Network Working Group V. Roca Request for Comments: 5170 INRIA Category: Standards Track C. Neumann Thomson D. Furodet STMicroelectronics June 2008 Low Density Parity Check (LDPC) Staircase and Triangle Forward Error Correction (FEC) Schemes Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This document describes two Fully-Specified Forward Error Correction (FEC) Schemes, Low Density Parity Check (LDPC) Staircase and LDPC Triangle, and their application to the reliable delivery of data objects on the packet erasure channel (i.e., a communication path where packets are either received without any corruption or discarded during transmission). These systematic FEC codes belong to the well- known class of "Low Density Parity Check" codes, and are large block FEC codes in the sense of RFC 3453. Roca, et al. Standards Track [Page 1]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Requirements Notation . . . . . . . . . . . . . . . . . . . . 3 3. Definitions, Notations, and Abbreviations . . . . . . . . . . 3 3.1. Definitions . . . . . . . . . . . . . . . . . . . . . . . 3 3.2. Notations . . . . . . . . . . . . . . . . . . . . . . . . 4 3.3. Abbreviations . . . . . . . . . . . . . . . . . . . . . . 5 4. Formats and Codes . . . . . . . . . . . . . . . . . . . . . . 6 4.1. FEC Payload IDs . . . . . . . . . . . . . . . . . . . . . 6 4.2. FEC Object Transmission Information . . . . . . . . . . . 6 4.2.1. Mandatory Element . . . . . . . . . . . . . . . . . . 6 4.2.2. Common Elements . . . . . . . . . . . . . . . . . . . 6 4.2.3. Scheme-Specific Elements . . . . . . . . . . . . . . . 7 4.2.4. Encoding Format . . . . . . . . . . . . . . . . . . . 8 5. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 9 5.2. Determining the Maximum Source Block Length (B) . . . . . 11 5.3. Determining the Encoding Symbol Length (E) and Number of Encoding Symbols per Group (G) . . . . . . . . . . . . 12 5.4. Determining the Maximum Number of Encoding Symbols Generated for Any Source Block (max_n) . . . . . . . . . . 13 5.5. Determining the Number of Encoding Symbols of a Block (n) . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 5.6. Identifying the G Symbols of an Encoding Symbol Group . . 14 5.7. Pseudo-Random Number Generator . . . . . . . . . . . . . . 17 6. Full Specification of the LDPC-Staircase Scheme . . . . . . . 19 6.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 19 6.2. Parity Check Matrix Creation . . . . . . . . . . . . . . . 19 6.3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . 21 6.4. Decoding . . . . . . . . . . . . . . . . . . . . . . . . . 21 7. Full Specification of the LDPC-Triangle Scheme . . . . . . . . 22 7.1. General . . . . . . . . . . . . . . . . . . . . . . . . . 22 7.2. Parity Check Matrix Creation . . . . . . . . . . . . . . . 22 7.3. Encoding . . . . . . . . . . . . . . . . . . . . . . . . . 23 7.4. Decoding . . . . . . . . . . . . . . . . . . . . . . . . . 23 8. Security Considerations . . . . . . . . . . . . . . . . . . . 24 8.1. Problem Statement . . . . . . . . . . . . . . . . . . . . 24 8.2. Attacks Against the Data Flow . . . . . . . . . . . . . . 24 8.2.1. Access to Confidential Objects . . . . . . . . . . . . 24 8.2.2. Content Corruption . . . . . . . . . . . . . . . . . . 25 8.3. Attacks Against the FEC Parameters . . . . . . . . . . . . 26 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 27 10. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 27 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 27 11.1. Normative References . . . . . . . . . . . . . . . . . . . 27 11.2. Informative References . . . . . . . . . . . . . . . . . . 27 Appendix A. Trivial Decoding Algorithm (Informative Only) . . . . 30 Roca, et al. Standards Track [Page 2]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 1. Introduction [RFC3453] introduces large block FEC codes as an alternative to small block FEC codes like Reed-Solomon. The main advantage of such large block codes is the possibility to operate efficiently on source blocks with a size of several tens of thousands (or more) of source symbols. The present document introduces the Fully-Specified FEC Encoding ID 3 that is intended to be used with the LDPC-Staircase FEC codes, and the Fully-Specified FEC Encoding ID 4 that is intended to be used with the LDPC-Triangle FEC codes [RN04][MK03]. Both schemes belong to the broad class of large block codes. For a definition of the term Fully-Specified Scheme, see Section 4 of [RFC5052]. LDPC codes rely on a dedicated matrix, called a "parity check matrix", at the encoding and decoding ends. The parity check matrix defines relationships (or constraints) between the various encoding symbols (i.e., source symbols and repair symbols), which are later used by the decoder to reconstruct the original k source symbols if some of them are missing. These codes are systematic, in the sense that the encoding symbols include the source symbols in addition to the repair symbols. Since the encoder and decoder must operate on the same parity check matrix, information must be communicated between them as part of the FEC Object Transmission Information. A publicly available reference implementation of these codes is available and distributed under a GNU/LGPL (Lesser General Public License) [LDPC-codec]. Besides, the code extracts included in this document are directly contributed to the IETF process by the authors of this document and by Radford M. Neal. 2. Requirements Notation The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Definitions, Notations, and Abbreviations 3.1. Definitions This document uses the same terms and definitions as those specified in [RFC5052]. Additionally, it uses the following definitions: Source Symbol: a unit of data used during the encoding process Roca, et al. Standards Track [Page 3]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Encoding Symbol: a unit of data generated by the encoding process Repair Symbol: an encoding symbol that is not a source symbol Code Rate: the k/n ratio, i.e., the ratio between the number of source symbols and the number of encoding symbols. The code rate belongs to a ]0; 1] interval. A code rate close to 1 indicates that a small number of repair symbols have been produced during the encoding process Systematic Code: FEC code in which the source symbols are part of the encoding symbols Source Block: a block of k source symbols that are considered together for the encoding Encoding Symbol Group: a group of encoding symbols that are sent together, within the same packet, and whose relationships to the source object can be derived from a single Encoding Symbol ID Source Packet: a data packet containing only source symbols Repair Packet: a data packet containing only repair symbols Packet Erasure Channel: a communication path where packets are either dropped (e.g., by a congested router or because the number of transmission errors exceeds the correction capabilities of the physical layer codes) or received. When a packet is received, it is assumed that this packet is not corrupted 3.2. Notations This document uses the following notations: L denotes the object transfer length in bytes. k denotes the source block length in symbols, i.e., the number of source symbols of a source block. n denotes the encoding block length, i.e., the number of encoding symbols generated for a source block. E denotes the encoding symbol length in bytes. B denotes the maximum source block length in symbols, i.e., the maximum number of source symbols per source block. Roca, et al. Standards Track [Page 4]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 N denotes the number of source blocks into which the object shall be partitioned. G denotes the number of encoding symbols per group, i.e., the number of symbols sent in the same packet. CR denotes the "code rate", i.e., the k/n ratio. max_n denotes the maximum number of encoding symbols generated for any source block. This is in particular the number of encoding symbols generated for a source block of size B. H denotes the parity check matrix. N1 denotes the target number of "1s" per column in the left side of the parity check matrix. N1m3 denotes the value N1 - 3, where N1 is the target number of "1s" per column in the left side of the parity check matrix. pmms_rand(m) denotes the pseudo-random number generator defined in Section 5.7 that returns a new random integer in [0; m-1] each time it is called. 3.3. Abbreviations This document uses the following abbreviations: ESI: Encoding Symbol ID FEC OTI: FEC Object Transmission Information FPI: FEC Payload ID LDPC: Low Density Parity Check PRNG: Pseudo-Random Number Generator Roca, et al. Standards Track [Page 5]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 4. Formats and Codes 4.1. FEC Payload IDs The FEC Payload ID is composed of the Source Block Number and the Encoding Symbol ID: The Source Block Number (12-bit field) identifies from which source block of the object the encoding symbol(s) in the packet payload is(are) generated. There is a maximum of 2^^12 blocks per object. Source block numbering starts at 0. The Encoding Symbol ID (20-bit field) identifies which encoding symbol(s) generated from the source block is(are) carried in the packet payload. There is a maximum of 2^^20 encoding symbols per block. The first k values (0 to k-1) identify source symbols, the remaining n-k values (k to n-k-1) identify repair symbols. There MUST be exactly one FEC Payload ID per packet. In the case of an Encoding Symbol Group, when multiple encoding symbols are sent in the same packet, the FEC Payload ID refers to the first symbol of the packet. The other symbols can be deduced from the ESI of the first symbol thanks to a dedicated function, as explained in Section 5.6 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Block Number | Encoding Symbol ID (20 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 1: FEC Payload ID encoding format for FEC Encoding ID 3 and 4 4.2. FEC Object Transmission Information 4.2.1. Mandatory Element o FEC Encoding ID: the LDPC-Staircase and LDPC-Triangle Fully- Specified FEC Schemes use the FEC Encoding ID 3 (Staircase) and 4 (Triangle), respectively. 4.2.2. Common Elements The following elements MUST be defined with the present FEC Schemes: o Transfer-Length (L): a non-negative integer indicating the length of the object in bytes. There are some restrictions on the maximum Transfer-Length that can be supported: Roca, et al. Standards Track [Page 6]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 maximum transfer length = 2^^12 * B * E For instance, if B=2^^19 (because of a code rate of 1/2, Section 5.2), and if E=1024 bytes, then the maximum transfer length is 2^^41 bytes (or 2 TB). The upper limit, with symbols of size 2^^16-1 bytes and a code rate larger or equal to 1/2, amounts to 2^^47 bytes (or 128 TB). o Encoding-Symbol-Length (E): a non-negative integer indicating the length of each encoding symbol in bytes. o Maximum-Source-Block-Length (B): a non-negative integer indicating the maximum number of source symbols in a source block. There are some restrictions on the maximum B value, as explained in Section 5.2. o Max-Number-of-Encoding-Symbols (max_n): a non-negative integer indicating the maximum number of encoding symbols generated for any source block. There are some restrictions on the maximum max_n value. In particular max_n is at most equal to 2^^20. Section 5 explains how to define the values of each of these elements. 4.2.3. Scheme-Specific Elements The following elements MUST be defined with the present FEC Scheme: o N1m3: an integer between 0 (default) and 7, inclusive. The target number of "1s" per column in the left side of the parity check matrix, N1, is then equal to N1m3 + 3 (see Sections 6.2 and 7.2). Using the default value of 0 for N1m3 is recommended when the sender has no information on the decoding scheme used by the receivers. A value greater than 0 for N1m3 can be a good choice in specific situations, e.g., with LDPC-staircase codes when the sender knows that all the receivers use a Gaussian elimination decoding scheme. Nevertheless, the current document does not mandate any specific value. This choice is left to the codec developer. o G: an integer between 1 (default) and 31, inclusive, indicating the number of encoding symbols per group (i.e., per packet). The default value is 1, meaning that each packet contains exactly one symbol. Values greater than 1 can also be defined, as explained in Section 5.3. Roca, et al. Standards Track [Page 7]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 o PRNG seed: the seed is a 32-bit unsigned integer between 1 and 0x7FFFFFFE (i.e., 2^^31-2) inclusive. This value is used to initialize the Pseudo-Random Number Generator (Section 5.7). 4.2.4. Encoding Format This section shows two possible encoding formats of the above FEC OTI. The present document does not specify when or how these encoding formats should be used. 4.2.4.1. Using the General EXT_FTI Format The FEC OTI binary format is the following when the EXT_FTI mechanism is used (e.g., within the Asynchronous Layer Coding (ALC) [RMT-PI-ALC] or NACK-Oriented Reliable Multicast (NORM) [RMT-PI-NORM] protocols). 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | HET = 64 | HEL = 5 | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Transfer-Length (L) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Encoding Symbol Length (E) | N1m3| G | B (MSB) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | B (LSB) | Max Nb of Enc. Symbols (max_n) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PRNG seed | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Figure 2: EXT_FTI Header for FEC Encoding ID 3 and 4 In particular: o The Transfer-Length (L) field size (48 bits) is larger than the size required to store the maximum transfer length (Section 4.2.2) for field alignment purposes. o The Maximum-Source-Block-Length (B) field (20 bits) is split into two parts: the 8 most significant bits (MSB) are in the third 32- bit word of the EXT_FTI, and the remaining 12 least significant bits (LSB) are in the fourth 32-bit word. Roca, et al. Standards Track [Page 8]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 4.2.4.2. Using the FDT Instance (FLUTE-Specific) When it is desired that the FEC OTI be carried in the File Delivery Table (FDT) Instance of a File Delivery over Unidirectional Transport (FLUTE) session [RMT-FLUTE], the following XML attributes must be described for the associated object: o FEC-OTI-FEC-Encoding-ID o FEC-OTI-Transfer-length o FEC-OTI-Encoding-Symbol-Length o FEC-OTI-Maximum-Source-Block-Length o FEC-OTI-Max-Number-of-Encoding-Symbols o FEC-OTI-Scheme-Specific-Info The FEC-OTI-Scheme-Specific-Info contains the string resulting from the Base64 encoding [RFC4648] of the following value: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | PRNG seed | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | N1m3| G | +-+-+-+-+-+-+-+-+ Figure 3: FEC OTI Scheme-Specific Information to be Included in the FDT Instance for FEC Encoding ID 3 and 4 During Base64 encoding, the 5 bytes of the FEC OTI Scheme-Specific Information are transformed into a string of 8 printable characters (in the 64-character alphabet) that is added to the FEC-OTI-Scheme- Specific-Info attribute. 5. Procedures This section defines procedures that are common to FEC Encoding IDs 3 and 4. 5.1. General The B (maximum source block length in symbols), E (encoding symbol length in bytes), and G (number of encoding symbols per group) parameters are first determined. The algorithms of Section 5.2 and Roca, et al. Standards Track [Page 9]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Section 5.3 MAY be used to that purpose. Using other algorithms is possible without compromising interoperability since the B, E, and G parameters are communicated to the receiver by means of the FEC OTI. Then, the source object MUST be partitioned using the block partitioning algorithm specified in [RFC5052]. To that purpose, the B, L (object transfer length in bytes), and E arguments are provided. As a result, the object is partitioned into N source blocks. These blocks are numbered consecutively from 0 to N-1. The first I source blocks consist of A_large source symbols, the remaining N-I source blocks consist of A_small source symbols. Each source symbol is E bytes in length, except perhaps the last symbol, which may be shorter. Then, the max_n (maximum number of encoding symbols generated for any source block) parameter is determined. The algorithm in Section 5.4 MAY be used to that purpose. Using another algorithm is possible without compromising interoperability since the max_n parameter is communicated to the receiver by means of the FEC OTI. For each block, the actual number of encoding symbols, n, MUST then be determined using the "n-algorithm" detailed in Section 5.5. Then, FEC encoding and decoding can be done block per block, independently. To that purpose, a parity check matrix is created, that forms a system of linear equations between the source and repair symbols of a given block, where the basic operator is XOR. This parity check matrix is logically divided into two parts: the left side (from column 0 to k-1) describes the occurrences of each source symbol in the system of linear equations; the right side (from column k to n-1) describes the occurrences of each repair symbol in the system of linear equations. The only difference between the LDPC-Staircase and LDPC-Triangle schemes is the construction of this right sub-matrix. An entry (a "1") in the matrix at position (i,j) (i.e., at row i and column j) means that the symbol with ESI j appears in equation i of the system. When the parity symbols have been created, the sender transmits source and parity symbols. The way this transmission occurs can largely impact the erasure recovery capabilities of the LDPC-* FEC. In particular, sending parity symbols in sequence is suboptimal. Instead, it is usually recommended to shuffle these symbols. The interested reader will find more details in [NRFF05]. Roca, et al. Standards Track [Page 10]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 The following sections detail how the B, E, G, max_n, and n parameters are determined (in Sections 5.2, 5.3, 5.4 and 5.5, respectively). Section 5.6 details how Encoding Symbol Groups are created, and finally, Section 5.7 covers the PRNG. 5.2. Determining the Maximum Source Block Length (B) The B parameter (maximum source block length in symbols) depends on several parameters: the code rate (CR), the Encoding Symbol ID field length of the FEC Payload ID (20 bits), as well as possible internal codec limitations. The B parameter cannot be larger than the following values, derived from the FEC Payload ID limitations, for a given code rate: max1_B = 2^^(20 - ceil(Log2(1/CR))) Some common max1_B values are: o CR == 1 (no repair symbol): max1_B = 2^^20 = 1,048,576 o 1/2 <= CR < 1: max1_B = 2^^19 = 524,288 symbols o 1/4 <= CR < 1/2: max1_B = 2^^18 = 262,144 symbols o 1/8 <= CR < 1/4: max1_B = 2^^17 = 131,072 symbols Additionally, a codec MAY impose other limitations on the maximum block size. For instance, this is the case when the codec uses internally 16-bit unsigned integers to store the Encoding Symbol ID, since it does not enable to store all the possible values of a 20-bit field. In that case, if for instance, 1/2 <= CR < 1, then the maximum source block length is 2^^15. Other limitations may also apply, for instance, because of a limited working memory size. This decision MUST be clarified at implementation time, when the target use case is known. This results in a max2_B limitation. Then, B is given by: B = min(max1_B, max2_B) Note that this calculation is only required at the coder, since the B parameter is communicated to the decoder through the FEC OTI. Roca, et al. Standards Track [Page 11]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 5.3. Determining the Encoding Symbol Length (E) and Number of Encoding Symbols per Group (G) The E parameter usually depends on the maximum transmission unit on the path (PMTU) from the source to each receiver. In order to minimize the protocol header overhead (e.g., the Layered Coding Transport (LCT), UDP, IPv4, or IPv6 headers in the case of ALC), E is chosen to be as large as possible. In that case, E is chosen so that the size of a packet composed of a single symbol (G=1) remains below but close to the PMTU. However, other considerations can exist. For instance, the E parameter can be made a function of the object transfer length. Indeed, LDPC codes are known to offer better protection for large blocks. In the case of small objects, it can be advantageous to reduce the encoding symbol length (E) in order to artificially increase the number of symbols and therefore the block size. In order to minimize the protocol header overhead, several symbols can be grouped in the same Encoding Symbol Group (i.e., G > 1). Depending on how many symbols are grouped (G) and on the packet loss rate (G symbols are lost for each packet erasure), this strategy might or might not be appropriate. A balance must therefore be found. The current specification does not mandate any value for either E or G. The current specification only provides an example of possible choices for E and G. Note that this choice is made by the sender, and the E and G parameters are then communicated to the receiver thanks to the FEC OTI. Note also that the decoding algorithm used influences the choice of the E and G parameters. Indeed, increasing the number of symbols will negatively impact the processing load when decoding is based (in part or totally) on Gaussian elimination, whereas the impacts will be rather low when decoding is based on the trivial algorithm sketched in Section 6.4. Example: Let us assume that the trivial decoding algorithm sketched in Section 6.4 is used. First, define the target packet payload size, pkt_sz (at most equal to the PMTU minus the size of the various protocol headers). The pkt_sz must be chosen in such a way that the symbol size is an integer. This can require that pkt_sz be a multiple of 4, 8, or 16 (see the table below). Then calculate the number of packets in the object: nb_pkts = ceil(L / pkt_sz). Finally, thanks to nb_pkts, use the following table to find a possible G value. Roca, et al. Standards Track [Page 12]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 +------------------------+----+-------------+-------------------+ | Number of packets | G | Symbol size | k | +------------------------+----+-------------+-------------------+ | 4000 <= nb_pkts | 1 | pkt_sz | 4000 <= k | | | | | | | 1000 <= nb_pkts < 4000 | 4 | pkt_sz / 4 | 4000 <= k < 16000 | | | | | | | 500 <= nb_pkts < 1000 | 8 | pkt_sz / 8 | 4000 <= k < 8000 | | | | | | | 1 <= nb_pkts < 500 | 16 | pkt_sz / 16 | 16 <= k < 8000 | +------------------------+----+-------------+-------------------+ 5.4. Determining the Maximum Number of Encoding Symbols Generated for Any Source Block (max_n) The following algorithm MAY be used by a sender to determine the maximum number of encoding symbols generated for any source block (max_n) as a function of B and the target code rate. Since the max_n parameter is communicated to the decoder by means of the FEC OTI, another method MAY be used to determine max_n. Input: B: Maximum source block length, for any source block. Section 5.2 MAY be used to determine its value. CR: FEC code rate, which is provided by the user (e.g., when starting a FLUTE sending application). It is expressed as a floating point value. The CR value must be such that the resulting number of encoding symbols per block is at most equal to 2^^20 (Section 4.1). Output: max_n: Maximum number of encoding symbols generated for any source block. Algorithm: max_n = ceil(B / CR); if (max_n > 2^^20), then return an error ("invalid code rate"); (NB: if B has been defined as explained in Section 5.2, this error should never happen.) Roca, et al. Standards Track [Page 13]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 5.5. Determining the Number of Encoding Symbols of a Block (n) The following algorithm, also called "n-algorithm", MUST be used by the sender and the receiver to determine the number of encoding symbols for a given block (n) as a function of B, k, and max_n. Input: B: Maximum source block length, for any source block. At a sender, Section 5.2 MAY be used to determine its value. At a receiver, this value MUST be extracted from the received FEC OTI. k: Current source block length. At a sender or receiver, the block partitioning algorithm MUST be used to determine its value. max_n: Maximum number of encoding symbols generated for any source block. At a sender, Section 5.4 MAY be used to determine its value. At a receiver, this value MUST be extracted from the received FEC OTI. Output: n: Number of encoding symbols generated for this source block. Algorithm: n = floor(k * max_n / B); 5.6. Identifying the G Symbols of an Encoding Symbol Group When multiple encoding symbols are sent in the same packet, the FEC Payload ID information of the packet MUST refer to the first encoding symbol. It MUST then be possible to identify each symbol from this single FEC Payload ID. To that purpose, the symbols of an Encoding Symbol Group (i.e., packet): o MUST all be either source symbols or repair symbols. Therefore, only source packets and repair packets are permitted, not mixed ones. o are identified by a function, sender(resp. receiver)_find_ESIs_of_group(), that takes as argument: * for a sender, the index of the Encoding Symbol Group (i.e., packet) that the application wants to create, * for a receiver, the ESI information contained in the FEC Payload ID. Roca, et al. Standards Track [Page 14]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 and returns a list of G Encoding Symbol IDs. In the case of a source packet, the G Encoding Symbol IDs are chosen consecutively, by incrementing the ESI. In the case of a repair packet, the G repair symbols are chosen randomly, as explained below. o are stored in sequence in the packet, without any padding. In other words, the last byte of the i-th symbol is immediately followed by the first byte of (i+1)-th symbol. The system must first be initialized by creating a random permutation of the n-k indexes. This initialization function MUST be called immediately after creating the parity check matrix. More precisely, since the PRNG seed is not re-initialized, there must not have been a call to the PRNG function between the time the parity check matrix has been initialized and the time the following initialization function is called. This is true both at a sender and at a receiver. int *txseqToID; int *IDtoTxseq; /* * Initialization function. * Warning: use only when G > 1. */ void initialize_tables () { int i; int randInd; int backup; txseqToID = malloc((n-k) * sizeof(int)); IDtoTxseq = malloc((n-k) * sizeof(int)); if (txseqToID == NULL || IDtoTxseq == NULL) handle the malloc failures as appropriate... /* initialize the two tables that map ID * (i.e., ESI-k) to/from TxSequence. */ for (i = 0; i < n - k; i++) { IDtoTxseq[i] = i; txseqToID[i] = i; } /* now randomize everything */ for (i = 0; i < n - k; i++) { randInd = pmms_rand(n - k); backup = IDtoTxseq[i]; IDtoTxseq[i] = IDtoTxseq[randInd]; IDtoTxseq[randInd] = backup; txseqToID[IDtoTxseq[i]] = i; Roca, et al. Standards Track [Page 15]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 txseqToID[IDtoTxseq[randInd]] = randInd; } return; } It is then possible, at the sender, to determine the sequence of G Encoding Symbol IDs that will be part of the group. /* * Determine the sequence of ESIs for the packet under construction * at a sender. * Warning: use only when G > 1. * PktIdx (IN): index of the packet, in * {0..ceil(k/G)+ceil((n-k)/G)} range * ESIs[] (OUT): list of ESIs for the packet */ void sender_find_ESIs_of_group (int PktIdx, ESI_t ESIs[]) { int i; if (PktIdx < nbSourcePkts) { /* this is a source packet */ ESIs[0] = PktIdx * G; for (i = 1; i < G; i++) { ESIs[i] = (ESIs[0] + i) % k; } } else { /* this is a repair packet */ for (i = 0; i < G; i++) { ESIs[i] = k + txseqToID[(i + (PktIdx - nbSourcePkts) * G) % (n - k)]; } } return; } Similarly, upon receiving an Encoding Symbol Group (i.e., packet), a receiver can determine the sequence of G Encoding Symbol IDs from the first ESI, esi0, that is contained in the FEC Payload ID. Roca, et al. Standards Track [Page 16]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 /* * Determine the sequence of ESIs for the packet received. * Warning: use only when G > 1. * esi0 (IN): : ESI contained in the FEC Payload ID * ESIs[] (OUT): list of ESIs for the packet */ void receiver_find_ESIs_of_group (ESI_t esi0, ESI_t ESIs[]) { int i; if (esi0 < k) { /* this is a source packet */ ESIs[0] = esi0; for (i = 1; i < G; i++) { ESIs[i] = (esi0 + i) % k; } } else { /* this is a repair packet */ for (i = 0; i < G; i++) { ESIs[i] = k + txseqToID[(i + IDtoTxseq[esi0 - k]) % (n - k)]; } } } 5.7. Pseudo-Random Number Generator The FEC Encoding IDs 3 and 4 rely on a pseudo-random number generator (PRNG) that must be fully specified, in particular in order to enable the receivers and the senders to build the same parity check matrix. The Park-Miler "minimal standard" PRNG [PM88] MUST be used. It defines a simple multiplicative congruential algorithm: Ij+1 = A * Ij (modulo M), with the following choices: A = 7^^5 = 16807 and M = 2^^31 - 1 = 2147483647. A validation criteria of such a PRNG is the following: if seed = 1, then the 10,000th value returned MUST be equal to 1043618065. Several implementations of this PRNG are known and discussed in the literature. An optimized implementation of this algorithm, using only 32-bit mathematics, and which does not require any division, can be found in [rand31pmc]. It uses the Park and Miller algorithm [PM88] with the optimization suggested by D. Carta in [CA90]. The history behind this algorithm is detailed in [WI08]. Yet, any other Roca, et al. Standards Track [Page 17]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 implementation of the PRNG algorithm that matches the above validation criteria, like the ones detailed in [PM88], is appropriate. This PRNG produces, natively, a 31-bit value between 1 and 0x7FFFFFFE (2^^31-2) inclusive. Since it is desired to scale the pseudo-random number between 0 and maxv-1 inclusive, one must keep the most significant bits of the value returned by the PRNG (the least significant bits are known to be less random, and modulo-based solutions should be avoided [PTVF92]). The following algorithm MUST be used: Input: raw_value: random integer generated by the inner PRNG algorithm, between 1 and 0x7FFFFFFE (2^^31-2) inclusive. maxv: upper bound used during the scaling operation. Output: scaled_value: random integer between 0 and maxv-1 inclusive. Algorithm: scaled_value = (unsigned long) ((double)maxv * (double)raw_value / (double)0x7FFFFFFF); (NB: the above C type casting to unsigned long is equivalent to using floor() with positive floating point values.) In this document, pmms_rand(maxv) denotes the PRNG function that implements the Park-Miller "minimal standard" algorithm, defined above, and that scales the raw value between 0 and maxv-1 inclusive, using the above scaling algorithm. Additionally, a function should be provided to enable the initialization of the PRNG with a seed (i.e., a 31-bit integer between 1 and 0x7FFFFFFE inclusive) before calling pmms_rand(maxv) the first time. Roca, et al. Standards Track [Page 18]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 6. Full Specification of the LDPC-Staircase Scheme 6.1. General The LDPC-Staircase scheme is identified by the Fully-Specified FEC Encoding ID 3. The PRNG used by the LDPC-Staircase scheme must be initialized by a seed. This PRNG seed is an instance-specific FEC OTI attribute (Section 4.2.3). 6.2. Parity Check Matrix Creation The LDPC-Staircase matrix can be divided into two parts: the left side of the matrix defines in which equations the source symbols are involved; the right side of the matrix defines in which equations the repair symbols are involved. The left side MUST be generated by using the following function: /* * Initialize the left side of the parity check matrix. * This function assumes that an empty matrix of size n-k * k has * previously been allocated/reset and that the matrix_has_entry(), * matrix_insert_entry() and degree_of_row() functions can access it. * (IN): the k, n and N1 parameters. */ void left_matrix_init (int k, int n, int N1) { int i; /* row index or temporary variable */ int j; /* column index */ int h; /* temporary variable */ int t; /* left limit within the list of possible choices u[] */ int u[N1*MAX_K]; /* table used to have a homogeneous 1 distrib. */ /* Initialize a list of all possible choices in order to * guarantee a homogeneous "1" distribution */ for (h = N1*k-1; h >= 0; h--) { u[h] = h % (n-k); } Roca, et al. Standards Track [Page 19]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 /* Initialize the matrix with N1 "1s" per column, homogeneously */ t = 0; for (j = 0; j < k; j++) { /* for each source symbol column */ for (h = 0; h < N1; h++) { /* add N1 "1s" */ /* check that valid available choices remain */ for (i = t; i < N1*k && matrix_has_entry(u[i], j); i++); if (i < N1*k) { /* choose one index within the list of possible * choices */ do { i = t + pmms_rand(N1*k-t); } while (matrix_has_entry(u[i], j)); matrix_insert_entry(u[i], j); /* replace with u[t] which has never been chosen */ u[i] = u[t]; t++; } else { /* no choice left, choose one randomly */ do { i = pmms_rand(n-k); } while (matrix_has_entry(i, j)); matrix_insert_entry(i, j); } } } /* Add extra bits to avoid rows with less than two "1s". * This is needed when the code rate is smaller than 2/(2+N1) */ for (i = 0; i < n-k; i++) { /* for each row */ if (degree_of_row(i) == 0) { j = pmms_rand(k); matrix_insert_entry(i, j); } if (degree_of_row(i) == 1) { do { j = pmms_rand(k); } while (matrix_has_entry(i, j)); matrix_insert_entry(i, j); } } } Roca, et al. Standards Track [Page 20]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 The right side (the staircase) MUST be generated by using the following function: /* * Initialize the right side of the parity check matrix with a * staircase structure. * (IN): the k and n parameters. */ void right_matrix_staircase_init (int k, int n) { int i; /* row index */ matrix_insert_entry(0, k); /* first row */ for (i = 1; i < n-k; i++) { /* for the following rows */ matrix_insert_entry(i, k+i); /* identity */ matrix_insert_entry(i, k+i-1); /* staircase */ } } Note that just after creating this parity check matrix, when Encoding Symbol Groups are used (i.e., G > 1), the function initializing the two random permutation tables (Section 5.6) MUST be called. This is true both at a sender and at a receiver. 6.3. Encoding Thanks to the staircase matrix, repair symbol creation is straightforward: each repair symbol is equal to the sum of all source symbols in the associated equation, plus the previous repair symbol (except for the first repair symbol). Therefore, encoding MUST follow the natural repair symbol order: start with the first repair symbol and generate a repair symbol with ESI i before a symbol with ESI i+1. 6.4. Decoding Decoding basically consists in solving a system of n-k linear equations whose variables are the n source and repair symbols. Of course, the final goal is to recover the value of the k source symbols only. To that purpose, many techniques are possible. One of them is the following trivial algorithm [ZP74]: given a set of linear equations, if one of them has only one remaining unknown variable, then the value of this variable is that of the constant term. So, replace this variable by its value in all the remaining linear equations and reiterate. The value of several variables can therefore be found recursively. Applied to LDPC FEC codes working over an erasure Roca, et al. Standards Track [Page 21]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 channel, the parity check matrix defines a set of linear equations whose variables are the source symbols and repair symbols. Receiving or decoding a symbol is equivalent to having the value of a variable. Appendix A sketches a possible implementation of this algorithm. A Gaussian elimination (or any optimized derivative) is another possible decoding technique. Hybrid solutions that start by using the trivial algorithm above and finish with a Gaussian elimination are also possible [CR08]. Because interoperability does not depend on the decoding algorithm used, the current document does not recommend any particular technique. This choice is left to the codec developer. However, choosing a decoding technique will have great practical impacts. It will impact the erasure capabilities: a Gaussian elimination enables to solve the system with a smaller number of known symbols compared to the trivial technique. It will also impact the CPU load: a Gaussian elimination requires more processing than the above trivial algorithm. Depending on the target use case, the codec developer will favor one feature or the other. 7. Full Specification of the LDPC-Triangle Scheme 7.1. General LDPC-Triangle is identified by the Fully-Specified FEC Encoding ID 4. The PRNG used by the LDPC-Triangle scheme must be initialized by a seed. This PRNG seed is an instance-specific FEC OTI attribute (Section 4.2.3). 7.2. Parity Check Matrix Creation The LDPC-Triangle matrix can be divided into two parts: the left side of the matrix defines in which equations the source symbols are involved; the right side of the matrix defines in which equations the repair symbols are involved. The left side MUST be generated by using the same left_matrix_init() function as with LDPC-Staircase (Section 6.2). Roca, et al. Standards Track [Page 22]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 The right side (the triangle) MUST be generated by using the following function: /* * Initialize the right side of the parity check matrix with a * triangle structure. * (IN): the k and n parameters. */ void right_matrix_staircase_init (int k, int n) { int i; /* row index */ int j; /* randomly chosen column indexes in 0..n-k-2 */ int l; /* limitation of the # of "1s" added per row */ matrix_insert_entry(0, k); /* first row */ for (i = 1; i < n-k; i++) { /* for the following rows */ matrix_insert_entry(i, k+i); /* identity */ matrix_insert_entry(i, k+i-1); /* staircase */ /* now fill the triangle */ j = i-1; for (l = 0; l < j; l++) { /* limit the # of "1s" added */ j = pmms_rand(j); matrix_insert_entry(i, k+j); } } } Note that just after creating this parity check matrix, when Encoding Symbol Groups are used (i.e., G > 1), the function initializing the two random permutation tables (Section 5.6) MUST be called. This is true both at a sender and at a receiver. 7.3. Encoding Here also, repair symbol creation is straightforward: each repair symbol of ESI i is equal to the sum of all source and repair symbols (with ESI lower than i) in the associated equation. Therefore, encoding MUST follow the natural repair symbol order: start with the first repair symbol, and generate repair symbol with ESI i before symbol with ESI i+1. 7.4. Decoding Decoding basically consists in solving a system of n-k linear equations, whose variables are the n source and repair symbols. Of course, the final goal is to recover the value of the k source symbols only. To that purpose, many techniques are possible, as explained in Section 6.4. Roca, et al. Standards Track [Page 23]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Because interoperability does not depend on the decoding algorithm used, the current document does not recommend any particular technique. This choice is left to the codec implementer. 8. Security Considerations 8.1. Problem Statement A content delivery system is potentially subject to many attacks: some of them target the network (e.g., to compromise the routing infrastructure, by compromising the congestion control component), others target the Content Delivery Protocol (CDP) (e.g., to compromise its normal behavior), and finally some attacks target the content itself. Since this document focuses on an FEC building block independently of any particular CDP (even if ALC and NORM are two natural candidates), this section only discusses the additional threats that an arbitrary CDP may be exposed to when using this building block. More specifically, several kinds of attacks exist: o those that are meant to give access to a confidential content (e.g., in case of a non-free content), o those that try to corrupt the object being transmitted (e.g., to inject malicious code within an object, or to prevent a receiver from using an object), and o those that try to compromise the receiver's behavior (e.g., by making the decoding of an object computationally expensive). These attacks can be launched either against the data flow itself (e.g., by sending forged symbols) or against the FEC parameters that are sent either in-band (e.g., in an EXT_FTI or FDT Instance) or out- of-band (e.g., in a session description). 8.2. Attacks Against the Data Flow First of all, let us consider the attacks against the data flow. 8.2.1. Access to Confidential Objects Access control to a confidential object being transmitted is typically provided by means of encryption. This encryption can be done over the whole object (e.g., by the content provider, before the FEC encoding process), or be done on a packet per packet basis (e.g., when IPsec/ESP is used [RFC4303]). If confidentiality is a concern, Roca, et al. Standards Track [Page 24]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 it is RECOMMENDED that one of these solutions be used. Even if we mention these attacks here, they are not related or facilitated by the use of FEC. 8.2.2. Content Corruption Protection against corruptions (e.g., after sending forged packets) is achieved by means of a content integrity verification/sender authentication scheme. This service can be provided at the object level, but in that case a receiver has no way to identify which symbol(s) is(are) corrupted if the object is detected as corrupted. This service can also be provided at the packet level. In this case, after removing all forged packets, the object may be, in some cases, recovered. Several techniques can provide this source authentication/content integrity service: o at the object level, the object MAY be digitally signed (with public key cryptography), for instance, by using RSASSA-PKCS1-v1_5 [RFC3447]. This signature enables a receiver to check the object integrity, once the latter has been fully decoded. Even if digital signatures are computationally expensive, this calculation occurs only once per object, which is usually acceptable; o at the packet level, each packet can be digitally signed. A major limitation is the high computational and transmission overheads that this solution requires (unless perhaps if Elliptic Curve Cryptography (ECC) is used). To avoid this problem, the signature may span a set of symbols (instead of a single one) in order to amortize the signature calculation. But if a single symbol is missing, the integrity of the whole set cannot be checked; o at the packet level, a Group Message Authentication Code (MAC) [RFC2104] scheme can be used, for instance, by using HMAC-SHA-1 with a secret key shared by all the group members, senders, and receivers. This technique creates a cryptographically secured (thanks to the secret key) digest of a packet that is sent along with the packet. The Group MAC scheme does not create a prohibitive processing load or transmission overhead, but it has a major limitation: it only provides a group authentication/ integrity service since all group members share the same secret group key, which means that each member can send a forged packet. It is therefore restricted to situations where group members are fully trusted (or in association with another technique such as a pre-check); o at the packet level, Timed Efficient Stream Loss-Tolerant Authentication (TESLA) [RFC4082] is an attractive solution that is robust to losses, provides a true authentication/integrity Roca, et al. Standards Track [Page 25]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 service, and does not create any prohibitive processing load or transmission overhead. Yet, checking a packet requires a small delay (a second or more) after its reception. Techniques relying on public key cryptography (digital signatures and TESLA during the bootstrap process, when used) require that public keys be securely associated to the entities. This can be achieved by a Public Key Infrastructure (PKI), or by a PGP Web of Trust, or by pre-distributing the public keys of each group member. Techniques relying on symmetric key cryptography (Group MAC) require that a secret key be shared by all group members. This can be achieved by means of a group key management protocol, or simply by pre-distributing the secret key (but this manual solution has many limitations). It is up to the CDP developer, who knows the security requirements and features of the target application area, to define which solution is the most appropriate. Nonetheless, in case there is any concern of the threat of object corruption, it is RECOMMENDED that at least one of these techniques be used. 8.3. Attacks Against the FEC Parameters Let us now consider attacks against the FEC parameters (or FEC OTI). The FEC OTI can either be sent in-band (i.e., in an EXT_FTI or in an FDT Instance containing FEC OTI for the object) or out-of-band (e.g., in a session description). Attacks on these FEC parameters can prevent the decoding of the associated object: for instance, modifying the B parameter will lead to a different block partitioning. It is therefore RECOMMENDED that security measures be taken to guarantee the FEC OTI integrity. To that purpose, the packets carrying the FEC parameters sent in-band in an EXT_FTI header extension SHOULD be protected by one of the per-packet techniques described above: digital signature, Group MAC, or TESLA. When FEC OTI is contained in an FDT Instance, this object SHOULD be protected, for instance, by digitally signing it with XML digital signatures [RFC3275]. Finally, when FEC OTI is sent out-of-band (e.g., in a session description) the latter SHOULD be protected, for instance, by digitally signing it with [RFC3852]. The same considerations concerning the key management aspects apply here, also. Roca, et al. Standards Track [Page 26]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 9. IANA Considerations Values of FEC Encoding IDs and FEC Instance IDs are subject to IANA registration. For general guidelines on IANA considerations as they apply to this document, see [RFC5052]. This document assigns the Fully-Specified FEC Encoding ID 3 under the "ietf:rmt:fec:encoding" name-space to "LDPC Staircase Codes". This document assigns the Fully-Specified FEC Encoding ID 4 under the "ietf:rmt:fec:encoding" name-space to "LDPC Triangle Codes". 10. Acknowledgments Section 5.5 is derived from an earlier document, and we would like to thank S. Peltotalo and J. Peltotalo for their contribution. We would also like to thank Pascal Moniot, Laurent Fazio, Mathieu Cunche, Aurelien Francillon, Shao Wenjian, Magnus Westerlund, Brian Carpenter, Tim Polk, Jari Arkko, Chris Newman, Robin Whittle, and Alfred Hoenes for their comments. Last but not least, the authors are grateful to Radford M. Neal (University of Toronto) whose LDPC software (http://www.cs.toronto.edu/~radford/ldpc.software.html) inspired this work. 11. References 11.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, BCP 14, March 1997. [RFC5052] Watson, M., Luby, M., and L. Vicisano, "Forward Error Correction (FEC) Building Block", RFC 5052, August 2007. 11.2. Informative References [ZP74] Zyablov, V. and M. Pinsker, "Decoding Complexity of Low-Density Codes for Transmission in a Channel with Erasures", Translated from Problemy Peredachi Informatsii, Vol.10, No. 1, pp.15-28, January- March 1974. Roca, et al. Standards Track [Page 27]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 [RN04] Roca, V. and C. Neumann, "Design, Evaluation and Comparison of Four Large Block FEC Codecs: LDPC, LDGM, LDGM-Staircase and LDGM-Triangle, Plus a Reed-Solomon Small Block FEC Codec", INRIA Research Report RR-5225, June 2004. [NRFF05] Neumann, C., Roca, V., Francillon, A., and D. Furodet, "Impacts of Packet Scheduling and Packet Loss Distribution on FEC Performances: Observations and Recommendations", ACM CoNEXT'05 Conference, Toulouse, France (an extended version is available as INRIA Research Report RR-5578), October 2005. [CR08] Cunche, M. and V. Roca, "Improving the Decoding of LDPC Codes for the Packet Erasure Channel with a Hybrid Zyablov Iterative Decoding/Gaussian Elimination Scheme", INRIA Research Report RR-6473, March 2008. [LDPC-codec] Roca, V., Neumann, C., Cunche, M., and J. Laboure, "LDPC-Staircase/LDPC-Triangle Codec Reference Implementation", INRIA Rhone-Alpes and STMicroelectronics, <http://planete-bcast.inrialpes.fr/>. [MK03] MacKay, D., "Information Theory, Inference and Learning Algorithms", Cambridge University Press, ISBN: 0-521-64298-1, 2003. [PM88] Park, S. and K. Miller, "Random Number Generators: Good Ones are Hard to Find", Communications of the ACM, Vol. 31, No. 10, pp.1192-1201, 1988. [CA90] Carta, D., "Two Fast Implementations of the Minimal Standard Random Number Generator", Communications of the ACM, Vol. 33, No. 1, pp.87-88, January 1990. [WI08] Whittle, R., "Park-Miller-Carta Pseudo-Random Number Generator", January 2008, <http://www.firstpr.com.au/dsp/rand31/>. [rand31pmc] Whittle, R., "31 bit pseudo-random number generator", September 2005, <http://www.firstpr.com.au/dsp/rand31/ rand31-park-miller-carta.cc.txt>. [PTVF92] Press, W., Teukolsky, S., Vetterling, W., and B. Flannery, "Numerical Recipes in C; Second Edition", Cambridge University Press, ISBN: 0-521-43108-5, 1992. Roca, et al. Standards Track [Page 28]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 [RMT-PI-ALC] Luby, M., Watson, M., and L. Vicisano, "Asynchronous Layered Coding (ALC) Protocol Instantiation", Work in Progress, November 2007. [RMT-PI-NORM] Adamson, B., Bormann, C., Handley, M., and J. Macker, "Negative-acknowledgment (NACK)-Oriented Reliable Multicast (NORM) Protocol", Work in Progress, January 2008. [RMT-FLUTE] Paila, T., Walsh, R., Luby, M., Lehtonen, R., and V. Roca, "FLUTE - File Delivery over Unidirectional Transport", Work in Progress, October 2007. [RFC3447] Jonsson, J. and B. Kaliski, "Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1", RFC 3447, February 2003. [RFC4303] Kent, S., "IP Encapsulating Security Payload (ESP)", RFC 4303, December 2005. [RFC2104] "HMAC: Keyed-Hashing for Message Authentication", RFC 2104, February 1997. [RFC4082] "Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction", RFC 4082, June 2005. [RFC3275] Eastlake, D., Reagle, J., and D. Solo, "(Extensible Markup Language) XML-Signature Syntax and Processing", RFC 3275, March 2002. [RFC3453] Luby, M., Vicisano, L., Gemmell, J., Rizzo, L., Handley, M., and J. Crowcroft, "The Use of Forward Error Correction (FEC) in Reliable Multicast", RFC 3453, December 2002. [RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, July 2004. [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data Encodings", RFC 4648, October 2006. Roca, et al. Standards Track [Page 29]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Appendix A. Trivial Decoding Algorithm (Informative Only) A trivial decoding algorithm is sketched below (please see [LDPC-codec] for the details omitted here): Initialization: allocate a table partial_sum[n-k] of buffers, each buffer being of size the symbol size. There's one entry per equation since the buffers are meant to store the partial sum of each equation; Reset all the buffers to zero; /* * For each newly received or decoded symbol, try to make progress * in the decoding of the associated source block. * NB: in case of a symbol group (G>1), this function is called for * each symbol of the received packet. * NB: a callback function indicates to the caller that new symbol(s) * has(have) been decoded. * new_esi (IN): ESI of the new symbol received or decoded * new_symb (IN): Buffer of the new symbol received or decoded */ void decoding_step(ESI_t new_esi, symbol_t *new_symb) { If (new_symb is an already decoded or received symbol) { Return; /* don't waste time with this symbol */ } If (new_symb is the last missing source symbol) { Remember that decoding is finished; Return; /* work is over now... */ } Create an empty list of equations having symbols decoded during this decoding step; /* * First add this new symbol to the partial sum of all the * equations where the symbol appears. */ For (each equation eq in which new_symb is a variable and having more than one unknown variable) { Add new_symb to partial_sum[eq]; Remove entry(eq, new_esi) from the H matrix; Roca, et al. Standards Track [Page 30]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 If (the new degree of equation eq == 1) { /* a new symbol can be decoded, remember the * equation */ Append eq to the list of equations having symbols decoded during this decoding step; } } /* * Then finish with recursive calls to decoding_step() for each * newly decoded symbol. */ For (each equation eq in the list of equations having symbols decoded during this decoding step) { /* * Because of the recursion below, we need to check that * decoding is not finished, and that the equation is * __still__ of degree 1 */ If (decoding is finished) { break; /* exit from the loop */ } If ((degree of equation eq == 1) { Let dec_esi be the ESI of the newly decoded symbol in equation eq; Remove entry(eq, dec_esi); Allocate a buffer, dec_symb, for this symbol and copy partial_sum[eq] to dec_symb; Inform the caller that a new symbol has been decoded via a callback function; /* finally, call this function recursively */ decoding_step(dec_esi, dec_symb); } } Free the list of equations having symbols decoded; Return; } Roca, et al. Standards Track [Page 31]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Authors' Addresses Vincent Roca INRIA 655, av. de l'Europe Inovallee; Montbonnot ST ISMIER cedex 38334 France EMail: vincent.roca@inria.fr URI: http://planete.inrialpes.fr/people/roca/ Christoph Neumann Thomson 12, bd de Metz Rennes 35700 France EMail: christoph.neumann@thomson.net URI: http://planete.inrialpes.fr/people/chneuman/ David Furodet STMicroelectronics 12, Rue Jules Horowitz BP217 Grenoble Cedex 38019 France EMail: david.furodet@st.com URI: http://www.st.com/ Roca, et al. Standards Track [Page 32]

RFC 5170 LDPC Staircase and Triangle FEC June 2008 Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Roca, et al. Standards Track [Page 33]