68 research outputs found
Lower bounds for constant query affine-invariant LCCs and LTCs
Affine-invariant codes are codes whose coordinates form a vector space over a
finite field and which are invariant under affine transformations of the
coordinate space. They form a natural, well-studied class of codes; they
include popular codes such as Reed-Muller and Reed-Solomon. A particularly
appealing feature of affine-invariant codes is that they seem well-suited to
admit local correctors and testers.
In this work, we give lower bounds on the length of locally correctable and
locally testable affine-invariant codes with constant query complexity. We show
that if a code is an -query
locally correctable code (LCC), where is a finite field and
is a finite alphabet, then the number of codewords in is
at most . Also, we show that if
is an -query locally testable
code (LTC), then the number of codewords in is at most
. The dependence on in these
bounds is tight for constant-query LCCs/LTCs, since Guo, Kopparty and Sudan
(ITCS `13) construct affine-invariant codes via lifting that have the same
asymptotic tradeoffs. Note that our result holds for non-linear codes, whereas
previously, Ben-Sasson and Sudan (RANDOM `11) assumed linearity to derive
similar results.
Our analysis uses higher-order Fourier analysis. In particular, we show that
the codewords corresponding to an affine-invariant LCC/LTC must be far from
each other with respect to Gowers norm of an appropriate order. This then
allows us to bound the number of codewords, using known decomposition theorems
which approximate any bounded function in terms of a finite number of
low-degree non-classical polynomials, upto a small error in the Gowers norm
Interactive Oracle Proofs with Constant Rate and Query Complexity
We study interactive oracle proofs (IOPs) [BCS16,RRR16], which combine aspects of probabilistically checkable proofs (PCPs) and interactive proofs (IPs). We present IOP constructions and techniques that enable us to obtain tradeoffs in proof length versus query complexity that are not known to be achievable via PCPs or IPs alone. Our main results are:
1. Circuit satisfiability has 3-round IOPs with linear proof length (counted in bits) and constant query complexity.
2. Reed-Solomon codes have 2-round IOPs of proximity with linear proof length and constant query complexity.
3. Tensor product codes have 1-round IOPs of proximity with sublinear proof length and constant query complexity.
For all the above, known PCP constructions give quasilinear proof length and constant query complexity [BS08,Din07]. Also, for circuit satisfiability, [BKKMS13] obtain PCPs with linear proof length but sublinear (and super-constant) query complexity. As in [BKKMS13], we rely on algebraic-geometry codes to obtain our first result; but, unlike that work, our use of such codes is much "lighter" because we do not rely on any automorphisms of the code.
We obtain our results by proving and combining "IOP-analogues" of tools underlying numerous IPs and PCPs:
* Interactive proof composition. Proof composition [AS98] is used to reduce the query complexity of PCP verifiers, at the cost of increasing proof length by an additive factor that is exponential in the verifier\u27s randomness complexity. We prove a composition theorem for IOPs where this additive factor is linear.
* Sublinear sumcheck. The sumcheck protocol [LFKN92] is an IP that enables the verifier to check the sum of values of a low-degree multi-variate polynomial on an exponentially-large hypercube, but the verifier\u27s running time depends linearly on the bound on individual degrees. We prove a sumcheck protocol for IOPs where this dependence is sublinear (e.g., polylogarithmic).
Our work demonstrates that even constant-round IOPs are more efficient than known PCPs and IPs
Improved Soundness for QMA with Multiple Provers
We present three contributions to the understanding of QMA with multiple
provers:
1) We give a tight soundness analysis of the protocol of [Blier and Tapp,
ICQNM '09], yielding a soundness gap Omega(1/N^2). Our improvement is achieved
without the use of an instance with a constant soundness gap (i.e., without
using a PCP).
2) We give a tight soundness analysis of the protocol of [Chen and Drucker,
ArXiV '10], thereby improving their result from a monolithic protocol where
Theta(sqrt(N)) provers are needed in order to have any soundness gap, to a
protocol with a smooth trade-off between the number of provers k and a
soundness gap Omega(k^2/N), as long as k>=Omega(log N). (And, when
k=Theta(sqrt(N)), we recover the original parameters of Chen and Drucker.)
3) We make progress towards an open question of [Aaronson et al., ToC '09]
about what kinds of NP-complete problems are amenable to sublinear
multiple-prover QMA protocols, by observing that a large class of such examples
can easily be derived from results already in the PCP literature - namely, at
least the languages recognized by a non-deterministic RAMs in quasilinear time.Comment: 24 pages; comments welcom
Explicit Strong LTCs with Inverse Poly-Log Rate and Constant Soundness
An error-correcting code C subseteq F^n is called (q,epsilon)-strong locally testable code (LTC) if there exists a tester that makes at most q queries to the input word. This tester accepts all codewords with probability 1 and rejects all non-codewords x not in C with probability at least epsilon * delta(x,C), where delta(x,C) denotes the relative Hamming distance between the word x and the code C. The parameter q is called the query complexity and the parameter epsilon is called soundness.
Goldreich and Sudan (J.ACM 2006) asked about the existence of strong LTCs with constant query complexity, constant relative distance, constant soundness and inverse polylogarithmic rate. They also asked about the explicit constructions of these codes.
Strong LTCs with the required range of parameters were obtained recently in the works of Viderman (CCC 2013, FOCS 2013) based on the papers of Meir (SICOMP 2009) and Dinur (J.ACM 2007). However, the construction of these codes was probabilistic.
In this work we show that codes presented in the works of Dinur (J.ACM 2007) and Ben-Sasson and Sudan (SICOMP 2005) provide the explicit construction of strong LTCs with the above range of parameters. Previously, such codes were proven to be weak LTCs. Using the results of Viderman (CCC 2013, FOCS 2013) we prove that such codes are, in fact, strong LTCs
High rate locally-correctable and locally-testable codes with sub-polynomial query complexity
In this work, we construct the first locally-correctable codes (LCCs), and
locally-testable codes (LTCs) with constant rate, constant relative distance,
and sub-polynomial query complexity. Specifically, we show that there exist
binary LCCs and LTCs with block length , constant rate (which can even be
taken arbitrarily close to 1), constant relative distance, and query complexity
. Previously such codes were known to exist
only with query complexity (for constant ), and
there were several, quite different, constructions known.
Our codes are based on a general distance-amplification method of Alon and
Luby~\cite{AL96_codes}. We show that this method interacts well with local
correctors and testers, and obtain our main results by applying it to suitably
constructed LCCs and LTCs in the non-standard regime of \emph{sub-constant
relative distance}.
Along the way, we also construct LCCs and LTCs over large alphabets, with the
same query complexity , which additionally have
the property of approaching the Singleton bound: they have almost the
best-possible relationship between their rate and distance. This has the
surprising consequence that asking for a large alphabet error-correcting code
to further be an LCC or LTC with query
complexity does not require any sacrifice in terms of rate and distance! Such a
result was previously not known for any query complexity.
Our results on LCCs also immediately give locally-decodable codes (LDCs) with
the same parameters
Fast Reed-Solomon Interactive Oracle Proofs of Proximity
The family of Reed-Solomon (RS) codes plays a prominent role in the construction of quasilinear probabilistically checkable proofs (PCPs) and interactive oracle proofs (IOPs) with perfect zero knowledge and polylogarithmic verifiers. The large concrete computational complexity required to prove membership in RS codes is one of the biggest obstacles to deploying such PCP/IOP systems in practice.
To advance on this problem we present a new interactive oracle proof of proximity (IOPP) for RS codes; we call it the Fast RS IOPP (FRI) because (i) it resembles the ubiquitous Fast Fourier Transform (FFT) and (ii) the arithmetic complexity of its prover is strictly linear and that of the verifier is strictly logarithmic (in comparison, FFT arithmetic complexity is quasi-linear but not strictly linear). Prior RS IOPPs and PCPs of proximity (PCPPs) required super-linear proving time even for polynomially large query complexity.
For codes of block-length N, the arithmetic complexity of the (interactive) FRI prover is less than 6 * N, while the (interactive) FRI verifier has arithmetic complexity <= 21 * log N, query complexity 2 * log N and constant soundness - words that are delta-far from the code are rejected with probability min{delta * (1-o(1)),delta_0} where delta_0 is a positive constant that depends mainly on the code rate. The particular combination of query complexity and soundness obtained by FRI is better than that of the quasilinear PCPP of [Ben-Sasson and Sudan, SICOMP 2008], even with the tighter soundness analysis of [Ben-Sasson et al., STOC 2013; ECCC 2016]; consequently, FRI is likely to facilitate better concretely efficient zero knowledge proof and argument systems.
Previous concretely efficient PCPPs and IOPPs suffered a constant multiplicative factor loss in soundness with each round of "proof composition" and thus used at most O(log log N) rounds. We show that when delta is smaller than the unique decoding radius of the code, FRI suffers only a negligible additive loss in soundness. This observation allows us to increase the number of "proof composition" rounds to Theta(log N) and thereby reduce prover and verifier running time for fixed soundness
AuroraLight: Improved prover efficiency and SRS size in a Sonic-like system
Using ideas from the recent Aurora zk-STARK of Ben-Sasson et al. [BCRSVW, Eurocrypt 2019], we present a zk-SNARK with a universal and updatable SRS similar to the recent construction of Maller et al. [MBKM, 2019], called .
Compared to , our construction achieves significantly better prover run time (less than half) and smaller SRS size (one sixth). However, we only achieve amortized succinct verification time for batches of proofs, either when the proofs are generated in parallel or in [MBKM]\u27s helper setting, and our proofs are longer than those of [MBKM] (but still contain a number of field and group elements)
Hard Properties with (Very) Short PCPPs and Their Applications
We show that there exist properties that are maximally hard for testing, while still admitting PCPPs with a proof size very close to linear. Specifically, for every fixed ?, we construct a property P^(?)? {0,1}^n satisfying the following: Any testing algorithm for P^(?) requires ?(n) many queries, and yet P^(?) has a constant query PCPP whose proof size is O(n?log^(?)n), where log^(?) denotes the ? times iterated log function (e.g., log^(2)n = log log n). The best previously known upper bound on the PCPP proof size for a maximally hard to test property was O(n?polylog(n)).
As an immediate application, we obtain stronger separations between the standard testing model and both the tolerant testing model and the erasure-resilient testing model: for every fixed ?, we construct a property that has a constant-query tester, but requires ?(n/log^(?)(n)) queries for every tolerant or erasure-resilient tester
Quantum Locally Testable Codes
We initiate the study of quantum Locally Testable Codes (qLTCs). We provide a
definition together with a simplification, denoted sLTCs, for the special case
of stabilizer codes, together with some basic results using those definitions.
The most crucial parameter of such codes is their soundness, ,
namely, the probability that a randomly chosen constraint is violated as a
function of the distance of a word from the code (, the relative
distance from the code, is called the proximity). We then proceed to study
limitations on qLTCs. In our first main result we prove a surprising,
inherently quantum, property of sLTCs: for small values of proximity, the
better the small-set expansion of the interaction graph of the constraints, the
less sound the qLTC becomes. This phenomenon, which can be attributed to
monogamy of entanglement, stands in sharp contrast to the classical setting.
The complementary, more intuitive, result also holds: an upper bound on the
soundness when the code is defined on poor small-set expanders (a bound which
turns out to be far more difficult to show in the quantum case). Together we
arrive at a quantum upper-bound on the soundness of stabilizer qLTCs set on any
graph, which does not hold in the classical case. Many open questions are
raised regarding what possible parameters are achievable for qLTCs. In the
appendix we also define a quantum analogue of PCPs of proximity (PCPPs) and
point out that the result of Ben-Sasson et. al. by which PCPPs imply LTCs with
related parameters, carries over to the sLTCs. This creates a first link
between qLTCs and quantum PCPs.Comment: Some of the results presented here appeared in an initial form in our
quant-ph submission arXiv:1301.3407. This is a much extended and improved
version. 30 pages, no figure
- …