Pseudorandomness List-Decoding Algorithms, Lecture Notes - Computer Science, Study notes of Number Theory

Download Pseudorandomness List-Decoding Algorithms, Lecture Notes - Computer Science and more Study notes Number Theory in PDF only on Docsity! CS225: Pseudorandomness Prof. Salil Vadhan Lecture 15: List-Decoding Algorithms April 5, 2007 Based on scribe notes by xxxx. Let C be a code with encoding function Enc : {1, . . . , N} → Σn̂. Given any received word r ∈ Σn̂, we would like to find all elements of LIST(r, ε) = {m : agr(m, r) ≥ ε} in polynomial time, where agr(m, r) = Pry[my = ry]. (For convenience, we have switched to measuring the agreement ε instead of the list-decoding distance δ = 1− ε as discussed last time.) 1 Review of Algebra • For every prime power q = pk there is a field Fq of size q, and this field is unique up to isomorphism (renaming elements). The prime p is called the characteristic of the field. Fq has a description of length O(log q) enabling addition, multiplication, and division to be formed in polynomial time (i.e. time poly(log q)). If q = pk for a given prime p and integer k, this description can be found probabilistically in time poly(log p, k) = poly(log q) and deterministically in time poly(p, k). Note that for even finding a prime p of a desired bitlength, we only know time poly(p) deterministic algorithms. Thus, for computational purposes, a convenient choice is often to instead take p = 2 and k large, in which case everything can be done deterministically in time poly(k) = poly(log q). • For every field F, F[X1, . . . , Xn] is the integral domain consisting of formal polynomials Q(X1, . . . , Xn) with coefficients in F, where addition and multiplication of polynomials is defined in the usual way. • A polynomial Q(X1, . . . , Xn) is irreducible if we cannot write Q = RS where R,S are non- constant polynomials. • F[X1, . . . , Xn] is a unique factorization domain. That is, every polynomial p can be factored as Q = Q1Q2 · · ·Qm, where each Qi is irreducible and this factorization is unique up to reordering and multiplication by constants from F. Given the description of a finite field Fpk and the polynomial Q, this factorization can be done in probabilistically in time poly(log p, k, |Q|) and deterministically in time poly(p, k, |Q|). • For Q(Y,Z) ∈ F[Y, Z] and f(Y ) ∈ F[Y ], if Q(Y, f(Y )) = 0, then Z − f(Y ) is one of the irreducible factors of Q(Y, Z) (and thus can be found in polynomial time). 2 List-Decoding Reed-Solomon Codes Theorem 1 (Sudan) There is a polynomial-time algorithm for decoding the Reed-Solomon code of degree d over Fq up to distance δ = 1− 2 √ d/q. 1 In fact the constant of 2 can be improved to 1, matching the combinatorial list-decoding radius for Reed–Solomon codes given by an optimized form of the Johnson Bound, but we will not do this optimization here. Proof: We are given a received word r : Fq → Fq, and want to find all elements of LIST(r, ε) for ε = 2 √ d/q. Step 1: Find a low-degree Q ‘explaining’ r. Specifically, Q(Y, Z) will be a nonzero bivariate polynomial of degree at most dY in its first variable Y and dZ in its second variable, and will satisfy Q(y, r(y)) = 0 for all y ∈ Fq. Each such y imposes a linear constraint on the (dY + 1)(dZ + 1) coefficients of Q. Thus, this system has a nonzero solution provided (dY + 1)(dZ + 1) > q, and it can be found in polynomial time by linear algebra (over Fq). Step 2: Argue that each f(Y ) ∈ LIST(r) is a ‘root’ of Q. Specifically, it will be the case that Q(Y, f(Y )) = 0 for each f ∈ LIST(r, ε). The reason is that Q(Y, f(Y )) is a univariate polynomial of degree at most dY + d · dZ , and has at least εq zeroes (one for each place that f and r agree). Thus, we can conclude Q(Y, f(Y )) = 0 provided εq > dY + d · dZ . Then we can enumerate all of the elements of LIST(r) by factoring Q(Y, Z) and taking all the factors of the form Z − f(Y ). For this algorithm to work, the two conditions we need to satisfy are (dY + 1)(dZ + 1) > q, and εq > dY + d · dZ . These conditions can be satisfied by setting dY = bεq/2c, dZ = bεq/(2d)c, and ε = 2 √ d/q. Note that the rate of Reed-Solomon codes is ρ = (d + 1)/q = Θ(ε2). The alphabet size is q = Ω̃(n/ρ) = Ω̃(n/ε2). In contrast, an optimal code would have ρ ≈ ε and q = O(1/ε). 3 Parvaresh–Vardy Codes Our aim is to improve the rate-distance tradeoff to ρ = Θ̃(ε). Intuitively, the power of the Reed– Solomon list-decoding algorithm comes from the fact that we can interpolate the q points (y, r(y)) of the received word using a bivariate polynomial Q to be of degree roughly √ q in each variable (think of d = O(1) for now). If we could use m variables instead of 2, then the degrees would only have to be around q1/m. First attempt: Replace Step 1 with finding an (m + 1)-variate polynomial Q(Y, Z1, . . . , Zm) of degree dY in Y and dZ in each Zi such that Q(y, r(y), r(y), . . . , r(y)) = 0 for every y ∈ Fq. 2