receiver.

Suppose thatM codewords are received. Thej-th received codeword is expressed in polynomial form asrj(x) = rj,0+rj,1x+· · ·+rj,n−1xⁿ⁻¹ and in vector form as rj = (rj,0,rj,1,· · ·,rj,n−1) for j∈ {1, 2,· · ·,M}. LetL_jdenote the set of pairs consisting of the lengthlof the consecutive roots and the starting valuesof these consecutive roots ofr_j(x)defined as follows:

L_j,

(s,l)

|

s∈ {1, 2,· · ·,n−1}, 2≤l ∈N^,rj(αⁱ) =0,∀i∈ C_s^l

, (39)

where C_s^l , ∪^s+l−1_i=s C_i. For example, if rj = (0, 0, 1, 0, 1, 1, 0) is received, then the GFFT of rj is R_j= (1, 0, 0, 1, 0, 1, 1), and thereforeL_j ={(5, 2)}. Note that 0<s<nand 2≤lof the elements inL_j. By using (39), forr_j(x), the maximum length of consecutive roots (MLCR)l^max_j and the corresponding starting value of consecutive roots (SVCR)s^max_j are obtained as follows:

(s^max_j ,l^max_j ) =arg max

(s_j,l_j)∈L_jlj. (40)

LetSmax denote the set of(s^max_j ,l_j^max)forj∈ {1, 2,· · ·,M}as follows:

Smax ,(s^max_j ,l^max_j )|j∈ {1, 2,· · ·,M} (41) The blind reconstruction method of BCH codes in [15] has two-stage processes.

1. First stage: The most frequents^max_j inSmax is selected and called a reference SVCR (R-SVCR), denoted assre f.

2. Second stage: The most frequentl^max_j among the pairs havings^max_j =s_{re f} inSmaxis selected and called a reference MLCR (R-MLCR), denoted aslre f.

By setting b = s_{re f} and d = l_{re f} +1 in (1), the generator polynomial of the used BCH code is reconstructed.

4.2. Performance Analysis of Blind Reconstruction Method of BCH Codes

In this subsection, the performance of blind reconstruction method in [15] is analyzed. Suppose thatBCHq(n,k)is used andMcodewords are received. The generator polynomialg₀(x)is set as in (1) withb=s0andd= l0+1. In order to succeed in blind reconstruction of this BCH code,sre f andlre f

should be correctly determined ass_{re f} =s0andl_{re f} =l0. Define the sets of received codewords,M(s,l), M^m(s,l),M^∗(s,l), andM^e(s,l)as follows:

M(s,l) =r_j(x)|(s,l)∈L_j , (42) M^m(s,l) =r_j(x)|(s^max_j ,l^max_j ) = (s,l) _{, (43)} M^∗(s,l) =

r_j(x)

|

r_j(x)∈M^m(s,l),r_j(αⁱ)6=0,∀i∈ {1, 2,· · ·,n−1} \ C_s^l

, (44)

M^e(s,l) =rj(x)|ej(x)6=0,rj(x)∈ M(s,l) . (45) Note thatM^∗(s,l)⊆M^m(s,l)⊆M(s,l). In order to succeed in the first stage of the blind reconstruction method, the following relation should be satisfied,

n−1

∑

l=2

|M^m(s0,l)|>

n−1

∑

l=2

|M^m(s,l)|,∀s6=s0. (46)

The relation (46) can be simplified as in the following Lemma5.

Lemma 5. If the following inequality is satisfied, then the first stage of the blind reconstruction of BCH codes in [15] always succeeds,

|M^∗(s0,l0)|>|M(s, 2)|,∀s6=s0, (47) and the success probability of the first stage is lower-bounded as

Pr n−1

l=2

∑

|M^m(s0,l)|>

n−1

∑

l=2

|M^m(s,l)|,∀s6=s0

≥Pr

|M^∗(s0,l0)|>|M(s, 2)|,∀s6=s0

. (48)

Proof. In order to succeed in the first stage of the blind reconstruction method in [15], the relation (46) should be satisfied. The LHS in (46) satisfies the following inequalities,

n−1

∑

l=2

|M^m(s0,l)|^(a)≥

n−1

∑

l=2

|M^∗(s0,l)|

(b)≥ |M^∗(s₀,l₀)|.

(49)

The first inequality (a) is derived by using M^∗(s0,l) ⊆ M^m(s0,l), and the second inequality (b) is trivial. The RHS in (46) satisfies the following inequality,

n−1

∑

l=2

|M^m(s,l)|^(a)=|

n−1 [

l=2

M^m(s,l)|

(b)≤ |

n−1 [

l=2

M(s,l)|

(c)=|M(s, 2)|.

(50)

The first equality (a) in (50) is derived by usingM^m(s,l)∩M^m(s,l⁰) = _∅for alll 6= l⁰. The second inequality (b) is derived by using M^m(s,l) ⊆ M(s,l). The third equality (c) is derived by using M(s,l⁰)⊆M(s,l)for alll⁰ >l.

Therefore, if|M^∗(s0,l0)|>|M(s, 2)|for anys6=s0, the first stage of the blind reconstruction method of BCH codes in [15] always succeeds. Furthermore, by the Equations (49) and (50), the inequality (48) clearly holds.

If the first stage succeeds, in order for the second stage to succeed, the following relation should be satisfied,

|M^m(s₀,l₀)|>|M^m(s₀,l)|,∀l6=l₀. (51) The relation (51) can be simplified as in the following Lemma6.

Lemma 6. If|M^∗(s0,l0)|>|M(s, 2)|,∀s6=s0, holds and the following inequality is satisfied, then the second stage of the blind reconstruction of BCH codes in [15] always succeeds,

|M^∗(s₀,l₀)|>|M^e(s₀, 2)|, (52) and the success probability of the second stage is lower-bounded as

Pr

|M^m(s₀,l₀)|>|M^m(s₀,l)|,∀l6=l₀

≥Pr

|M^∗(s₀,l₀)|>|M^e(s₀, 2)|

, (53)

where, for better readability, the given condition that |M^∗(s₀,l₀)| > |M(s, 2)|,∀s 6= s₀, is omitted in the probability.

Proof. Since |M^∗(s0,l0)| > |M(s, 2)| for any s 6= s0, |M^m(s0,l0)| > |M^m(s0,l)| holds for l > l0

as follows:

|M^m(s0,l)|^(a)≤ |M(s0+1,l−1)|

(b)<|M^∗(s0,l0)|

(c)

≤ |M^m(s₀,l₀)|.

(54)

The inequality (a) in (54) is derived by usingM^m(s0,l)⊆ M(s0+1,l−1). The inequality (b) is derived by using|M^∗(s0,l0)|>|M(s, 2)|fors6=s0and|M(s0+1, 2)| ≥ |M(s0+1,l−1)|. The inequality (c) is derived by usingM^∗(s0,l0)⊆M^m(s0,l0). Therefore, it remains to prove that our assumption implies

|M^m(s₀,l₀)|>|M^m(s₀,l)|forl <l₀.

If thej-th received codewordrj(x)is error-free (i.e.,ej(x) =0), thenrj(x) ∈/ M^m(s0,l)for all l < l0because rj(x) ∈ M(s0,l0)always holds. Therefore, ej(x) 6= 0 forrj(x) ∈ M^m(s0,l), l < l0

and then, the relation (51) can be simplified as |M^m(s0,l0)| > |M^m(s0,l)∩ {r_j(x) | e_j(x) 6= 0}|

forl < l₀. Since it is always satisfied that|M^m(s₀,l)∩ {r_j(x) | e_j(x) 6= 0}| ≤ |M(s₀,l)∩ {r_j(x) |

e_j(x) 6= 0}| = |M^e(s0,l)|, if |M^m(s0,l0)| > |M^e(s0,l)| for l < l0, the second stage succeeds.

Furthermore, since|M^e(s₀,l)| > |M^e(s₀,l⁰)|forl < l⁰, if|M^m(s₀,l₀)| >|M^e(s₀, 2)|is satisfied, then the second stage also succeeds. Note that the LHS in (51) satisfies that|M^m(_s0,l0)| ≥ |M^∗(_s0,l0)|. Therefore, if|M^∗(s0,l0)| ≥ |M^e(s0, 2)|is satisfied, then the second stage always succeeds.

The lower-bound on the success probability of the second stage is derived as follows:

Pr

|M^m(s0,l0)|>|M^m(s0,l)|,∀l6=l0

=_Pr

|M^m(s₀,l₀)|>|M^m(s₀,l)|,∀l≤l₀

=Pr

|M^m(s0,l0)|>|M^m(s0,l)∩ {rj(x)|ej(x)6=0}|,∀l ≤l0

≥Pr

|M^m(s₀,l₀)|>|M(s₀,l)∩ {r_j(x)|e_j(x)6=0}|,∀l≤l₀

=Pr

|M^m(s0,l0)|>|M^e(s0,l)|,∀l≤l0

=Pr

|M^m(s0,l0)|>|M^e(s0, 2)|

≥Pr

|M^∗(s₀,l₀)|>|M^e(s₀, 2)|

.

(55)

Note that, for better readability, the given condition that|M^∗(s₀,l₀)|>|M(s, 2)|,∀s6=s₀, is omitted in the probability.

By Lemmas5and6, if|M^∗(s0,l0)| > maxs6=s₀|M(s, 2)|and|M^∗(s0,l0)| > |M^e(s0, 2)|, then the blind reconstruction method of BCH code in [15] always succeeds. Moreover, the success probability of the blind reconstruction method of BCH code in [15] is lower-bounded, as in the following Theorem1.

Theorem 1. Suppose that randomly generated M codewords of BCHq(n,k), which uses the generator polynomial g(x)as in (1) with b = s0and d= l0+1, are received after passing through q-ary symmetric channel with error probabilitye. Then, the success probability of the blind reconstruction method of BCH codes in [15], denoted as Ps, is lower-bounded as follows:

Ps ≥

∑

M x=1

B(M,x,p0)

∏

C_i⊆C_s^l0₀^c

(_x−1

y=0

∑

B

M,y, 1 q^rk(αi)

)

∏

C_j⊆C_s^l0₀

(_x−1

y=0

∑

B

M,y,Pue C_j )

, (56)

where B(M,x,p) = (^M_x)p^x(1−p)^M−x, p0 = {(1−e)ⁿ+Pue(C_s^l0₀)}_∏

z∈C_s^l0

0

c 1−1/q^rk(αz)

, C_s^l0₀^c = {1, 2,· · ·,n−1} \ C_s^l0₀, and Pue(C)is the undetectable error probability of BCH code having{αⁱ|i∈ C}as its null spectrum.

Proof. By Lemmas5and6, if|M^∗(s₀,l₀)|>maxs6=s₀|M(s, 2)|and|M^∗(s₀,l₀)|>|M^e(s₀, 2)|, then the blind reconstruction of BCH codes in [15] always succeeds. In order to calculate the probability that

|M^∗(s0,l0)|>maxs6=s₀|M(s, 2)|and|M^∗(s0,l0)|>|M^e(s0, 2)|, the probabilities thatrj(x)∈ M^∗(s0,l0), r_j(x)∈M(s, 2), andr_j(x)∈ M^e(s0, 2)should be calculated, respectively.

If thej-th received codewordr_j(x)is error-free or has an undetectable error, it is always true thatr_j(x) ∈ M(s₀,l₀). Furthermore, ifr_j(αⁱ) 6= 0 fori ∈ C_s^l0₀^c, it is also true thatr_j(x) ∈ M^∗(s₀,l₀)_, whereC_s^l0₀^c={1, 2,· · ·,n−1} \ C_s^l0₀. Then, Pr rj(x)∈M^∗(s0,l0)is derived as follows:

Pr

rj(x)∈ M^∗(s0,l0)

=Pr

rj(αⁱ) =0,∀i∈ C_s^l0₀,rj(α^z)6=0,∀z∈ C_s^l0₀^c

(a)=Pr

r_j(αⁱ) =0,∀i∈ C_s^l0₀

∏

z∈C^l_s⁰

0 c

Pr

r_j(α^z)6=0

(b)=ⁿ(1−e)ⁿ+Pue C_s^l0₀^o

∏

z∈C_s^l0

0 c

1− ¹

q^{rk αz}

!

,p0,

(57)

wherePue(C_s^l0₀)is the undetectable error probability of BCH code having {αⁱ | i ∈ C_s^l0₀}as its null spectrum. In the equality (a) in (57),r_j(αⁱ)_fori∈ C^l_s⁰₀^coccurs uniformly at random because the message is generated uniformly at random. Therefore, the event thatrj(αⁱ) =0 for anyi∈ C_s^l0₀ and the event thatr_j(α^z) =0 for anyz∈ C_s^l0₀^care independent and hence the equality (a) holds. The equality (b) is derived by using Pr(rj(αⁱ) =0,∀i∈ C^l_s⁰₀) ={(1−e)ⁿ+Pue(C_s^l0₀)}and Lemma4.

The probability thatrj(x)∈M(s, 2)fors6=s0is calculated by using Lemma4as follows:

Pr

rj(x)∈M(s, 2)

=Pr

rj(αⁱ) =0,∀i∈ C_s²

=Pr

r_j(αⁱ) =0,∀i∈ C_s²∩ C_s^l0₀

Pr

r_j(α^z) =0,∀z∈ C_s²\ C_s^l0₀

=_Pr

r_j(αⁱ) =_0,∀i∈ C_s²∩ C_s^l0₀

∏

z∈C²_s\C_s^l0

0

Pr

r_j(α^z) =₀

=Pue C²_s ∩ C_s^l0₀

∏

z∈C_s²\C_s^l0

0

1 q^rk(αz).

(58)

For better readability,s6=s0is omitted in the probability.

LetM1(C_i)be{rj(x) | rj(α^z) = 0,∀z ∈ C_i}andM2(C_i)be{rj(x) | rj(α^z) = cj(α^z) +ej(α^z) = 0,∀z ∈ C_i,e_j(x) 6= 0}. If |M^∗(s₀,l₀)| is greater than |M₁(C_i)| for any C_i ⊆ C^l_s⁰₀^c and also greater than|M2(C_i)|for anyC_i ⊆ C^l_s⁰₀, it is also satisfied that|M^∗(s0,l0)| > |M(s, 2)| for anys 6= s0. It is because if there exists C_i ⊆ C_s²such that C_i ⊆ C_s^l0₀^c, it is true that |M^∗(s0,l0)| > |M(s, 2)| due to

|M^∗(s0,l0)| >|M1(C_i)| ≥ |M(s, 2)|for anyC_i ⊆ C_s^l0₀^c. Furthermore, if there existsC_i ⊆ C_s²such that C_i ⊆ C_s^l0₀, then it is also true that|M^∗(s0,l0)|>|M(s, 2)|due to|M^∗(s0,l0)|>|M2(C_i)| ≥ |M(s, 2)|for anyC_i ⊆ C_s^l0₀. Then, the condition for the success of the first stage of blind reconstruction method is simplified as follows:

|M^∗(s0,l0)|>|M₁(C_i)|,|M^∗(s0,l0)|>|M2(C_j)|,∀C_i⊆ C^l_s⁰₀^c,∀C_j⊆ C^l_s⁰₀. (59)