Linear-algebraic list decoding of folded Reed-Solomon codes

Folded Reed-Solomon codes are an explicit family of codes that achieve the optimal trade-off between rate and error-correction capability: specifically, for any \eps > 0, the author and Rudra (2006,08) presented an n^{O(1/\eps)} time algorithm to list decode appropriate folded RS codes of rate $R$ from a fraction 1-R-\eps of errors. The algorithm is based on multivariate polynomial interpolation and root-finding over extension fields. It was noted by Vadhan that interpolating a linear polynomial suffices if one settles for a smaller decoding radius (but still enough for a statement of the above form). Here we give a simple linear-algebra based analysis of this variant that eliminates the need for the computationally expensive root-finding step over extension fields (and indeed any mention of extension fields). The entire list decoding algorithm is linear-algebraic, solving one linear system for the interpolation step, and another linear system to find a small subspace of candidate solutions. Except for the step of pruning this subspace, the algorithm can be implemented to run in {\em quadratic} time. The theoretical drawback of folded RS codes are that both the decoding complexity and proven worst-case list-size bound are n^{\Omega(1/\eps)}. By combining the above idea with a pseudorandom subset of all polynomials as messages, we get a Monte Carlo construction achieving a list size bound of O(1/\eps^2) which is quite close to the existential O(1/\eps) bound (however, the decoding complexity remains n^{\Omega(1/\eps)}). Our work highlights that constructing an explicit {\em subspace-evasive} subset that has small intersection with low-dimensional subspaces could lead to explicit codes with better list-decoding guarantees.Comment: 16 pages. Extended abstract in Proc. of IEEE Conference on Computational Complexity (CCC), 201

Polynomial-Time Algorithms for Quadratic Isomorphism of Polynomials: The Regular Case

Let $\mathbf{f}=(f\_1,\ldots,f\_m)$ and $\mathbf{g}=(g\_1,\ldots,g\_m)$ be two sets of $m\geq 1$ nonlinear polynomials over $\mathbb{K}[x\_1,\ldots,x\_n]$ ($\mathbb{K}$ being a field). We consider the computational problem of finding -- if any -- an invertible transformation on the variables mapping $\mathbf{f}$ to $\mathbf{g}$. The corresponding equivalence problem is known as {\tt Isomorphism of Polynomials with one Secret} ({\tt IP1S}) and is a fundamental problem in multivariate cryptography. The main result is a randomized polynomial-time algorithm for solving {\tt IP1S} for quadratic instances, a particular case of importance in cryptography and somewhat justifying {\it a posteriori} the fact that {\it Graph Isomorphism} reduces to only cubic instances of {\tt IP1S} (Agrawal and Saxena). To this end, we show that {\tt IP1S} for quadratic polynomials can be reduced to a variant of the classical module isomorphism problem in representation theory, which involves to test the orthogonal simultaneous conjugacy of symmetric matrices. We show that we can essentially {\it linearize} the problem by reducing quadratic-{\tt IP1S} to test the orthogonal simultaneous similarity of symmetric matrices; this latter problem was shown by Chistov, Ivanyos and Karpinski to be equivalent to finding an invertible matrix in the linear space $\mathbb{K}^{n \times n}$ of $n \times n$ matrices over $\mathbb{K}$ and to compute the square root in a matrix algebra. While computing square roots of matrices can be done efficiently using numerical methods, it seems difficult to control the bit complexity of such methods. However, we present exact and polynomial-time algorithms for computing the square root in $\mathbb{K}^{n \times n}$ for various fields (including finite fields). We then consider \\#{\tt IP1S}, the counting version of {\tt IP1S} for quadratic instances. In particular, we provide a (complete) characterization of the automorphism group of homogeneous quadratic polynomials. Finally, we also consider the more general {\it Isomorphism of Polynomials} ({\tt IP}) problem where we allow an invertible linear transformation on the variables \emph{and} on the set of polynomials. A randomized polynomial-time algorithm for solving {\tt IP} when $\mathbf{f}=(x\_1^d,\ldots,x\_n^d)$ is presented. From an algorithmic point of view, the problem boils down to factoring the determinant of a linear matrix (\emph{i.e.}\ a matrix whose components are linear polynomials). This extends to {\tt IP} a result of Kayal obtained for {\tt PolyProj}.Comment: Published in Journal of Complexity, Elsevier, 2015, pp.3

Optimal rate list decoding via derivative codes

The classical family of $[n,k]_q$ Reed-Solomon codes over a field \F_q consist of the evaluations of polynomials f \in \F_q[X] of degree $< k$ at $n$ distinct field elements. In this work, we consider a closely related family of codes, called (order $m$) {\em derivative codes} and defined over fields of large characteristic, which consist of the evaluations of $f$ as well as its first $m-1$ formal derivatives at $n$ distinct field elements. For large enough $m$, we show that these codes can be list-decoded in polynomial time from an error fraction approaching $1-R$, where $R=k/(nm)$ is the rate of the code. This gives an alternate construction to folded Reed-Solomon codes for achieving the optimal trade-off between rate and list error-correction radius. Our decoding algorithm is linear-algebraic, and involves solving a linear system to interpolate a multivariate polynomial, and then solving another structured linear system to retrieve the list of candidate polynomials $f$. The algorithm for derivative codes offers some advantages compared to a similar one for folded Reed-Solomon codes in terms of efficient unique decoding in the presence of side information.Comment: 11 page

Algebraic List-decoding of Subspace Codes

Subspace codes were introduced in order to correct errors and erasures for randomized network coding, in the case where network topology is unknown (the noncoherent case). Subspace codes are indeed collections of subspaces of a certain vector space over a finite field. The Koetter-Kschischang construction of subspace codes are similar to Reed-Solomon codes in that codewords are obtained by evaluating certain (linearized) polynomials. In this paper, we consider the problem of list-decoding the Koetter-Kschischang subspace codes. In a sense, we are able to achieve for these codes what Sudan was able to achieve for Reed-Solomon codes. In order to do so, we have to modify and generalize the original Koetter-Kschischang construction in many important respects. The end result is this: for any integer $L$, our list-$L$ decoder guarantees successful recovery of the message subspace provided that the normalized dimension of the error is at most $L - \frac{L(L+1)}{2}R$ where $R$ is the normalized packet rate. Just as in the case of Sudan's list-decoding algorithm, this exceeds the previously best known error-correction radius $1-R$, demonstrated by Koetter and Kschischang, for low rates $R$

Uniform determinantal representations

The problem of expressing a specific polynomial as the determinant of a square matrix of affine-linear forms arises from algebraic geometry, optimisation, complexity theory, and scientific computing. Motivated by recent developments in this last area, we introduce the notion of a uniform determinantal representation, not of a single polynomial but rather of all polynomials in a given number of variables and of a given maximal degree. We derive a lower bound on the size of the matrix, and present a construction achieving that lower bound up to a constant factor as the number of variables is fixed and the degree grows. This construction marks an improvement upon a recent construction due to Plestenjak-Hochstenbach, and we investigate the performance of new representations in their root-finding technique for bivariate systems. Furthermore, we relate uniform determinantal representations to vector spaces of singular matrices, and we conclude with a number of future research directions.Comment: 23 pages, 3 figures, 4 table