BCH code

Given a prime number q and prime power q^m with positive integers m and d such that d ≤ q^m − 1, a primitive narrow-sense BCH code over the finite field (or Galois field) GF(q) with code length n = q^m − 1 and distance at least d is constructed by the following method.

Let α be a primitive element of GF(q^m). For any positive integer i, let m_i(x) be the minimal polynomial with coefficients in GF(q) of αⁱ. The generator polynomial of the BCH code is defined as the least common multiple g(x) = lcm(m₁(x),…,m_{d − 1}(x)). It can be seen that g(x) is a polynomial with coefficients in GF(q) and divides xⁿ − 1. Therefore, the polynomial code defined by g(x) is a cyclic code.

Let q = 2 and m = 4 (therefore n = 15). We will consider different values of d for GF(16) = GF(2⁴) based on the reducing polynomial z⁴ + z + 1, using primitive element α(z) = z. There are fourteen minimum polynomials m_i(x) with coefficients in GF(2) satisfying

${\displaystyle m_{i}\left(\alpha ^{i}\right){\bmod {\left(z^{4}+z+1\right)}}=0.}$

The minimal polynomials are

${\displaystyle {\begin{aligned}m_{1}(x)&=m_{2}(x)=m_{4}(x)=m_{8}(x)=x^{4}+x+1,\\m_{3}(x)&=m_{6}(x)=m_{9}(x)=m_{12}(x)=x^{4}+x^{3}+x^{2}+x+1,\\m_{5}(x)&=m_{10}(x)=x^{2}+x+1,\\m_{7}(x)&=m_{11}(x)=m_{13}(x)=m_{14}(x)=x^{4}+x^{3}+1.\end{aligned}}}$

The BCH code with ${\displaystyle d=2,3}$ has the generator polynomial

${\displaystyle g(x)={\rm {lcm}}(m_{1}(x),m_{2}(x))=m_{1}(x)=x^{4}+x+1.\,}$

It has minimal Hamming distance at least 3 and corrects up to one error. Since the generator polynomial is of degree 4, this code has 11 data bits and 4 checksum bits. It is also denoted as: (15, 11) BCH code.

The BCH code with ${\displaystyle d=4,5}$ has the generator polynomial

${\displaystyle {\begin{aligned}g(x)&={\rm {lcm}}(m_{1}(x),m_{2}(x),m_{3}(x),m_{4}(x))=m_{1}(x)m_{3}(x)\\&=\left(x^{4}+x+1\right)\left(x^{4}+x^{3}+x^{2}+x+1\right)=x^{8}+x^{7}+x^{6}+x^{4}+1.\end{aligned}}}$

It has minimal Hamming distance at least 5 and corrects up to two errors. Since the generator polynomial is of degree 8, this code has 7 data bits and 8 checksum bits. It is also denoted as: (15, 7) BCH code.

The BCH code with ${\displaystyle d=6,7}$ has the generator polynomial

${\displaystyle {\begin{aligned}g(x)&={\rm {lcm}}(m_{1}(x),m_{2}(x),m_{3}(x),m_{4}(x),m_{5}(x),m_{6}(x))=m_{1}(x)m_{3}(x)m_{5}(x)\\&=\left(x^{4}+x+1\right)\left(x^{4}+x^{3}+x^{2}+x+1\right)\left(x^{2}+x+1\right)=x^{10}+x^{8}+x^{5}+x^{4}+x^{2}+x+1.\end{aligned}}}$

It has minimal Hamming distance at least 7 and corrects up to three errors. Since the generator polynomial is of degree 10, this code has 5 data bits and 10 checksum bits. It is also denoted as: (15, 5) BCH code. (This particular generator polynomial has a real-world application, in the "format information" of the QR code.)

The BCH code with ${\displaystyle d=8}$ and higher has the generator polynomial

${\displaystyle {\begin{aligned}g(x)&={\rm {lcm}}(m_{1}(x),m_{2}(x),...,m_{14}(x))=m_{1}(x)m_{3}(x)m_{5}(x)m_{7}(x)\\&=\left(x^{4}+x+1\right)\left(x^{4}+x^{3}+x^{2}+x+1\right)\left(x^{2}+x+1\right)\left(x^{4}+x^{3}+1\right)=x^{14}+x^{13}+x^{12}+\cdots +x^{2}+x+1.\end{aligned}}}$

This code has minimal Hamming distance 15 and corrects 7 errors. It has 1 data bit and 14 checksum bits. It is also denoted as: (15, 1) BCH code. In fact, this code has only two codewords: 000000000000000 and 111111111111111 (a trivial repetition code).

General BCH codes differ from primitive narrow-sense BCH codes in two respects.

First, the requirement that ${\displaystyle \alpha }$ be a primitive element of ${\displaystyle \mathrm {GF} (q^{m})}$ can be relaxed. By relaxing this requirement, the code length changes from ${\displaystyle q^{m}-1}$ to ${\displaystyle \mathrm {ord} (\alpha ),}$ the order of the element ${\displaystyle \alpha .}$

Second, the consecutive roots of the generator polynomial may run from ${\displaystyle \alpha ^{c},\ldots ,\alpha ^{c+d-2}}$ instead of ${\displaystyle \alpha ,\ldots ,\alpha ^{d-1}.}$

Definition. Fix a finite field ${\displaystyle GF(q),}$ where ${\displaystyle q}$ is a prime power. Choose positive integers ${\displaystyle m,n,d,c}$ such that ${\displaystyle 2\leq d\leq n,}$ ${\displaystyle {\rm {gcd}}(n,q)=1,}$ and ${\displaystyle m}$ is the multiplicative order of ${\displaystyle q}$ modulo ${\displaystyle n.}$

As before, let ${\displaystyle \alpha }$ be a primitive ${\displaystyle n}$th root of unity in ${\displaystyle GF(q^{m}),}$ and let ${\displaystyle m_{i}(x)}$ be the minimal polynomial over ${\displaystyle GF(q)}$ of ${\displaystyle \alpha ^{i}}$ for all ${\displaystyle i.}$ The generator polynomial of the BCH code is defined as the least common multiple ${\displaystyle g(x)={\rm {lcm}}(m_{c}(x),\ldots ,m_{c+d-2}(x)).}$

Note: if ${\displaystyle n=q^{m}-1}$ as in the simplified definition, then ${\displaystyle {\rm {gcd}}(n,q)}$ is 1, and the order of ${\displaystyle q}$ modulo ${\displaystyle n}$ is ${\displaystyle m.}$ Therefore, the simplified definition is indeed a special case of the general one.

• A BCH code with ${\displaystyle c=1}$ is called a narrow-sense BCH code.
• A BCH code with ${\displaystyle n=q^{m}-1}$ is called primitive.

The generator polynomial ${\displaystyle g(x)}$ of a BCH code has coefficients from ${\displaystyle \mathrm {GF} (q).}$ In general, a cyclic code over ${\displaystyle \mathrm {GF} (q^{p})}$ with ${\displaystyle g(x)}$ as the generator polynomial is called a BCH code over ${\displaystyle \mathrm {GF} (q^{p}).}$ The BCH code over ${\displaystyle \mathrm {GF} (q^{m})}$ and generator polynomial ${\displaystyle g(x)}$ with successive powers of ${\displaystyle \alpha }$ as roots is one type of Reed–Solomon code where the decoder (syndromes) alphabet is the same as the channel (data and generator polynomial) alphabet, all elements of ${\displaystyle \mathrm {GF} (q^{m})}$ .^[6] The other type of Reed Solomon code is an original view Reed Solomon code which is not a BCH code.

The generator polynomial of a BCH code has degree at most ${\displaystyle (d-1)m}$. Moreover, if ${\displaystyle q=2}$ and ${\displaystyle c=1}$, the generator polynomial has degree at most ${\displaystyle dm/2}$.

A BCH code has minimal Hamming distance at least ${\displaystyle d}$.

A BCH code is cyclic.

Because any polynomial that is a multiple of the generator polynomial is a valid BCH codeword, BCH encoding is merely the process of finding some polynomial that has the generator as a factor.

The BCH code itself is not prescriptive about the meaning of the coefficients of the polynomial; conceptually, a BCH decoding algorithm's sole concern is to find the valid codeword with the minimal Hamming distance to the received codeword. Therefore, the BCH code may be implemented either as a systematic code or not, depending on how the implementor chooses to embed the message in the encoded polynomial.

The most straightforward way to find a polynomial that is a multiple of the generator is to compute the product of some arbitrary polynomial and the generator. In this case, the arbitrary polynomial can be chosen using the symbols of the message as coefficients.

${\displaystyle s(x)=p(x)g(x)}$

As an example, consider the generator polynomial ${\displaystyle g(x)=x^{10}+x^{9}+x^{8}+x^{6}+x^{5}+x^{3}+1}$, chosen for use in the (31, 21) binary BCH code used by POCSAG and others. To encode the 21-bit message {101101110111101111101}, we first represent it as a polynomial over ${\displaystyle GF(2)}$:

${\displaystyle p(x)=x^{20}+x^{18}+x^{17}+x^{15}+x^{14}+x^{13}+x^{11}+x^{10}+x^{9}+x^{8}+x^{6}+x^{5}+x^{4}+x^{3}+x^{2}+1}$

Then, compute (also over ${\displaystyle GF(2)}$):

${\displaystyle {\begin{aligned}s(x)&=p(x)g(x)\\&=\left(x^{20}+x^{18}+x^{17}+x^{15}+x^{14}+x^{13}+x^{11}+x^{10}+x^{9}+x^{8}+x^{6}+x^{5}+x^{4}+x^{3}+x^{2}+1\right)\left(x^{10}+x^{9}+x^{8}+x^{6}+x^{5}+x^{3}+1\right)\\&=x^{30}+x^{29}+x^{26}+x^{25}+x^{24}+x^{22}+x^{19}+x^{17}+x^{16}+x^{15}+x^{14}+x^{12}+x^{10}+x^{9}+x^{8}+x^{6}+x^{5}+x^{4}+x^{2}+1\end{aligned}}}$

Thus, the transmitted codeword is {1100111010010111101011101110101}.

The receiver can use these bits as coefficients in ${\displaystyle s(x)}$ and, after error-correction to ensure a valid codeword, can recompute ${\displaystyle p(x)=s(x)/g(x)}$

A systematic code is one in which the message appears verbatim somewhere within the codeword. Therefore, systematic BCH encoding involves first embedding the message polynomial within the codeword polynomial, and then adjusting the coefficients of the remaining (non-message) terms to ensure that ${\displaystyle s(x)}$ is divisible by ${\displaystyle g(x)}$.

This encoding method leverages the fact that subtracting the remainder from a dividend results in a multiple of the divisor. Hence, if we take our message polynomial ${\displaystyle p(x)}$ as before and multiply it by ${\displaystyle x^{n-k}}$ (to "shift" the message out of the way of the remainder), we can then use Euclidean division of polynomials to yield:

${\displaystyle p(x)x^{n-k}=q(x)g(x)+r(x)}$

Here, we see that ${\displaystyle q(x)g(x)}$ is a valid codeword. As ${\displaystyle r(x)}$ is always of degree less than ${\displaystyle n-k}$ (which is the degree of ${\displaystyle g(x)}$), we can safely subtract it from ${\displaystyle p(x)x^{n-k}}$ without altering any of the message coefficients, hence we have our ${\displaystyle s(x)}$ as

${\displaystyle s(x)=q(x)g(x)=p(x)x^{n-k}-r(x)}$

Over ${\displaystyle GF(2)}$ (i.e. with binary BCH codes), this process is indistinguishable from appending a cyclic redundancy check, and if a systematic binary BCH code is used only for error-detection purposes, we see that BCH codes are just a generalization of the mathematics of cyclic redundancy checks.

The advantage to the systematic coding is that the receiver can recover the original message by discarding everything after the first ${\displaystyle k}$ coefficients, after performing error correction.

There are many algorithms for decoding BCH codes. The most common ones follow this general outline:

1. Calculate the syndromes s_j for the received vector
2. Determine the number of errors t and the error locator polynomial Λ(x) from the syndromes
3. Calculate the roots of the error location polynomial to find the error locations X_i
4. Calculate the error values Y_i at those error locations
5. Correct the errors

During some of these steps, the decoding algorithm may determine that the received vector has too many errors and cannot be corrected. For example, if an appropriate value of t is not found, then the correction would fail. In a truncated (not primitive) code, an error location may be out of range. If the received vector has more errors than the code can correct, the decoder may unknowingly produce an apparently valid message that is not the one that was sent.

The received vector ${\displaystyle R}$ is the sum of the correct codeword ${\displaystyle C}$ and an unknown error vector ${\displaystyle E.}$ The syndrome values are formed by considering ${\displaystyle R}$ as a polynomial and evaluating it at ${\displaystyle \alpha ^{c},\ldots ,\alpha ^{c+d-2}.}$ Thus the syndromes are^[7]

${\displaystyle s_{j}=R\left(\alpha ^{j}\right)=C\left(\alpha ^{j}\right)+E\left(\alpha ^{j}\right)}$

for ${\displaystyle j=c}$ to ${\displaystyle c+d-2.}$

Since ${\displaystyle \alpha ^{j}}$ are the zeros of ${\displaystyle g(x),}$ of which ${\displaystyle C(x)}$ is a multiple, ${\displaystyle C\left(\alpha ^{j}\right)=0.}$ Examining the syndrome values thus isolates the error vector so one can begin to solve for it.

If there is no error, ${\displaystyle s_{j}=0}$ for all ${\displaystyle j.}$ If the syndromes are all zero, then the decoding is done.

If there are nonzero syndromes, then there are errors. The decoder needs to figure out how many errors and the location of those errors.

If there is a single error, write this as ${\displaystyle E(x)=e\,x^{i},}$ where ${\displaystyle i}$ is the location of the error and ${\displaystyle e}$ is its magnitude. Then the first two syndromes are

${\displaystyle {\begin{aligned}s_{c}&=e\,\alpha ^{c\,i}\\s_{c+1}&=e\,\alpha ^{(c+1)\,i}=\alpha ^{i}s_{c}\end{aligned}}}$

so together they allow us to calculate ${\displaystyle e}$ and provide some information about ${\displaystyle i}$ (completely determining it in the case of Reed–Solomon codes).

If there are two or more errors,

${\displaystyle E(x)=e_{1}x^{i_{1}}+e_{2}x^{i_{2}}+\cdots \,}$

It is not immediately obvious how to begin solving the resulting syndromes for the unknowns ${\displaystyle e_{k}}$ and ${\displaystyle i_{k}.}$

The first step is finding, compatible with computed syndromes and with minimal possible ${\displaystyle t,}$ locator polynomial:

${\displaystyle \Lambda (x)=\prod _{j=1}^{t}\left(x\alpha ^{i_{j}}-1\right)}$

Three popular algorithms for this task are:

1. Peterson–Gorenstein–Zierler algorithm
2. Berlekamp–Massey algorithm
3. Sugiyama Euclidean algorithm

Peterson's algorithm is the step 2 of the generalized BCH decoding procedure. Peterson's algorithm is used to calculate the error locator polynomial coefficients ${\displaystyle \lambda _{1},\lambda _{2},\dots ,\lambda _{v}}$ of a polynomial

${\displaystyle \Lambda (x)=1+\lambda _{1}x+\lambda _{2}x^{2}+\cdots +\lambda _{v}x^{v}.}$

Now the procedure of the Peterson–Gorenstein–Zierler algorithm.^[8] Expect we have at least 2t syndromes s_c, …, s_c+2t−1. Let v = t.

Now that you have the ${\displaystyle \Lambda (x)}$ polynomial, its roots can be found in the form ${\displaystyle \Lambda (x)=\left(\alpha ^{i_{1}}x-1\right)\left(\alpha ^{i_{2}}x-1\right)\cdots \left(\alpha ^{i_{v}}x-1\right)}$ by brute force for example using the Chien search algorithm. The exponential powers of the primitive element ${\displaystyle \alpha }$ will yield the positions where errors occur in the received word; hence the name 'error locator' polynomial.

The zeros of Λ(x) are α^−i₁, …, α^−i_v.

Once the error locations are known, the next step is to determine the error values at those locations. The error values are then used to correct the received values at those locations to recover the original codeword.

For the case of binary BCH, (with all characters readable) this is trivial; just flip the bits for the received word at these positions, and we have the corrected code word. In the more general case, the error weights ${\displaystyle e_{j}}$ can be determined by solving the linear system

${\displaystyle {\begin{aligned}s_{c}&=e_{1}\alpha ^{c\,i_{1}}+e_{2}\alpha ^{c\,i_{2}}+\cdots \\s_{c+1}&=e_{1}\alpha ^{(c+1)\,i_{1}}+e_{2}\alpha ^{(c+1)\,i_{2}}+\cdots \\&{}\ \vdots \end{aligned}}}$

However, there is a more efficient method known as the Forney algorithm.

Let

${\displaystyle S(x)=s_{c}+s_{c+1}x+s_{c+2}x^{2}+\cdots +s_{c+d-2}x^{d-2}.}$

${\displaystyle v\leqslant d-1,\lambda _{0}\neq 0\qquad \Lambda (x)=\sum _{i=0}^{v}\lambda _{i}x^{i}=\lambda _{0}\prod _{k=0}^{v}\left(\alpha ^{-i_{k}}x-1\right).}$

And the error evaluator polynomial^[9]

${\displaystyle \Omega (x)\equiv S(x)\Lambda (x){\bmod {x^{d-1}}}}$

Finally:

${\displaystyle \Lambda '(x)=\sum _{i=1}^{v}i\cdot \lambda _{i}x^{i-1},}$

where

${\displaystyle i\cdot x:=\sum _{k=1}^{i}x.}$

Than if syndromes could be explained by an error word, which could be nonzero only on positions ${\displaystyle i_{k}}$, then error values are

${\displaystyle e_{k}=-{\alpha ^{i_{k}}\Omega \left(\alpha ^{-i_{k}}\right) \over \alpha ^{c\cdot i_{k}}\Lambda '\left(\alpha ^{-i_{k}}\right)}.}$

For narrow-sense BCH codes, c = 1, so the expression simplifies to:

${\displaystyle e_{k}=-{\Omega \left(\alpha ^{-i_{k}}\right) \over \Lambda '\left(\alpha ^{-i_{k}}\right)}.}$

It is based on Lagrange interpolation and techniques of generating functions.

Consider ${\displaystyle S(x)\Lambda (x),}$ and for the sake of simplicity suppose ${\displaystyle \lambda _{k}=0}$ for ${\displaystyle k>v,}$ and ${\displaystyle s_{k}=0}$ for ${\displaystyle k>c+d-2.}$ Then

${\displaystyle S(x)\Lambda (x)=\sum _{j=0}^{\infty }\sum _{i=0}^{j}s_{j-i+1}\lambda _{i}x^{j}.}$

${\displaystyle {\begin{aligned}S(x)\Lambda (x)&=S(x)\left\{\lambda _{0}\prod _{\ell =1}^{v}\left(\alpha ^{i_{\ell }}x-1\right)\right\}\\&=\left\{\sum _{i=0}^{d-2}\sum _{j=1}^{v}e_{j}\alpha ^{(c+i)\cdot i_{j}}x^{i}\right\}\left\{\lambda _{0}\prod _{\ell =1}^{v}\left(\alpha ^{i_{\ell }}x-1\right)\right\}\\&=\left\{\sum _{j=1}^{v}e_{j}\alpha ^{ci_{j}}\sum _{i=0}^{d-2}\left(\alpha ^{i_{j}}\right)^{i}x^{i}\right\}\left\{\lambda _{0}\prod _{\ell =1}^{v}\left(\alpha ^{i_{\ell }}x-1\right)\right\}\\&=\left\{\sum _{j=1}^{v}e_{j}\alpha ^{ci_{j}}{\frac {\left(x\alpha ^{i_{j}}\right)^{d-1}-1}{x\alpha ^{i_{j}}-1}}\right\}\left\{\lambda _{0}\prod _{\ell =1}^{v}\left(\alpha ^{i_{\ell }}x-1\right)\right\}\\&=\lambda _{0}\sum _{j=1}^{v}e_{j}\alpha ^{ci_{j}}{\frac {\left(x\alpha ^{i_{j}}\right)^{d-1}-1}{x\alpha ^{i_{j}}-1}}\prod _{\ell =1}^{v}\left(\alpha ^{i_{\ell }}x-1\right)\\&=\lambda _{0}\sum _{j=1}^{v}e_{j}\alpha ^{ci_{j}}\left(\left(x\alpha ^{i_{j}}\right)^{d-1}-1\right)\prod _{\ell \in \{1,\cdots ,v\}\setminus \{j\}}\left(\alpha ^{i_{\ell }}x-1\right)\end{aligned}}}$

We want to compute unknowns ${\displaystyle e_{j},}$ and we could simplify the context by removing the ${\displaystyle \left(x\alpha ^{i_{j}}\right)^{d-1}}$ terms. This leads to the error evaluator polynomial

${\displaystyle \Omega (x)\equiv S(x)\Lambda (x){\bmod {x^{d-1}}}.}$

Thanks to ${\displaystyle v\leqslant d-1}$ we have

${\displaystyle \Omega (x)=-\lambda _{0}\sum _{j=1}^{v}e_{j}\alpha ^{ci_{j}}\prod _{\ell \in \{1,\cdots ,v\}\setminus \{j\}}\left(\alpha ^{i_{\ell }}x-1\right).}$

Thanks to ${\displaystyle \Lambda }$ (the Lagrange interpolation trick) the sum degenerates to only one summand for ${\displaystyle x=\alpha ^{-i_{k}}}$

${\displaystyle \Omega \left(\alpha ^{-i_{k}}\right)=-\lambda _{0}e_{k}\alpha ^{c\cdot i_{k}}\prod _{\ell \in \{1,\cdots ,v\}\setminus \{k\}}\left(\alpha ^{i_{\ell }}\alpha ^{-i_{k}}-1\right).}$

To get ${\displaystyle e_{k}}$ we just should get rid of the product. We could compute the product directly from already computed roots ${\displaystyle \alpha ^{-i_{j}}}$ of ${\displaystyle \Lambda ,}$ but we could use simpler form.

As formal derivative

${\displaystyle \Lambda '(x)=\lambda _{0}\sum _{j=1}^{v}\alpha ^{i_{j}}\prod _{\ell \in \{1,\cdots ,v\}\setminus \{j\}}\left(\alpha ^{i_{\ell }}x-1\right),}$

we get again only one summand in

${\displaystyle \Lambda '\left(\alpha ^{-i_{k}}\right)=\lambda _{0}\alpha ^{i_{k}}\prod _{\ell \in \{1,\cdots ,v\}\setminus \{k\}}\left(\alpha ^{i_{\ell }}\alpha ^{-i_{k}}-1\right).}$

So finally

${\displaystyle e_{k}=-{\frac {\alpha ^{i_{k}}\Omega \left(\alpha ^{-i_{k}}\right)}{\alpha ^{c\cdot i_{k}}\Lambda '\left(\alpha ^{-i_{k}}\right)}}.}$

This formula is advantageous when one computes the formal derivative of ${\displaystyle \Lambda }$ form

${\displaystyle \Lambda (x)=\sum _{i=1}^{v}\lambda _{i}x^{i}}$

yielding:

${\displaystyle \Lambda '(x)=\sum _{i=1}^{v}i\cdot \lambda _{i}x^{i-1},}$

where

${\displaystyle i\cdot x:=\sum _{k=1}^{i}x.}$

An alternate process of finding both the polynomial Λ and the error locator polynomial is based on Yasuo Sugiyama's adaptation of the Extended Euclidean algorithm.^[10] Correction of unreadable characters could be incorporated to the algorithm easily as well.

Let ${\displaystyle k_{1},...,k_{k}}$ be positions of unreadable characters. One creates polynomial localising these positions ${\displaystyle \Gamma (x)=\prod _{i=1}^{k}\left(x\alpha ^{k_{i}}-1\right).}$ Set values on unreadable positions to 0 and compute the syndromes.

As we have already defined for the Forney formula let ${\displaystyle S(x)=\sum _{i=0}^{d-2}s_{c+i}x^{i}.}$

Let us run extended Euclidean algorithm for locating least common divisor of polynomials ${\displaystyle S(x)\Gamma (x)}$ and ${\displaystyle x^{d-1}.}$ The goal is not to find the least common divisor, but a polynomial ${\displaystyle r(x)}$ of degree at most ${\displaystyle \lfloor (d+k-3)/2\rfloor }$ and polynomials ${\displaystyle a(x),b(x)}$ such that ${\displaystyle r(x)=a(x)S(x)\Gamma (x)+b(x)x^{d-1}.}$ Low degree of ${\displaystyle r(x)}$ guarantees, that ${\displaystyle a(x)}$ would satisfy extended (by ${\displaystyle \Gamma }$) defining conditions for ${\displaystyle \Lambda .}$

Defining ${\displaystyle \Xi (x)=a(x)\Gamma (x)}$ and using ${\displaystyle \Xi }$ on the place of ${\displaystyle \Lambda (x)}$ in the Fourney formula will give us error values.

The main advantage of the algorithm is that it meanwhile computes ${\displaystyle \Omega (x)=S(x)\Xi (x){\bmod {x}}^{d-1}=r(x)}$ required in the Forney formula.

The goal is to find a codeword which differs from the received word minimally as possible on readable positions. When expressing the received word as a sum of nearest codeword and error word, we are trying to find error word with minimal number of non-zeros on readable positions. Syndrom ${\displaystyle s_{i}}$ restricts error word by condition

${\displaystyle s_{i}=\sum _{j=0}^{n-1}e_{j}\alpha ^{ij}.}$

We could write these conditions separately or we could create polynomial

${\displaystyle S(x)=\sum _{i=0}^{d-2}s_{c+i}x^{i}}$

and compare coefficients near powers ${\displaystyle 0}$ to ${\displaystyle d-2.}$

${\displaystyle S(x){\stackrel {\{0,\cdots ,\,d-2\}}{=}}E(x)=\sum _{i=0}^{d-2}\sum _{j=0}^{n-1}e_{j}\alpha ^{ij}\alpha ^{cj}x^{i}.}$

Suppose there is unreadable letter on position ${\displaystyle k_{1},}$ we could replace set of syndromes ${\displaystyle \{s_{c},\cdots ,s_{c+d-2}\}}$ by set of syndromes ${\displaystyle \{t_{c},\cdots ,t_{c+d-3}\}}$ defined by equation ${\displaystyle t_{i}=\alpha ^{k_{1}}s_{i}-s_{i+1}.}$ Suppose for an error word all restrictions by original set ${\displaystyle \{s_{c},\cdots ,s_{c+d-2}\}}$ of syndromes hold, than

${\displaystyle t_{i}=\alpha ^{k_{1}}s_{i}-s_{i+1}=\alpha ^{k_{1}}\sum _{j=0}^{n-1}e_{j}\alpha ^{ij}-\sum _{j=0}^{n-1}e_{j}\alpha ^{j}\alpha ^{ij}=\sum _{j=0}^{n-1}e_{j}\left(\alpha ^{k_{1}}-\alpha ^{j}\right)\alpha ^{ij}.}$

New set of syndromes restricts error vector

${\displaystyle f_{j}=e_{j}\left(\alpha ^{k_{1}}-\alpha ^{j}\right)}$

the same way the original set of syndromes restricted the error vector ${\displaystyle e_{j}.}$ Except the coordinate ${\displaystyle k_{1},}$ where we have ${\displaystyle f_{k_{1}}=0,}$ an ${\displaystyle f_{j}}$ is zero, if ${\displaystyle e_{j}=0.}$ For the goal of locating error positions we could change the set of syndromes in the similar way to reflect all unreadable characters. This shortens the set of syndromes by ${\displaystyle k.}$

In polynomial formulation, the replacement of syndromes set ${\displaystyle \{s_{c},\cdots ,s_{c+d-2}\}}$ by syndromes set ${\displaystyle \{t_{c},\cdots ,t_{c+d-3}\}}$ leads to

${\displaystyle T(x)=\sum _{i=0}^{d-3}t_{c+i}x^{i}=\alpha ^{k_{1}}\sum _{i=0}^{d-3}s_{c+i}x^{i}-\sum _{i=1}^{d-2}s_{c+i}x^{i-1}.}$

Therefore,

${\displaystyle xT(x){\stackrel {\{1,\cdots ,\,d-2\}}{=}}\left(x\alpha ^{k_{1}}-1\right)S(x).}$

After replacement of ${\displaystyle S(x)}$ by ${\displaystyle S(x)\Gamma (x)}$, one would require equation for coefficients near powers ${\displaystyle k,\cdots ,d-2.}$

One could consider looking for error positions from the point of view of eliminating influence of given positions similarly as for unreadable characters. If we found ${\displaystyle v}$ positions such that eliminating their influence leads to obtaining set of syndromes consisting of all zeros, than there exists error vector with errors only on these coordinates. If ${\displaystyle \Lambda (x)}$ denotes the polynomial eliminating the influence of these coordinates, we obtain

${\displaystyle S(x)\Gamma (x)\Lambda (x){\stackrel {\{k+v,\cdots ,d-2\}}{=}}0.}$

In Euclidean algorithm, we try to correct at most ${\displaystyle {\tfrac {1}{2}}(d-1-k)}$ errors (on readable positions), because with bigger error count there could be more codewords in the same distance from the received word. Therefore, for ${\displaystyle \Lambda (x)}$ we are looking for, the equation must hold for coefficients near powers starting from

${\displaystyle k+\left\lfloor {\frac {1}{2}}(d-1-k)\right\rfloor .}$

In Forney formula, ${\displaystyle \Lambda (x)}$ could be multiplied by a scalar giving the same result.

It could happen that the Euclidean algorithm finds ${\displaystyle \Lambda (x)}$ of degree higher than ${\displaystyle {\tfrac {1}{2}}(d-1-k)}$ having number of different roots equal to its degree, where the Fourney formula would be able to correct errors in all its roots, anyway correcting such many errors could be risky (especially with no other restrictions on received word). Usually after getting ${\displaystyle \Lambda (x)}$ of higher degree, we decide not to correct the errors. Correction could fail in the case ${\displaystyle \Lambda (x)}$ has roots with higher multiplicity or the number of roots is smaller than its degree. Fail could be detected as well by Forney formula returning error outside the transmitted alphabet.