///////////////////////////////////////////////////////////////////////////
// PURPOSE:
// Computes the syndrome of a sparse vector
// of the binary BCH code of design distance d.
// The vector is viewed as a vector of 0's and 1's
// being indexed by all nonzero elements of GF2E; because
// it is sparse, it is given as the set a of
// elements of GF2E where the coordinates of the vector are equal to 1.
// If used to compute the secure sketch, the sketch will
// tolerate symmetric difference of up to (d-1)/2
//
//
// ALGORITHM:
// The syndrome is computed as a vector of
// f(j) = (a_0)^j + (a_2)^j + ... + (a_s)^j
// for odd i from 1 do d-1, where a_i is the i-th component
// of the input vector A.
// (only the odd j are needed, because
// f(2j) is simply the square of f(j)).
// Because in C++ we number from 0, f(j) will reside
// in location (j-1)/2.
//
//
// ASSUMPTIONS:
// Let m=GF2E::degree() (i.e., the field is GF(2^m)).
// Assumes d is odd,
// greater than 1, and less than 2^m (else BCH codes don't make sense).
// Assumes the input set has no zeros (they will be ignored)
//
//
// RUNNING TIME:
// Takes time O(len*d) operations in GF(2^m),
// where len is the length of the input vector
//
void BCHSyndromeCompute(vec_GF2E & ss, const vec_GF2E & a, long d)
{
GF2E a_i_to_the_j, multiplier;
long i, j;
ss.SetLength((d-1)/2); // half the syndrome length,
// because even power not needed
// We will compute the fs in parallel: first add
// all the powers of a_1, then of a_2, ..., then of a_s
for (i = 0; i < a.length(); ++i)
{
a_i_to_the_j = a[i];
sqr(multiplier, a[i]); // multiplier = a[i]*a[i];
// special-case 0, because it doesn't need to be multiplied
// by the multiplier
ss[0] += a_i_to_the_j;
for (long j = 3; j < d; j+=2)
{
a_i_to_the_j *= multiplier;
ss[(j-1)/2] += a_i_to_the_j;
}
}
}
static
void RecFindRoots(vec_GF2E& x, const GF2EX& f)
{
if (deg(f) == 0) return;
if (deg(f) == 1) {
long k = x.length();
x.SetLength(k+1);
x[k] = ConstTerm(f);
return;
}
GF2EX h;
GF2E r;
{
GF2EXModulus F;
build(F, f);
do {
random(r);
clear(h);
SetCoeff(h, 1, r);
TraceMap(h, h, F);
GCD(h, h, f);
} while (deg(h) <= 0 || deg(h) == deg(f));
}
RecFindRoots(x, h);
div(h, f, h);
RecFindRoots(x, h);
}
void mul(vec_GF2E& x, const vec_GF2E& a, const GF2E& b_in)
{
GF2E b = b_in;
long n = a.length();
x.SetLength(n);
long i;
for (i = 0; i < n; i++)
mul(x[i], a[i], b);
}
void add(vec_GF2E& x, const vec_GF2E& a, const vec_GF2E& b)
{
long n = a.length();
if (b.length() != n) LogicError("vector add: dimension mismatch");
x.SetLength(n);
long i;
for (i = 0; i < n; i++)
add(x[i], a[i], b[i]);
}
void FindRoots(vec_GF2E& x, const GF2EX& ff)
{
GF2EX f = ff;
if (!IsOne(LeadCoeff(f)))
Error("FindRoots: bad args");
x.SetMaxLength(deg(f));
x.SetLength(0);
RecFindRoots(x, f);
}
///////////////////////////////////////////////////////////////////////////
// Produces a vector res such that res[2i]=ss[i]
// and res[2i+1]=ss[i]*ss[i]
//
// Used to recover the redundant representation
// of the BCH syndrome (which includes even values of j)
// from the representation produced by BCHSyndromeCompute
// Because C++ indexes from 0, the j-th coordinate of the syndrome
// will end up in location j-1.
//
// Takes time O(d) operations in GF2E, where d is the output length
//
static
void InterpolateEvens(vec_GF2E & res, const vec_GF2E & ss)
{
// uses relation syn(j) = syn(j/2)^2 to recover syn from ss
long i;
res.SetLength(2*ss.length());
// odd coordinates (which, confusingly, means even i)
// are just copied from the input
for (i = 0; i < ss.length(); ++i)
res[2*i] = ss[i];
// even coordinates (odd i) are computed via squaring.
for (i = 1; i < res.length(); i+=2)
sqr(res[i], res[(i-1)/2]); // square
}
void VectorCopy(vec_GF2E& x, const vec_GF2E& a, long n)
{
if (n < 0) LogicError("VectorCopy: negative length");
if (NTL_OVERFLOW(n, 1, 0)) ResourceError("overflow in VectorCopy");
long m = min(n, a.length());
x.SetLength(n);
long i;
for (i = 0; i < m; i++)
x[i] = a[i];
for (i = m; i < n; i++)
clear(x[i]);
}
static
void mul_aux(vec_GF2E& x, const mat_GF2E& A, const vec_GF2E& b)
{
long n = A.NumRows();
long l = A.NumCols();
if (l != b.length())
LogicError("matrix mul: dimension mismatch");
x.SetLength(n);
long i, k;
GF2X acc, tmp;
for (i = 1; i <= n; i++) {
clear(acc);
for (k = 1; k <= l; k++) {
mul(tmp, rep(A(i,k)), rep(b(k)));
add(acc, acc, tmp);
}
conv(x(i), acc);
}
}
static
void mul_aux(vec_GF2E& x, const vec_GF2E& a, const mat_GF2E& B)
{
long n = B.NumRows();
long l = B.NumCols();
if (n != a.length())
LogicError("matrix mul: dimension mismatch");
x.SetLength(l);
long i, k;
GF2X acc, tmp;
for (i = 1; i <= l; i++) {
clear(acc);
for (k = 1; k <= n; k++) {
mul(tmp, rep(a(k)), rep(B(k,i)));
add(acc, acc, tmp);
}
conv(x(i), acc);
}
}
static
void solve_impl(GF2E& d, vec_GF2E& X, const mat_GF2E& A, const vec_GF2E& b, bool trans)
{
long n = A.NumRows();
if (A.NumCols() != n)
LogicError("solve: nonsquare matrix");
if (b.length() != n)
LogicError("solve: dimension mismatch");
if (n == 0) {
set(d);
X.SetLength(0);
return;
}
long i, j, k, pos;
GF2X t1, t2;
GF2X *x, *y;
const GF2XModulus& p = GF2E::modulus();
vec_GF2XVec M;
M.SetLength(n);
for (i = 0; i < n; i++) {
M[i].SetSize(n+1, 2*GF2E::WordLength());
if (trans)
for (j = 0; j < n; j++) M[i][j] = rep(A[j][i]);
else
for (j = 0; j < n; j++) M[i][j] = rep(A[i][j]);
M[i][n] = rep(b[i]);
}
GF2X det;
set(det);
for (k = 0; k < n; k++) {
pos = -1;
for (i = k; i < n; i++) {
rem(t1, M[i][k], p);
M[i][k] = t1;
if (pos == -1 && !IsZero(t1)) {
pos = i;
}
}
if (pos != -1) {
if (k != pos) {
swap(M[pos], M[k]);
}
MulMod(det, det, M[k][k], p);
// make M[k, k] == -1 mod p, and make row k reduced
InvMod(t1, M[k][k], p);
for (j = k+1; j <= n; j++) {
rem(t2, M[k][j], p);
MulMod(M[k][j], t2, t1, p);
}
for (i = k+1; i < n; i++) {
// M[i] = M[i] + M[k]*M[i,k]
t1 = M[i][k]; // this is already reduced
x = M[i].elts() + (k+1);
y = M[k].elts() + (k+1);
for (j = k+1; j <= n; j++, x++, y++) {
// *x = *x + (*y)*t1
mul(t2, *y, t1);
add(*x, *x, t2);
}
}
}
else {
clear(d);
return;
}
}
X.SetLength(n);
for (i = n-1; i >= 0; i--) {
clear(t1);
for (j = i+1; j < n; j++) {
mul(t2, rep(X[j]), M[i][j]);
add(t1, t1, t2);
}
add(t1, t1, M[i][n]);
conv(X[i], t1);
}
conv(d, det);
}