Worst-case to average case reductions for the distance to a code - - PowerPoint PPT Presentation

worst case to average case reductions for the distance to
SMART_READER_LITE
LIVE PREVIEW

Worst-case to average case reductions for the distance to a code - - PowerPoint PPT Presentation

Aug 14, 2022 118 likes •283 views

Worst-case to average case reductions for the distance to a code CCC 2018 Eli Ben-Sasson and Swastik Kopparty and Shubhangi Saraf June 2018 Overview motivation main results applications one proof Motivation Arithmetization

slide-1
SLIDE 1

Worst-case to average case reductions for the distance to a code

CCC 2018 Eli Ben-Sasson and Swastik Kopparty and Shubhangi Saraf June 2018

slide-2
SLIDE 2

Overview

◮ motivation ◮ main results ◮ applications ◮ one proof

slide-3
SLIDE 3

Motivation

◮ Arithmetization [LFKN92]

◮ reduces computational problems to algebraic problems about low-degree polynomials ◮ used in IP, MIP, PCP, ZK, IPCP, IOP, . . . protocols

◮ example: 3SAT formula φ → “local” constraints over linear code V ⊂ Fn, satisfying

◮ Completeness: φ ∈ 3SAT ⇒ ∃v1, . . . , vk ∈ V that satisfy all “local” constraints ◮ Soundness: φ ∈ 3SAT ⇒ ∀ u = (u1, . . . , uk) ∈ (Fn)k, if u satisfies “local” constraints, then ∃u∗ ∈ u, ∆(u∗, V ) > 0.1 (∆ is relative Hamming distance).

◮ This talk discusses

  • 1. worst-to-average case: ∆(u∗, V ) > δ → almost all u ∈ span(

u) satisfy ∆(u, V ) ≈ δ

  • 2. local distance amplification: ∆(u∗, V ) > 0.1 → ∆(u∗∗, V ) > 0.99,

u∗∗ locally computed from u∗.

◮ Techniques: (i) more interaction, (ii) more randomness; for (2) above, also use automorphisms of V .

slide-4
SLIDE 4

Main results on worst-to-average case distance reductions

Let U, V ⊆ Fn. If u∗ ∈ U is δ-far from V (∆(u∗, V ) ≥ δ) . . . Prior state of art — Unique decoding distance [RVW 2013] Then most u ∈ U are at least half as far from V as u: Pru∈U [∆(u, V ) < δ/2] ≤

1 |F|−1.

First result — List decoding distance for general spaces V Then most u ∈ U are ≈ J(δ) 1 − √ 1 − δ far from V : Pru∈U [∆(u, V ) < J(δ) − ǫ] < Oǫ

  • 1

|F|

  • ,

For δ = 1 − o(1), most u ∈ U have ∆(u, V ) = 1 − o(1). Second result — Distance preservation for codes V If moreover V has minimal distance λ and δ < J(J(λ)) − ǫ, then Pru∈U [∆(u, V ) < δ − ǫ] < Oǫ

  • 1

|F|

  • ,

For λ = 1 − o(1), most u ∈ U have ∆(u, V ) ≈ δ.

slide-5
SLIDE 5

Main results on local distance amplification

Let V ⊆ Fn be a subspace ◮ q-local map M : Fn → Fn — ith entry of M(v) depends on ≤ q entries of v; ◮ We are interested in q-local maps that (i) preserve perfect completeness and (ii) amplify soundness ◮ Automorphism group Aut(V ) — group of permutations on [n] that leave V invariant: ∀v ∈ V , π ∈ Aut(V ), π(v) ∈ V ◮ Example: For V = RS[F, ρ] {f (x) : F → F | deg(f ) < ρ|F|}, Aut(V ), Aut (RS[F, ρ]) = {x → ax + b | a ∈ F∗, b ∈ F}; Third result — Distance amplification for RS codes For δ, ǫ > 0 there exists q = q(ρ, δ, ǫ) such that if u : F → F is δ-far from RS[F, ρ] then Prπ1,...,πq∈Aut(RS[F,ρ])

  • ∆(q

i=1 πi(u), RS[F, ρ]) < J(J(1 − ρ)) − ǫ

  • <

Oǫ,q(1) |F|

, For ρ = o(1), this gives distance amplification up to distance 1 − o(1).

slide-6
SLIDE 6

Application I: High-error Polishchuk-Spielman theorems

For A, B ⊆ F, |A| = |B| = N suppose fr, fc : A × B → F satisfy ◮ each row of fr : A × B → F is a degree dr polynomial ◮ each column of fc is a degree dc polynomial ◮ Pra,b[fr(a, b) = fc(a, b)] ≥ η, η is the agreement parameter Then ◮ Folklore: η = 1 ⇒ fr = fc is degree-(dr, dc) bivariate polynomial ◮ High degree, high agreement [PS94]: For dr +dc

N

+ < 1

2 and η > 1 2, we

have that fr, fc are close to degree-(dr, dc) bivar polynomial ◮ Open: prove for degree dr, dc = Ω(|A|) and η ≪ 1/2 ◮ [CMS17]: for η ≪ 1

2 and dr, dc = O(log N), we have that fr, fc are

close to degree-(dr, dc) poly ◮ New: for η ≪ 1

2 and dr = O(log log n) and dc = Ω(N) we have that

fr, fc are close to degree-(dr, dc) poly; ◮ [CMS17] and new result are incomparable

◮ [CMS17] holds for larger degree in both axes; ◮ new result requires lower degree, but only for one axis; ◮ different proof techniques.

slide-7
SLIDE 7

Application II: Improved IOPPs for Reed-Solomon codes

Plan:

  • 1. Interactive Oracle Proof of Proximity (IOPP) definition
  • 2. Fast RS IOPP (FRI) protocol and prior soundness
  • 3. Improved FRI soundness analysis
slide-8
SLIDE 8

Interactive Oracle Proof of Proximity (IOPP) [RRR16,BCS16]

◮ Proximity testing: given P ⊂ ΣS, oracle f : S → Σ, distinguish between f ∈ P and f is δ-far from P; ◮ IOPP model generalizes IP [GMR85], IPCP [KR05], and PCPP [BGHSV05, DR06]; ◮ IOPP model (informal definition)

◮ Prover sends oracle f : S → Σ ◮ Verifier sends 1st randomness r1 ◮ Prover sends 1st proof oracle π1 : S1 → Σ ◮ Verifier sends r2, prover sends π2, repeat for R rounds; ◮ Verifier queries f , π1, . . . , πR, outputs acc/rej

◮ soundness+completeness as in the PCPP model ◮ query complexity q measured over all oracles; ◮ proof length and prover complexity measured over π1, . . . , πR

slide-9
SLIDE 9

Fast RS IOPP (FRI) [BBHR18]

◮ RS proximity testing: Fix field F, blocklength N ≤ |F|, rate ρ, proximity parameter δ ≤ 1 − ρ; ◮ Given oracle f : S → F

◮ accept if deg(f ) < ρN, ◮ reject w.p. ≥ 1/2 if f is δ-far from degree < ρN

◮ Pay attention to proximity parameter δ0 Theorem (Informal) [BBHR18] [New] FRI protocol with blocklength N, and rate ρ < 1 has ◮ O(N) prover arithmetic complexity and proof length ◮ O(log N) rounds, verifier arithmetic complexity and queries; ◮ δ − O(1)

|F| rejection pr. for δ < δ0, where δ0 ≈ ✚✚ 1−ρ 4

1 − ρ

1 4

Theorem (followup) [Newest] FRI protocol has same parameters as in Theorem above, but ◮ δ − O(1)

|F| rejection pr. for δ < δ0, where δ0 ≈ 1 − ρ

1 3 , tight(!)

slide-10
SLIDE 10

FRI soundness as function of rate

Higher lines mean higher (better) soundness (rejection prob.):

0.2 0.4 0.6 0.8 1 0.2 0.4 0.6 0.8 1 ρ δ0 upper bound Johnson bound unique decoding this work lower bound newest (follow-up) tight bound [BBHR18] lower bound

slide-11
SLIDE 11

FRI soundness: example setting

◮ Example: for ρ = 2−8 =

1 256 and δ = 1 − ρ:

◮ old rejection probability ≥ 1/4 ◮ new rejection probability ≥ 3/4 ◮ follow-up: tight bound (upper+lower): = 0.842 . . .

slide-12
SLIDE 12

One proof

◮ Lemma If ∆(u∗, V ) ≥ δ, then there are at most O(1) values of α ∈ F for which ∆(u∗ + αu, V ) ≤ J(δ) − ǫ. ◮ Key ingredient: Johnson Bound If u, w1, . . . , wt ∈ Fn are such that ∆(wi, wj) ≥ δ and ∆(u, wi) ≤ J(δ) − ǫ, then t ≤ Oǫ(1). ◮ Proof: Suppose α1, . . . , αt ∈ F and v1, . . . , vt ∈ V are such that: ∆(u∗ + αiu, vi) < J(δ) − ǫ. Then: ∆(u, 1 αi (vi − u∗)) < J(δ) − ǫ. But note that: ∆( 1 αi (vi − u∗), 1 αj (vj − u∗)) ≥ ∆(u, V ) ≥ δ. Thus the Johnson bound gives the desired bound on t.

slide-13
SLIDE 13

Proof sketch for distance preservation

◮ Distance Preservation Theorem Suppose V has distance λ, and ∆(u∗, V ) ≥ δ, where δ ≤ J(J(λ)). Then most for most α ∈ F, we have that u∗ + αu is (δ − ǫ)-far from V . ◮ Intermediate structure theorem Suppose V has distance λ and δ < J(J(λ)). For arbitrary u, u∗ ∈ Fn, if there are many α ∈ F such that ∆(u∗ + αu, V ) < δ − ǫ, then there is a set S ⊆ [n], and vectors v, v ∗ ∈ V with:

◮ |S| < δ + ǫ. ◮ u|[n]\S = v|[n]\S. ◮ u∗|[n]\S = v ∗|[n]\S.

◮ In words: the only way to make the line {u∗ + αu | α ∈ F} in Fn have many points close to V is if u∗ and u are both close to V with the set of agreeing coordinates aligned. ◮ Immediately implies the distance preservation theorem. ◮ Intermediate structure theorem proved using (1) two invocations of the Johnson bound1, and (2) some tools from graph theory.

1of course .. see J(J(λ))

slide-14
SLIDE 14

Applications: proof sketch

◮ RS distance amplification:

◮ Want to show that if g = random linear combination of random affine shifts of f , then g far from RS code. ◮ Key tool: intermediate structure theorem. ◮ If g is often close to low degree, then we get that f and a random affine shift of f must have a large set of coordinates where both agree with RS code. ◮ But random affine shifts are quite mixing: This rules out the above possibility.

◮ High-error Polishcuk-Spielman bivariate testing:

◮ Immediately follows from intermediate structure theorem.

◮ Improved soundness for Fast Reed-Solomon IOPP:

◮ Immediately follows from distance preservation theorem.

slide-15
SLIDE 15

Final remarks

Summary ◮ Worst-to-average case reductions for linear spaces

◮ New: If some u∗ ∈ U is δ-far from V , then most members of U are ≈ δ-far from V ◮ Prior [RVW16]: . . . most members of U are ≈ δ/2-far from V

◮ q-local distance amplification for RS codes

◮ New: If f : F → F is

1 100-far from degree- |F| 100 polynomials, then

w.h.p. over random ai ∈ F∗, bi ∈ F, ˆ f (X)

100

  • i=1

f (aiX + bi) is (i) 100-local and (ii)

9 10-far from degree- |F| 100 polynomials

◮ two applications to low-degree testing

◮ high-error Polischuk-Spielman bivariate low-degree testing ◮ improved RS soundness analysis of FRI protocol