List decoding and pseudorandom constructions: lossless expanders and extractors from Parvaresh-Vardy codes Venkatesan Guruswami Carnegie Mellon University.


Similar presentations
Randomness Conductors Expander Graphs Randomness Extractors Condensers Universal Hash Functions

The Weizmann Institute
Walk the Walk: On Pseudorandomness, Expansion, and Connectivity Omer Reingold Weizmann Institute Based on join works with Michael Capalbo, Kai-Min Chung,
Randomness Conductors (II) Expander Graphs Randomness Extractors Condensers Universal Hash Functions
Parikshit Gopalan Georgia Institute of Technology Atlanta, Georgia, USA.
Hardness of Reconstructing Multivariate Polynomials. Parikshit Gopalan U. Washington Parikshit Gopalan U. Washington Subhash Khot NYU/Gatech Rishi Saket.
Hardness Amplification within NP against Deterministic Algorithms Parikshit Gopalan U Washington & MSR-SVC Venkatesan Guruswami U Washington & IAS.
PRG for Low Degree Polynomials from AG-Codes Gil Cohen Joint work with Amnon Ta-Shma.
Invertible Zero-Error Dispersers and Defective Memory with Stuck-At Errors Ariel Gabizon Ronen Shaltiel.
An Introduction to Randomness Extractors Ronen Shaltiel University of Haifa Daddy, how do computers get random bits?
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
A Combinatorial Construction of Almost-Ramanujan Graphs Using the Zig-Zag product Avraham Ben-Aroya Avraham Ben-Aroya Amnon Ta-Shma Amnon Ta-Shma Tel-Aviv.
The Method of Multiplicities Madhu Sudan Microsoft New England/MIT TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A.
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Extracting Randomness From Few Independent Sources Boaz Barak, IAS Russell Impagliazzo, UCSD Avi Wigderson, IAS.
Extracting Randomness David Zuckerman University of Texas at Austin.
Multiplicity Codes Swastik Kopparty (Rutgers) (based on [K-Saraf-Yekhanin ’11], [K ‘12], [K ‘14])
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Simple extractors for all min- entropies and a new pseudo- random generator Ronen Shaltiel Chris Umans.
May 5, 2010 MSRI 1 The Method of Multiplicities Madhu Sudan Microsoft New England/MIT TexPoint fonts used in EMF. Read the TexPoint manual.
Locally Decodable Codes from Nice Subsets of Finite Fields and Prime Factors of Mersenne Numbers Kiran Kedlaya Sergey Yekhanin MIT Microsoft Research.
Expander Graphs, Randomness Extractors and List-Decodable Codes Salil Vadhan Harvard University Joint work with Venkat Guruswami (UW) & Chris Umans (Caltech)
Approximation, Chance and Networks Lecture Notes BISS 2005, Bertinoro March Alessandro Panconesi University La Sapienza of Rome.
May 24, 2005STOC 2005, Baltimore1 Limits to List Decoding Reed-Solomon Codes Venkatesan Guruswami Atri Rudra (University of Washington)
The Unified Theory of Pseudorandomness Salil Vadhan Harvard University See also monograph-in-progress Pseudorandomness
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.
The zigzag product, Expander graphs & Combinatorics vs. Algebra Avi Wigderson IAS & Hebrew University ’00 Reingold, Vadhan, W. ’01 Alon, Lubotzky, W. ’01.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
1/17 Optimal Long Test with One Free Bit Nikhil Bansal (IBM) Subhash Khot (NYU)
Randomness Extractors: Motivation, Applications and Constructions Ronen Shaltiel University of Haifa.
Department of Computer Science, University of Maryland, College Park, USA TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.:
Simple Extractors for All Min-Entropies and a New Pseudo-Random Generator Ronen Shaltiel (Hebrew U) & Chris Umans (MSR) 2001.
Constant Degree, Lossless Expanders Omer Reingold AT&T joint work with Michael Capalbo (IAS), Salil Vadhan (Harvard), and Avi Wigderson (Hebrew U., IAS)
Correcting Errors Beyond the Guruswami-Sudan Radius Farzad Parvaresh & Alexander Vardy Presented by Efrat Bank.
6/20/2015List Decoding Of RS Codes 1 Barak Pinhas ECC Seminar Tel-Aviv University.
EXPANDER GRAPHS Properties & Applications. Things to cover ! Definitions Properties Combinatorial, Spectral properties Constructions “Explicit” constructions.
Derandomizing LOGSPACE Based on a paper by Russell Impagliazo, Noam Nissan and Avi Wigderson Presented by Amir Rosenfeld.
1 On the Benefits of Adaptivity in Property Testing of Dense Graphs Joint work with Mira Gonen Dana Ron Tel-Aviv University.
1 Streaming Computation of Combinatorial Objects Ziv Bar-Yossef U.C. Berkeley Omer Reingold AT&T Labs – Research Ronen.
CS151 Complexity Theory Lecture 10 April 29, 2004.
CS151 Complexity Theory Lecture 9 April 27, 2004.
Simulating independence: new constructions of Condensers, Ramsey Graphs, Dispersers and Extractors Boaz Barak Guy Kindler Ronen Shaltiel Benny Sudakov.
Correlation testing for affine invariant properties on Shachar Lovett Institute for Advanced Study Joint with Hamed Hatami (McGill)
New extractors and condensers from Parvaresh- Vardy codes Amnon Ta-Shma Tel-Aviv University Joint work with Chris Umans (CalTech)
Why Extractors? … Extractors, and the closely related “Dispersers”, exhibit some of the most “random-like” properties of explicitly constructed combinatorial.
RANDOMNESS AND PSEUDORANDOMNESS Omer Reingold, Microsoft Research and Weizmann.
Key Derivation from Noisy Sources with More Errors Than Entropy Benjamin Fuller Joint work with Ran Canetti, Omer Paneth, and Leonid Reyzin May 5, 2014.
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness Seeded.
15-853:Algorithms in the Real World
Amplification and Derandomization Without Slowdown Dana Moshkovitz MIT Joint work with Ofer Grossman (MIT)
Extractors: applications and constructions Avi Wigderson IAS, Princeton Randomness.
Randomness Extraction Beyond the Classical World Kai-Min Chung Academia Sinica, Taiwan 1 Based on joint works with Xin Li, Yaoyun Shi, and Xiaodi Wu.
The zigzag product, Expander graphs & Combinatorics vs. Algebra Avi Wigderson IAS, Princeton ’00 Reingold, Vadhan, W. ’01 Alon, Lubotzky, W. ’01 Capalbo,
Error-Correcting Codes and Pseudorandom Projections Luca Trevisan U.C. Berkeley.
Presented by Alon Levin
RANDOMNESS AND PSEUDORANDOMNESS Omer Reingold, Microsoft Research and Weizmann.
Complexity Theory and Explicit Constructions of Ramsey Graphs Rahul Santhanam University of Edinburgh.
Theory of Computational Complexity Probability and Computing Chapter Hikaru Inada Iwama and Ito lab M1.
Coding, Complexity and Sparsity workshop
Algebraic Codes and Invariance
Complexity of Expander-Based Reasoning and the Power of Monotone Proofs Sam Buss (UCSD), Valentine Kabanets (SFU), Antonina Kolokolova.
Locally Decodable Codes from Lifting
The Curve Merger (Dvir & Widgerson, 2008)
Extractors: Optimal Up to Constant Factors
On the effect of randomness on planted 3-coloring models
The Zig-Zag Product and Expansion Close to the Degree
The Weizmann Institute
CS151 Complexity Theory Lecture 10 May 2, 2019.
Soft decoding, dual BCH codes, & better -biased list decodable codes
Zeev Dvir (Princeton) Shachar Lovett (IAS)
Presentation transcript:

List decoding and pseudorandom constructions: lossless expanders and extractors from Parvaresh-Vardy codes Venkatesan Guruswami Carnegie Mellon University --- CMI Pseudorandomness Workshop, Aug 23,

[GW94,WZ95, TUZ01,RVW00, CRVW02] Connections in Pseudorandomness Randomness Extractors Expander Graphs Error-Correcting Codes Pseudorandom Generators [STV99,SU01,Uma02] [Tre99,TZ01, TZS01,SU01] Algebraic list decoding [SS96,Spi96, GI02,GI03, GR06,GUV07] [Tre99,RRV99, ISW99,SU01,Uma02] Euclidean Sections, Compressed sensing [GLR08,GLW08] Expander codes

[GW94,WZ95, TUZ01,RVW00, CRVW02] Connections in Pseudorandomness Randomness Extractors Expander Graphs List-Decodable Error-Correcting Codes Pseudorandom Generators [STV99,SU01,U02] [Tre99,TZ01, TZS01,SU01] This talk [PV05,GR06] [GI02,GI03] [Tre99,RRV99, ISW99,SU01,U02] This talk

List Decodable codes Code C   D with N codewords, alphabet size |  | = Q (e,L)-list-decodable: Every Hamming ball of radius e has at most L codewords of C –Combinatorial packing condition –Balls of radius e around codewords cover each point  L times. –List error correction of e errors with worst-case list size L

List Decoding Centric View of Pseudorandom Objects

List decoding, in different notation Encoding function E : [N]  [Q] D View as map (bipartite graph)  : [N] x [D]  [D] x [Q] –  (x, y) = (y, E(x) y ) List decoding property: For all r  [Q] D, if T = { (y, r y ) : y  [D] } then |LIST(T)|  L where we define LIST(T) = { x :  (x, y)  T for at least D - e values of y } N D D x Q x

Bipartite expanders For all K’ ≤ K, and T  [M] with |T| < AK’, LIST(T) < K’ where LIST(T) = { x  [N] : for all y  [D],  (x, y)  T } |  (S)|  A ¢ |S| ( vertex expansion A = expansion factor ) M  S, |S|  K “ (K,A) expander” D N  : [N] x [D]  [M]

Extractors  : [N] x [D]  [M] is a (k,  )-extractor if for all T  [M], |LIST(T)| < 2 k where LIST(T) = { x  [N] : Pr y [  (x,y)  T ] ≥ |T|/M +  } d random bits “seed” E XT unknown source of length n with k bits of “min-entropy” m almost-uniform bits M = 2 m Would like m  k N = 2 n D = 2 d

Condensers (weaker object en route extractors) Output not close to uniform but is close to source with good min-entropy –Ideally k’  k (don’t lose entropy), m  k (good entropy “rate”) Can also be captured by list decoding type definition –LIST(T) small for all small subsets T  [M], where LIST(T) = { x : Pr y [  (x,y)  T ] ≥  } d random bits seed C OND k - source of length n ~ k’-source of length m

The common framework Definitions of various useful objects  : [N] x [D]  [M] captured as: “For all subsets T  [M] that obey certain property, a suitably defined list decoding of T, LIST(T), has small size” –List decodable codes: T arising out of received words –Expanders, condensers: T of small size Also case for “list recoverable codes” –Extractors: arbitrary T The framework gives not just unified abstractions, but also a proof method that leads to the best constructions and analysis.

Parameters of interest Map  : [N] x [D]  [M] What we care about varies for different objects Extractors: small seed length D (= poly(log N)); large output length M Codes: want small alphabet size M, small D (= O(log N)) –Small |LIST(T)|, plus efficient algorithm to recover LIST(T) Tight analysis of size of LIST(T) : –exact value not too crucial for codes; –for lossless expanders it is crucial (factor 2 worse bound implies factor 2 worse expansion)

The abstraction in action Unbalanced expanders Expander Construction from Parvaresh-Vardy codes View as condensers and application to extractors Conclusions

Unbalanced Expander Graphs Goals: Minimize D Maximize A ( lossless expansion: A close to D ) Minimize M (not much larger than O(KD)) |  (S)|  A ¢ |S| ( vertex expansion) M  S, |S|  K “ (K,A) expander” N D

Expanders have many uses … Fault-tolerant networks (e.g., [Pin73,Chu78,GG81]) Sorting in parallel [AKS83] Derandomization [AKS87,IZ89,INW94,IW97,Rei05,…] PCP theorem [Din06] Randomness Extractors [CW89,GW94,TUZ01,RVW00,GUV07] Error-correcting codes [SS96,Spi96,LMSS01,GI01-04] Distributed routing in networks [ PU89,ALM96,BFU99 ]. Data structures [ BMRV00 ]. Hard tautologies in proof complexity [BW99,ABRW00,AR01 ]. Pseudorandom matrices, Almost Euclidean sections of L 1 N [GLR’08,GLW’08] …. Need explicit constructions (deterministic, time poly(log N)).

(Bipartite) Expander Graphs Goals: Minimize D Maximize A Minimize M |  (S)|  A ¢ |S| M  S, |S|  K Optimal (Non-constructive): D = O(log (N/M) /  ) A = (1-  ) ¢ D M = O(KD/  “ (K,A) expander” N D

Explicit Constructions Optimal O(log (N/M)) (1-  ) ¢ D O(KD  Ramanujan graphs O(1) ¼ D/2N Zig-zag  CRVW02] O(1) (1-  ) ¢ D  N Ta-Shma, Umans, Zuckerman[TUZ01] polylog(N) exp(poly(log log N)) (1-  ) ¢ D exp(poly(log KD) poly(KD) G., Umans, Vadhan polylog(N) (1-  ) ¢ Dpoly(KD) degree D expansion A |right-side| M  arbitrary positive constant.

Utility of Expansion Utility of Expansion (1-  ) ¢ D At least (1-2  ) D |S| elements of  (S) are unique neighbors: touch exactly one edge from S |  (S)|  (1-  ) D |S| D N M  S, |S|  K x Set membership in bit-probe model [BMRV’00] Fault tolerance: Even if an adversary removes say ¾ edges from each vertex, lossless expansion maintained (with  =4  ) Useful in Expander codes [SS’96]

The Result Theorem [GUV]:  N, K,  >0, 9 explicit (K,A) expander with degree D = poly(log N, 1/  ) expansion A = (1-  ) ¢ D #right vertices M = D 2 ¢ K 1.01 |  (S)|  A ¢ |S| M  S, |S|  K “ (K,A) expander” N D

Parvaresh-Vardy codes Variant of Reed-Solomon codes Parameters of construction: n, F q, m, h, an irreducible polynomial E(Y) of degree n over F q Encoding: Given message f  F q n or polynomial f(Y)  F q [Y] of degree (n-1), –PV(f) y = (f 0 (y), f 1 (y), …, f m-1 (y)) for y  F q where f i (Y) = (f(Y)) h^i mod E(Y) Define  (f, y) = (y, PV(f) y ) –Consider bipartite expander with neighborhood given by 

Expander theorem Left vertices = polynomials of degree · n-1 over F q (N = q n ) Degree D = q Right vertices = F q m+1 (M = q m+1 )  ( f,y ) = y ’th neighbor of f = (y, f(y), (f h mod E)(y), (f h 2 mod E)(y), …, (f h m-1 mod E)(y)) where E(Y) = irreducible * poly of degree n over F q h = a parameter Thm [GUV’07] : This is a (K,A) expander for K = h m, A = q-hnm. * can be found deterministically in poly(n, log q, char( F q )) time

Close relation to list decoding Proof of expansion based on list decoding of Parvaresh- Vardy codes –Need a tight analysis of list size –For “list recovery” version S1S1 S2S2 SqSq y 1 y 2 y q  K Possible values for each position

Recall list decoding view For T µ [M], define LIST(T) = {x 2 [N] :  (x) µ T} Lemma: G is a (=K,A) expander if and only if for all T µ [M] of size AK-1, we have |LIST(T)| · K-1 |  (S)|  A ¢ K “ (=K,A) expander” M  S, |S|=K N D

Expansion analysis  ( f,y ) = (y, f(y), (f h mod E)(y), …, (f h m-1 mod E)(y)) f = poly of degree · n-1, y  F q, E = irreducible of degree n Theorem: For A = q - nmh and any K · h m, we have T µ F q m+1 of size AK-1 ) |LIST(T)| · K-1 Proof outline, following [S97,GS99,PV05]: 1.Find a nonzero low-degree multivariate polynomial Q vanishing on T. 2.Show that every f 2 LIST(T) is a root of a related univariate polynomial Q*. 3.Show that Q * is nonzero and deg(Q * ) · K-1 =

Proof of Expansion: Step 1 Thm: For A=q-nmh, K= h m, |T| · AK-1 ) |LIST(T)| · K-1. Step 1: Find a low-degree poly Q vanishing on T µ F q m+1 Take Q(Y,Z 1,…,Z m ) to be of degree · A-1 in Y, degree · h-1 in each Z i. # coefficients = A K > |T| = # homogeneous constraints, so a nonzero solution exists Wlog E(Y) doesn’t divide Q(Y,Z 1,…,Z m ).

Proof of Expansion: Step 2  ( f,y ) = (y, f(y), (f h mod E)(y), …, (f h m-1 mod E)(y)) Step 1: 9 Q(Y,Z 1,…,Z m ) vanishing on T, deg · A-1 in Y, h-1 in Z i, E - Q Step 2: Every f 2 LIST(T) is a “root” of a related Q * Polynomial f 2 LIST(T) ) 8 y 2 F q Q(y, f(y), (f h mod E)(y), …, (f h m-1 mod E)(y)) = 0 ) Q(Y, f(Y), (f h mod E)(Y), …, (f h m-1 mod E)(Y))  0 ) Q(Y, f(Y), f(Y) h, …, f(Y) h m-1 )  0 (mod E(Y)) ) Q * (f) = 0 in extension field U= F q [Y]/(E(Y)), where Q*  U[Z] is given by Q * (Z) = Q(Y,Z,Z h,…,Z h m-1 ) mod E(Y) Degree ≤ A-1+nmh < q ≤ # roots

Proof of Expansion: Step 3 Step 2: 8 f 2 LIST(T) Q * (f) = 0 where Q * (Z) = Q(Y,Z,Z h,…,Z h m-1 ) mod E(Y) Step 3: Show that Q * is nonzero and deg(Q * ) · K-1 Q * (Z) nonzero because –Q(Y,Z 1,….,Z m ) mod E(Y) is nonzero –Q is of deg · h-1 in Z i so distinct monomals get mapped to distinct powers of Z when we set Z i = Z h i deg(Q * ) · h-1+(h-1) ¢ h+  +(h-1) ¢ h m-1 = h m -1 = K-1

Proof of Expansion: Wrap-Up  ( f,y ) = (y, f(y), (f h mod E)(y), …, (f h m-1 mod E)(y)) LIST(T) = { x 2 [N] :  (x) µ T } Theorem: For A = q - nmh, K= h m, |T| · AK-1 ) |LIST(T)| · K-1. There is a nonzero polynomial Q * over U= F q [Y]/(E(Y)) with deg(Q * ) · K - 1 such that every f  LIST(T) satisfies Q * (f) = 0. Hence |LIST(T)| · deg(Q * ) · K - 1. ¥

Parameter Choices LHS = F q n, degree D = q, RHS = F q m+1 We have a (K,A) expander with K = h m, A = q - nmh To make A  (1-  ) ¢ D, pick q  nmh/ . To make M ¼ KD, need q m+1 ¼ q h m, so take q ¼ h 1+  Set h ¼ ( nm /  ) 1/   q ¼ h 1+ . Then: A = q - nmh  (1-  q = (1-  ) ¢ D M = q m+1 ¼ q ¢ h ( 1+  m ¼ D ¢ K 1+  D = ( nm /  ) 1+1/  ¼ ((log N)(log K)/  ) 1+1/ 

Our Expander Result Thm: For every N, K,  >0, 9 explicit (K,A) expander with degree D = O((log N) ¢ (log K)/  ) 1+1/  expansion A = (1-  ) ¢ D #right vertices M = (D ¢ K) 1+  |  (S)|  A ¢ |S| M  S, |S|  K “ (K,A) expander” N D

Outline Unbalanced expanders Expander Construction from Parvaresh-Vardy codes View as condensers and application to Extractors Conclusions

Extractors [NZ’93] Goal: Output  -close to uniform on {0,1} m (for large m and small d) Optimal (nonconstructive): d = log n + 2 log(1/  ) + O(1) m = (k+d) - 2 log(1/  ) - O(1) d random bits “seed” E XT Uniform sample from unknown subset X  {0,1} n of size 2 k m almost-uniform bits

Extractors: Original Motivation Randomization is pervasive in CS –Algorithm design, cryptography, distributed computing, … Typically assume perfect random source. –Unbiased, independent random bits –Unrealistic? Can we use a “weak” random source? –Source of biased & correlated bits. –More realistic model of physical sources. (Randomness) Extractors: convert a weak random source into an almost-perfect random source. Dozens of constructions over 15+ years

Extractors: many “extraneous” uses… Derandomization of (poly-time/log-space) algorithms [Sip88,NZ93,INW94, GZ97,RR99, MV99,STV99,GW02] Distributed & Network Algorithms [WZ95,Zuc97,RZ98,Ind02]. Hardness of Approximation [Zuc93,Uma99,MU01,Zuc06] Data Structures [Ta02] Cryptography [BBR85,HILL89,CDHKS00,Lu02,DRS04,NV04] List decodable codes [TZ01,Gur04] Metric Embeddings [Ind06] Compressed sensing [Ind07]

[GUV] Result on Extractors Thm: For every n, k,  >0, 9 explicit (k,  ) extractor with seed length d=O(log n + log (1/  )) and output length m=.99k. Previously achieved by [LRVW03] –Only worked for  ¸ 1/n o(1) –Complicated recursive construction Optimal up to constant factors

2k2k Expanders & Lossless Condensers Lemma [TUZ01]:  : {0,1} n £ {0,1} d ! {0,1} m is a lossless ((n, k) !  (m,k +d )) condenser if graph is a (2 k,(1-  ) ¢ 2 d ) expander. Proof: Expansion ) can make 1-1 by moving  fraction of edges {0,1} n {0,1} m 2d2d ¸ (1-  )  2 d ¢ 2 k n - bit source with entropy k m ¼ 1.01k bit source with entropy ( k+d) d -bit seed C OND x (x,y)(x,y) y

Extractor Using PV code, we have compressed the n bit source to 1.01k bits while retaining all the entropy (using O(log n) bit seed) –Cond ( f,y ) = (y, f(y), (f h mod E)(y), …, (f h m-1 mod E)(y)) Now extract 0.99k bits from the 1.01k bit source with entropy k –Easier, specialized task (due to high entropy percentage) –Good constructions already known For constant error , can use a simple random walk based extractor –Compose with our condenser to get final extractor

Extractor for high min-entropy Extractor for min-entropy rate 99% that extracts 99% of the input min-entropy with constant error : Ext(x,y) = y’th vertex on expander walk specified by x ( n bit source: specify walk of length  n/c) 2 c -degree expander on 2 (1-  )n nodes Extraction follows from Chernoff bound for expander walks [Gil98]

Variation on the Condenser Cond ( f,y ) = (y, f(y), (f h mod E)(y), …, (f h m-1 mod E)(y)) Use E(Y) = Y q-1 - , for generator  of F q * [G.-Rudra’06] ) (f q i mod E)(y) = f (  i y) Cond(f,y) = (y, f(y), f (γy), f(γ 2 y)…, f(γ m-1 y)) Condenser from Folded Reed-Solomon code [ GR06 ] –Loses small constant fraction of min-entropy Okay for the extractor application –Univariate analogue of Shaltiel-Umans extractor f(Y) q = f(Y q )  f(  Y) mod E(Y)

Conclusions List decoding view + an algebraic code construction ) best known constructions of –Highly unbalanced expanders –Lossless condensers –Randomness extractors Future directions? –Constant degree lossless expanders (alternative to zig-zag) Non-bipartite expanders? –Direct construction of a simple, algebraic extractor –Extractors with better (or even optimal) entropy loss? Suffices to achieve this for entropy rate –Other pseudorandom objects: multi-source extractors?