Worst-case to average case reductions for the distance to a code - PowerPoint PPT Presentation

Worst-case to average case reductions for the distance to a code CCC 2018 Eli Ben-Sasson and Swastik Kopparty and Shubhangi Saraf June 2018

Overview ◮ motivation ◮ main results ◮ applications ◮ one proof

Motivation ◮ Arithmetization [LFKN92] ◮ reduces computational problems to algebraic problems about low-degree polynomials ◮ used in IP, MIP, PCP, ZK, IPCP, IOP, . . . protocols ◮ example: 3SAT formula φ �→ “local” constraints over linear code V ⊂ F n , satisfying ◮ Completeness: φ ∈ 3 SAT ⇒ ∃ v 1 , . . . , v k ∈ V that satisfy all “local” constraints ◮ Soundness: φ �∈ 3 SAT ⇒ ∀ � u = ( u 1 , . . . , u k ) ∈ ( F n ) k , if � u satisfies “local” constraints, then ∃ u ∗ ∈ � u , ∆( u ∗ , V ) > 0 . 1 ( ∆ is relative Hamming distance). ◮ This talk discusses 1. worst-to-average case: ∆( u ∗ , V ) > δ �→ almost all u ∈ span ( � u ) satisfy ∆( u , V ) ≈ δ 2. local distance amplification: ∆( u ∗ , V ) > 0 . 1 �→ ∆( u ∗∗ , V ) > 0 . 99, u ∗∗ locally computed from u ∗ . ◮ Techniques: (i) more interaction, (ii) more randomness; for (2) above, also use automorphisms of V .

Main results on worst-to-average case distance reductions Let U , V ⊆ F n . If u ∗ ∈ U is δ -far from V ( ∆( u ∗ , V ) ≥ δ ) . . . Prior state of art — Unique decoding distance [RVW 2013] Then most u ∈ U are at least half as far from V as u : 1 Pr u ∈ U [∆( u , V ) < δ/ 2 ] ≤ | F |− 1 . First result — List decoding distance for general spaces V √ Then most u ∈ U are ≈ J ( δ ) � 1 − 1 − δ far from V : � � 1 Pr u ∈ U [∆( u , V ) < J ( δ ) − ǫ ] < O ǫ , | F | For δ = 1 − o ( 1 ) , most u ∈ U have ∆( u , V ) = 1 − o ( 1 ) . Second result — Distance preservation for codes V If moreover V has minimal distance λ and δ < J ( J ( λ )) − ǫ , then � � 1 Pr u ∈ U [∆( u , V ) < δ − ǫ ] < O ǫ , | F | For λ = 1 − o ( 1 ) , most u ∈ U have ∆( u , V ) ≈ δ .

Main results on local distance amplification Let V ⊆ F n be a subspace ◮ q -local map M : F n → F n — i th entry of M ( v ) depends on ≤ q entries of v ; ◮ We are interested in q -local maps that (i) preserve perfect completeness and (ii) amplify soundness ◮ Automorphism group Aut ( V ) — group of permutations on [ n ] that leave V invariant: ∀ v ∈ V , π ∈ Aut ( V ) , π ( v ) ∈ V ◮ Example: For V = RS [ F , ρ ] � { f ( x ) : F → F | deg( f ) < ρ | F |} , Aut ( V ) , Aut ( RS [ F , ρ ]) = { x �→ ax + b | a ∈ F ∗ , b ∈ F } ; Third result — Distance amplification for RS codes For δ, ǫ > 0 there exists q = q ( ρ, δ, ǫ ) such that if u : F → F is δ -far from RS [ F , ρ ] then ∆( � q � � Pr π 1 ,...,π q ∈ Aut ( RS [ F ,ρ ]) i = 1 π i ( u ) , RS [ F , ρ ]) < J ( J ( 1 − ρ )) − ǫ < O ǫ, q ( 1 ) , | F | For ρ = o ( 1 ) , this gives distance amplification up to distance 1 − o ( 1 ) .

Application I: High-error Polishchuk-Spielman theorems For A , B ⊆ F , | A | = | B | = N suppose f r , f c : A × B → F satisfy ◮ each row of f r : A × B → F is a degree d r polynomial ◮ each column of f c is a degree d c polynomial ◮ Pr a , b [ f r ( a , b ) = f c ( a , b )] ≥ η , η is the agreement parameter Then ◮ Folklore: η = 1 ⇒ f r = f c is degree- ( d r , d c ) bivariate polynomial ◮ High degree, high agreement [PS94]: For d r + d c + < 1 2 and η > 1 2 , we N have that f r , f c are close to degree- ( d r , d c ) bivar polynomial ◮ Open: prove for degree d r , d c = Ω( | A | ) and η ≪ 1 / 2 ◮ [CMS17]: for η ≪ 1 2 and d r , d c = O (log N ) , we have that f r , f c are close to degree- ( d r , d c ) poly ◮ New: for η ≪ 1 2 and d r = O (log log n ) and d c = Ω( N ) we have that f r , f c are close to degree- ( d r , d c ) poly; ◮ [CMS17] and new result are incomparable ◮ [CMS17] holds for larger degree in both axes; ◮ new result requires lower degree, but only for one axis; ◮ different proof techniques.

Application II: Improved IOPPs for Reed-Solomon codes Plan: 1. Interactive Oracle Proof of Proximity (IOPP) definition 2. Fast RS IOPP (FRI) protocol and prior soundness 3. Improved FRI soundness analysis

Interactive Oracle Proof of Proximity (IOPP) [RRR16,BCS16] ◮ Proximity testing: given P ⊂ Σ S , oracle f : S → Σ , distinguish between f ∈ P and f is δ -far from P ; ◮ IOPP model generalizes IP [GMR85], IPCP [KR05], and PCPP [BGHSV05, DR06]; ◮ IOPP model (informal definition) ◮ Prover sends oracle f : S → Σ ◮ Verifier sends 1st randomness r 1 ◮ Prover sends 1st proof oracle π 1 : S 1 → Σ ◮ Verifier sends r 2 , prover sends π 2 , repeat for R rounds; ◮ Verifier queries f , π 1 , . . . , π R , outputs acc/rej ◮ soundness+completeness as in the PCPP model ◮ query complexity q measured over all oracles; ◮ proof length and prover complexity measured over π 1 , . . . , π R

Fast RS IOPP (FRI) [BBHR18] ◮ RS proximity testing: Fix field F , blocklength N ≤ | F | , rate ρ , proximity parameter δ ≤ 1 − ρ ; ◮ Given oracle f : S → F ◮ accept if deg( f ) < ρ N , ◮ reject w.p. ≥ 1 / 2 if f is δ -far from degree < ρ N ◮ Pay attention to proximity parameter δ 0 Theorem (Informal) [BBHR18] [New] FRI protocol with blocklength N , and rate ρ < 1 has ◮ O ( N ) prover arithmetic complexity and proof length ◮ O (log N ) rounds, verifier arithmetic complexity and queries; ◮ δ − O ( 1 ) | F | rejection pr. for δ < δ 0 , where δ 0 ≈ ✚✚ 1 − ρ 1 1 − ρ 4 4 Theorem (followup) [Newest] FRI protocol has same parameters as in Theorem above, but ◮ δ − O ( 1 ) 1 3 , tight(!) | F | rejection pr. for δ < δ 0 , where δ 0 ≈ 1 − ρ

FRI soundness as function of rate Higher lines mean higher (better) soundness (rejection prob.): upper bound 1 Johnson bound unique decoding 0 . 8 this work lower bound newest (follow-up) tight bound 0 . 6 [BBHR18] lower bound δ 0 0 . 4 0 . 2 0 0 0 . 2 0 . 4 0 . 6 0 . 8 1 ρ

FRI soundness: example setting ◮ Example: for ρ = 2 − 8 = 1 256 and δ = 1 − ρ : ◮ old rejection probability ≥ 1 / 4 ◮ new rejection probability ≥ 3 / 4 ◮ follow-up: tight bound (upper+lower): = 0 . 842 . . .

One proof ◮ Lemma If ∆( u ∗ , V ) ≥ δ , then there are at most O ( 1 ) values of α ∈ F for which ∆( u ∗ + α u , V ) ≤ J ( δ ) − ǫ. ◮ Key ingredient: Johnson Bound If u , w 1 , . . . , w t ∈ F n are such that ∆( w i , w j ) ≥ δ and ∆( u , w i ) ≤ J ( δ ) − ǫ , then t ≤ O ǫ ( 1 ) . ◮ Proof: Suppose α 1 , . . . , α t ∈ F and v 1 , . . . , v t ∈ V are such that: ∆( u ∗ + α i u , v i ) < J ( δ ) − ǫ. Then: ∆( u , 1 ( v i − u ∗ )) < J ( δ ) − ǫ. α i But note that: ∆( 1 ( v i − u ∗ ) , 1 ( v j − u ∗ )) ≥ ∆( u , V ) ≥ δ. α i α j Thus the Johnson bound gives the desired bound on t .

Proof sketch for distance preservation ◮ Distance Preservation Theorem Suppose V has distance λ , and ∆( u ∗ , V ) ≥ δ , where δ ≤ J ( J ( λ )) . Then most for most α ∈ F , we have that u ∗ + α u is ( δ − ǫ ) -far from V . ◮ Intermediate structure theorem Suppose V has distance λ and δ < J ( J ( λ )) . For arbitrary u , u ∗ ∈ F n , if there are many α ∈ F such that ∆( u ∗ + α u , V ) < δ − ǫ , then there is a set S ⊆ [ n ] , and vectors v , v ∗ ∈ V with: ◮ | S | < δ + ǫ . ◮ u | [ n ] \ S = v | [ n ] \ S . ◮ u ∗ | [ n ] \ S = v ∗ | [ n ] \ S . ◮ In words: the only way to make the line { u ∗ + α u | α ∈ F } in F n have many points close to V is if u ∗ and u are both close to V with the set of agreeing coordinates aligned . ◮ Immediately implies the distance preservation theorem. ◮ Intermediate structure theorem proved using (1) two invocations of the Johnson bound 1 , and (2) some tools from graph theory. 1 of course .. see J ( J ( λ ))

Applications: proof sketch ◮ RS distance amplification: ◮ Want to show that if g = random linear combination of random affine shifts of f , then g far from RS code. ◮ Key tool: intermediate structure theorem. ◮ If g is often close to low degree, then we get that f and a random affine shift of f must have a large set of coordinates where both agree with RS code. ◮ But random affine shifts are quite mixing: This rules out the above possibility. ◮ High-error Polishcuk-Spielman bivariate testing: ◮ Immediately follows from intermediate structure theorem. ◮ Improved soundness for Fast Reed-Solomon IOPP: ◮ Immediately follows from distance preservation theorem.

Final remarks Summary ◮ Worst-to-average case reductions for linear spaces ◮ New: If some u ∗ ∈ U is δ -far from V , then most members of U are ≈ δ -far from V ◮ Prior [RVW16]: . . . most members of U are ≈ δ/ 2-far from V ◮ q -local distance amplification for RS codes ◮ New: If f : F → F is 100 -far from degree- | F | 1 100 polynomials, then w.h.p. over random a i ∈ F ∗ , b i ∈ F , 100 ˆ � f ( X ) � f ( a i X + b i ) i = 1 10 -far from degree- | F | 9 is (i) 100-local and (ii) 100 polynomials ◮ two applications to low-degree testing ◮ high-error Polischuk-Spielman bivariate low-degree testing ◮ improved RS soundness analysis of FRI protocol