1

2

OverviewOverview

Some basic mathError correcting codesLow degree polynomials Introduction to consistent readers and

consistency tests

H.W

3

FieldsFields

Definition (field): A set F with two binary operations + (addition) and · (multiplication) is called a field if

6 a,bF, a·bF7 a,b,cF, (a·b)·c=a·(b·c)8 a,bF, a·b=b·a9 1F, aF, a·1=a10 a0F, a-1F, a·a-1=1

1 a,bF, a+bF2 a,b,cF, (a+b)+c=a+

(b+c)3 a,bF, a+b=b+a4 0F, aF, a+0=a5 aF, -aF, a+(-a)=0

11 a,b,cF, a·(b+c)=a·b+a·c

+,·,0, 1,-a and a-1

are only notations!

4

Finite FieldsFinite Fields

Definition (finite field): A finite set F with two binary operations + (addition) and · (multiplication) is called a finite field if it is a field.

Example: Zp denotes {0,1,...,p-1}. We define + and · as the addition and multiplication modulo p respectively.

One can prove that (Zp,+,·) is a field iff p is prime. Throughout the presentations we’ll usually refer to Zp when we’ll mention finite fields.

5

Strings & Functions (1)Strings & Functions (1)

Let = 0 2 . . . n-1, where i.We can describe the string as a function : {0…n-1} , such that i (i) = i.

Let f be a function f : D R. Then f can be described as a string in R|D|, spelling f’s value on each point of D.

6

Strings & Functions - ExampleStrings & Functions - Example

For example, let f be a function f : Z5 Z5, and let = Z5.

f(x) = x2 = 0, 1, 4, 4, 1

7

1001110

Introduction to Error Correcting Introduction to Error Correcting CodesCodes

Motivation:

communication line

original message

1001110

received message

1101110

1

“noise”

We’d like to still be able to reconstruct the original message

8

Error Correcting CodesError Correcting Codes

Definition (encoding): An encoding E is a function E : n m, where m >> n.

Definition (-code): An encoding E is an-code if n (E(),E()) 1 - , where (x,y) (the Hamming distance), denotes the fraction of entries on which x and y differ.

Note that :mmR+ is indeed a distance function, because it satisfies:

(1) x,ym (x,y)0 and (x,y)=0 iff x=y

(2) x,ym (x,y)=(y,x)

(3) x,y,zm (x,z)(x,y)+(y,z)

9

-code: illustration-code: illustration

E1-

D R

10

Univariate PolynomialsUnivariate Polynomials

Definition (univariate polynomial): a polynomial in x over a field F is a function P:FF, which can be written as

for some series of coefficients a0,...,ar-1F.

The natural number r is called the degree-bound of the polynomial.

1

0

)(r

j

jj xaxP

Note: A polynomial whose degree-bound is r

is of degree at most r-1 !

11

Univariate InterpolationUnivariate Interpolation

Given x0,y0,...,xr-1,yr-1F there is a single univariate polynomial P and degree-bound r, which satisfies 0kr-1 P(xk)=yk

(Lagrange’s formula)

The process of finding the coefficients of a polynomial given its value in r points is called interpolation.

Let’s check the value of this polynomial in x = xt

for some 0 t r-1:

Since the degree-boundof this polynomial is r, we

in fact proved the correctness of the formula

a-b denotes a+(-b) a/b denoted a•(b-1)

1

0 )(

)(

)(r

kkj

jk

kjj

k xx

xx

yxP

1

0 )(

)(

)(r

kkj

jk

kjjt

kt xx

xx

yxP

tjjt

tjjt

ttk

kjjk

kjjt

kt xx

xx

yxx

xx

yxP)(

)(

)(

)(

)( 0 yt

1

0 )(

)(

)(r

kkj

jk

kjj

k xx

xx

yxP

If there are two such polynomials: p1 & p2, then p1-p2 is a polynomial with degree-bound r, which has r roots. This contradicts the fundamental theorem of

Algebra!

12

A Generic A Generic -code-code

Set F to be the finite field Zp for some prime p, and assume for simplicity that = F and m = p.

Given n, let E() be the string of the function f : F F that satisfies:f is the unique polynomial of degree-bound n such that f(i) = i for all 0 i n-1.

13

A Generic A Generic -code (2)-code (2)

E() can be interpolated from any n points.

Hence, for any , E() and E() may agree on at most n – 1 points.

Therefore, E is an (n – 1) / m - code.

14

A Generic A Generic -code - Example-code - Example

p = m = 5, n = 2

= 1, 2 = 3, 1

f(x) = x + 1f(x) = 3x + 3

E() = 1, 2, 3, 4, 0E() = 3, 1, 4, 2, 0

15

Strings & Functions (2)Strings & Functions (2)

We can describe any string as a function f:Hd H (H is a finite field, d is a positive integer).

Given a n we’ll achieve that by choosing H=Zq, where q is the smallest prime greater than ||, and d=logqn.

16

Multivariate PolynomialsMultivariate Polynomials

Definition (polynomial): Let F be a field and let d be some positive integer number. A function p:FdF is a polynomial if it can be written as

for some series of coefficients in the field.h is the degree-bound on each one of the

variables.The total-degree of the polynomial is max{ i0+…+id-1 : ai0…id-1 0 }.

1

0

1

010,...,10

0 1

10

10......),...,(

h

i

h

i

id

iiid

d

d

dxxaxxp

17

-Codes - Home Assignment-Codes - Home Assignment

We’ve seen that univariate polynomials over a finite field F with degree-bound r are -codes for = (r-1)/|F|.

For which multivariate polynomials (over a finite field F, with degree-bound h in each variable and dimension d) are -codes?

Next

18

CurvesCurves

Definition (curve): Let F be a field and let d be some natural number. A (univariate) curve is a function :F Fd of the form

where p1,...,pd are univariate polynomials over F.The degree-bound of is the maximum over the degree-bounds of the polynomials.

))(),...,(()( 1 xpxpx d

19

Vector SpacesVector Spaces

Definition (vector space): Let F be a field and V a set. V is a vector space over F if a binary addition + is defined over V and a scalar multiplication · is defined over V and F s.t

1 u,vV, u+vV2 u,v,wV, (u+v)+w=u+

(v+w)3 u,vV, u+v=v+u4 0V, vV, v+0=v5 vV, -vV, v+(-v)=0

6 vV, aF a·vV7 u,vV, aF a(u+v)=au+av8 vV, a,bF (a+b)v=av+bv9 vV, a,bF (ab)v=a(bv)10 vV, 1·v=v

20

Vector Spaces - ExampleVector Spaces - Example

Let F be a field and let n be a natural number. Fn = { (a1,...,an) | a1,...,anF } is a vector space

over Fwhere for any (a1,...,an),(b1,...,bn)Fn

(a1,...,an) + (b1,...,bn) = (a1+b1,...,an+bn)

and for any (a1,...,an)Fn and cF

c•(a1,...,an) = (c•a1,...,c•an)

21

SubspacesSubspaces

Definition (subspace): A subset W of a vector space V (over a field F) is called a subspace of V if W itself is a vector space over the addition and scalar multiplication operations of V.

22

Affine SubspacesAffine Subspaces

Definition (affine subspace): Let V be a vector space. UV is an affine subspace of V if there exist a subspace W of V and a vV, such that

U = { u | wW : u = w + v }

23

Linear CombinationsLinear Combinations

Definition (linear combination): Let V be a vector space over some field F. Let v1,...,vkV and let a1,...,akF. The sum a1v1+...+akvk is called a linear combination of v1,...,vk with the coefficients a1,...,ak.

Definition (linear dependent): A set of vectors {v1,...,vk} in some vector space V over a field F is linear dependent if there exist a1,...,akF and an 1ik for which ai0, s.t a1v1+...+akvk=0.

Vectors which are not linear dependent are called linear independent.

24

BasisBasis

Definition (Span): Let V be a vector space over some field F. Let KV. Span(K) denotes the subspace of all the linear combination of members of K.

Definition (Basis): Let B{0} be a subset of a vector space V. B is called a basis for V if (a) B is linear independent.(b) Span(B)=V.

25

DimensionsDimensions

Definition (dimension): The number of vectors in any basis of a vector space is called its dimension.

Similarly, the dimension of an affine subspace is the dimension of its corresponding subspace.

26

Restriction of PolynomialsRestriction of Polynomials

Definition (restriction of a polynomial to an affine subspace): Let U be an affine subspace of Fd (where F is a field and d is a positive integer). Let p:FdF be a polynomial. The restriction of p to U is p’:UF, uU p’(u)=p(u).

Definition (restriction of a polynomial to a curve): Let :FFd be a curve (where F is a field and d is a positive integer). Let p:FdF be a polynomial. The restriction of p to is p’(x)=p((x)).

27

Restriction of Restriction of Polynomials - Home Polynomials - Home AssignmentAssignment[1] Prove that the restriction of p to U is a

polynomial. What are its degree-bound and dimension?

[2] The same for .

Next

28

Low Degree Extension (LDE)Low Degree Extension (LDE)

Definition (low degree extension): Let : Hd H be a string (where H is some finite field).

Given a finite field F, which is a superset of H, we define a low degree extension of to F as a polynomial LDE : Fd F which satisfies:

LDE agrees with on Hd (extension).

The degree-bound of LDE is |H| in each variable (low degree).

29

LDE - Home AssignmentLDE - Home Assignment

Let {0,1}n. Write down an expression for LDE.

30

Reading a valueReading a value

Goal: To be able to find the value of an LDE in any point (set of points) of Fd.

LDEx LDE(x)

31

Straightforward ApproachStraightforward Approach

x LDE(x)

Represent the LDE by its coefficients.

Alas, this will require access to |H|d

variables, log|F| bits each, each time!

the coefficients of the dimension-d, degree-bound- |H| LDE

32

““Tricky” ApproachTricky” Approach

x LDE(x)

the value of the LDE in every point in Fd

Represent the LDE by its values in the points of Fd.

Now we only need access to one variable (log|F| bits) each time.

But now we encounter a new problem: we cannot be sure the values we are given are consistent, i.e. correspond to a single dimension-d, degree-bound-|H| polynomial.

33

Consistent ReadersConsistent Readers

In the upcoming lectures we’ll see how to build readers which:

access only a small number of the variables each time.

detect inconsistency with high probability.

We’ll later weaken this notion

34

vv

v

v

v

v

v

v

vv

v

v

v

v

Consistency TestsConsistency Tests

Suppose we have a set of variables which represent the LDE in some manner.A consistency test is a set of local tests.

If the values of the variables are consistent, all the local tests accept.

Otherwise a random test should reject w.h.p.

35

Corresponding GameCorresponding Game

Prover sets values to all variables in the representation.

Verifier picks randomly a single local-test and accepts or rejects according to its output.

The error-probability of a test is the fraction of local tests that may accept although the assigned values do not conform to global consistency.

36

Corresponding GameCorresponding Game

P(0,0,0)

P(0,0,1)

P(0,0,2)

P(0,0,3)

P(0,0,4)

P(0,0,5)

P(0,0,6)

P(0,1,0)

P(0,1,1)

P(0,1,2)

P(0,1,3)

P(0,1,4)

P(0,1,5)

P(0,1,6)

P(0,2,0)

P(0,2,1)

P(0,2,2)

P(0,2,3)

P(0,2,4)

P(0,2,5)

P(0,2,6)

P(0,3,0)

P(0,3,1)

P(0,3,2)

P(0,3,3)

P(0,3,4)

P(0,3,5)

P(0,3,6)

P(6,6,0)

P(6,6,1)

P(6,6,2)

P(6,6,3)

P(6,6,4)

P(6,6,5)

P(6,6,6)

P(0,0,0)

P(0,0,1)

P(0,0,2)

P(0,0,3)

P(0,0,4)

P(0,0,5)

P(0,0,6)

3P(0,1,1)

P(0,1,2)

P(0,1,3)

P(0,1,4)

P(0,1,5)

P(0,1,6)

P(0,2,0)

P(0,2,1)5P(0,2,3

)P(0,2,4)

P(0,2,5)

P(0,2,6)

P(0,3,0)

P(0,3,1)

P(0,3,2)

P(0,3,3)

P(0,3,4)

P(0,3,5)

P(0,3,6)

P(6,6,0)

P(6,6,1)

P(6,6,2)

P(6,6,3)2P(6,6,5

)P(6,6,6)