Reed–Muller code

Reed–Muller codes are error-correcting codes that are used in wireless communications applications, particularly in deep-space communication. Moreover, the proposed 5G standard relies on the closely related polar codes for error correction in the control channel. Due to their favorable theoretical and mathematical properties, Reed–Muller codes have also been extensively studied in theoretical computer science.

Reed–Muller codes generalize the Reed–Solomon codes and the Walsh–Hadamard code. Reed–Muller codes are linear block codes that are locally testable, locally decodable, and list decodable. These properties make them particularly useful in the design of probabilistically checkable proofs.

Traditional Reed–Muller codes are binary codes, which means that messages and codewords are binary strings. When r and m are integers with 0 ≤ r ≤ m, the Reed–Muller code with parameters r and m is denoted as RM(r, m). When asked to encode a message consisting of k bits, where $$\textstyle k=\sum_{i=0}^r \binom{m}{i}$$ holds, the RM(r, m) code produces a codeword consisting of 2m bits.

Reed–Muller codes are named after David E. Muller, who discovered the codes in 1954, and Irving S. Reed, who proposed the first efficient decoding algorithm.

Description using low-degree polynomials
Reed–Muller codes can be described in several different (but ultimately equivalent) ways. The description that is based on low-degree polynomials is quite elegant and particularly suited for their application as locally testable codes and locally decodable codes.

Encoder
A block code can have one or more encoding functions $ C:\{0,1\}^k\to\{0,1\}^{n} $ that map messages $ x\in\{0,1\}^k $  to codewords $ C(x)\in\{0,1\}^{n} $. The Reed–Muller code RM(r, m) has message length $$\textstyle k=\sum_{i=0}^r \binom{m}{i}$$ and block length $$\textstyle n=2^m$$. One way to define an encoding for this code is based on the evaluation of multilinear polynomials with m variables and total degree at most r. Every multilinear polynomial over the finite field with two elements can be written as follows: $$p_c(Z_1,\dots,Z_m) = \sum_{\underset{|S|\le r}{S\subseteq\{1,\dots,m\}}} c_S\cdot \prod_{i\in S} Z_i\,.$$ The $ Z_1,\dots,Z_m $ are the variables of the polynomial, and the values $ c_S\in\{0,1\} $  are the coefficients of the polynomial. Note that there are exactly $ k=\sum_{i=0}^r \binom{m}{i}$ coefficients. With this in mind, an input message consists of $ k $ values $ x\in\{0,1\}^k $  which are used as these coefficients. In this way, each message $ x $ gives rise to a unique polynomial $ p_x $  in m variables. To construct the codeword $ C(x) $, the encoder evaluates the polynomial $ p_x $ at all points $ Z=(Z_1,\ldots,Z_n)\in\{0,1\}^m $ , where the polynomial is taken with multiplication and addition mod 2 $(p_x(Z)\bmod 2) \in \{0,1\}$. That is, the encoding function is defined via$$C(x) = \left(p_x(Z)\bmod 2\right)_{Z\in\{0,1\}^m}\,.$$

The fact that the codeword $$C(x)$$ suffices to uniquely reconstruct $$x$$ follows from Lagrange interpolation, which states that the coefficients of a polynomial are uniquely determined when sufficiently many evaluation points are given. Since $$C(0)=0$$ and $$C(x+y)=C(x)+C(y) \bmod 2$$ holds for all messages $$x,y\in\{0,1\}^k$$, the function $$C$$ is a linear map. Thus the Reed–Muller code is a linear code.

Example
For the code RM(2, 4), the parameters are as follows:

$ \begin{align} r&=2\\ m&=4\\ k&=\textstyle\binom{4}{2}+\binom{4}{1}+\binom{4}{0}= 6+4+1=11\\ n&=2^m=16\\ \end{align} $

Let $ C:\{0,1\}^{11}\to\{0,1\}^{16} $ be the encoding function just defined. To encode the string x = 1 1010 010101 of length 11, the encoder first constructs the polynomial $ p_x $ in 4 variables:$$\begin{align} p_x(Z_1,Z_2,Z_3,Z_4) &= 1 + (1\cdot Z_1 + 0\cdot Z_2 + 1\cdot Z_3 + 0\cdot Z_4) + (0\cdot Z_1 Z_2 + 1\cdot Z_1Z_3 + 0\cdot Z_1Z_4 + 1\cdot Z_2Z_3 + 0\cdot Z_2Z_4+ 1\cdot Z_3Z_4)\\ &=1+Z_1+Z_3+Z_1Z_3+Z_2Z_3+Z_3Z_4 \end{align}$$Then it evaluates this polynomial at all 16 evaluation points (0101 means $$Z_1=0, Z_2=1, Z_3=0, Z_4=1)$$: $$ p_x(0000)= 1,\; p_x(0001)= 1,\; p_x(0010)= 0,\; p_x(0011)= 1,\;$$

$$ p_x(0100)= 1,\; p_x(0101)= 1,\; p_x(0110)= 1,\; p_x(0111)= 0,\;$$

$$ p_x(1000)= 0,\; p_x(1001)= 0,\; p_x(1010)= 0,\; p_x(1011)= 1,\;$$

$$ p_x(1100)= 0,\; p_x(1101)= 0,\; p_x(1110)= 1,\; p_x(1111)= 0\,.$$As a result, C(1 1010 010101) = 1101 1110 0001 0010 holds.

Decoder
As was already mentioned, Lagrange interpolation can be used to efficiently retrieve the message from a codeword. However, a decoder needs to work even if the codeword has been corrupted in a few positions, that is, when the received word is different from any codeword. In this case, a local decoding procedure can help.

The algorithm from Reed is based on the following property: you start from the code word, that is a sequence of evaluation points from an unknown polynomial $ p_x $ of $ {\mathbb F}_2[X_1,X_2,...,X_m] $  of degree at most $ r $  that you want to find. The sequence may contains any number of errors up to $ 2^{m-r-1}-1 $ included.

If you consider a monomial $ \mu $ of the highest degree $ d $  in $ p_x $  and sum all the evaluation points of the polynomial where all variables in $ \mu $  have the values 0 or 1, and all the other variables have value 0, you get the value of the coefficient (0 or 1) of $ \mu $  in $ p_x $  (There are $ 2^d $  such points). This is due to the fact that all lower monomial divisors of $ \mu $ appears an even number of time in the sum, and only $ \mu $  appears once.

To take into account the possibility of errors, you can also remark that you can fix the value of other variables to any value. So instead of doing the sum only once for other variables not in $ \mu $ with 0 value, you do it $ 2^{m-d} $  times for each fixed valuations of the other variables. If there is no error, all those sums should be equals to the value of the coefficient searched. The algorithm consists here to take the majority of the answers as the value searched. If the minority is larger than the maximum number of errors possible, the decoding step fails knowing there are too many errors in the input code.

Once a coefficient is computed, if it's 1, update the code to remove the monomial $ \mu $ from the input code and continue to next monomial, in reverse order of their degree.

Example
Let's consider the previous example and start from the code. With $ r=2, m=4 $ we can fix at most 1 error in the code. Consider the input code as 1101 1110 0001 0110 (this is the previous code with one error).

We know the degree of the polynomial $ p_x $ is at most $ r=2 $, we start by searching for monomial of degree 2.

The four sums don't agree (so we know there is an error), but the minority report is not larger than the maximum number of error allowed (1), so we take the majority and the coefficient of $ \mu $ is 1.
 * $ \mu=X_3X_4 $
 * we start by looking for evaluation points with $ X_1=0, X_2=0, X_3\in\{0,1\}, X_4\in\{0,1\}$ . In the code this is: 1101 1110 0001 0110. The first sum is 1 (odd number of 1).
 * we look for evaluation points with $ X_1=0, X_2=1, X_3\in\{0,1\}, X_4\in\{0,1\}$ . In the code this is: 1101 1110 0001 0110. The second sum is 1.
 * we look for evaluation points with $ X_1=1, X_2=0, X_3\in\{0,1\}, X_4\in\{0,1\}$ . In the code this is: 1101 1110 0001 0110. The third sum is 1.
 * we look for evaluation points with $ X_1=1, X_2=1, X_3\in\{0,1\}, X_4\in\{0,1\}$ . In the code this is: 1101 1110 0001 0110 . The third sum is 0 (even number of 1).

We remove $ \mu $ from the code before continue : code : 1101 1110 0001 0110, valuation of $ \mu $  is 0001000100010001, the new code is 1100 1111 0000 0111

One error detected, coefficient is 0, no change to current code. One error detected, coefficient is 0, no change to current code. One error detected, coefficient is 1, valuation of $ \mu $ is 0000 0011 0000 0011, current code is now 1100 1100 0000 0100.
 * $ \mu=X_2X_4 $
 * 11 00 11 11 0000 0111. Sum is 0
 * 11 00 11 11 0000 0111. Sum is 0
 * 1100 1111 00 00 01 11. Sum is 1
 * 1100 1111 00 00 01 11 . Sum is 0
 * $ \mu=X_1X_4 $
 * 11 00 1111 00 00 0111. Sum is 0
 * 11 00 1111 00 00 0111. Sum is 0
 * 1100 11 11 0000 01 11. Sum is 1
 * 1100 11 11 0000 01 11 . Sum is 0
 * $ \mu=X_2X_3 $
 * 1 1 0 0 1 1 1 1 0000 0111. Sum is 1
 * 1 1 0 0 1 1 1 1 0000 0111. Sum is 1
 * 1100 1111 0 0 0 0 0 1 1 1. Sum is 1
 * 1100 1111 0 0 0 0 0 1 1 1 . Sum is 0

One error detected, coefficient is 1, valuation of $ \mu $ is 0000 0000 0011 0011, current code is now 1100 1100 0011 0111. One error detected, coefficient is 0, no change to current code. We know now all coefficient of degree 2 for the polynomial, we can start mononials of degree 1. Notice that for each next degree, there are twice as much sums, and each sums is half smaller. One error detected, coefficient is 0, no change to current code. One error detected, coefficient is 1, valuation of $ \mu $ is 0011 0011 0011 0011, current code is now 1111 1111 0000 0100.
 * $ \mu=X_1X_3 $
 * 1 1 0 0 1100 0 0 0 0 0100. Sum is 1
 * 1 1 0 0 1100 0 0 0 0 0100. Sum is 1
 * 1100 1 1 0 0 0000 0 1 0 0. Sum is 1
 * 1100 1 1 0 0 0000 0 1 0 0 . Sum is 0
 * $ \mu=X_1X_2$
 * 1 100 1 100 0 011 0 111. Sum is 0
 * 1 1 00 1 1 00 0 0 11 0 1 11. Sum is 1
 * 11 0 0 11 0 0 00 1 1 01 1 1. Sum is 0
 * 110 0 110 0 001 1 011 1 . Sum is 0
 * $ \mu=X_4 $
 * 11 00 1100 0011 0111. Sum is 0
 * 11 00 1100 0011 0111. Sum is 0
 * 1100 11 00 0011 0111. Sum is 0
 * 1100 11 00 0011 0111. Sum is 0
 * 1100 1100 00 11 0111. Sum is 0
 * 1100 1100 00 11 0111. Sum is 0
 * 1100 1100 0011 01 11. Sum is 1
 * 1100 1100 0011 01 11 . Sum is 0
 * $ \mu=X_3 $
 * 1 1 0 0 1100 0011 0111. Sum is 1
 * 1 1 0 0 1100 0011 0111. Sum is 1
 * 1100 1 1 0 0 0011 0111. Sum is 1
 * 1100 1 1 0 0 0011 0111. Sum is 1
 * 1100 1100 0 0 1 1 0111. Sum is 1
 * 1100 1100 0 0 1 1 0111. Sum is 1
 * 1100 1100 0011 0 1 1 1. Sum is 1
 * 1100 1100 0011 0 1 1 1 . Sum is 0

Then we'll find 0 for $ \mu=X_2 $, 1 for $ \mu=X_1 $ and the current code become 1111 1111 1111 1011.

For the degree 0, we have 16 sums of only 1 bit. The minority is still of size 1, and we found $ p_x=1+X_1+X_3+X_1X_3+X_2X_3+X_3X_4$ and the corresponding initial word 1 1010 010101

Generalization to larger alphabets via low-degree polynomials
Using low-degree polynomials over a finite field $$\mathbb F$$ of size $$q$$, it is possible to extend the definition of Reed–Muller codes to alphabets of size $$q$$. Let $$m$$ and $$d$$ be positive integers, where $$m$$ should be thought of as larger than $$d$$. To encode a message $x\in\mathbb F^k$ of width $$k=\textstyle\binom{m+d}{m}$$, the message is again interpreted as an $$m$$-variate polynomial $$p_x$$ of total degree at most $$d$$ and with coefficient from $$\mathbb F$$. Such a polynomial indeed has $$\textstyle\binom{m+d}{m}$$ coefficients. The Reed–Muller encoding of $$x$$ is the list of all evaluations of $$p_x(a)$$ over all $$a\in\mathbb F^m$$. Thus the block length is $$n=q^m$$.

Description using a generator matrix
A generator matrix for a Reed–Muller code RM(r, m) of length N = 2m can be constructed as follows. Let us write the set of all m-dimensional binary vectors as:


 * $$ X = \mathbb{F}_2^m = \{ x_1, \ldots, x_{N} \}. $$

We define in N-dimensional space $$\mathbb{F}_2^N$$ the indicator vectors


 * $$\mathbb{I}_A \in \mathbb{F}_2^N$$

on subsets $$ A \subset X $$ by:


 * $$\left( \mathbb{I}_A \right)_i = \begin{cases} 1 & \mbox{ if } x_i \in A \\ 0 & \mbox{ otherwise} \\ \end{cases} $$

together with, also in $$\mathbb{F}_2^N$$, the binary operation


 * $$ w \wedge z = (w_1 \cdot z_1, \ldots, w_N \cdot z_N ), $$

referred to as the wedge product (not to be confused with the wedge product defined in exterior algebra). Here, $$w=(w_1,w_2,\ldots,w_N)$$ and $$z=(z_1,z_2,\ldots, z_N)$$ are points in $$\mathbb{F}_2^N$$ (N-dimensional binary vectors), and the operation $$\cdot$$ is the usual multiplication in the field $$\mathbb{F}_2$$.

$$\mathbb{F}_2^m$$ is an m-dimensional vector space over the field $$\mathbb{F}_2$$, so it is possible to write

$$(\mathbb{F}_2)^m = \{ (y_m, \ldots, y_1) \mid y_i \in \mathbb{F}_2 \} .$$

We define in N-dimensional space $$\mathbb{F}_2^N$$ the following vectors with length $$ N: v_0 = (1,1,\ldots,1) $$ and


 * $$ v_i = \mathbb{I}_{ H_i } ,$$

where 1 ≤ i ≤ m and the Hi are hyperplanes in $$(\mathbb{F}_2)^m$$ (with dimension m &minus; 1):


 * $$H_i = \{ y \in ( \mathbb{F}_2 ) ^m \mid y_i = 0 \} .$$

The generator matrix
The Reed–Muller RM(r, m) code of order r and length N = 2m is the code generated by v0 and the wedge products of up to r of the vi, 1 ≤ i ≤ m (where by convention a wedge product of fewer than one vector is the identity for the operation). In other words, we can build a generator matrix for the RM(r, m) code, using vectors and their wedge product permutations up to r at a time $${v_0, v_1, \ldots, v_n, \ldots, (v_{i_1} \wedge v_{i_2}), \ldots (v_{i_1} \wedge v_{i_2} \ldots \wedge v_{i_r})}$$, as the rows of the generator matrix, where 1 ≤ ik ≤ m.

Example 1
Let m = 3. Then N = 8, and


 * $$ X = \mathbb{F}_2^3 = \{ (0,0,0), (0,0,1), (0,1,0) \ldots, (1,1,1) \}, $$

and



\begin{align} v_0 & = (1,1,1,1,1,1,1,1) \\[2pt] v_1 & = (1,0,1,0,1,0,1,0) \\[2pt] v_2 & = (1,1,0,0,1,1,0,0) \\[2pt] v_3 & = (1,1,1,1,0,0,0,0). \end{align} $$

The RM(1,3) code is generated by the set


 * $$ \{ v_0, v_1, v_2, v_3 \},\, $$

or more explicitly by the rows of the matrix:



\begin{pmatrix} 1 & 1 & 1 & 1 & 1 & 1 & 1 & 1 \\ 1 & 0 & 1 & 0 & 1 & 0 & 1 & 0 \\ 1 & 1 & 0 & 0 & 1 & 1 & 0 & 0 \\ 1 & 1 & 1 & 1 & 0 & 0 & 0 & 0 \end{pmatrix} $$

Example 2
The RM(2,3) code is generated by the set:
 * $$ \{ v_0, v_1, v_2, v_3, v_1 \wedge v_2, v_1 \wedge v_3, v_2 \wedge v_3 \} $$

or more explicitly by the rows of the matrix:



\begin{pmatrix} 1 & 1 & 1 & 1 & 1 & 1 & 1 & 1 \\ 1 & 0 & 1 & 0 & 1 & 0 & 1 & 0 \\ 1 & 1 & 0 & 0 & 1 & 1 & 0 & 0 \\ 1 & 1 & 1 & 1 & 0 & 0 & 0 & 0 \\ 1 & 0 & 0 & 0 & 1 & 0 & 0 & 0 \\ 1 & 0 & 1 & 0 & 0 & 0 & 0 & 0 \\ 1 & 1 & 0 & 0 & 0 & 0 & 0 & 0 \\ \end{pmatrix} $$

Properties
The following properties hold:


 * 1) The set of all possible wedge products of up to m of the vi form a basis for $$\mathbb{F}_2^N$$.
 * 2) The RM&thinsp;(r, m) code has rank
 * $$ \sum_{s=0}^r {m \choose s}. $$
 * 1) $RM&thinsp;(r, m) = RM&thinsp;(r, m &minus; 1) | RM&thinsp;(r &minus; 1, m &minus; 1)$ where '|' denotes the bar product of two codes.
 * 2) $RM&thinsp;(r, m)$ has minimum Hamming weight 2m &minus; r.

Proof
1. There are


 * $ \sum_{s=0}^m { m \choose s } = 2^m = N $

such vectors and $\mathbb{F}_2^N$ have dimension N so it is sufficient to check that the N vectors span; equivalently it is sufficient to check that $\mathrm{RM}(m, m) = \mathbb{F}_2^N$.

Let x be a binary vector of length m, an element of X. Let (x)i denote the ith element of x. Define


 * $y_i = \begin{cases} v_i & \text{ if } (x)_i = 0 \\ v_0+v_i & \text{ if } (x)_i = 1 \\ \end{cases} $

where 1 ≤ i ≤m.

Then $\mathbb{I}_{ \{ x \} } = y_1 \wedge \cdots \wedge y_m $

Expansion via the distributivity of the wedge product gives $ \mathbb{I}_{ \{ x \} } \in \mathrm{RM}(m,m) $. Then since the vectors $\{ \mathbb{I}_{ \{ x \} } \mid x \in X \} $ span $\mathbb{F}_2^N$ we have $\mathrm{RM}(m,n)=\mathbb{F}_2^N$.

2. By 1, all such wedge products must be linearly independent, so the rank of RM(r, m) must simply be the number of such vectors.

3. Omitted.

Decoding RM codes
RM(r, m) codes can be decoded using majority logic decoding. The basic idea of majority logic decoding is to build several checksums for each received code word element. Since each of the different checksums must all have the same value (i.e. the value of the message word element weight), we can use a majority logic decoding to decipher the value of the message word element. Once each order of the polynomial is decoded, the received word is modified accordingly by removing the corresponding codewords weighted by the decoded message contributions, up to the present stage. So for a rth order RM code, we have to decode iteratively r+1, times before we arrive at the final received code-word. Also, the values of the message bits are calculated through this scheme; finally we can calculate the codeword by multiplying the message word (just decoded) with the generator matrix.

One clue if the decoding succeeded, is to have an all-zero modified received word, at the end of (r + 1)-stage decoding through the majority logic decoding. This technique was proposed by Irving S. Reed, and is more general when applied to other finite geometry codes.

Description using a recursive construction
A Reed–Muller code RM(r,m) exists for any integers $$m \ge 0$$ and $$0 \le r \le m$$. RM(m, m) is defined as the universe ($$2^m,2^m,1$$) code. RM(&minus;1,m) is defined as the trivial code ($$2^m,0,\infty$$). The remaining RM codes may be constructed from these elementary codes using the length-doubling construction


 * $$\mathrm{RM}(r,m) = \{(\mathbf{u},\mathbf{u}+\mathbf{v})\mid\mathbf{u} \in \mathrm{RM}(r,m-1),\mathbf{v} \in \mathrm{RM}(r-1,m-1)\}.$$

From this construction, RM(r,m) is a binary linear block code (n, k, d) with length $RM(0, m)$, dimension $$k(r,m)=k(r,m-1)+k(r-1,m-1)$$ and minimum distance $$d = 2^{m-r}$$ for $$r \ge 0$$. The dual code to RM(r,m) is RM(m-r-1,m). This shows that repetition and SPC codes are duals, biorthogonal and extended Hamming codes are duals and that codes with $N =2^{m}$ are self-dual.

Table of all RM(r,m) codes for m≤5
All $RM(r,m &minus; 1)$ codes with $$0\le m\le 5$$ and alphabet size 2 are displayed here, annotated with the standard [n,k,d] coding theory notation for block codes. The code $2^{m&minus;1&minus;r}$ is a $$\textstyle [2^m,k,2^{m-r}]_2$$-code, that is, it is a linear code over a binary alphabet, has block length $$\textstyle 2^m$$, message length (or dimension) $k$, and minimum distance $$\textstyle 2^{m-r}$$.

Properties of RM(r,m) codes for r≤1 or r≥m-1

 * $RM(r &minus; 1,m &minus; 1)$ codes are repetition codes of length $2^{m&minus;1&minus;(r&minus;1)} = 2^{m&minus;r}$, rate $${R=\tfrac{1}{N}}$$ and minimum distance $$d_\min = N$$.
 * $n = 2^{m}$ codes are parity check codes of length $k = n/2$, rate $$R=\tfrac{m+1}{N}$$ and minimum distance $$d_\min = \tfrac{N}{2}$$.
 * $RM(r, m)$ codes are single parity check codes of length $RM(r, m)$, rate $$R=\tfrac{N-1}{N}$$ and minimum distance $$d_\min = 2$$.
 * $RM(m,m)$ codes are the family of extended Hamming codes of length $2^{m}$ with minimum distance $$d_\min = 4$$.