1 / 45

Locally Decodable Codes

Locally Decodable Codes. Uri Nadav. Contents. What is Locally Decodable Code (LDC) ? Constructions Lower Bounds Reduction from Private Information Retrieval (PIR) to LDC. /2. codeword. Minimum Distance. For every x ≠ y that satisfy d(C( x ),C( y )) ≥ δ

chen
Download Presentation

Locally Decodable Codes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Locally Decodable Codes Uri Nadav

  2. Contents • What is Locally Decodable Code (LDC) ? • Constructions • Lower Bounds • Reduction from Private Information Retrieval (PIR) to LDC

  3. /2 codeword Minimum Distance For every x≠y that satisfy d(C(x),C(y)) ≥δ • Error correction problem is solvable for less than δ/2 errors • Error Detection problem is solvable for less than δ errors

  4. Error-correction Codeword Encoding x C(x) Input Worst case error assumption Errors Corrupted codeword y Decoding i x[i] Bit to decode Decoded bit

  5. Query Complexity • Number of indices decoder is allowed to read from (corrupted) codeword • Decoding can be done with query complexity Ω(|C(x)|) • We are interested in constant query complexity

  6. Adversarial Model We can view the errors model as an adversary that chooses positions to destroy, and has access to the decoding/encoding scheme (but not to random coins) The adversary is allowed to insert at most m errors

  7. Why not decode in blocks? Adversary is worst case so it can destroy more than δ fraction of some blocks, and less from others. Nice errors: Worst Case: Many errors in the same block

  8. Ideal Code C:{0,1}nm • Constant information rate: n/m > c • Resilient against constant fraction of errors (linear minimum distance) • Efficient Decoding (constant query complexity) No Such Code!

  9. Definition of LDC C:{0,1}nm is a (q,,) locally decodable code if there exists a prob. algorithm A such that: x  {0,1}n, y m with distance d(y,C(x))<m and i  {1,..,n}, Pr[ A(y,i)=xi ] > ½ +  The Probability is over the coin tosses of A Areads at most q indices of y (of its choice) A has oracle access to y Queries are not allowed to be adaptive A must be probabilistic if q< m

  10. Example: Hadamard Code • Hadamard is (2,δ, ½ -2δ) LDC • Construction: Relative minimum distance ½ Encoding x1 x2 xn <x,1> <x,2> <x,2n-1> codeword source word

  11. xi ei=(0,…0,1,0,…,0) the i’th entry Example: Hadamard Code Pick aR{0,1}n Reconstruction 2 queries reconstruction formula <x,a> <x,a+ei> = + Decoding x1 x2 xn <x,1> <x,2> <x,2n-1> source word codeword If less than δfraction of errors, then reconstruction probability is at least 1-2δ

  12. Reconstruction of bit xi,j: 1) A,B 2) A{i},B 3) A,B{j} 4) A{i},B{j} Another Construction… Probability of 1-4 for correct decoding

  13. Generalization… 2k queries m=2kn1/k

  14. Smoothly Decodable Code C:{0,1}nm is a (q,c,) smoothly decodable code if there exists a prob. algorithm A such that: 1 x  {0,1}nand i  {1,..,n},Pr[ A(C(x),i)=xi ] > ½ +  The Probability is over the coin tosses of A A has access to a non corrupted codeword 2 Areads at most q indices of C(x)(of its choice) Queries are not allowed to be adaptive 3 i  {1,..,n} andj {1,..,m}, Pr[ A(·,i) reads j] ≤ c/m The event is: A reads index j of C(x) to reconstruct index i

  15. LDC is also Smooth Code Claim: Every (q,δ,ε) LDC is a (q,q/δ,ε) smooth code. Intuition – If the code is resilient against linear number of errors, then no bit of the output can be queried too often (or else adversary will choose it)

  16. Proof: LDC is Smooth • A - a reconstruction algorithm for (q,δ,ε) LDC • Si= {j | Pr[A queryj] > q/δm} • There are at mostq queries, so sum of prob. over j is q , thus |Si| < δm Set of indices read ‘too’ often

  17. 0j Si [C(x)’]j = C(x)j otherwise Proof:LDC is Smooth • A’ – uses A as black box, returns whatever A returns as xi • A’ gives A oracle access to corrupted codeword C(x)’, return only indices not in S • A reconstructs xi with probability at least 1/2 + ε, because there are at most |Si| < δm errors A’ is a (q,q/δ, ε)Smooth decoding algorithm

  18. Proof: LDC is Smooth indices that A reads too often C(x) what A wants A what A gets C(x)’ 0 0 0 indices that A’ fixed arbitrarily

  19. Smooth Code is LDC • A bit can be reconstructed using q uniformly distributed queries, with ε advantage , when no errors • With probability (1-qδ) all the queries are to non-corrupted indices. Remember: Adversary does not know decoding procedure’s random coins

  20. Lower Bounds • Non existence for q = 1 [KT] • Non linear rate for q ≥ 2 [KT] • Exponential rate for linear code, q=2[Goldreich et al] • Exponential rate for every code, q=2 [Kerenidis,de Wolf] (using quantum arguments)

  21. Information Theory basics • Entropy H(x) = -∑Pr[x=i] log(Pr[x=i]) • Mutual Information I(x,y) = H(x)-H(x|y)

  22. Information Theory cont… • Entropy of multiple variable is less than the sum of entropies! (equal in case of all variables mutually independent: H(x1x2…xn) ≤ ∑ H(xi) • Highest entropy is of a uniformly distributed random variable.

  23. IT result from [KT]

  24. Proof Combined …

  25. Single query (q=1) Claim: If C:{0,1}nm, is (1,δ,ε) locally decodable then: No such family of codes!

  26. Good Index Index j is said to be ‘good’ for i, if Pr[A(C(x),i)=xi |A reads j] > ½ + ε

  27. Single query (q=1) There exist at least a single j1which is good for i. By definition of LDC Conditional prob. summing over disjoint events

  28. Perturbation Vector Def: Perturbation vector Δj1,j2,…takes random values uniformly distributed from ∑, in position j1,j2,… and 0 otherwise. Destroys specified indices in most unpredicted way

  29. Adding perturbation A resilient Against at least 1 error So, there exists at least one index, j2 ‘good’ for i. j2 ≠ j1 , becausej1can not be good!

  30. Single query (q=1) A resilientAgainst δm errors So, There are at least δm indices of The codeword ‘good’ for every i. By pigeonhole principle , there exists an index j’ in {1..m}, ‘good’ for δn indices.

  31. Single query (q=1) Think of C(x[1..δn]) projected on j’ as a function from the δn indices of the input. The range is ∑, and each bit of the input can be reconstructed w.p. ½ + ε. Thus by IT result:

  32. Case q≥2 m = Ω(n)q/(q-1) Constant time reconstruction procedures are impossible for codes having constant rate!

  33. Case q≥2 Proof Sketch • A LDC C is also smooth • A q smooth codeword has a small enough subset of indices, that still encodes linear amount of information • So, by IT result, m(q-1)/q= Ω(n)

  34. Applications? • Better locally decodable codes have applications to PIR • Applications to the practice of fault-tolerant data storage/transmission?

  35. What about Locally Encodable • A ‘Respectable Code’ is resilient against Ω(m) fraction of errors. • We expect a bit of the encoding to depend on many bits of the encoding Otherwise, there exists a bit which influence less than1/nfraction of the encoding.

  36. Open Issues • Adaptive vs Non-Adaptive Queries guess first q-1 answers with succeess probability ∑q-1 • Closing the gap

  37. Logarithmic number of queries • View message as polynomial p:Fk->F of degree d (F is a field, |F| >> d) • Encode message by evaluating p at all |F|k points • To encode n-bits message, can have |F| polynomial in n, and d,k around polylog(n)

  38. To reconstruct p(x) • Pick a random line in Fkpassing through x; • evaluate p on d+1 points of the line; • by interpolation, find degree-d univariate polynomial that agrees with p on the line • Use interpolated polynomial to estimate p(x) • Algorithm reads p in d+1 points, each uniformly distributed

  39. x+(d+1)y x+2y x+y x

  40. Private Information Retrieval (PIR) • Query a public database, without revealing the queried record. • Example: A broker needs to query NASDAQ database about a stock, but don’t won’t anyone to know he is interested.

  41. PIR A k server PIR scheme of one round, for database length n consists of:

  42. PIR – definition • These function should satisfy:

  43. Simple Construction of PIR • 2 servers, one round • Each server holds bits x1,…, xn. • To request bit i, choose uniformly A subset of [n] • Send first server A. • Send second server A+{i} (add i to A if it is not there, remove if is there) • Server returns Xor of bits in indices of request S in [n]. • Xor the answers.

  44. Lower Bounds On Communication Complexity • To achieve privacy in case of single server, we need n bits message. • (not too far from the one round 2 server scheme we suggested).

  45. Reduction from PIR to LDC • A codeword is a Concatenation of all possible answers from both servers • A query procedure is made of 2 queries to the database

More Related