1

2 Overview Some basic math Error correcting codes Low degree polynomials Introduction to consistent readers and consistency tests H.W

3 Fields Definition (field): A set F with two binary operations + (addition) and · (multiplication) is called a field if 6  a,b  F, a·b  F 7  a,b,c  F, (a·b)·c=a·(b·c) 8  a,b  F, a·b=b·a 9  1  F,  a  F, a·1=a 10  a  0  F,  a -1  F, a·a -1 =1 1  a,b  F, a+b  F 2  a,b,c  F, (a+b)+c=a+(b+c) 3  a,b  F, a+b=b+a 4  0  F,  a  F, a+0=a 5  a  F,  -a  F, a+(-a)=0 11  a,b,c  F, a·(b+c)=a·b+a·c +,·,0, 1, -a and a -1 are only notations!

4 Finite Fields Definition (finite field): A finite set F with two binary operations + (addition) and · (multiplication) is called a finite field if it is a field. Example: Z p denotes {0,1,...,p-1}. We define + and · as the addition and multiplication modulo p respectively. One can prove that (Z p,+,·) is a field iff p is prime. Throughout the presentations we’ll usually refer to Z p when we’ll mention finite fields.

5 Strings & Functions (1) Let  =  0  2...  n-1, where  i . We can describe the string  as a function  : {0…n-1}  , such that  i  (i) =  i. Let f be a function f : D  R. Then f can be described as a string in R |D|, spelling f’s value on each point of D.

6 Strings & Functions - Example For example, let f be a function f : Z 5  Z 5, and let  = Z 5. f(x) = x 2   = 0, 1, 4, 4, 1

Introduction to Error Correcting Codes Motivation: communication line original message received message “noise” We’d like to still be able to reconstruct the original message

8 Error Correcting Codes Definition (encoding): An encoding E is a function E :  n   m, where m >> n. Definition (  -code): An encoding E is an  -code if  n  (E(  ),E(  ))  1 - , where  (x,y) (the Hamming distance), denotes the fraction of entries on which x and y differ. Note that  :  m  m  R + is indeed a distance function, because it satisfies: (1)  x,y  m  (x,y)  0 and  (x,y)=0 iff x=y (2)  x,y  m  (x,y)=  (y,x) (3)  x,y,z  m  (x,z)  (x,y)+  (y,z)

9  -code: illustration  E  1-  D R

10 Univariate Polynomials Definition (univariate polynomial): a polynomial in x over a field F is a function P:F  F, which can be written as for some series of coefficients a 0,...,a r-1  F. The natural number r is called the degree-bound of the polynomial. Note: A polynomial whose degree-bound is r is of degree at most r-1 !

11 Univariate Interpolation Given x 0,y 0,...,x r-1,y r-1  F there is a single univariate polynomial P and degree-bound r, which satisfies  0  k  r-1 P(x k )=y k (Lagrange’s formula) The process of finding the coefficients of a polynomial given its value in r points is called interpolation. Let’s check the value of this polynomial in x = x t for some 0  t  r-1: Since the degree-bound of this polynomial is r, we in fact proved the correctness of the formula a-b denotes a+(-b) a/b denoted a(b -1 ) 0 ytyt If there are two such polynomials: p 1 & p 2, then p 1 -p 2 is a polynomial with degree-bound r, which has r roots. This contradicts the fundamental theorem of Algebra!

12 A Generic  -code Set F to be the finite field Z p for some prime p, and assume for simplicity that  = F and m = p. Given  n, let E(  ) be the string of the function f  : F  F that satisfies: f  is the unique polynomial of degree-bound n such that f  (i) =  i for all 0  i  n-1.

13 A Generic  -code (2) E(  ) can be interpolated from any n points. Hence, for any , E(  ) and E(  ) may agree on at most n – 1 points. Therefore, E is an (n – 1) / m - code.

14 A Generic  -code - Example p = m = 5, n = 2  = 1, 2  = 3, 1 f  (x) = x + 1f  (x) = 3x + 3 E(  ) = 1, 2, 3, 4, 0E(  ) = 3, 1, 4, 2, 0

15 Strings & Functions (2) We can describe any string as a function f:H d  H (H is a finite field, d is a positive integer). Given a  n we’ll achieve that by choosing H=Z q, where q is the smallest prime greater than |  |, and d=  log q n .

16 Multivariate Polynomials Definition (polynomial): Let F be a field and let d be some positive integer number. A function p:F d  F is a polynomial if it can be written as for some series of coefficients in the field. h is the degree-bound on each one of the variables. The total-degree of the polynomial is max{ i 0 +…+i d-1 : a i 0 … i d-1  0 }.

17  -Codes - Home Assignment We’ve seen that univariate polynomials over a finite field F with degree-bound r are  -codes for  = (r-1)/|F|. For which  multivariate polynomials (over a finite field F, with degree-bound h in each variable and dimension d) are  -codes? Next

18 Curves Definition (curve): Let F be a field and let d be some natural number. A (univariate) curve is a function  :F  F d of the form where p 1,...,p d are univariate polynomials over F. The degree-bound of  is the maximum over the degree-bounds of the polynomials.

19 Vector Spaces Definition (vector space): Let F be a field and V a set. V is a vector space over F if a binary addition + is defined over V and a scalar multiplication · is defined over V and F s.t 1  u,v  V, u+v  V 2  u,v,w  V, (u+v)+w=u+(v+w) 3  u,v  V, u+v=v+u 4  0  V,  v  V, v+0=v 5  v  V,  -v  V, v+(-v)=0 6  v  V,  a  F a·v  V 7  u,v  V,  a  F a(u+v)=au+av 8  v  V,  a,b  F (a+b)v=av+bv 9  v  V,  a,b  F (ab)v=a(bv) 10  v  V, 1·v=v

20 Vector Spaces - Example Let F be a field and let n be a natural number. F n = { (a 1,...,a n ) | a 1,...,a n  F } is a vector space over F where for any (a 1,...,a n ),(b 1,...,b n )  F n (a 1,...,a n ) + (b 1,...,b n ) = (a 1 +b 1,...,a n +b n ) and for any (a 1,...,a n )  F n and c  F c(a 1,...,a n ) = (ca 1,...,ca n )

21 Subspaces Definition (subspace): A subset W of a vector space V (over a field F) is called a subspace of V if W itself is a vector space over the addition and scalar multiplication operations of V.

22 Affine Subspaces Definition (affine subspace): Let V be a vector space. U  V is an affine subspace of V if there exist a subspace W of V and a v  V, such that U = { u |  w  W : u = w + v }

23 Linear Combinations Definition (linear combination): Let V be a vector space over some field F. Let v 1,...,v k  V and let a 1,...,a k  F. The sum a 1 v a k v k is called a linear combination of v 1,...,v k with the coefficients a 1,...,a k. Definition (linear dependent): A set of vectors {v 1,...,v k } in some vector space V over a field F is linear dependent if there exist a 1,...,a k  F and an 1  i  k for which a i  0, s.t a 1 v a k v k =0. Vectors which are not linear dependent are called linear independent.

24 Basis Definition (Span): Let V be a vector space over some field F. Let K  V. Span(K) denotes the subspace of all the linear combination of members of K. Definition (Basis): Let B  {0} be a subset of a vector space V. B is called a basis for V if (a) B is linear independent. (b) Span(B)=V.

25 Dimensions Definition (dimension): The number of vectors in any basis of a vector space is called its dimension. Similarly, the dimension of an affine subspace is the dimension of its corresponding subspace.

26 Restriction of Polynomials Definition (restriction of a polynomial to an affine subspace): Let U be an affine subspace of F d (where F is a field and d is a positive integer). Let p:F d  F be a polynomial. The restriction of p to U is p’:U  F,  u  U p’(u)=p(u). Definition (restriction of a polynomial to a curve): Let  :F  F d be a curve (where F is a field and d is a positive integer). Let p:F d  F be a polynomial. The restriction of p to  is p’(x)=p(  (x)).

27 Restriction of Polynomials - Home Assignment [1] Prove that the restriction of p to U is a polynomial. What are its degree-bound and dimension? [2] The same for . Next

28 Low Degree Extension (LDE) Definition (low degree extension): Let  : H d  H be a string (where H is some finite field). Given a finite field F, which is a superset of H, we define a low degree extension of  to F as a polynomial LDE  : F d  F which satisfies:  LDE  agrees with  on H d (extension).  The degree-bound of LDE  is |H| in each variable (low degree).

29 LDE - Home Assignment Let  {0,1} n. Write down an expression for LDE .

30 Reading a value Goal: To be able to find the value of an LDE in any point (set of points) of F d. LDE x LDE(x)

31 Straightforward Approach x LDE(x) Represent the LDE by its coefficients. Alas, this will require access to |H| d variables, log|F| bits each, each time! the coefficients of the dimension- d, degree-bound- |H| LDE

32 “Tricky” Approach x LDE(x) the value of the LDE in every point in F d Represent the LDE by its values in the points of F d. Now we only need access to one variable (log|F| bits) each time. But now we encounter a new problem: we cannot be sure the values we are given are consistent, i.e. correspond to a single dimension-d, degree- bound-|H| polynomial.

33 Consistent Readers In the upcoming lectures we’ll see how to build readers which: access only a small number of the variables each time. detect inconsistency with high probability. We’ll later weaken this notion

34 v v v v v v v v v v v v v v Consistency Tests Suppose we have a set of variables which represent the LDE in some manner. A consistency test is a set of local tests. If the values of the variables are consistent, all the local tests accept. Otherwise a random test should reject w.h.p.

35 Corresponding Game Prover sets values to all variables in the representation. Verifier picks randomly a single local-test and accepts or rejects according to its output. The error-probability of a test is the fraction of local tests that may accept although the assigned values do not conform to global consistency.

36 Corresponding Game P(0,0,0)P(0,0,1)P(0,0,2)P(0,0,3)P(0,0,4)P(0,0,5)P(0,0,6) P(0,1,0)P(0,1,1)P(0,1,2)P(0,1,3)P(0,1,4)P(0,1,5)P(0,1,6) P(0,2,0)P(0,2,1)P(0,2,2)P(0,2,3)P(0,2,4)P(0,2,5)P(0,2,6) P(0,3,0)P(0,3,1)P(0,3,2)P(0,3,3)P(0,3,4)P(0,3,5)P(0,3,6) P(6,6,0)P(6,6,1)P(6,6,2)P(6,6,3)P(6,6,4)P(6,6,5)P(6,6,6) P(0,0,0)P(0,0,1)P(0,0,2)P(0,0,3)P(0,0,4)P(0,0,5)P(0,0,6) 3 P(0,1,1)P(0,1,2)P(0,1,3)P(0,1,4)P(0,1,5)P(0,1,6) P(0,2,0)P(0,2,1) 5 P(0,2,3)P(0,2,4)P(0,2,5)P(0,2,6) P(0,3,0)P(0,3,1)P(0,3,2)P(0,3,3)P(0,3,4)P(0,3,5)P(0,3,6) P(6,6,0)P(6,6,1)P(6,6,2)P(6,6,3) 2 P(6,6,5)P(6,6,6)