



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
<p>Prof. Salil Vadhan, Computer Science, Pseudorandomness, List-Decoding Algorithms, Reed-Solomon Codes, Parvaresh Vardy Codes, Folded Reed Solomon Codes, Harvard, Lecture Notes</p>
Typology: Study notes
1 / 5
This page cannot be seen from the preview
Don't miss anything!




CS225: Pseudorandomness Prof. Salil Vadhan
April 5, 2007
Based on scribe notes by xxxx.
Let C be a code with encoding function Enc : { 1 ,... , N } → Σˆn. Given any received word r ∈ Σnˆ, we would like to find all elements of LIST(r, ε) = {m : agr(m, r) ≥ ε} in polynomial time, where agr(m, r) = Pry[my = ry]. (For convenience, we have switched to measuring the agreement ε instead of the list-decoding distance δ = 1 − ε as discussed last time.)
Theorem 1 (Sudan) There is a polynomial-time algorithm for decoding the Reed-Solomon code of degree d over Fq up to distance δ = 1 − 2
d/q.
In fact the constant of 2 can be improved to 1, matching the combinatorial list-decoding radius for Reed–Solomon codes given by an optimized form of the Johnson Bound, but we will not do this optimization here.
Proof: We are given a received word r : Fq → Fq, and want to find all elements of LIST(r, ε) for ε = 2
d/q.
Step 1: Find a low-degree Q ‘explaining’ r. Specifically, Q(Y, Z) will be a nonzero bivariate polynomial of degree at most dY in its first variable Y and dZ in its second variable, and will satisfy Q(y, r(y)) = 0 for all y ∈ Fq. Each such y imposes a linear constraint on the (dY + 1)(dZ + 1) coefficients of Q. Thus, this system has a nonzero solution provided (dY + 1)(dZ + 1) > q, and it can be found in polynomial time by linear algebra (over Fq).
Step 2: Argue that each f (Y ) ∈ LIST(r) is a ‘root’ of Q. Specifically, it will be the case that Q(Y, f (Y )) = 0 for each f ∈ LIST(r, ε). The reason is that Q(Y, f (Y )) is a univariate polynomial of degree at most dY + d · dZ , and has at least εq zeroes (one for each place that f and r agree). Thus, we can conclude Q(Y, f (Y )) = 0 provided εq > dY + d · dZ. Then we can enumerate all of the elements of LIST(r) by factoring Q(Y, Z) and taking all the factors of the form Z − f (Y ).
For this algorithm to work, the two conditions we need to satisfy are
(dY + 1)(dZ + 1) > q,
and εq > dY + d · dZ.
These conditions can be satisfied by setting dY = bεq/ 2 c, dZ = bεq/(2d)c, and ε = 2
d/q.
Note that the rate of Reed-Solomon codes is ρ = (d + 1)/q = Θ(ε^2 ). The alphabet size is q = Ω(˜ n/ρ) = Ω(˜ n/ε^2 ). In contrast, an optimal code would have ρ ≈ ε and q = O(1/ε).
Our aim is to improve the rate-distance tradeoff to ρ = Θ(˜ ε). Intuitively, the power of the Reed– Solomon list-decoding algorithm comes from the fact that we can interpolate the q points (y, r(y)) of the received word using a bivariate polynomial Q to be of degree roughly
q in each variable (think of d = O(1) for now). If we could use m variables instead of 2, then the degrees would only have to be around q^1 /m.
First attempt: Replace Step 1 with finding an (m + 1)-variate polynomial Q(Y, Z 1 ,... , Zm) of degree dY in Y and dZ in each Zi such that Q(y, r(y), r(y),... , r(y)) = 0 for every y ∈ Fq.
Step 1: Find a low-degree Q ‘explaining’ r. We find a polynomial Q(Y, Z 0 ,... , Zm− 1 ) of degree at most dY in its first variable Y and at most h − 1 in each of the remaining variables, and will satisfy Q(y, r(y)) = 0 for all y ∈ Fq.
This is possible provided dY · hm^ > q.
Moreover, we may assume that Q is not divisible by E(Y ). If it is, we can divide out all the factors of E(Y ), which will not affect the conditions Q(y, r(y)) = 0 since E has no roots (being irreducible).
Step 2: Argue that each f (Y ) ∈ LIST(r) is a ‘root’ of a related univariate polynomial Q∗. First, we argue as before that if f ∈ LIST(r, ε), we have
Q(Y, f 0 (Y ),... , fm− 1 (Y )) = 0.
This will be ensured provided εq > dY + (h − 1) · d · m.
Once we have this, we can reduce both sides modulo E(Y ) and deduce
0 = Q(Y, f 0 (Y ), f 2 (Y ),... , fm− 1 (Y )) mod E(Y ) = Q(Y, f (Y ), f (Y )^2 ,... , f (Y )m−^1 ) mod E(Y )
Thus, if we define the univariate polynomial
Q∗(Z) = Q(Y, Z, Zh,... , Zh m− 1 ) mod E(Y ),
then f (Y ) is a root of Q∗^ over the field Fq[Y ]/E(Y ).
Observe that Q∗^ is nonzero because Q is not divisible by E(Y ) and has degree at most h − 1 in each Zi. Thus, we can find all elements of LIST(r) by factoring Q∗(Z).
For this algorithm to work, the two conditions we need to satisfy are
dY · hm^ > q.
and εq > dY + (h − 1) · d · m.
We can satisfy the second condition by setting dY = εq − dhm, in which case the first condition is satisfied provided
ε >
hm^
dhm q
The theorem can be obtained by taking h = 2 and m = O(log(1/ε)), and noting that the rate is ρ = d/(mq).
We now sketch the ideas that were used by Guruswami and Rudra last year to achieve list-decoding capacity.
They use the Parvaresh–Vardy construction with E(Y ) = Y q−^1 − γ, where γ is generator of F∗ q. (That is, {γ, γ^2 ,... , γq−^1 } = Fq \ { 0 }.) Then it turns out that f q(Y ) = f (γY ) mod E(Y ). So they use fi(Y ) = f qi (Y ) mod E(Y ), and for each nonzero element y of Fq, the y’th symbol of the PV encoding of f (Y ) becomes
[f (y), f (γy),... , f (γm−^1 y)] = [f (γj^ , f (γj+1),... , f (γj+m−^1 )],
where we write y = γj^.
Thus, the symbols of the encoding have a lot of overlap. For example, the γj^ ’th symbol and the γj+1’th symbol share all but one component. Intuitively, this means that we should only have to send roughly a 1/m fraction of the symbols of the codeword, saving us a factor of m in the rate. (The other symbols can be automatically filled in by the receiver.) Thus, the rate becomes ρ ≈ d/q, just like in Reed–Solomon codes.
However, there is still an extra factor m in the second term of
ε >
hm^
dhm q
prohibit us to achieve ρ = Θ(ε). To deal with this, we don’t just require that Q(y, r(y)) = 0 for each y, but instead require that Q has a root of multiplicity s at each point (y, r(y)). Formally, this means that the polynomial Q(Y + y, Z 0 + r(y) 0 ,... , Zm− 1 + r(y)m− 1 ) has no monomials of degree smaller than s.
Then the second inequality becomes
εqs > dY + (h − 1) · d · m.
However, we pay a price in the other condition, because asking for a root of multiplicity s amounts to
(m+s s− 1
constraints on the coefficients of Q (one for each monomial of degree smaller than s). So the other constraint becomes
dY · hm^ > q ·
m + s s − 1
If we take large s = m, these two constraints can be satisfied provided
ε >
m · (h/4)m^
dhm qs
d q
≈ ρ,
as desired.