Pseudorandomness List-Decoding Algorithms, Lecture Notes - Computer Science, Study notes of Number Theory

<p>Prof. Salil Vadhan, Computer Science, Pseudorandomness, List-Decoding Algorithms, Reed-Solomon Codes, Parvaresh Vardy Codes, Folded Reed Solomon Codes, Harvard, Lecture Notes</p>

Typology: Study notes

2010/2011

Uploaded on 10/26/2011

thecoral
thecoral 🇺🇸

4.5

(30)

395 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CS225: Pseudorandomness Prof. Salil Vadhan
Lecture 15: List-Decoding Algorithms
April 5, 2007
Based on scribe notes by xxxx.
Let Cbe a code with encoding function Enc : {1, . . . , N} Σˆn. Given any received word rΣˆn,
we would like to find all elements of LIST(r, ε) = {m: agr(m, r)ε}in polynomial time, where
agr(m, r) = Pry[my=ry]. (For convenience, we have switched to measuring the agreement ε
instead of the list-decoding distance δ= 1 εas discussed last time.)
1 Review of Algebra
For every prime power q=pkthere is a field Fqof size q, and this field is unique up to
isomorphism (renaming elements). The prime pis called the characteristic of the field. Fq
has a description of length O(log q) enabling addition, multiplication, and division to be
formed in polynomial time (i.e. time poly(log q)). If q=pkfor a given prime pand integer
k, this description can be found probabilistically in time poly(log p, k ) = poly(log q) and
deterministically in time poly(p, k). Note that for even finding a prime pof a desired bitlength,
we only know time poly(p) deterministic algorithms. Thus, for computational purposes, a
convenient choice is often to instead take p= 2 and klarge, in which case everything can be
done deterministically in time poly(k) = p oly(log q).
For every field F,F[X1, . . . , Xn] is the integral domain consisting of formal polynomials
Q(X1, . . . , Xn) with coefficients in F, where addition and multiplication of polynomials is
defined in the usual way.
A polynomial Q(X1, . . . , Xn) is irreducible if we cannot write Q=RS where R, S are non-
constant polynomials.
F[X1, . . . , Xn] is a unique factorization domain. That is, every polynomial pcan be factored as
Q=Q1Q2·· ·Qm, where each Qiis irreducible and this factorization is unique up to reordering
and multiplication by constants from F. Given the description of a finite field Fpkand the
polynomial Q, this factorization can be done in probabilistically in time poly(log p, k , |Q|)
and deterministically in time poly(p, k, |Q|).
For Q(Y, Z)F[Y , Z] and f(Y)F[Y], if Q(Y, f (Y)) = 0, then Zf(Y) is one of the
irreducible factors of Q(Y, Z ) (and thus can be found in polynomial time).
2 List-Decoding Reed-Solomon Codes
Theorem 1 (Sudan) There is a polynomial-time algorithm for decoding the Reed-Solomon code
of degree dover Fqup to distance δ= 1 2pd/q.
1
pf3
pf4
pf5

Partial preview of the text

Download Pseudorandomness List-Decoding Algorithms, Lecture Notes - Computer Science and more Study notes Number Theory in PDF only on Docsity!

CS225: Pseudorandomness Prof. Salil Vadhan

Lecture 15: List-Decoding Algorithms

April 5, 2007

Based on scribe notes by xxxx.

Let C be a code with encoding function Enc : { 1 ,... , N } → Σˆn. Given any received word r ∈ Σnˆ, we would like to find all elements of LIST(r, ε) = {m : agr(m, r) ≥ ε} in polynomial time, where agr(m, r) = Pry[my = ry]. (For convenience, we have switched to measuring the agreement ε instead of the list-decoding distance δ = 1 − ε as discussed last time.)

1 Review of Algebra

  • For every prime power q = pk^ there is a field Fq of size q, and this field is unique up to isomorphism (renaming elements). The prime p is called the characteristic of the field. Fq has a description of length O(log q) enabling addition, multiplication, and division to be formed in polynomial time (i.e. time poly(log q)). If q = pk^ for a given prime p and integer k, this description can be found probabilistically in time poly(log p, k) = poly(log q) and deterministically in time poly(p, k). Note that for even finding a prime p of a desired bitlength, we only know time poly(p) deterministic algorithms. Thus, for computational purposes, a convenient choice is often to instead take p = 2 and k large, in which case everything can be done deterministically in time poly(k) = poly(log q).
  • For every field F, F[X 1 ,... , Xn] is the integral domain consisting of formal polynomials Q(X 1 ,... , Xn) with coefficients in F, where addition and multiplication of polynomials is defined in the usual way.
  • A polynomial Q(X 1 ,... , Xn) is irreducible if we cannot write Q = RS where R, S are non- constant polynomials.
  • F[X 1 ,... , Xn] is a unique factorization domain. That is, every polynomial p can be factored as Q = Q 1 Q 2 · · · Qm, where each Qi is irreducible and this factorization is unique up to reordering and multiplication by constants from F. Given the description of a finite field Fpk and the polynomial Q, this factorization can be done in probabilistically in time poly(log p, k, |Q|) and deterministically in time poly(p, k, |Q|).
  • For Q(Y, Z) ∈ F[Y, Z] and f (Y ) ∈ F[Y ], if Q(Y, f (Y )) = 0, then Z − f (Y ) is one of the irreducible factors of Q(Y, Z) (and thus can be found in polynomial time).

2 List-Decoding Reed-Solomon Codes

Theorem 1 (Sudan) There is a polynomial-time algorithm for decoding the Reed-Solomon code of degree d over Fq up to distance δ = 1 − 2

d/q.

In fact the constant of 2 can be improved to 1, matching the combinatorial list-decoding radius for Reed–Solomon codes given by an optimized form of the Johnson Bound, but we will not do this optimization here.

Proof: We are given a received word r : Fq → Fq, and want to find all elements of LIST(r, ε) for ε = 2

d/q.

Step 1: Find a low-degree Q ‘explaining’ r. Specifically, Q(Y, Z) will be a nonzero bivariate polynomial of degree at most dY in its first variable Y and dZ in its second variable, and will satisfy Q(y, r(y)) = 0 for all y ∈ Fq. Each such y imposes a linear constraint on the (dY + 1)(dZ + 1) coefficients of Q. Thus, this system has a nonzero solution provided (dY + 1)(dZ + 1) > q, and it can be found in polynomial time by linear algebra (over Fq).

Step 2: Argue that each f (Y ) ∈ LIST(r) is a ‘root’ of Q. Specifically, it will be the case that Q(Y, f (Y )) = 0 for each f ∈ LIST(r, ε). The reason is that Q(Y, f (Y )) is a univariate polynomial of degree at most dY + d · dZ , and has at least εq zeroes (one for each place that f and r agree). Thus, we can conclude Q(Y, f (Y )) = 0 provided εq > dY + d · dZ. Then we can enumerate all of the elements of LIST(r) by factoring Q(Y, Z) and taking all the factors of the form Z − f (Y ).

For this algorithm to work, the two conditions we need to satisfy are

(dY + 1)(dZ + 1) > q,

and εq > dY + d · dZ.

These conditions can be satisfied by setting dY = bεq/ 2 c, dZ = bεq/(2d)c, and ε = 2

d/q.

Note that the rate of Reed-Solomon codes is ρ = (d + 1)/q = Θ(ε^2 ). The alphabet size is q = Ω(˜ n/ρ) = Ω(˜ n/ε^2 ). In contrast, an optimal code would have ρ ≈ ε and q = O(1/ε).

3 Parvaresh–Vardy Codes

Our aim is to improve the rate-distance tradeoff to ρ = Θ(˜ ε). Intuitively, the power of the Reed– Solomon list-decoding algorithm comes from the fact that we can interpolate the q points (y, r(y)) of the received word using a bivariate polynomial Q to be of degree roughly

q in each variable (think of d = O(1) for now). If we could use m variables instead of 2, then the degrees would only have to be around q^1 /m.

First attempt: Replace Step 1 with finding an (m + 1)-variate polynomial Q(Y, Z 1 ,... , Zm) of degree dY in Y and dZ in each Zi such that Q(y, r(y), r(y),... , r(y)) = 0 for every y ∈ Fq.

Step 1: Find a low-degree Q ‘explaining’ r. We find a polynomial Q(Y, Z 0 ,... , Zm− 1 ) of degree at most dY in its first variable Y and at most h − 1 in each of the remaining variables, and will satisfy Q(y, r(y)) = 0 for all y ∈ Fq.

This is possible provided dY · hm^ > q.

Moreover, we may assume that Q is not divisible by E(Y ). If it is, we can divide out all the factors of E(Y ), which will not affect the conditions Q(y, r(y)) = 0 since E has no roots (being irreducible).

Step 2: Argue that each f (Y ) ∈ LIST(r) is a ‘root’ of a related univariate polynomial Q∗. First, we argue as before that if f ∈ LIST(r, ε), we have

Q(Y, f 0 (Y ),... , fm− 1 (Y )) = 0.

This will be ensured provided εq > dY + (h − 1) · d · m.

Once we have this, we can reduce both sides modulo E(Y ) and deduce

0 = Q(Y, f 0 (Y ), f 2 (Y ),... , fm− 1 (Y )) mod E(Y ) = Q(Y, f (Y ), f (Y )^2 ,... , f (Y )m−^1 ) mod E(Y )

Thus, if we define the univariate polynomial

Q∗(Z) = Q(Y, Z, Zh,... , Zh m− 1 ) mod E(Y ),

then f (Y ) is a root of Q∗^ over the field Fq[Y ]/E(Y ).

Observe that Q∗^ is nonzero because Q is not divisible by E(Y ) and has degree at most h − 1 in each Zi. Thus, we can find all elements of LIST(r) by factoring Q∗(Z).

For this algorithm to work, the two conditions we need to satisfy are

dY · hm^ > q.

and εq > dY + (h − 1) · d · m.

We can satisfy the second condition by setting dY = εq − dhm, in which case the first condition is satisfied provided

ε >

hm^

dhm q

The theorem can be obtained by taking h = 2 and m = O(log(1/ε)), and noting that the rate is ρ = d/(mq).

4 Folded Reed–Solomon Codes

We now sketch the ideas that were used by Guruswami and Rudra last year to achieve list-decoding capacity.

They use the Parvaresh–Vardy construction with E(Y ) = Y q−^1 − γ, where γ is generator of F∗ q. (That is, {γ, γ^2 ,... , γq−^1 } = Fq \ { 0 }.) Then it turns out that f q(Y ) = f (γY ) mod E(Y ). So they use fi(Y ) = f qi (Y ) mod E(Y ), and for each nonzero element y of Fq, the y’th symbol of the PV encoding of f (Y ) becomes

[f (y), f (γy),... , f (γm−^1 y)] = [f (γj^ , f (γj+1),... , f (γj+m−^1 )],

where we write y = γj^.

Thus, the symbols of the encoding have a lot of overlap. For example, the γj^ ’th symbol and the γj+1’th symbol share all but one component. Intuitively, this means that we should only have to send roughly a 1/m fraction of the symbols of the codeword, saving us a factor of m in the rate. (The other symbols can be automatically filled in by the receiver.) Thus, the rate becomes ρ ≈ d/q, just like in Reed–Solomon codes.

However, there is still an extra factor m in the second term of

ε >

hm^

dhm q

prohibit us to achieve ρ = Θ(ε). To deal with this, we don’t just require that Q(y, r(y)) = 0 for each y, but instead require that Q has a root of multiplicity s at each point (y, r(y)). Formally, this means that the polynomial Q(Y + y, Z 0 + r(y) 0 ,... , Zm− 1 + r(y)m− 1 ) has no monomials of degree smaller than s.

Then the second inequality becomes

εqs > dY + (h − 1) · d · m.

However, we pay a price in the other condition, because asking for a root of multiplicity s amounts to

(m+s s− 1

constraints on the coefficients of Q (one for each monomial of degree smaller than s). So the other constraint becomes

dY · hm^ > q ·

m + s s − 1

If we take large s = m, these two constraints can be satisfied provided

ε >

m · (h/4)m^

dhm qs

d q

≈ ρ,

as desired.