-
Randomness-Efficient Constructions of Capacity-Achieving List-Decodable Codes
Authors:
Jonathan Mosheiff,
Nicolas Resch,
Kuo Shang,
Chen Yuan
Abstract:
We wish to generate list-decodable codes over small alphabets using as little randomness as possible. Specifically, we hope to generate codes achieving what we term the Elias bound, which means that they are $(ρ,L)$-list-decodable with rate $R \geq 1-h(ρ)-O(1/L)$. A long line of work shows that uniformly random linear codes (RLCs) achieve the Elias bound: hence, we know $O(n^2)$ random bits suffic…
▽ More
We wish to generate list-decodable codes over small alphabets using as little randomness as possible. Specifically, we hope to generate codes achieving what we term the Elias bound, which means that they are $(ρ,L)$-list-decodable with rate $R \geq 1-h(ρ)-O(1/L)$. A long line of work shows that uniformly random linear codes (RLCs) achieve the Elias bound: hence, we know $O(n^2)$ random bits suffice. Prior works demonstrate that just $O(Ln)$ random bits suffice, via puncturing of low-bias codes. These recent constructions are combinatorial.
We provide two new constructions, which are algebraic. Compared to prior works, our constructions are simpler and more direct. Furthermore, our codes are designed in such a way that their duals are also quite easy to analyze. Our first construction -- which can be seen as a generalization of the Wozencraft ensemble -- achieves the Elias bound and consumes $Ln$ random bits. Additionally, its dual code achieves the GV-bound with high probability, and both the primal and dual admit quasilinear-time encoding algorithms. The second construction consumes $2nL$ random bits and yields a code where both it and its dual achieve the Elias bound. As we discuss, properties of a dual code are often crucial for applications in cryptography.
In all of the above cases -- including the prior works achieving randomness complexity $O(Ln)$ -- the codes are designed to "approximate" RLCs. Namely, for a given locality parameter $L$ we construct codes achieving the same $L$-local properties as RLCs. This allows one to appeal to known list-decodability results for RLCs and thereby conclude that the code approximating an RLC also achieves the Elias bound. As a final contribution, we indicate that such a proof strategy is inherently unable to generate list-decodable codes of rate $R$ over $\mathbb F_q$ with less than $L(1-R)n\log_2(q)$ bits of randomness.
△ Less
Submitted 15 May, 2024; v1 submitted 18 February, 2024;
originally announced February 2024.
-
Tight Bounds on List-Decodable and List-Recoverable Zero-Rate Codes
Authors:
Nicolas Resch,
Chen Yuan,
Yihan Zhang
Abstract:
In this work, we consider the list-decodability and list-recoverability of codes in the zero-rate regime. Briefly, a code $\mathcal{C} \subseteq [q]^n$ is $(p,\ell,L)$-list-recoverable if for all tuples of input lists $(Y_1,\dots,Y_n)$ with each $Y_i \subseteq [q]$ and $|Y_i|=\ell$ the number of codewords $c \in \mathcal{C}$ such that $c_i \notin Y_i$ for at most $pn$ choices of $i \in [n]$ is les…
▽ More
In this work, we consider the list-decodability and list-recoverability of codes in the zero-rate regime. Briefly, a code $\mathcal{C} \subseteq [q]^n$ is $(p,\ell,L)$-list-recoverable if for all tuples of input lists $(Y_1,\dots,Y_n)$ with each $Y_i \subseteq [q]$ and $|Y_i|=\ell$ the number of codewords $c \in \mathcal{C}$ such that $c_i \notin Y_i$ for at most $pn$ choices of $i \in [n]$ is less than $L$; list-decoding is the special case of $\ell=1$. In recent work by Resch, Yuan and Zhang~(ICALP~2023) the zero-rate threshold for list-recovery was determined for all parameters: that is, the work explicitly computes $p_*:=p_*(q,\ell,L)$ with the property that for all $ε>0$ (a) there exist infinite families positive-rate $(p_*-ε,\ell,L)$-list-recoverable codes, and (b) any $(p_*+ε,\ell,L)$-list-recoverable code has rate $0$. In fact, in the latter case the code has constant size, independent on $n$. However, the constant size in their work is quite large in $1/ε$, at least $|\mathcal{C}|\geq (\frac{1}ε)^{O(q^L)}$.
Our contribution in this work is to show that for all choices of $q,\ell$ and $L$ with $q \geq 3$, any $(p_*+ε,\ell,L)$-list-recoverable code must have size $O_{q,\ell,L}(1/ε)$, and furthermore this upper bound is complemented by a matching lower bound $Ω_{q,\ell,L}(1/ε)$. This greatly generalizes work by Alon, Bukh and Polyanskiy~(IEEE Trans.\ Inf.\ Theory~2018) which focused only on the case of binary alphabet (and thus necessarily only list-decoding). We remark that we can in fact recover the same result for $q=2$ and even $L$, as obtained by Alon, Bukh and Polyanskiy: we thus strictly generalize their work.
△ Less
Submitted 4 September, 2023;
originally announced September 2023.
-
Zero-Rate Thresholds and New Capacity Bounds for List-Decoding and List-Recovery
Authors:
Nicolas Resch,
Chen Yuan,
Yihan Zhang
Abstract:
In this work we consider the list-decodability and list-recoverability of arbitrary $q$-ary codes, for all integer values of $q\geq 2$. A code is called $(p,L)_q$-list-decodable if every radius $pn$ Hamming ball contains less than $L$ codewords; $(p,\ell,L)_q$-list-recoverability is a generalization where we place radius $pn$ Hamming balls on every point of a combinatorial rectangle with side leng…
▽ More
In this work we consider the list-decodability and list-recoverability of arbitrary $q$-ary codes, for all integer values of $q\geq 2$. A code is called $(p,L)_q$-list-decodable if every radius $pn$ Hamming ball contains less than $L$ codewords; $(p,\ell,L)_q$-list-recoverability is a generalization where we place radius $pn$ Hamming balls on every point of a combinatorial rectangle with side length $\ell$ and again stipulate that there be less than $L$ codewords.
Our main contribution is to precisely calculate the maximum value of $p$ for which there exist infinite families of positive rate $(p,\ell,L)_q$-list-recoverable codes, the quantity we call the zero-rate threshold. Denoting this value by $p_*$, we in fact show that codes correcting a $p_*+\varepsilon$ fraction of errors must have size $O_{\varepsilon}(1)$, i.e., independent of $n$. Such a result is typically referred to as a ``Plotkin bound.'' To complement this, a standard random code with expurgation construction shows that there exist positive rate codes correcting a $p_*-\varepsilon$ fraction of errors. We also follow a classical proof template (typically attributed to Elias and Bassalygo) to derive from the zero-rate threshold other tradeoffs between rate and decoding radius for list-decoding and list-recovery.
Technically, proving the Plotkin bound boils down to demonstrating the Schur convexity of a certain function defined on the $q$-simplex as well as the convexity of a univariate function derived from it. We remark that an earlier argument claimed similar results for $q$-ary list-decoding; however, we point out that this earlier proof is flawed.
△ Less
Submitted 14 October, 2022;
originally announced October 2022.
-
Smoothing Codes and Lattices: Systematic Study and New Bounds
Authors:
Thomas Debris-Alazard,
Léo Ducas,
Nicolas Resch,
Jean-Pierre Tillich
Abstract:
In this article we revisit smoothing bounds in parallel between lattices $and$ codes. Initially introduced by Micciancio and Regev, these bounds were instantiated with Gaussian distributions and were crucial for arguing the security of many lattice-based cryptosystems. Unencumbered by direct application concerns, we provide a systematic study of how these bounds are obtained for both lattices…
▽ More
In this article we revisit smoothing bounds in parallel between lattices $and$ codes. Initially introduced by Micciancio and Regev, these bounds were instantiated with Gaussian distributions and were crucial for arguing the security of many lattice-based cryptosystems. Unencumbered by direct application concerns, we provide a systematic study of how these bounds are obtained for both lattices $and$ codes, transferring techniques between both areas. We also consider multiple choices of spherically symmetric noise distribution.
We found that the best strategy for a worst-case bound combines Parseval's Identity, the Cauchy-Schwarz inequality, and the second linear programming bound, and this holds for both codes and lattices and all noise distributions at hand. For an average-case analysis, the linear programming bound can be replaced by a tight average count.
This alone gives optimal results for spherically uniform noise over random codes and random lattices. This also improves previous Gaussian smoothing bound for worst-case lattices, but surprisingly this provides even better results with uniform ball noise than for Gaussian (or Bernoulli noise for codes).
This counter-intuitive situation can be resolved by adequate decomposition and truncation of Gaussian and Bernoulli distributions into a superposition of uniform noise, giving further improvement for those cases, and putting them on par with the uniform cases.
△ Less
Submitted 8 September, 2022; v1 submitted 21 May, 2022;
originally announced May 2022.
-
Threshold Rates of Codes Ensembles: Linear is Best
Authors:
Nicolas Resch,
Chen Yuan
Abstract:
In this work, we prove new results concerning the combinatorial properties of random linear codes.
Firstly, we prove a lower bound on the list-size required for random linear codes over $\mathbb F_q$ $\varepsilon$-close to capacity to list-recover with error radius $ρ$ and input lists of size $\ell$. We show that the list-size $L$ must be at least $\frac{\log_q\binom{q}{\ell}-R}{\varepsilon}$, w…
▽ More
In this work, we prove new results concerning the combinatorial properties of random linear codes.
Firstly, we prove a lower bound on the list-size required for random linear codes over $\mathbb F_q$ $\varepsilon$-close to capacity to list-recover with error radius $ρ$ and input lists of size $\ell$. We show that the list-size $L$ must be at least $\frac{\log_q\binom{q}{\ell}-R}{\varepsilon}$, where $R$ is the rate of the random linear code. As a comparison, we also pin down the list size of random codes which is $\frac{\log_q\binom{q}{\ell}}{\varepsilon}$. This leaves open the possibility (that we consider likely) that random linear codes perform better than random codes for list-recoverability, which is in contrast to a recent gap shown for the case of list-recovery from erasures (Guruswami et al., IEEE TIT 2021B).
Next, we consider list-decoding with constant list-sizes. Specifically, we obtain new lower bounds on the rate required for list-of-$3$ decodability of random linear codes over $\mathbb F_2$; and list-of-$2$ decodability of random linear codes over $\mathbb F_q$ (for any $q$). This expands upon Guruswami et al. (IEEE TIT 2021A) which only studied list-of-$2$ decodability of random linear codes over $\mathbb F_2$. Further, in both cases we are able to show that the rate is larger than that which is possible for uniformly random codes.
△ Less
Submitted 3 May, 2022;
originally announced May 2022.
-
Threshold rates for properties of random codes
Authors:
Venkatesan Guruswami,
Jonathan Mosheiff,
Nicolas Resch,
Shashwat Silas,
Mary Wootters
Abstract:
Suppose that $P$ is a property that may be satisfied by a random code $C \subset Σ^n$. For example, for some $p \in (0,1)$, ${P}$ might be the property that there exist three elements of $C$ that lie in some Hamming ball of radius $pn$. We say that $R^*$ is the threshold rate for ${P}$ if a random code of rate $R^* + ε$ is very likely to satisfy ${P}$, while a random code of rate $R^* - ε$ is very…
▽ More
Suppose that $P$ is a property that may be satisfied by a random code $C \subset Σ^n$. For example, for some $p \in (0,1)$, ${P}$ might be the property that there exist three elements of $C$ that lie in some Hamming ball of radius $pn$. We say that $R^*$ is the threshold rate for ${P}$ if a random code of rate $R^* + ε$ is very likely to satisfy ${P}$, while a random code of rate $R^* - ε$ is very unlikely to satisfy ${P}$. While random codes are well-studied in coding theory, even the threshold rates for relatively simple properties like the one above are not well understood.
We characterize threshold rates for a rich class of properties. These properties, like the example above, are defined by the inclusion of specific sets of codewords which are also suitably "symmetric". For properties in this class, we show that the threshold rate is in fact equal to the lower bound that a simple first-moment calculation obtains. Our techniques not only pin down the threshold rate for the property ${P}$ above, they give sharp bounds on the threshold rate for list-recovery in several parameter regimes, as well as an efficient algorithm for estimating the threshold rates for list-recovery in general.
△ Less
Submitted 6 June, 2024; v1 submitted 9 September, 2020;
originally announced September 2020.
-
Bounds for list-decoding and list-recovery of random linear codes
Authors:
Venkatesan Guruswami,
Ray Li,
Jonathan Mosheiff,
Nicolas Resch,
Shashwat Silas,
Mary Wootters
Abstract:
A family of error-correcting codes is list-decodable from error fraction $p$ if, for every code in the family, the number of codewords in any Hamming ball of fractional radius $p$ is less than some integer $L$ that is independent of the code length. It is said to be list-recoverable for input list size $\ell$ if for every sufficiently large subset of codewords (of size $L$ or more), there is a coo…
▽ More
A family of error-correcting codes is list-decodable from error fraction $p$ if, for every code in the family, the number of codewords in any Hamming ball of fractional radius $p$ is less than some integer $L$ that is independent of the code length. It is said to be list-recoverable for input list size $\ell$ if for every sufficiently large subset of codewords (of size $L$ or more), there is a coordinate where the codewords take more than $\ell$ values. The parameter $L$ is said to be the "list size" in either case. The capacity, i.e., the largest possible rate for these notions as the list size $L \to \infty$, is known to be $1-h_q(p)$ for list-decoding, and $1-\log_q \ell$ for list-recovery, where $q$ is the alphabet size of the code family.
In this work, we study the list size of random linear codes for both list-decoding and list-recovery as the rate approaches capacity. We show the following claims hold with high probability over the choice of the code (below, $ε> 0$ is the gap to capacity).
(1) A random linear code of rate $1 - \log_q(\ell) - ε$ requires list size $L \ge \ell^{Ω(1/ε)}$ for list-recovery from input list size $\ell$. This is surprisingly in contrast to completely random codes, where $L = O(\ell/ε)$ suffices w.h.p.
(2) A random linear code of rate $1 - h_q(p) - ε$ requires list size $L \ge \lfloor h_q(p)/ε+0.99 \rfloor$ for list-decoding from error fraction $p$, when $ε$ is sufficiently small.
(3) A random binary linear code of rate $1 - h_2(p) - ε$ is list-decodable from average error fraction $p$ with list size with $L \leq \lfloor h_2(p)/ε\rfloor + 2$.
The second and third results together precisely pin down the list sizes for binary random linear codes for both list-decoding and average-radius list-decoding to three possible values.
△ Less
Submitted 18 June, 2020; v1 submitted 27 April, 2020;
originally announced April 2020.
-
LDPC Codes Achieve List Decoding Capacity
Authors:
Jonathan Mosheiff,
Nicolas Resch,
Noga Ron-Zewi,
Shashwat Silas,
Mary Wootters
Abstract:
We show that Gallager's ensemble of Low-Density Parity Check (LDPC) codes achieves list-decoding capacity with high probability. These are the first graph-based codes shown to have this property. This result opens up a potential avenue towards truly linear-time list-decodable codes that achieve list-decoding capacity.
Our result on list decoding follows from a much more general result: any…
▽ More
We show that Gallager's ensemble of Low-Density Parity Check (LDPC) codes achieves list-decoding capacity with high probability. These are the first graph-based codes shown to have this property. This result opens up a potential avenue towards truly linear-time list-decodable codes that achieve list-decoding capacity.
Our result on list decoding follows from a much more general result: any $\textit{local}$ property satisfied with high probability by a random linear code is also satisfied with high probability by a random LDPC code from Gallager's distribution. Local properties are properties characterized by the exclusion of small sets of codewords, and include list-decodability, list-recoverability and average-radius list-decodability.
In order to prove our results on LDPC codes, we establish sharp thresholds for when local properties are satisfied by a random linear code. More precisely, we show that for any local property $\mathcal{P}$, there is some $R^*$ so that random linear codes of rate slightly less than $R^*$ satisfy $\mathcal{P}$ with high probability, while random linear codes of rate slightly more than $R^*$, with high probability, do not. We also give a characterization of the threshold rate $R^*$.
△ Less
Submitted 17 November, 2021; v1 submitted 13 September, 2019;
originally announced September 2019.
-
Coding for Interactive Communication with Small Memory and Applications to Robust Circuits
Authors:
Bernhard Haeupler,
Nicolas Resch
Abstract:
Classically, coding theory has been concerned with the problem of transmitting a single message in a format which is robust to noise. Recently, researchers have turned their attention to designing coding schemes to make two-way conversations robust to noise. That is, given an interactive communication protocol $Π$, an \emph{interactive coding scheme} converts $Π$ into another communication protoco…
▽ More
Classically, coding theory has been concerned with the problem of transmitting a single message in a format which is robust to noise. Recently, researchers have turned their attention to designing coding schemes to make two-way conversations robust to noise. That is, given an interactive communication protocol $Π$, an \emph{interactive coding scheme} converts $Π$ into another communication protocol $Π'$ such that, even if errors are introduced during the execution of $Π'$, the parties are able to determine what the outcome of running $Π$ would be in a noise-free setting.
We consider the problem of designing interactive coding schemes which allow the parties to simulate the original protocol using little memory. Specifically, given any communication protocol $Π$ we construct robust simulating protocols which tolerate a constant noise rate and require the parties to use only $O(\log d \log s)$ memory, where $d$ is the depth of $Π$ and $s$ is a measure of the size of $Π$. Prior to this work, all known coding schemes required the parties to use at least $Ω(d)$ memory, as the parties were required to remember the transcript of the conversation thus far. Moreover, our coding scheme achieves a communication rate of $1-O(\sqrt{\varepsilon})$ over oblivious channels and $1-O(\sqrt{\varepsilon\log\log\tfrac{1}{\varepsilon}})$ over adaptive adversarial channels, matching the conjecturally optimal rates. Lastly, we point to connections between fault-tolerant circuits and coding for interactive communication with small memory.
△ Less
Submitted 24 July, 2019; v1 submitted 17 May, 2018;
originally announced May 2018.
-
On the List-Decodability of Random Linear Rank-Metric Codes
Authors:
Venkatesan Guruswami,
Nicolas Resch
Abstract:
The list-decodability of random linear rank-metric codes is shown to match that of random rank-metric codes. Specifically, an $\mathbb{F}_q$-linear rank-metric code over $\mathbb{F}_q^{m \times n}$ of rate $R = (1-ρ)(1-\frac{n}{m}ρ)-\varepsilon$ is shown to be (with high probability) list-decodable up to fractional radius $ρ\in (0,1)$ with lists of size at most $\frac{C_{ρ,q}}{\varepsilon}$, where…
▽ More
The list-decodability of random linear rank-metric codes is shown to match that of random rank-metric codes. Specifically, an $\mathbb{F}_q$-linear rank-metric code over $\mathbb{F}_q^{m \times n}$ of rate $R = (1-ρ)(1-\frac{n}{m}ρ)-\varepsilon$ is shown to be (with high probability) list-decodable up to fractional radius $ρ\in (0,1)$ with lists of size at most $\frac{C_{ρ,q}}{\varepsilon}$, where $C_{ρ,q}$ is a constant depending only on $ρ$ and $q$. This matches the bound for random rank-metric codes (up to constant factors). The proof adapts the approach of Guruswami, Håstad, Kopparty (STOC 2010), who established a similar result for the Hamming metric case, to the rank-metric setting.
△ Less
Submitted 31 October, 2017;
originally announced October 2017.