prg for low degree polynomials from ag-codes gil cohen joint work with amnon ta-shma
Post on 28-Mar-2015
218 Views
Preview:
TRANSCRIPT
PRG for Low Degree Polynomials from AG-Codes
Gil Cohen
Joint work with Amnon Ta-Shma
Talk Outline
* PRGs.
* PRGs for low degree polynomials.
* Constructing a PRG for degree d=1 via linear codes.* Where does the idea break for d>1 ?
* Algebraic Geometry codes to the rescue !
* Very high level idea of what AG codes are.
* Proof idea.
Talk Outline
* PRGs.
* PRGs for low degree polynomials.
* Constructing a PRG for degree d=1 via linear codes.* Where does the idea break for d>1 ?
* Algebraic Geometry codes to the rescue !
* Very high level idea of what AG codes are.
* Proof idea.
Pseudorandom Generators
For (an interesting) class of functions C, find a distribution D such that
1) D fools C - f C, f(D) ~ f(U).
2) D can be sampled efficiently.
3) D can be sampled using few random bits.
(1) + (3): C inefficiently sampleable D, that can be sampled using O(log log |C|) random bits.
(1) + (2): D = U.
Pseudorandom Generators
Interesting classes to fool:
P/poly
ROBP
Linear functions
P = BPP
L = BPL
Low degree polynomials
?
Many applications !Mainly due to Fourier analysis
Talk Outline
* PRGs.
* PRGs for low degree polynomials.
* Constructing a PRG for degree d=1 via linear codes.* Where does the idea break for d>1 ?
* Algebraic Geometry codes to the rescue !
* Very high level idea of what AG codes are.
* Proof idea.
Fooling Low Degree Polynomials
Trivial: random field elements.
Probabilistic construction (optimal) : random field elements.
Constant size fields: [LubyVelickovicWigderson93, Bogdanov- Viola07, GreenTao07, KaufmanLovett08,
Lovett08, Viola09].
random field elements.
Field size depends on n,d: [KlivansSpielman01,
Bogdanov05, Lu12, CT13, GX13].
random field elements. |πΉ|β₯π6
PRG from AG Codes
Main Result. There exists a PRG for degree d polynomials over fields of size , that uses random bits.
Running time: . We believe this could be improved to time by better understanding the computational aspect of algebraic function fields.
Talk Outline
* PRGs.
* PRGs for low degree polynomials.
* Constructing a PRG for degree d=1 via linear codes.* Where does the idea break for d>1 ?
* Algebraic Geometry codes to the rescue !
* Very high level idea of what AG codes are.
* Proof idea.
Bogdanovβs Reduction
Want PRG:
Easier HSG:
Theorem [Bogdanov05]. A PRG for degree polynomials can be efficiently constructed given a HSG for degree polynomials.
The reduction βmultipliesβ the field size by .
Linear Codes
Rate
CπΉ πβπ πΉ π
βπ
Distance
Want to maximize simultaneously.
Theorem [Singleton64].
Theorem [Plotkin60].
HSG for d=1 from Linear Codes
D: sample and output .
Given
π (π« )=πΌ1 (ππ )π+β―+πΌπ (ππ )π
Pr [ π (π« )=0 ]β€1βπΏ π
ΒΏ (πΌ1ππ+β―+πΌπππ )π
Where does the Idea Break for d>1
D: sample and output .
Given
π (π« )=πΌ1 (ππ )π+β―+πΌπ (ππ )π
Pr [ π (π« )=0 ]β€1βπΏ π
ΒΏ (πΌ1ππ+β―+πΌπππ )π
D: sample and output .
Given
π (π« )=πΌ1β (ππ )πβ3 β (ππ )π+β―
What is the meaning of multiplying codewords ?
Where does the Idea Break for d>1
Evaluation Codes
Treat message as a function and evaluate it on wisely chosen places.
Example: [ReedSolomon60].
Fix distinct and set
Given
Let
πΆ (π‘ )=(π‘ (π1 ) ,β¦,π‘ (ππ ))Linear, and achieves the Singleton Bound over large fields ().
Evaluation Codes
Reed-Solomon β univariate polynomials.
Reed-Muller β multivariate bounded degree polynomials.AG codes [Goppa81] β polynomials will only get you so farβ¦
Treat message as a function and evaluate it on wisely chosen places.
Talk Outline
* PRGs.
* PRGs for low degree polynomials.
* Constructing a PRG for degree d=1 via linear codes.* Where does the idea break for d>1 ?
* Algebraic Geometry codes to the rescue !* Very high level idea of what AG codes are.
* Proof idea.
AG Codes [Goppa81]
πΉ π (π₯ )
πΉ π (π₯ , π¦ ) π¦ 2+π¦=π₯
Theorem [Goppa81]. There is a general way of constructing a linear valuation code from any algebraic function field.
The distance and rate are determined by the genus of the function field.
AG Codes [Goppa81]
Rational functions in from an appropriate vector space (the Riemann-Roch space).
AG Codes
Reed Solomon
Functions are spanned by .
arbitrarily chosen evaluation points from .
carefully chosen evaluation points from .
Degree Valuation
deg ( π β π )=deg π +degπDistinct degrees implies linear independence.
π£ ( π β π)=π£ ( π )+π£ (π)Distinct valuations implies linear independence.
The Garcia-Stichtenoth Tower
Theorem [GarciaStichtenoth96].
Exponential improvement over the probabilistic construction [GilbertVarshamov57].Recall Plotkin bound: .
Best one can do with AG codes [DrinfeldVladut83].
Talk Outline
* PRGs.
* PRGs for low degree polynomials.
* Constructing a PRG for degree d=1 via linear codes.* Where does the idea break for d>1.
* Algebraic Geometry codes to the rescue.
* Very high level idea of what AG codes are.
* Proof idea.
HSG from AG Codes
π (π« )= π 1 (π )3 π 2 (π )4 π 3 (π )+β―
Given
ΒΏ ( π 1β3 π 2β4 π 3 ) (π )+β―
D: sample a βvalidβ place P and output .
π£ ( π 1β3 π 2β4 π 3 )=3π£1+4 π£2+π£3Each monomial induces a linear combination of the βs.We want these combinations to be pairwise distinct so to avoid cancelations.
Choosing the βs (and corresponding βs) at random will do. Now β derandomize (requires fairly standard ideas).
HSG from AG Codes
Main Result. There exists a HSG for degree d polynomials over fields of size , that uses random bits. In fact, a random sub-code, with a proper dimension, of any good AG code will do.
Running time is polynomial in the number of monomials (worst case, ).
Better understanding of the computational aspect of algebraic function field may lead to running-time logarithmic in the number of monomials.
Slightly weaker than [GX13], which require field size . On the positive
side, a straightforward, mathematically cleaner
construction.
Open Problems
* Obtain a PRG with optimal seed length. Perhaps by bypassing Bogdanovβs reduction.
* Strongly explicit constructions of Riemann-Roch spaces.* Other applications of our method.
* Applications of PRG for low degree polynomials.
* Break the log(n) barrier for constant size fields.
Thank you for your attention !
top related