-
List-Recovery of Random Linear Codes over Small Fields
Authors:
Dean Doron,
Jonathan Mosheiff,
Nicolas Resch,
João Ribeiro
Abstract:
We study list-recoverability of random linear codes over small fields, both from errors and from erasures. We consider codes of rate $ε$-close to capacity, and aim to bound the dependence of the output list size $L$ on $ε$, the input list size $\ell$, and the alphabet size $q$. Prior to our work, the best upper bound was $L = q^{O(\ell/ε)}$ (Zyablov and Pinsker, Prob. Per. Inf. 1981).
Previous w…
▽ More
We study list-recoverability of random linear codes over small fields, both from errors and from erasures. We consider codes of rate $ε$-close to capacity, and aim to bound the dependence of the output list size $L$ on $ε$, the input list size $\ell$, and the alphabet size $q$. Prior to our work, the best upper bound was $L = q^{O(\ell/ε)}$ (Zyablov and Pinsker, Prob. Per. Inf. 1981).
Previous work has identified cases in which linear codes provably perform worse than non-linear codes with respect to list-recovery. While there exist non-linear codes that achieve $L=O(\ell/ε)$, we know that $L \ge \ell^{Ω(1/ε)}$ is necessary for list recovery from erasures over fields of small characteristic, and for list recovery from errors over large alphabets. We show that in other relevant regimes there is no significant price to pay for linearity, in the sense that we get the correct dependence on the gap-to-capacity $ε$ and go beyond the Zyablov-Pinsker bound for the first time. Specifically, when $q$ is constant and $ε$ approaches zero:
- For list-recovery from erasures over prime fields, we show that $L \leq C_1/ε$. By prior work, such a result cannot be obtained for low-characteristic fields.
- For list-recovery from errors over arbitrary fields, we prove that $L \leq C_2/ε$.
Above, $C_1$ and $C_2$ depend on the decoding radius, input list size, and field size. We provide concrete bounds on the constants above, and the upper bounds on $L$ improve upon the Zyablov-Pinsker bound whenever $q\leq 2^{(1/ε)^c}$ for some small universal constant $c>0$.
△ Less
Submitted 9 May, 2025;
originally announced May 2025.
-
Nearly-Linear Time Seeded Extractors with Short Seeds
Authors:
Dean Doron,
João Ribeiro
Abstract:
(abstract shortened due to space constraints)
Existing constructions of seeded extractors with short seed length and large output length run in time $Ω(n \log(1/\varepsilon))$ and often slower, where $n$ is the input source length and $\varepsilon$ is the error of the extractor. Since cryptographic applications of extractors require $\varepsilon$ to be small, the resulting runtime makes these ex…
▽ More
(abstract shortened due to space constraints)
Existing constructions of seeded extractors with short seed length and large output length run in time $Ω(n \log(1/\varepsilon))$ and often slower, where $n$ is the input source length and $\varepsilon$ is the error of the extractor. Since cryptographic applications of extractors require $\varepsilon$ to be small, the resulting runtime makes these extractors unusable in practice.
Motivated by this, we explore constructions of strong seeded extractors with short seeds computable in nearly-linear time $O(n \log^c n)$, for any error $\varepsilon$. We show that an appropriate combination of modern condensers and classical approaches for constructing seeded extractors for high min-entropy sources yields strong extractors for $n$-bit sources with any min-entropy $k$ and any target error $\varepsilon$ with seed length $d=O(\log(n/\varepsilon))$ and output length $m=(1-η)k$ for an arbitrarily small constant $η>0$, running in nearly-linear time, after a reasonable one-time preprocessing step (finding a primitive element of $\mathbb{F}_q$ with $q=poly(n/\varepsilon)$ a power of $2$) that is only required when $k<2^{C\log^* n}\cdot\log^2(n/\varepsilon)$, for a constant $C>0$ and $\log^*$ the iterated logarithm, and which can be implemented in time $polylog(n/\varepsilon)$ under mild conditions on $q$. As a second contribution, we give an instantiation of Trevisan's extractor that can be evaluated in truly linear time in the RAM model, as long as the number of output bits is at most $\frac{n}{\log(1/\varepsilon)polylog(n)}$. Previous fast implementations of Trevisan's extractor ran in $\widetilde{O}(n)$ time in this setting. In particular, these extractors directly yield privacy amplification protocols with the same time complexity and output length, and communication complexity equal to their seed length.
△ Less
Submitted 11 November, 2024;
originally announced November 2024.
-
When Do Low-Rate Concatenated Codes Approach The Gilbert-Varshamov Bound?
Authors:
Dean Doron,
Jonathan Mosheiff,
Mary Wootters
Abstract:
The Gilbert--Varshamov (GV) bound is a classical existential result in coding theory. It implies that a random linear binary code of rate $ε^2$ has relative distance at least $\frac{1}{2} - O(ε)$ with high probability. However, it is a major challenge to construct explicit codes with similar parameters.
One hope to derandomize the Gilbert--Varshamov construction is with code concatenation: We be…
▽ More
The Gilbert--Varshamov (GV) bound is a classical existential result in coding theory. It implies that a random linear binary code of rate $ε^2$ has relative distance at least $\frac{1}{2} - O(ε)$ with high probability. However, it is a major challenge to construct explicit codes with similar parameters.
One hope to derandomize the Gilbert--Varshamov construction is with code concatenation: We begin with a (hopefully explicit) outer code ${C}_\mathrm{out}$ over a large alphabet, and concatenate that with a small binary random linear code ${C}_\mathrm{in}$. It is known that when we use independent small codes for each coordinate, then the result lies on the GV bound with high probability, but this still uses a lot of randomness. In this paper, we consider the question of whether code concatenation with a single random linear inner code ${C}_\mathrm{in}$ can lie on the GV bound; and if so what conditions on ${C}_\mathrm{out}$ are sufficient for this.
We show that first, there do exist linear outer codes ${C}_\mathrm{out}$ that are "good" for concatenation in this sense (in fact, most linear codes codes are good). We also provide two sufficient conditions for ${C}_\mathrm{out}$, so that if ${C}_\mathrm{out}$ satisfies these, ${C}_\mathrm{out}\circ {C}_\mathrm{in}$ will likely lie on the GV bound. We hope that these conditions may inspire future work towards constructing explicit codes ${C}_\mathrm{out}$.
△ Less
Submitted 10 July, 2024; v1 submitted 14 May, 2024;
originally announced May 2024.
-
Random Reed-Solomon Codes are List Recoverable with Optimal List Size
Authors:
Dean Doron,
S. Venkitesh
Abstract:
We prove that Reed-Solomon (RS) codes with random evaluation points are list recoverable up to capacity with optimal output list size, for any input list size.
Namely, given an input list size $\ell$, a designated rate $R$, and any $\varepsilon > 0$, we show that a random RS code is list recoverable from $1-R-\varepsilon$ fraction of errors with output list size $L = O(\ell/\varepsilon)$, for fi…
▽ More
We prove that Reed-Solomon (RS) codes with random evaluation points are list recoverable up to capacity with optimal output list size, for any input list size.
Namely, given an input list size $\ell$, a designated rate $R$, and any $\varepsilon > 0$, we show that a random RS code is list recoverable from $1-R-\varepsilon$ fraction of errors with output list size $L = O(\ell/\varepsilon)$, for field size $q=\exp(\ell,1/\varepsilon) \cdot n^2$. In particular, this shows that random RS codes are list recoverable beyond the "list recovery Johnson bound". Such a result was not even known for arbitrary random linear codes. Our technique follows and extends the recent line of work on list decoding of random RS codes, specifically the works of Brakensiek, Gopi, and Makam (STOC 2023), and of Guo and Zhang (FOCS 2023).
△ Less
Submitted 3 April, 2024; v1 submitted 29 March, 2024;
originally announced April 2024.
-
Spectral Sparsification via Bounded-Independence Sampling
Authors:
Dean Doron,
Jack Murtagh,
Salil Vadhan,
David Zuckerman
Abstract:
We give a deterministic, nearly logarithmic-space algorithm for mild spectral sparsification of undirected graphs. Given a weighted, undirected graph $G$ on $n$ vertices described by a binary string of length $N$, an integer $k\leq \log n$, and an error parameter $ε> 0$, our algorithm runs in space $\tilde{O}(k\log (N\cdot w_{\mathrm{max}}/w_{\mathrm{min}}))$ where $w_{\mathrm{max}}$ and…
▽ More
We give a deterministic, nearly logarithmic-space algorithm for mild spectral sparsification of undirected graphs. Given a weighted, undirected graph $G$ on $n$ vertices described by a binary string of length $N$, an integer $k\leq \log n$, and an error parameter $ε> 0$, our algorithm runs in space $\tilde{O}(k\log (N\cdot w_{\mathrm{max}}/w_{\mathrm{min}}))$ where $w_{\mathrm{max}}$ and $w_{\mathrm{min}}$ are the maximum and minimum edge weights in $G$, and produces a weighted graph $H$ with $\tilde{O}(n^{1+2/k}/ε^2)$ edges that spectrally approximates $G$, in the sense of Spielmen and Teng [ST04], up to an error of $ε$.
Our algorithm is based on a new bounded-independence analysis of Spielman and Srivastava's effective resistance based edge sampling algorithm [SS08] and uses results from recent work on space-bounded Laplacian solvers [MRSV17]. In particular, we demonstrate an inherent tradeoff (via upper and lower bounds) between the amount of (bounded) independence used in the edge sampling algorithm, denoted by $k$ above, and the resulting sparsity that can be achieved.
△ Less
Submitted 20 April, 2020; v1 submitted 25 February, 2020;
originally announced February 2020.
