## Some Applications of Coding Theory in Computational Complexity (2004)

### Cached

### Download Links

- [www.cs.berkeley.edu]
- [www.cs.berkeley.edu]
- [www.cs.columbia.edu]
- [theory.stanford.edu]
- DBLP

### Other Repositories/Bibliography

Citations: | 50 - 2 self |

### BibTeX

@MISC{Trevisan04someapplications,

author = {Luca Trevisan},

title = {Some Applications of Coding Theory in Computational Complexity},

year = {2004}

}

### Years of Citing Articles

### OpenURL

### Abstract

Error-correcting codes and related combinatorial constructs play an important role in several recent (and old) results in computational complexity theory. In this paper we survey results on locally-testable and locally-decodable error-correcting codes, and their applications to complexity theory and to cryptography.

### Citations

6861 |
The mathematical theory of communication
- Shannon, Weaver
- 1949
(Show Context)
Citation Context ...x. We would like to design efficient procedures C and D such that the above holds under general assumptions about the channel and with n not much larger than k. This setting was introduced by Shannon =-=[Sha48]-=- in his monumental work that defined information theory. 2.2 Error-Correcting Codes The Hamming Distance dH(a,b) between two strings a,b ∈ Σ n is the number of entries i such that ai �= bi. An [n,k,d]... |

1897 | How to share a secret
- Shamir
- 1979
(Show Context)
Citation Context ...ons [Eli58, Tay68] in variants of this model and general functions [Pap85] in the general model. Another early application of error-correcting codes to cryptography was Shamir’s secret sharing scheme =-=[Sha79]-=-, which can be seen as an application of Reed-Solomon codes. 2 A different use of coding theory for secret sharing is in [BOGW88] and in subsequent work on the “informationtheoretic” model of security... |

1226 |
Probabilistic encryption
- Goldwasser, Micali
- 1984
(Show Context)
Citation Context ...using part 4) all the strings x such that C B (x) is large in that coefficient. 4.8 Notes and References Hard-core predicates appear in the work of Blum and Micali [BM84] and of Goldwasser and Micali =-=[GM84]-=-, and they were defined in a more general setting by Yao [Yao82], who showed that every one-way permutation can be modified to have a hard-core predicate. Levin [Lev87] gives a different proof that us... |

1076 | The knowledge complexity of interactive proof-systems
- Goldwasser, Micali, et al.
- 1985
(Show Context)
Citation Context ...work, that is difficult to summarize. In telling this story, one typically starts from the introduction of the model of “interactive proof systems” due independently to Goldwasser, Micali and Rackoff =-=[GMR89]-=- and to Babai [Bab85]. In this model, a probabilistic verifier interacts with a prover, as opposed to receiving a fixed proof and checking its validity. The work of Goldwasser, Micali and Rackoff [GMR... |

722 | Proof verification and the hardness of approximation problems - Arora, Lund, et al. - 1998 |

713 |
Completeness Theorems for Non-Cryptographic Fault-Tolerant Distributed Computation (extended abstract
- Ben-Or, Goldwasser, et al.
- 1988
(Show Context)
Citation Context ...ror-correcting codes to cryptography was Shamir’s secret sharing scheme [Sha79], which can be seen as an application of Reed-Solomon codes. 2 A different use of coding theory for secret sharing is in =-=[BOGW88]-=- and in subsequent work on the “informationtheoretic” model of security for multi-party computations. Finally, we mention that McEliece’s cryptosystem [McE78] is based on the conjectured intractabilit... |

619 |
How to generate cryptographically strong sequences of pseudo-random bits
- Blum, Micali
- 1984
(Show Context)
Citation Context ...ach of these coefficients, we find (using part 4) all the strings x such that C B (x) is large in that coefficient. 4.8 Notes and References Hard-core predicates appear in the work of Blum and Micali =-=[BM84]-=- and of Goldwasser and Micali [GM84], and they were defined in a more general setting by Yao [Yao82], who showed that every one-way permutation can be modified to have a hard-core predicate. Levin [Le... |

579 |
Optimization, approximation, and complexity classes
- Papadimitriou, Yannakakis
- 1991
(Show Context)
Citation Context ... of a (O(log n),O(1))restricted verifier can be encoded as instances of the Max 3SAT problem. Then, using the web of reductions between optimization problems initiated by Papadimitriou and Yannakakis =-=[PY91]-=-, this also implies that the strength of (O(log n),O(1))-restricted verifiers implies the hardness of approximating several important problems including the Traveling Salesman Problem and the Steiner ... |

527 |
Theory and applications of trapdoor functions
- Yao
- 1982
(Show Context)
Citation Context ...hat coefficient. 4.8 Notes and References Hard-core predicates appear in the work of Blum and Micali [BM84] and of Goldwasser and Micali [GM84], and they were defined in a more general setting by Yao =-=[Yao82]-=-, who showed that every one-way permutation can be modified to have a hard-core predicate. Levin [Lev87] gives a different proof that uses error-correcting codes. Goldreich and Levin [GL89] give a mor... |

446 | Private information retrieval
- Chor, Goldreich, et al.
- 1995
(Show Context)
Citation Context ...ts for codes with sub-linear time decoding algorithms and note that, besides their relation to hard-core predicates and average-case complexity, they are also related to private information retrieval =-=[CGKS98]-=-, a type of cryptographic protocol discussed in Section 3.2. 1.4 Program Testing and Locally Testable Codes Apart from Levin’s work [Lev87], which motivated [GL89], most of the line of work described ... |

416 |
Error-detecting and error-correcting codes
- Hamming
- 1950
(Show Context)
Citation Context ...be d ≥ 2e + 1. Conversely, if d ≥ 2e + 1 then there is a (possibly not efficiently computable) decoding procedure that is able to correct up to e errors. Error-correcting codes, introduced by Hamming =-=[Ham50]-=-, solve the coding problem in models where there is a upper bound to the number of errors introduced by the channel. Error-correcting codes can also be used in settings where we have a probabilistic m... |

407 | Fast probabilistic algorithms for verification of polynomial identities
- Schwartz
- 1980
(Show Context)
Citation Context ...n = |S| m different points. Note that if m = 1 we are back to the case of Reed-Solomon codes. Regarding minimum distance, we have the following result, that is called the Schwartz-Zippel Lemma (after =-=[Sch80]-=- and [Zip79]) in the computer science literature. Lemma 4 If p is a non-zero degree-t polynomial over a field F and S ⊆ F, then t Prx∼Sm[p(x) = 0] ≤ |S| 10 BCH codes are a class of algebraic error-cor... |

406 | Nondeterministic exponential time has two-prover interactive protocols
- Babai, Fortnow, et al.
- 1991
(Show Context)
Citation Context ...gth of the proof itself). Initially, it was conjectured that MIP was only a small extension of NP, and that coNP �⊆ MIP. Shortly after Shamir’s proof that IP = PSPACE [Sha92], Babai, Fortnow and Lund =-=[BFL91]-=- showed that MIP = NEXP. This is a truly impressive result: it says that for every language that 37sadmits exponentially long proofs, such proofs can be encoded in such a way that a polynomialtime ran... |

392 |
Polynomial codes over certain finite fields
- Reed, Solomon
- 1960
(Show Context)
Citation Context ...s based on the following well-known fact about (univariate) polynomials: a polynomial of degree t is either identically zero or it has ≤ t roots. Encoding and Minimum Distance. In a Reed-Solomon code =-=[RS60]-=- we think of every message as representing a low-degree polynomial, and the encoding of the message is the n values that we get by evaluating of the polynomial at n fixed points. A more formal descrip... |

383 |
Probabilistic Logics and the Synthesis of Reliable Organisms From Unreliable Components”, Automata Studies
- Neumann
- 1956
(Show Context)
Citation Context ... probability of computing the function correctly. (In this model one typically assume that the failures of different gates are mutually independent events.) This problem was introduced by von Neumann =-=[vN56]-=-, who suggested that error-correcting codes could be applied to it. Low-density parity-check codes were applied to compute linear functions [Eli58, Tay68] in variants of this model and general functio... |

381 | A hard-core predicate for all one-way functions
- Goldreich, Levin
- 1989
(Show Context)
Citation Context ...ally discussed in terms of self-correction, a notion introduced by Blum, Kannan, Lipton and Rubinfeld [BK89, Lip90, BLR93] in the setting of program testing. Around the same time, Goldreich and Levin =-=[GL89]-=- introduced an efficient and general way of constructing hard-core predicates for one-way functions (the cryptographic problem mentioned above and extensively discussed in Section 4). The Goldreich-Le... |

366 | Probabilistic checking of proofs: a new characterization of NP
- Arora, Safra
- 1998
(Show Context)
Citation Context ...r of such a model and the hardness of approximating the Max Clique problem. 19 The result of Feige et al. [FGL + 91] can be written as NP ⊆ PCP[O(log n log log n),O(log n log log n)]. Arora and Safra =-=[AS98]-=- introduced several new ideas to improve on [FGL + 91], and proved that NP = PCP[O(log n),O( √ log n)]. The main contribution of Arora and Safra is the idea of “composing” proof systems together. The ... |

349 | Self-testing/correcting with applications to numerical problems
- Blum, Luby, et al.
- 1993
(Show Context)
Citation Context ...cting is strongly related to sub-linear time decoding of error-correcting codes, so self-testing is related to sub-linear time error-detection. The self-testing algorithms by Blum, Luby and Rubinfeld =-=[BLR93]-=- for linear functions and by Gemmel et al. [GLR + 91, RS96] for polynomial functions can indeed be see as sub-linear time error-detection algorithms for certain error-correcting codes. Such testing al... |

332 | Robust characterization of polynomials with applications to program testing
- Rubinfeld, Sudan
- 1996
(Show Context)
Citation Context ...h that • For every message x, Pr[A C(x) accepts] = 1 • For every string y that has distance at least δn from all codewords of C, Pr[A y accepts] ≤ p. This notion was introduced by Rubinfeld and Sudan =-=[RS96]-=- and by Friedl and Sudan [FS95], and it also appears (under the name of “probabilistically checkable” codes) in Arora’s PhD thesis [Aro94] and (under the name “checkable” codes) in Spielman’s PhD thes... |

315 | Designing programs that check their work
- Blum, Kannan
- 1995
(Show Context)
Citation Context ...ally Testable Codes Apart from Levin’s work [Lev87], which motivated [GL89], most of the line of work described in the previous section can be traced to the work on program testing by Blum and Kannan =-=[BK89]-=- and Lipton [Lip90]. Suppose that we are interested in computing a function f, and that we are given an algorithm A that may or may not be correct: is it possible to test the correctness of A “on the ... |

314 | Arthur-Merlin games: a randomized proof system, and a hierarchy of complexity classes - Babai, Moran - 1988 |

303 | Trading group theory for randomness
- Babai
- 1985
(Show Context)
Citation Context ...lt to summarize. In telling this story, one typically starts from the introduction of the model of “interactive proof systems” due independently to Goldwasser, Micali and Rackoff [GMR89] and to Babai =-=[Bab85]-=-. In this model, a probabilistic verifier interacts with a prover, as opposed to receiving a fixed proof and checking its validity. The work of Goldwasser, Micali and Rackoff [GMR89] also introduces t... |

288 | Expander codes - Sipser, Spielman - 1710 |

287 | A sub-constant error-probability low-degree test, and a sub-constant errorprobability PCP characterization of NP - Raz, Safra - 1997 |

283 | Hardness vs Randomness
- Nisan, Wigderson
- 1994
(Show Context)
Citation Context ...P, while one is typically interested in the average-case complexity of problems within NP. A strong motivation to the study of average-case complexity in EXP came from a result by Nisan and Wigderson =-=[NW94]-=-. Before stating the result, let us introduce the following notion: a decision problem on inputs of length n is (S(n),δ(n))-average case hard if every circuit C of size ≤ S(n) fails to solve the probl... |

261 |
Introduction to Coding Theory
- Lint
- 1999
(Show Context)
Citation Context ...esults [BSGH + 04, DR04] providing a more clarifying perspective on the relationship between these codes and PCP constructions. 1.5 Further Reading Regarding coding theory in general, van Lint’s book =-=[vL99]-=- is an excellent reference. Madhu Sudan’s notes [Sud, Sud01] are excellent introductions to algorithmic coding theory, and they are the main source that we used for our brief presentation of results i... |

259 | Improved decoding of ReedSolomon and algebraic-geometric codes
- Guruswami, Sudan
- 1998
(Show Context)
Citation Context ...e that t > k if we would like to efficiently list-decode. The first polynomial time algorithm for this problem, for t > √ 2nk is due to Sudan [Sud97]. The error bound was then improved to t > √ nk in =-=[GS99]-=-, which is tight. 13 We give a proof of the following theorem in the Appendix. Theorem 7 ([Sud97]) Given a list of n points (x1,y1),... ,(xn,yn) in F 2 q, we can efficiently find a list of all polynom... |

256 | Checking computations in polylogarithmic time
- Babai, Fortnow, et al.
- 1991
(Show Context)
Citation Context ...neralizations and improvements) for other hard-core predicate constructions that previously seemed to require ad-hoc algebraic analyses and to be independent of coding theory. A paper by Babai et al. =-=[BFLS91]-=- is probably the first one to explicitely discuss sub-linear time decoding algorithms for error-correcting codes, and their possible relevance in the classical setting of coding theory, that is, error... |

244 |
Probabilistic algorithms for sparse polynomials
- Zippel
- 1979
(Show Context)
Citation Context ...fferent points. Note that if m = 1 we are back to the case of Reed-Solomon codes. Regarding minimum distance, we have the following result, that is called the Schwartz-Zippel Lemma (after [Sch80] and =-=[Zip79]-=-) in the computer science literature. Lemma 4 If p is a non-zero degree-t polynomial over a field F and S ⊆ F, then t Prx∼Sm[p(x) = 0] ≤ |S| 10 BCH codes are a class of algebraic error-correcting code... |

220 | Decoding of Reed-Solomon codes beyond the error-correction bound
- Sudan
- 1997
(Show Context)
Citation Context ...nts and interpolate). Therefore, we will definitely require that t > k if we would like to efficiently list-decode. The first polynomial time algorithm for this problem, for t > √ 2nk is due to Sudan =-=[Sud97]-=-. The error bound was then improved to t > √ nk in [GS99], which is tight. 13 We give a proof of the following theorem in the Appendix. Theorem 7 ([Sud97]) Given a list of n points (x1,y1),... ,(xn,yn... |

216 |
A public-key cryptosystem based on algebraic coding theory
- McEliece
- 1978
(Show Context)
Citation Context ...f coding theory for secret sharing is in [BOGW88] and in subsequent work on the “informationtheoretic” model of security for multi-party computations. Finally, we mention that McEliece’s cryptosystem =-=[McE78]-=- is based on the conjectured intractability of certain coding-theoretic problems. The study of the complexity of coding-theoretic problem is clearly an important source of interaction between coding t... |

203 | Free bits, PCPs and non-approximability -- towards tight results
- Bellare, Goldreich, et al.
- 1996
(Show Context)
Citation Context ...1/2. then a is δ-close to a a ′ such that C(a ′ ) = 1. 18 A task covered by many survey papers, although my favorite introduction to the area is the introduction of a research paper by Bellare et al. =-=[BGS98]-=-. 35s5.3 Relations between PCPs of Proximity, PCP, and Locally Testable Codes We have already observed that PCP of Proximity is only a stronger algorithm than a PCP verifier. The randomness, query com... |

188 | Learning decision trees using the Fourier spectrum
- Kushilevitz, Mansour
- 1991
(Show Context)
Citation Context ... the fraction of inputs on which f and g disagree, we will need to bound the errors due to the omission of the small Fourier coefficients, and in the estimation of the large Fourier coefficients. See =-=[KM93]-=- for this interpretation of Goldreich-Levin, and for interesting applications to learning theory. 30s4.7 More Hard-Core Predicates Using List Decoding In this section we present the results of Akavia ... |

187 |
Concatenated Codes
- Forney
- 1966
(Show Context)
Citation Context ...catenation) Suppose we have an explicit construction of a [N,K,D,]Q code and of a [n,k,d]q, with Q = q k , then we also have an explicit construction of a [nN,kK,dD]q code. This idea is due to Forney =-=[For66]-=-. By concatenating a Reed-Solomon code of rate 1/2 and relative minimum distance 1/2 with another Reed-Solomon code with the same rate and relative minimum distance, we can get, say, a [n,n/4,n/4] O(l... |

180 | Approximating clique is almost npcomplete - Feige, Goldwasser, et al. - 1991 |

158 |
Hiding instances in multioracle queries
- Beaver, Feigenbaum
- 1990
(Show Context)
Citation Context ...low the same line of reasoning sketched above. 1.3 Program Testing, Hard-Core Bits, and Sub-linear Time Error-Correction Work done in the late 1980s and early 1990s on “hiding instances from oracles” =-=[BF90]-=-, on the self-reducibility of the permanent [Lip90], and of PSPACE-complete and EXP-complete problems [FF93], as well as work more explicitely focused on average-case complexity [BFNW93] is now seen a... |

147 | M.:Improved Low-Degree Testing and Its Applications - Arora, Sudan - 1997 |

140 |
One-way functions and pseudorandom generators
- Levin
- 1987
(Show Context)
Citation Context ...84] and of Goldwasser and Micali [GM84], and they were defined in a more general setting by Yao [Yao82], who showed that every one-way permutation can be modified to have a hard-core predicate. Levin =-=[Lev87]-=- gives a different proof that uses error-correcting codes. Goldreich and Levin [GL89] give a more efficient construction of hard-core predicates. As previously disccused, the Goldreich-Levin algorithm... |

135 | Multi-prover interactive proofs: how to remove intractability assumptions
- Ben-Or, Goldwasser, et al.
- 1988
(Show Context)
Citation Context ...fundamental result by Goldreich, Micali and Wigderson [GMW91] shows that every problem in NP has a zero-knowledge proof system, assuming that a certain cryptographic assumption is true. Ben-Or et al. =-=[BOGKW88]-=- considered a model of zeroknowledge where the verifier can interact with two (or, more generally, several) provers, who are all computationally unbounded but unable to communicate with each other onc... |

131 | On the power of multi-prover interactive protocols
- Fortnow, Rompel, et al.
- 1994
(Show Context)
Citation Context ...ge proof system in this model, without cryptographic assumption. The model of multi-prover interactive proof (without the zero-knowledge requirement) was further studied by Fortnow, Rompel and Sipser =-=[FRS88]-=-. They show that the class of languages admitting such proof systems has the following equivalent characterization: it can be seen as the class of languages that admit exponentially long proofs of mem... |

130 | On Hiding Information from an Oracle
- Abadi, Feigenbaum, et al.
- 1989
(Show Context)
Citation Context ...erfectly smooth decoder is analogous to a random-self-reduction, a notion explicitely defined in [AFK89, FKN90], and a private information retrieval system is analogous to an “instance-hiding” scheme =-=[AFK89]-=-. The perfectly smooth decoder of Hadamard Codes is due to Blum and others [BLR93] and the Reed-Muller codes is due to Beaver and Feigenbaum [BF90]. There has been a substantial amount of work devoted... |

128 | Pseudorandom generators without the XOR lemma
- Sudan, Trevisan, et al.
- 1999
(Show Context)
Citation Context ...levance of sub-linear time decoding to average-case complexity, and the generality of the approach of using a code to encode the description of a computational problem, are pointed out explicitely in =-=[STV01]-=-. Katz and this author [KT00] give the first negative results for codes with sub-linear time decoding algorithms and note that, besides their relation to hard-core predicates and average-case complexi... |

116 | Exponential lower bound for 2-query locally decodable codes via a quantum argument
- Kerenidis, Wolf
(Show Context)
Citation Context ...istribution of the j-th oracle query made by A C(x) (i) is uniform over [n]. 16sSetting Construction Lower Bounds of perfectly smooth codes for all LDCs 2 queries, Boolean encoding n = 2 k n = 2 Ω(k) =-=[KdW03]-=- 2 queries, encoding using {0,1} l n = l · 2 k/l n = 2 Ω(k/2polyl ) [KdW03] 2 queries, encoding using {0,1} O(k1/3 ) n = 2 O(k 1/3 ) [CGKS98] n = Ω(k 4/3 ) [KT00] 3 queries, Boolean encoding n = 2 √ 3... |

116 |
On the efficiency of local decoding procedures for error-correcting codes
- Katz, Trevisan
- 2000
(Show Context)
Citation Context ...oding to average-case complexity, and the generality of the approach of using a code to encode the description of a computational problem, are pointed out explicitely in [STV01]. Katz and this author =-=[KT00]-=- give the first negative results for codes with sub-linear time decoding algorithms and note that, besides their relation to hard-core predicates and average-case complexity, they are also related to ... |

114 | BPP has subexponential time simulations unless EXPTIME has publishable proofs
- Babai, Fortnow, et al.
- 1993
(Show Context)
Citation Context ...s from oracles” [BF90], on the self-reducibility of the permanent [Lip90], and of PSPACE-complete and EXP-complete problems [FF93], as well as work more explicitely focused on average-case complexity =-=[BFNW93]-=- is now seen as based on sub-linear time decoding algorithms for certain polynomial-based error-correcting codes, although this is a view that has become common only since the late 1990s. Such results... |

109 |
Error-correction for algebraic block codes
- Welch, Berlekamp
- 1986
(Show Context)
Citation Context ... be seen as a special case of the problem of decoding BCH codes. 10 A simple and efficient polynomial time algorithm for the decoding problem for Reed-Solomon codes was devised by Berlekamp and Welch =-=[WB86]-=-. We describe the Berlekamp-Welch algorithm in the Appendix. 2.4.3 Reed-Muller Codes Reed-Muller codes [Ree54] generalize Reed-Solomon codes by considering multivariate polynomials instead of univaria... |

106 |
Games against nature
- Papadimitriou
- 1985
(Show Context)
Citation Context ...ho suggested that error-correcting codes could be applied to it. Low-density parity-check codes were applied to compute linear functions [Eli58, Tay68] in variants of this model and general functions =-=[Pap85]-=- in the general model. Another early application of error-correcting codes to cryptography was Shamir’s secret sharing scheme [Sha79], which can be seen as an application of Reed-Solomon codes. 2 A di... |

98 | List decoding for noisy channels
- Elias
- 1957
(Show Context)
Citation Context ...1/2 −1/2q −ǫ/2) ·n errors. This is, again, essentially the best possible fraction of errors for which unique decoding is possible 2.5 List Decoding The notion of list decoding, first studied by Elias =-=[Eli57]-=-, allows us to break the barrier of n/4 errors for binary codes and n/2 errors for general code. If C : Σ k → Σ n is a code, a list-decoding algorithm for radius r is an algorithm that given a string ... |

92 | Learning polynomials with queries: the highly noisy case
- Goldreich, Rubinfeld, et al.
- 2000
(Show Context)
Citation Context ...s for one-way permutations in Section 4. 4sbe constructed using different codes and different decoding algorithms. 4 Improvements to [GL89] via the solution of other decoding problems are reported in =-=[GRS00]-=-, with an explicit discussion of sub-linear time decoding. Recent work by Akavia, Goldwasser and Safra [AGS03] gives a codingtheoretic interpretation (along with generalizations and improvements) for ... |

87 | Upper bound on the communication complexity of private information retrieval - Ambainis - 1997 |