recovering data in presence of malicious errors atri rudra university at buffalo, suny
TRANSCRIPT
Recovering Data in Presence of Malicious Errors
Atri RudraUniversity at Buffalo, SUNY
2
The setupC(x)
x
y = C(x)+error
x Give up
Mapping C Error-correcting code or just code Encoding: x C(x) Decoding: y X C(x) is a codeword
3
Codes are useful!
CellphonesSatellite Broadcast Deep-space
communicationInternet
CDs/DVDs RAID ECC MemoryPaper Bar-codes
4
Redundancy vs. Error-correction Repetition code: Repeat every bit say 100
times Good error correcting properties Too much redundancy
Parity code: Add a parity bit Minimum amount of redundancy Bad error correcting properties
Two errors go completely undetected
Neither of these codes are satisfactory
1 1 1 0 0 1
1 0 0 0 0 1
5
Two main challenges in coding theory Problem with parity example
Messages mapped to codewords which do not differ in many places
Need to pick a lot of codewords that differ a lot from each other
Efficient decoding Naive algorithm: check received word with all
codewords
6
The fundamental tradeoff
Correct as many errors as possible with as little redundancy as possible
This talk: Answer is yes
Can one achieve the “optimal” tradeoff with efficient encoding and decoding ?
7
Overview of the talk Specify the setup
The model What is the optimal tradeoff ?
Previous work Construction of a “good” code High level idea of why it works Future Directions
Some recent progress
8
Error-correcting codesC(x)
x
y
x Give up
Mapping C : kn
Message length k, code length n n≥ k
Rate R = k/n 1
Efficient means polynomial in n Decoding Complexity
9
Shannon’s world
Noise is probabilistic Binary Symmetric Channel
Every bit is flipped
w/ probability p Benign noise model
For example, does not capture
bursty errorsClaude E. Shannon
10
Hamming’s world
Errors are worst case error locations arbitrary symbol changes
Limit on total number of errors Much more powerful than
Shannon Captures bursty errors
We will consider this channel
model
Richard W. Hamming
11
A “low level” view
Think of each symbol in being a packet The setup
Sender wants to send k packets After encoding sends n packets Some packets get corrupted Receiver needs to recover the original k packets
Packet size Ideally constant but can grow with n
12
Decoding
C(x) sent, y received x k, y n
How much of y must be correct to recover x ? At least k packets must be correct At most (n-k)/n = 1-R fraction of errors 1-R is the information-theoretic limit
: the fraction of errors decoder can handle Information theoretic limit implies 1-R
x C(x)
yR = k/n
13
Can we get to the limit or 1-R ? Not if we always want to uniquely recover the
original message Limit for unique decoding, (1-R)/2
(1-R)/2 (1-R)/2
1-R
c1
c2
y
R 1-R
(1-R)/2
14
List decoding [Elias57, Wozencraft58] Always insisting on unique codeword is
restrictive The “pathological” cases are rare
“Typical” received word can be decoded beyond (1-R)/2
Better Error-Recovery Model Output a list of answers List Decoding Example: Spell Checker
(1-R)/2
Almost all the space in higher dimension.
All but an exponential (in n) fraction
15
Advantages of List decoding
Typical received words have an unique closest codeword List decoding will return list size of one such
received words Still deal with worst case errors How to deal with list size
greater than one ? Declare an error; or Use some side information
Spell checker
(1-R)/2
16
The list decoding problem
Given a code and an error parameter For any received word y
Output all codewords c such that c and y disagree in at most fraction of places
Fundamental Question The best possible tradeoff between R and ?
With “small” lists Can it approach information-theoretic limit 1-R ?
17May 25, 2007 Ph.D. Final Exam 17
Other applications of list decoding Cryptography
Cryptanalysis of certain block-ciphers [Jakobsen98] Efficient traitor tracing scheme [Silverberg, Staddon, Walker 03]
Complexity Theory Hardcore predicates from one way functions [Goldreich,Levin 89;
Impagliazzo 97; Ta-Shama, Zuckerman 01] Worst-case vs. average-case hardness [Cai, Pavan, Sivakumar 99;
Goldreich, Ron, Sudan 99; Sudan, Trevisan, Vadhan 99; Impagliazzo, Jaiswal,
Kabanets 06] Other algorithmic applications
IP Traceback [Dean,Franklin,Stubblefield 01; Savage, Wetherall, Karlin,
Anderson 00] Guessing Secrets [Alon,Guruswami,Kaufman,Sudan 02; Chung, Graham,
Leighton 01]
18
Overview of the talk Specify the setup
The model The optimal tradeoff between rate and fraction of
errors Previous work Construction of a “good” code High level idea of why it works Future Directions
Some recent progress
19
Information theoretic limit
< 1 - R Information-
theoretic limit Can handle
twice as many errors
Rate (R)
Unique decoding
Inf. theoretic limit
Fra
c. o
f Err
ors
()
20
Achieving information theoretic limit There exist codes that achieve the
information theoretic limit ≥ 1-R-o(1) Random coding argument
Not a useful result Codes are not explicit No efficient list decoding algorithms
Need explicit construction of such codes We also need poly time (list) decodability
Requires list size to be polynomial
21
The challenge
Explicit construction of code(s) Efficient list decoding algorithms up to the
information theoretic limit For rate R, correct 1-R fraction of errors
Shannon’s work raised similar challenge Explicit codes achieving the information theoretic
limit for stochastic models The challenge has been met [Forney 66, Luby-
Mitzenmacher-Shokrollahi-Spielman 01, Richardson-Urbanke01] Now for stronger adversarial model
22
Guruswami-Sudan
The best until 1998
1 - R1/2
Reed-Solomon codes
Sudan 95, Guruswami-Sudan98
Better than unique decoding
At R=0.8 Unique: 10% Inf. Th. limit: 20% GS : 10.56 %
Unique decoding
Inf. theoretic limit
Fra
c. o
f Err
ors
()
Rate (R)
Motivating Question:
Close the gap between blue and
green line with explicit efficient codes
23
The best until 2005
1-(sR)s/(s+1)
s 1 Parvaresh,Vardy
s=2 in the plot
Based on Reed-Solomon codes
Improves GS for R < 1/16
Unique decoding
Inf. theoretic limit
Guruswami-Sudan
Parvaresh-Vardy
Fra
c. o
f Err
ors
()
Rate (R)
24
Our Result
1- R - > 0 Folded RS codes [Guruswami, R.
06]
Unique decoding
Inf. theoretic limit
Guruswami-Sudan
Parvaresh-Vardy
Fra
c. o
f Err
ors
()
Rate (R)
Our work
25
Overview of the talk Specify the setup
The model The optimal tradeoff between rate and fraction of
errors Previous work Our Construction High level idea of why it works Future Directions
Recent progress
26
The main result
Construction of algebraic family of codes For every rate R >0 and >0
List decoding algorithm that can correct 1 - R - fraction of errors
Based on Reed-Solomon codes
27
Algebra terminology
F will denote a finite field Think of it as integers mod some prime
Polynomials Coefficients come from F Poly of degree 3 over Z7
f(X) = X3 +4X +5 Evaluate polynomials at points in F
f(2) = (8 + 8 + 5) mod 7 = 21 mod 7 =0 Irreducible polynomials
No non-trivial polynomial factors X2+1 is irreducible over Z7 , while X2-1 is not
28
Reed-Solomon codes
Message: (m0,m1,…,mk-1) Fk
View as poly. f(X) = m0+m1X+…+mk-1Xk-1
Encoding, RS(f) = ( f(1),f(2),…,f(n) ) F ={ 1,2,…,n}
[Guruswami-Sudan] Can correct up to
1-(k/n)1/2 errors in polynomial timef(1) f(2) f(3) f(4) f(n)
29
Parvaresh Vardy codes (of order 2)
f(1) f(2) f(3) f(4) f(n)
g(1) g(2) g(3) g(4) g(n)
f(X) g(X)g(X)=f(X)q mod E(X)
Extra information from g(X) helps in decoding Rate, RPV = k/2n [PV05] PV codes can correct 1 -(k/n)2/3 errors
in polynomial time 1 - (2RPV)2/3
30
Towards our solution
Suppose g(X) = f(X)q mod E(X) = f(X) Let us look again at the PV codeword
f(1) f(1)
g(1) g(1)f(1) f(1)
31
Folded Reed Solomon Codes Suppose g(X) = f(X)q mod E(X) = f(X) Don’t send the redundant symbols Reduces the length to n/2
R = (k/2)/(n/2) = k/n Using PV result, fraction of errors
1 - (k/n)2/3 = 1 - R2/3
f(1) f(1)
f(1) f(1)
32
Getting to 1-R-
Started with PV code with s = 2 to get 1 - R2/3
Start with PV code with general s 1 - Rs/(s+1)
Pick s to be “large” enough to approach 1-R- Decoding complexity increases from that of
Parvaresh-Vardy but still polynomial
33
What we actually do We show that for any generator F\{ 0 }
g(X) = f(X)q mod E(X) = f(X) Can achieve similar compression by grouping
elements in orbits of m’~n/m, R ~ (k/m)/(n/m) = k/n
f(1) f(m) f((m’-1)m )
f(m-1) f(2m-1) f(mm’-1)
f() f(m+1) f((m’-1)m+1 )
34
Proving f(X)q mod E(X) = f(X) First use the fact f(X)q = f(Xq) over F
Need to show f(Xq) mod E(X) = f(X) Proving Xq mod E(X) = X suffices Or, E(X) divides Xq-1 - E(X) = Xq-1 – is irreducible
35
Our Result
· 1- R - > 0 Folded RS codes [Guruswami, R.
06]
Unique decoding
Inf. theoretic limit
Guruswami-Sudan
Parvaresh-Vardy
Fra
c. o
f Err
ors
()
Rate (R)
Our work
36
“Welcome” to the dark side…
37
Limitations of our work
To get to 1 - R - , need s > 1/ Alphabet size = ns > n1/
Fortunately can be reduced to 2poly(1/)
Concatenation + Expanders [Guruswami-Indyk’02] Lower bound is 21/
List size (running time) > n1/
Open question to bring this down
38
Time to wake up
39
Overview of the talk List Decoding primer Previous work on list decoding Codes over large alphabets
Construction of a “good” code High level idea of why it works
Codes over small alphabets The current best codes
Future Directions Some (very) modest recent progress
40
Optimal Tradeoff for List Decoding Best possible is H-1 (1-R)
H()= - log - (1- )log(1- ) Exists (H-1(1-R-),O(1/ )) list decodable code
Random code of rate R has the property whp > H-1(1-R+) implies super poly list size
For any code
For large q, H-1 (1-R) 1-R
q
q
q
q
41
Our Results (q=2)
Optimal tradeoff H-1(1-R)
[Guruswami, R. 06] “Zyablov”
bound [Guruswami, R.
07] Blokh-Zyablov
# E
rro
rs
Rate
Zyablov bound
Blokh-Zyablov bound
Previous best
Optimal Tradeoff
42
How do we get binary codes ? Concatenation of codes [Forney 66]
C1: (GF(2k))K (GF(2k))N (“Outer” code)
C2: GF(2)k (GF(2))n (“Inner” code)
C1± C2: (GF(2))kK (GF(2))nN
Typically k=O(log N) Brute force decoding for inner code
m1 m2
wNw1 w2
mKm
C1(m)
C2(w1) C2(w2)C2(wN) C1± C2(m)
43
List Decoding concatenated code C1 = folded RS code
C2 = “suitably chosen” binary code Natural decoding algorithm
Divide up the received word into blocks of length n
Find closest C2 codeword for each block
Run list decoding algorithm for C1 Loses Information!
44
List Decoding C2
y1 y2 yN
How do we “list decode” from lists ?
2 GF(2)n
S1 S2 SN
2 GF(2)k
45
The list recovery problem
Given a code and an error parameter For any set of lists S1,…,SN such that
|Si| s, for every i
Output all codewords c such that ci 2 Si for at least 1-fraction of i’s
List decoding is special case with s=1
46
List Decoding C1± C2
y1 y2 yN
S1 S2 SN
List decode C 2
List Recovering Algorithm for C1
47
Putting it together [Guruswami, R. 06] C1 can be list recovered from 1 and C2 can be
list decoded from 2 errors C1± C2 list decoded from 12 errors
Folded RS of rate R list recoverable from 1-R errors
Exists inner codes of rate r list decoded from H-1 (1-r) errors Can find one by “exhaustive” search
C1± C2 list decodable fr’m (1-R)H-1(1-r) errors
48
Multilevel Concatenated Codes C1: (GF(2k))K (GF(2k))N (“Outer” code 1)
C2: (GF(2k))L (GF(2k))N (“Outer” code 2)
Cin: GF(2)2k (GF(2))n (“Inner” code)
m1 m2 mK m
vNv1 v2 C1(m)
M1 M2 ML M
wNw1 w2 C2(M)
Cin(v1,w1) Cin(v2,w2) Cin(vN,wN)
C1 and C2 are FRS
49
Advantage over rate rR Concat Codes C1, C2 ,Cin
have rates R1, R2 and r Final rate r(R1+R2)/2, choose R1< R
Step 1: Just recover m List decode Cin up to H-1 (1-r) errors
List recover C1 up to 1-R1 errors m1 m2 mK m
vNv1 v2 C1(m)
M1 M2 ML M
wNw1 w2 C2(M)
Cin(v1,w1) Cin(v2,w2) Cin(vN,wN)
Can handle (1-R1)H-1(1-r) >(1-R)H-1(1-r)
errors
50
Advantage over Concatenated Codes Step 2: Just recover M, given m
Subcode of Cin of rate r/2 acts on M List decode subcode upto H-1(1-r/2) errors List recover C2 upto 1-R2 errors
Can handle (1-R2) H-1(1-r/2) errorsm1 m2 mK m
vNv1 v2 C1(m)
M1 M2 ML M
wNw1 w2 C2(M)
Cin(v1,w1) Cin(v2,w2) Cin(vN,wN)
51
Wraping it up
Total errors that can be handled min{(1-R1)H-1(1-r) , (1-R2) H-1(1-r/2) }
Better than (1-R)H-1 (1-r) (R1+R2)/2=R (recall that R1<R) H-1(1-r/2) > H-1(1-r) so choose R2 a bit > R
Optimize over choices of r, R1 and R2
Need nested list decodability of inner code Blokh Zyablov follows from multiple outer
codes
52
Our Results (q=2)
Optimal tradeoff H-1(1-R)
[Guruswami, R. 06] “Zyablov”
bound [Guruswami, R.
07] Blokh-Zyablov
# E
rro
rs
Rate
Zyablov bound
Blokh-Zyablov bound
Previous best
Optimal Tradeoff
53
How far can concatenated codes go? Outer code: folded RS Random and independent inner codes
Different inner codes for each outer symbol Can get to the information theoretic limit
= H-1(1-R) [Guruswami, R. 08]
54
To summarize
List decoding: A central coding theory notion Permits decoding up to the optimal fraction of
adversarial errors Bridges adversarial and probabilistic approaches
to information theory Shannon’s information theoretic limit p = H-1 (1-R) List decoding information theoretic limit = H-1(1-R)
Efficient list decoding possible for algebraic codes
55
Our Contributions
Folded RS codes are explicit codes that achieve information theoretic limit for list decoding
Better list decoding for binary codes Concatenated codes can get us to list
decoding capacity
56
Open Questions
Reduce decoding complexity of our algorithm List decoding for binary codes
Explicitly achieve error bound = H-1(1-R) Erasures: decode when = 1-R
Non-algebraic codes ? Graph based codes ? Other applications of these new codes
Extractors [Guruswami, Umans, Vadhan 07] Approximating NP-witnesses [Guruswami, R. 08]
57
Thank You
Questions ?