In abstract algebra, the Chien search, named after Robert Tienwen Chien, is a fast algorithm for determining roots of polynomials defined over a finite field. Chien search is commonly used to find the roots of error-locator polynomials encountered in decoding Reed-Solomon codes and BCH codes.
The problem is to find the roots of the polynomial (over the finite field ):
The roots may be found using brute force: there are a finite number of , so the polynomial can be evaluated for each element . If the polynomial evaluates to zero, then that element is a root.
For the trivial case , only the coefficient need be tested for zero. Below, the only concern will be for non-zero .
A straightforward evaluation of the polynomial involves general multiplications and additions. A more efficient scheme would use Horner's method for general multiplications and additions. Both of these approaches may evaluate the elements of the finite field in any order.
Chien search improves upon the above by selecting a specific order for the non-zero elements. In particular, the finite field has a (constant) generator element . Chien tests the elements in the generator's order . Consequently, Chien search needs only multiplications by constants and additions. The multiplications by constants are less complex than general multiplications.
The Chien search is based on two observations:
- Each non-zero may be expressed as for some , where is a primitive element of , is the power number of primitive element . Thus the powers for cover the entire field (excluding the zero element).
- The following relationship exists:
In other words, we may define each as the sum of a set of terms , from which the next set of coefficients may be derived thus:
In this way, we may start at with , and iterate through each value of up to . If at any stage the resultant summation is zero, i.e.
then also, so is a root. In this way, we check every element in the field.
When implemented in hardware, this approach significantly reduces the complexity, as all multiplications consist of one variable and one constant, rather than two variables as in the brute-force approach.