Proximity Is What You Want: Low-Degree Testing for Reed-Solomon Codes
Thanks to Giacomo Fenzi for helpful review and feedback. Full HackMD note can be found here
Reed-Solomon(RS) codes are an important tool within computer science. The deep history of these codes covers over fifty years of real-world applications. In many ways, they are the fundamental building block for how data is stored and transferred in the digital era.
RS-codes remain an extremely active and rich area of research in the field of theoretic computer science. The most exciting new area of research is within the context of zero-knowledge cryptography and interactive oracle proofs(IOP). Many of the properties that make RS-codes useful for working with data, also translate to the construction of efficient proof systems.
One of these properties is the concept of proximity testing. Given a codeword and a function , we can determine whether is a code-word or -close to a code-word by querying at only a few locations. Specifically, we test a proximity to a low-degree polynomial with respect to :
This property is extremely useful when building proof systems with low query-complexity.
This note is an outcome of my learning from a close study of the following papers [ACY23], [ACFY24], [BCIKS20], [VIT], [H22] and [ASZ]. Unless otherwise specified, all equations are derived from those sources. For an in-depth review of error-correcting codes [Gur04] is an invaluable resource.
We provide a high-level overview of the core tools used in building proximity tests and demonstrates several applications in the context of Interactive Oracle Proofs of Proximity (IOPP).
:::info For the purpose of this note, we focus exclusively on Interactive Oracle Proofs of Proximity (IOPP) and ignore Poly-IOPs. :::
Notation and Definitions
Assume the size of the domain and degree are both powers of two. And that is a smooth multiplicative subgroup of the finite-field .
We define an Error-Correcting Code as:
Definition 1.0. An error-correcting code of length over an alphabet is a subset . The code is linear if is a field and is a subspace of .
Definitions for Reed-Solomon Codes:
Definition 1.1. The Reed-Solomon code over field , evaluation domain , and degree is the set of evaluations over of univariate polynomials (over ) of degree less than
When referring to polynomials and code-words we use the following definitions:
- We define the rate of as .
- We use to refer to the nearest polynomial to on .
The Schwartz–Zippel Lemma is fundamental to various IOPPs and used extensively.
Lemma 1.2. For any non-zero polynomial it holds that
The Random-Oracle Model(ROM) is used extensively in almost all interactive proof systems. Informally we define the ROM as:
Definition 1.3. For , we denote as the uniform distribution of all function of the form . Or if is sampled uniformly from then every output is a random -bit string.
What is Proximity?
The basic idea behind proximity testing is that for some set and some code either all the members of the set are -close to , or nearly all members of the set are far from . There is no case where half of is close and half is far.
A good definition for proximity in the context of Reed-Solomon codes comes from [BCIKS20].
Definition 1.1(Proximity Gaps): Let be a property, and be a collection of sets. Let be a distance measure on . We say that displays a -proximity gap with respect to under if every satisfies exactly one of the following.
In this case is called the proximity parameter, and the error parameter.
We measure proximity using the fractional Hamming distance, defined as:
Because we know that all members of a set are either -close to a code-word, or nearly all members are far from a code-word, we only need to test a few members of a set know with a high degree of certainty whether the set is close to a codeword.
Interactive Oracle Proofs of Proximity(IOPP)
Interactive Oracle Proofs are a subset of proof systems that combine elements of interactive proofs and probabilistic proofs. An IOP of Proximity(IOPP) as described here, seeks to prove proximity to a polynomial of low-degree via a structured public-coin interaction between a prover and a verifier.
We assume the IOP interaction occurs over -rounds, and the relation we seek to prove is defined as . The prover receives as input, and the verifier receives and oracle access to . For every round , the verifier sends a random message to the prover. In return, the prover sends a proof string to the verifier. At the end of the protocol, the verifier makes some queries to and the proof string and outputs the final decision.
For an IOPP with a relation and a tuple of two interactive algorithms in which is an interactive algorithm and is an interactive oracle algorithm, we test the proximity of code given the pair where is the code parameters and is a codeword. We test for:
-
Completeness: For every
-
Proximity For every pair where is -far in relative Hamming distance from any where and any unbounded malicious prover
REF
[ACFY24] Gal Arnon, Alessandro Chiesa, Giacomo Fenzi, and Eylon Yogev. “STIR: Reed–Solomon proximity testing with fewer queries”. Cryptology ePrint Archive, Report 2024/390. 2024. https://eprint.iacr.org/2024/390
[BCIKS20] Eli Ben-Sasson, Dan Carmon, Yuval Ishai, Swastik Kopparty, and Shubhangi Saraf. “Proximity gaps for Reed-Solomon codes”. In Proceedings of the 61st Annual Symposium on Foundations of Computer Science (FOCS 2020), 2020. https://eprint.iacr.org/2020/654
[BGKS20] Eli Ben-Sasson, Lior Goldberg, Swastik Kopparty, and Shubhangi Saraf. “DEEP-FRI: Sampling Outside the Box Improves Soundness”. In: Proceedings of the 11th Innovations in Theoretical Computer Science Conference (ITCS 2020). 2020, 5:1–5:32. https://eprint.iacr.org/2019/336.pdf
[BBHR18b] Eli Ben-Sasson, Iddo Bentov, Ynon Horesh, and Michael Riabzev. “Fast Reed-Solomon Interactive Oracle Proofs of Proximity”. In Proceedings of the 45th International Colloquium on Automata, Languages, and Programming (ICALP 2018), 2018. https://drops.dagstuhl.de/storage/00lipics/lipics-vol107-icalp2018/LIPIcs.ICALP.2018.14/LIPIcs.ICALP.2018.14.pdf