Adaptive decoding for dense and sparse evaluation/interpolation codes

Size: px

Start display at page:

Download "Adaptive decoding for dense and sparse evaluation/interpolation codes"

Louisa Clark
5 years ago
Views:

1 Adaptive decoding for dense and sparse evaluation/interpolation codes Clément PERNET INRIA/LIG-MOAIS, Grenoble Université joint work with M. Comer, E. Kaltofen, J-L. Roch, T. Roche Séminaire Calcul formel et Codes, IRMAR, Rennes 23 Novembre, 2012

2 Outline Introduction High performance exact computations Chinese remaindering Motivation Sparse Interpolation with errors Berlekamp/Massey algorithm with errors Sparse Polynomial Interpolation with errors Relations to Reed-Solomon decoding Dense interpolation with errors Decoding CRT codes: Mandelbaum algorithm Amplitude codes Adaptive decoding Experiments

3 Outline Introduction High performance exact computations Chinese remaindering Motivation Sparse Interpolation with errors Berlekamp/Massey algorithm with errors Sparse Polynomial Interpolation with errors Relations to Reed-Solomon decoding Dense interpolation with errors Decoding CRT codes: Mandelbaum algorithm Amplitude codes Adaptive decoding Experiments

4 High Performance Algebraic Computations (HPAC) Domain of Computation Z, Q variable size Z p, GF(p k ) specific arithmetic K[X] for K = Z p,...

5 High Performance Algebraic Computations (HPAC) Domain of Computation Z, Q Z p, GF(p k ) variable size K[X] for K = Z p,... Application domains: specific arithmetic Computational number theory: computing tables of elliptic curves, modular forms, testing conjectures Crypto: Algebraic attacks (Quadratic sieves, Groebner bases, index calculus,...) Graph theory: testing conjectures (graph isomorphism,...) Representation theory...

6 HPAC: rules of thumb Deal with size of arithmetic Evaluation/interpolation schemes: over Z: Chinese Remainder Algorithm: Z Z/mZ Z/m 1 Z Z/m k Z over K[X]: Evaluation/interpolation: K[X] K Embarassingly parallel Lifting schemes Z Z/p k Z Z/pZ Best sequential complexities Deal with complexity/efficiency: reduce to Linear algebra Matrix product over Z p, K Eliminations: Gauss, Gram-Schmidt (LLL),... Krylov iteration

7 HPAC: rules of thumb Deal with size of arithmetic Evaluation/interpolation schemes: over Z: Chinese Remainder Algorithm: Z Z/mZ Z/m 1 Z Z/m k Z over K[X]: Evaluation/interpolation: K[X] K Embarassingly parallel Lifting schemes Z Z/p k Z Z/pZ Best sequential complexities Deal with complexity/efficiency: reduce to Linear algebra Matrix product over Z p, K Eliminations: Gauss, Gram-Schmidt (LLL),... Krylov iteration

8 Chinese remainder algorithm If m 1,..., m k pariwise relatively prime: Z/(m 1... m k )Z Z/m 1 Z Z/m k Z Computation of y = f (x) for f Z[X], x Z m begin Compute an upper bound β on f (x) ; Pick m 1,... m k, pairwise prime, s.t. m 1... m k > β; for i = 1... k do Compute y i = f (x mod m i ) mod m i Compute y = CRT(y 1,..., y k ) CRT : Z/m 1 Z Z/m k Z Z/(m 1... m k )Z (x 1,..., x k ) k i=1 x iπ i Y i mod Π Π = k i=1 m i where Π i = Π/m i Y i = Π 1 i mod m i

9 Chinese remainder algorithm If m 1,..., m k pariwise relatively prime: Z/(m 1... m k )Z Z/m 1 Z Z/m k Z Computation of y = f (x) for f Z[X], x Z m begin Compute an upper bound β on f (x) ; Pick m 1,... m k, pairwise prime, s.t. m 1... m k > β; for i = 1... k do Compute y i = f (x mod m i ) mod m i ; /* Evaluation */ Compute y = CRT(y 1,..., y k ); /* Interpolation */ CRT : Z/m 1 Z Z/m k Z Z/(m 1... m k )Z (x 1,..., x k ) k i=1 x iπ i Y i mod Π Π = k i=1 m i where Π i = Π/m i Y i = Π 1 i mod m i

10 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a

11 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a Polynomials Evaluation: P mod X a Evaluate P in a Interpolation: P = k i=1 y i j i(x a j) j i (a i a j )

12 Chinese remaindering and evaluation/interpolation Evaluate P in a Reduce P modulo X a Polynomials Evaluation: P mod X a Evaluate P in a Interpolation: P = k i=1 y i j i(x a j) j i (a i a j ) Integers N mod m Evaluate N in m N = k i=1 y i j i m j( j i m j) 1[m i]

13 Early termination Classic Chinese remaindering Deterministic bound β on the result Choice of the m i : such that m 1... m k > β

14 Early termination Classic Chinese remaindering Deterministic bound β on the result Choice of the m i : such that m 1... m k > β Early termination Probabilistic Monte Carlo For each new modulo m i : reconstruct yi = f (x) mod m 1 m i If yi == y i 1 terminated Advantage: Adaptive number of moduli depending on the output value Interesting when pessimistic bound: sparse/structured matrices,... no bound available

15 Motivation ABFT: Algorithm Based Fault Tolerance HPC: clusters, grid, P2P, cloud computing Parallelization based on Evaluation/Interpolation scheme Need to tolerate: soft errors (cosmic rays,...) malicious corruption Signal processing Sparse polynomial interpolation Distinction between noise and outliers Symbolic-numeric methods

16 Dense/Sparse interpolation with errors Problem 1: Dense interpolation with errors over Z Given (y i, m i ) for i = 1... n, Find Y Z such that Y = y i mod m i except on e values. Problem 2: Sparse interpolation with errors over K[X] Given (y i, x i ) for i = 1... n, Find a t-sparse poly. f such that f (x i ) = y i except on e values.

17 State of the art Dense interpolation Interpolation Interpolation with errors over K[X] Lagrange Generalized Reed-Solomon codes over Z CRT CRT codes Sparse Interpolation Interpolation Interpolation with errors over K[X] Ben-Or & Tiwari? over Z??

18 State of the art Dense interpolation Interpolation Interpolation with errors over K[X] Lagrange Generalized Reed-Solomon codes over Z CRT CRT codes Sparse Interpolation Interpolation Interpolation with errors over K[X] Ben-Or & Tiwari? over Z??

19 Contribution Sparse interpolation code over K[X] lower bound on the necessary number of evaluations optimal unique decoding algorihtm list decoding variant Dense interpolation code over Z finer bounds on the correction capacity adaptive decoding using the best effective redundancy

20 Outline Introduction High performance exact computations Chinese remaindering Motivation Sparse Interpolation with errors Berlekamp/Massey algorithm with errors Sparse Polynomial Interpolation with errors Relations to Reed-Solomon decoding Dense interpolation with errors Decoding CRT codes: Mandelbaum algorithm Amplitude codes Adaptive decoding Experiments

21 Preliminaries Linear recurring sequences Sequence (a 0, a 1,..., a n,... ) such that t 1 j 0 a j+t = λ i a i+j generating polynomial: Λ(z) = z t t 1 i=0 λ iz i minimal generating polynomial: Λ(z) of minimal degree i=0 linear complexity of (a i ) i : the minimal degree of Λ Hamming weight: weight(x) = #{i x i 0} Hamming distance: d H (x, y) = weight(x y)

22 Berlekamp/Massey algorithm Input: (a 0,..., a n 1 ) a sequence of field elements. Output: Λ(z) = L n i=0 λ iz i a monic polynomial of minimal degree L n n such that L n i=0 λ ia i+j = 0 for j = 0,..., n L n 1. Guarantee : BMA finds Λ of degree t from 2t entries.

23 Problem Statement Berlkamp/Massey with errors Suppose (a 0, a 1,... ) is linearly generated by Λ(z) of degree t where Λ(0) 0. Given (b 0, b 1,... ) = (a 0, a 1,... ) + ε, where weight(ε) E: 1. How to recover Λ(z) and (a 0, a 1,... )? 2. How many entries required for a unique solution? a list of solutionse including (a0, a 1,... )?

24 Problem Statement Berlkamp/Massey with errors Suppose (a 0, a 1,... ) is linearly generated by Λ(z) of degree t where Λ(0) 0. Given (b 0, b 1,... ) = (a 0, a 1,... ) + ε, where weight(ε) E: 1. How to recover Λ(z) and (a 0, a 1,... )? 2. How many entries required for a unique solution? a list of solutionse including (a0, a 1,... )? Coding Theory formulation Let C be the set of all sequences of linear complexity t. 1. How to decode C? 2. What are the best correction capacities? for unique decoding list decoding

25 How many entries to guarantee uniqueness? Case E = 1, t = 2 (a i ) Λ(z) (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 2 2z 2 + z 4 + z 6 Where is the error?

26 How many entries to guarantee uniqueness? Case E = 1, t = 2 (a i ) Λ(z) (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 2 2z 2 + z 4 + z 6 (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 1 + z 2 Where is the error?

27 How many entries to guarantee uniqueness? Case E = 1, t = 2 (a i ) Λ(z) (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 2 2z 2 + z 4 + z 6 (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 1 + z 2 (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 1 + z 2 Where is the error?

28 How many entries to guarantee uniqueness? Case E = 1, t = 2 (a i ) Λ(z) (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 2 2z 2 + z 4 + z 6 (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 1 + z 2 (0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0) 1 + z 2 Where is the error? A unique solution is not guaranteed with t = 2, E = 1 and n = 11

29 Generalization to any E 1 t 1 times {}}{ Let 0 = ( 0,..., 0). Then s = (0, 1, 0, 1, 0, 1, 0, 1) is generated by z t 1 or z t + 1 up to E = 1 error. Then E times {}}{ ( s, s,..., s, 0, 1, 0) is generated by z t 1 or z t + 1 up to E errors. ambiguity with n = 2t(2E + 1) 1 values.

30 Generalization to any E 1 t 1 times {}}{ Let 0 = ( 0,..., 0). Then s = (0, 1, 0, 1, 0, 1, 0, 1) is generated by z t 1 or z t + 1 up to E = 1 error. Then E times {}}{ ( s, s,..., s, 0, 1, 0) is generated by z t 1 or z t + 1 up to E errors. ambiguity with n = 2t(2E + 1) 1 values. Theorem Necessary condition for unique decoding: n 2t(2E + 1)

31 The Majority Rule Berlekamp/Massey algorithm 2t E=2 n=2t(2e+1) Λ Λ Λ Λ Λ

32 The Majority Rule Berlekamp/Massey algorithm 2t E=2 n=2t(2e+1) Λ Λ Λ Λ Λ Input: (a 0,..., a n 1 ) + ε, where n = 2t(2E + 1), weight(ε) E, and (a 0,..., a n 1 ) minimally generated by Λ of degree t, where Λ(0) 0. Output: Λ(z) and (a 0,..., a n 1 ). begin Run BMA on 2E + 1 segments of 2t entries and record Λ i (z) on each segment; Perform majority vote to find Λ(z);

33 The Majority Rule Berlekamp/Massey algorithm 2t E=2 n=2t(2e+1) Λ Λ Λ Λ Λ Input: (a 0,..., a n 1 ) + ε, where n = 2t(2E + 1), weight(ε) E, and (a 0,..., a n 1 ) minimally generated by Λ of degree t, where Λ(0) 0. Output: Λ(z) and (a 0,..., a n 1 ). begin Run BMA on 2E + 1 segments of 2t entries and record Λ i (z) on each segment; Perform majority vote to find Λ(z); Use a clean segment to clean-up the sequence ; return Λ(z) and (a 0, a 1,... );

34 Algorithm SequenceCleanUp Input: Λ(z) = z t + t 1 i=0 λ ix i where Λ(0) 0 Input: (a 0,..., a n 1 ), where n t + 1 Input: E, the maximum number of corrections to make Input: k, such that (a k, a k+2t 1 ) is clean Output: (b 0,..., b n 1 ) generated by Λ at distance E to (a 0,..., a n 1 )

35 Algorithm SequenceCleanUp Input: Λ(z) = z t + t 1 i=0 λ ix i where Λ(0) 0 Input: (a 0,..., a n 1 ), where n t + 1 Input: E, the maximum number of corrections to make Input: k, such that (a k, a k+2t 1 ) is clean Output: (b 0,..., b n 1 ) generated by Λ at distance E to (a 0,..., a n 1 ) begin (b 0,..., b n 1 ) (a 0,..., a n 1 ); e, j 0; i k + 2t; while i n 1 and e E do if Λ does not satisfy (b i t+1,..., b i ) then Fix b i using Λ(z) as a LFSR; e e + 1; return (b 0,..., b n 1 ), e

36 Algorithm SequenceCleanUp Input: Λ(z) = z t + t 1 i=0 λ ix i where Λ(0) 0 Input: (a 0,..., a n 1 ), where n t + 1 Input: E, the maximum number of corrections to make Input: k, such that (a k, a k+2t 1 ) is clean Output: (b 0,..., b n 1 ) generated by Λ at distance E to (a 0,..., a n 1 ) begin (b 0,..., b n 1 ) (a 0,..., a n 1 ); e, j 0; i k + 2t; while i n 1 and e E do if Λ does not satisfy (b i t+1,..., b i ) then Fix b i using Λ(z) as a LFSR; e e + 1; i k 1; while i 0 and e E do if Λ does not satisfy (b i,..., b i+t 1 ) then Fix b i using z t Λ(1/z) as a LFSR; e e + 1; return (b 0,..., b n 1 ), e

37 Algorithm SequenceCleanUp Input: Λ(z) = z t + t 1 i=0 λ ix i where Λ(0) 0 Input: (a 0,..., a n 1 ), where n t + 1 Input: E, the maximum number of corrections to make Input: k, such that (a k, a k+2t 1 ) is clean Output: (b 0,..., b n 1 ) generated by Λ at distance E to (a 0,..., a n 1 ) begin (b 0,..., b n 1 ) (a 0,..., a n 1 ); e, j 0; i k + 2t; while i n 1 and e E do if Λ does not satisfy (b i t+1,..., b i ) then Fix b i using Λ(z) as a LFSR; e e + 1; i k 1; while i 0 and e E do if Λ does not satisfy (b i,..., b i+t 1 ) then Fix b i using z t Λ(1/z) as a LFSR; e e + 1; return (b 0,..., b n 1 ), e

38 Finding a clean segment: case E = 1 only one error (a 0,..., a k 2, b k 1 a k 1, a k, a k+1, a 2t 1 ) will be identified by the majority vote (2-to-1 majority).

39 Finding a clean segment: case E 2 Multiple errors on one segment can still be generated by Λ(z) deceptive segments: not good for SequenceCleanUp Example E = 3: (0, 1, 0, 2, 0, 4, 0, 8,... ) Λ(z) = z 2 2

40 Finding a clean segment: case E 2 Multiple errors on one segment can still be generated by Λ(z) deceptive segments: not good for SequenceCleanUp Example E = 3: (0, 1, 0, 2, 0, 4, 0, 8,... ) Λ(z) = z 2 2 (1, 1, 2, 2, 4, 4, 0, 8, 0, 16, 0, 32,... )

41 Finding a clean segment: case E 2 Multiple errors on one segment can still be generated by Λ(z) deceptive segments: not good for SequenceCleanUp Example E = 3: (0, 1, 0, 2, 0, 4, 0, 8,... ) Λ(z) = z 2 2 ( 1, 1, 2, 2, 4, 4, 0, 8, 0, 16, 0, 32,... ) }{{}}{{}}{{} z 2 2 z 2 +2z 2 z 2 2

42 Finding a clean segment: case E 2 Multiple errors on one segment can still be generated by Λ(z) deceptive segments: not good for SequenceCleanUp Example E = 3: (0, 1, 0, 2, 0, 4, 0, 8,... ) Λ(z) = z 2 2 ( 1, 1, 2, 2, 4, 4, 0, 8, 0, 16, 0, 32,... ) }{{}}{{}}{{} z 2 2 z 2 +2z 2 z 2 2 (1, 1, 2, 2) is deceptive. Applying SequenceCleanUp with this clean segment produces (1, 1, 2, 2, 4, 4, 8, 8, 16, 16, 32, 32, 64,... )

43 Finding a clean segment: case E 2 Multiple errors on one segment can still be generated by Λ(z) deceptive segments: not good for SequenceCleanUp Example E = 3: (0, 1, 0, 2, 0, 4, 0, 8,... ) Λ(z) = z 2 2 ( 1, 1, 2, 2, 4, 4, 0, 8, 0, 16, 0, 32,... ) }{{}}{{}}{{} z 2 2 z 2 +2z 2 z 2 2 (1, 1, 2, 2) is deceptive. Applying SequenceCleanUp with this clean segment produces (1, 1, 2, 2, 4, 4, 8, 8, 16, 16, 32, 32, 64,... ) E > 3? contradiction. Try (0, 16, 0, 32) as a clean segment instead.

44 Success of the sequence clean-up Theorem If n t(2e + 1), then a deceptive segment will necessarily be exposed by a failure of the condition e E in algorithm SequenceCleanUp.

45 Success of the sequence clean-up Theorem If n t(2e + 1), then a deceptive segment will necessarily be exposed by a failure of the condition e E in algorithm SequenceCleanUp. Corollary n 2t(2E + 1) is a necessary and sufficient condition for unique decoding of Λ and the corresponding sequence. Remark Also works with an upper bound t T on deg Λ.

46 List decoding for n 2t(E + 1) 2t E=2 n=2t(e+1) Λ Λ Λ 1 2 3

47 List decoding for n 2t(E + 1) 2t E=2 n=2t(e+1) Λ Λ Λ Input: (a 0,..., a n 1 ) + ε, where n = 2t(E + 1), weight(ε) E, and (a 0,..., a n 1 ) minimally generated by Λ of degree t, where Λ(0) 0. Output: (Λ i (z), s i = (a (i) 0,..., a(i) n 1 )) i a list of E candidates begin Run BMA on E + 1 segments of 2t entries and record Λ i (z) on each segment;

48 List decoding for n 2t(E + 1) 2t E=2 n=2t(e+1) Λ Λ Λ Input: (a 0,..., a n 1 ) + ε, where n = 2t(E + 1), weight(ε) E, and (a 0,..., a n 1 ) minimally generated by Λ of degree t, where Λ(0) 0. Output: (Λ i (z), s i = (a (i) 0,..., a(i) n 1 )) i a list of E candidates begin Run BMA on E + 1 segments of 2t entries and record Λ i (z) on each segment; foreach Λ i (z) do Use a clean segment to clean-up the sequence; Withdraw Λ i if no clean segment can be found. return the list (Λ i (z), (a (i) 0,..., a(i) n 1 )) i;

49 Properties The list contains the right solution (Λ, (a 0,..., a n 1 ))

50 Properties The list contains the right solution (Λ, (a 0,..., a n 1 )) n 2t(E + 1) is the tightest bound to ensure to enable syndrome decoding (BMA on a clean sequence of length 2t). Example n = 2t(E + 1) 1 and ε = (0,..., 0, 1, 0,..., 0, 1..., 1, 0,..., 0). }{{}}{{}}{{} 2t 1 2t 1 2t 1 Then (a 0,..., a n 1 ) + ε has no length 2t clean segment.

51 Sparse Polynomial Interpolation x F f (x) Problem f = t i=1 c ix e i Recover a t-sparse polynomial f given a black-box computing evaluations of it.

52 Sparse Polynomial Interpolation x F f (x) Problem f = t i=1 c ix e i Recover a t-sparse polynomial f given a black-box computing evaluations of it. Ben-Or/Tiwari 1988: Let a i = f (p i ) for p a primitive element, and let Λ(z) = t i=1 (z pe i ). Then Λ(z) is the minimal generator of (a 0, a 1,... ). only need 2t entries to find Λ(z) (using BMA)

53 Sparse Polynomial Interpolation x F f (x)+ε Problem f = t i=1 c ix e i Recover a t-sparse polynomial f given a black-box computing evaluations of it. Ben-Or/Tiwari 1988: Let a i = f (p i ) for p a primitive element, and let Λ(z) = t i=1 (z pe i ). Then Λ(z) is the minimal generator of (a 0, a 1,... ). only need 2t entries to find Λ(z) (using BMA) only need 2T(2E + 1) with e E errors and t T.

54 Ben-Or & Tiwari s Algorithm Input: (a 0,..., a 2t 1 ) where a i = f (p i ) Input: t, the numvber of (non-zero) terms of f (x) = t j=1 c jx e j Output: f (x) begin Run BMA on (a 0,..., a 2t 1 ) to find Λ(z) Find roots of Λ(z) (polynomial factorization) Recover e j by repeated division (by p) Recover c j by solving the transposed Vandermonde system (p 0 ) e 1 (p 0 ) e 2... (p 0 ) et c 1 (p 1 ) e 1 (p 1 ) e 2... (p 1 ) et c = (p t ) e 1 (p t ) e 2... (p t ) et c t a 0 a 1. a t 1

55 Blahut s theorem Theorem (Blahut) The D.F.T of a vector of weight t has linear complexity at most t DFT ω (v) = Vandemonde(ω 0, ω 1, ω 2,... )v = Eval ω 0,ω 1,ω 2,...(v)

56 Blahut s theorem Theorem (Blahut) The D.F.T of a vector of weight t has linear complexity at most t DFT ω (v) = Vandemonde(ω 0, ω 1, ω 2,... )v = Eval ω 0,ω 1,ω 2,...(v) Univariate Ben-Or & Tiwari as a corollary

57 Blahut s theorem Theorem (Blahut) The D.F.T of a vector of weight t has linear complexity at most t DFT ω (v) = Vandemonde(ω 0, ω 1, ω 2,... )v = Eval ω 0,ω 1,ω 2,...(v) Univariate Ben-Or & Tiwari as a corollary Reed-Solomon codes: evaluation of a sparse error BMA

58 Reed-Solomon codes as Evaluation codes C = {(f (ω 1 ),..., f (ω n )) deg f < k} Evaluation f m=f(x), deg f < k 0 c = Eval(f), c = f(w i i ) error ε g g = f + Interp ( ε) Interpolation y = c + ε g

59 Reed-Solomon codes as Evaluation codes C = {(f (ω 1 ),..., f (ω n )) deg f < k} Evaluation f m=f(x), deg f < k 0 c = Eval(f), c i = f(w i ) error ε g g = f + Interp ( ε) BMA Interpolation y = c + ε f

60 Sparse interpolation with errors Find f from (f (w 1 ),..., f (w n )) + ε Interpolation error ε ε 0 c = Interp ( ε ) sparse polynomial f g g = Eval (f) + ε Evaluation y = c + f f

61 Sparse interpolation with errors Find f from (f (w 1 ),..., f (w n )) + ε Interpolation error ε ε 0 c = Interp ( ε ) sparse polynomial f g g = Eval (f) + ε Evaluation BMA y = c + f f

62 Same problems? Interchanging Evaluation and Interpolation Let V ω = Vandermonde(ω, ω 2,..., ω n ). Then (V ω ) 1 = 1 n V ω 1 Given g, find f, t-sparse and an error ε such that g = V ω f + ε V ω 1g = nf + V ω 1ɛ

63 Same problems? Interchanging Evaluation and Interpolation Let V ω = Vandermonde(ω, ω 2,..., ω n ). Then (V ω ) 1 = 1 n V ω 1 Given g, find f, t-sparse and an error ε such that g = V ω f + ε V ω 1g = nf }{{} + V ω 1ɛ }{{} weight t error RS code word Reed-Solomon decoding: unique solution provided ε has 2t consecutive trailing 0 s clean segment of length 2t n 2t(E + 1)

64 Same problems? Interchanging Evaluation and Interpolation Let V ω = Vandermonde(ω, ω 2,..., ω n ). Then (V ω ) 1 = 1 n V ω 1 Given g, find f, t-sparse and an error ε such that g = V ω f + ε V ω 1g = nf }{{} + V ω 1ɛ }{{} weight t error RS code word Reed-Solomon decoding: unique solution provided ε has 2t consecutive trailing 0 s clean segment of length 2t n 2t(E + 1) BUT: location of the syndrome, is a priori unknown no uniqueness

65 Numeric Sparse Interpolation numerical evaluations (with noise) of a sparse polynomial and outliers Symbolic numeric approach [Giesbrecht, Labahn &Lee 06] [Kaltofen, Lee, Yang 11]: Interpolation/correction using Berlekamp-Massey Termination (zero-discrepancy) is ill-conditioned

66 Numeric Sparse Interpolation numerical evaluations (with noise) of a sparse polynomial and outliers Symbolic numeric approach [Giesbrecht, Labahn &Lee 06] [Kaltofen, Lee, Yang 11]: Interpolation/correction using Berlekamp-Massey Termination (zero-discrepancy) is ill-conditioned But the conditioning is the termination criteria

67 Numeric Sparse Interpolation numerical evaluations (with noise) of a sparse polynomial and outliers Symbolic numeric approach [Giesbrecht, Labahn &Lee 06] [Kaltofen, Lee, Yang 11]: Interpolation/correction using Berlekamp-Massey Termination (zero-discrepancy) is ill-conditioned But the conditioning is the termination criteria Better: track two perturbed executions divergence = termination

68 Outline Introduction High performance exact computations Chinese remaindering Motivation Sparse Interpolation with errors Berlekamp/Massey algorithm with errors Sparse Polynomial Interpolation with errors Relations to Reed-Solomon decoding Dense interpolation with errors Decoding CRT codes: Mandelbaum algorithm Amplitude codes Adaptive decoding Experiments

69 CRT codes : Mandelbaum algorithm over Z Chinese Remainder Theorem x Z x 1 x 2... x k where m 1 m k > x and x i = x mod m i i

70 CRT codes : Mandelbaum algorithm over Z Chinese Remainder Theorem x Z x 1 x 2... x k x k+1... x n where m 1 m n > x and x i = x mod m i i

71 CRT codes : Mandelbaum algorithm over Z Chinese Remainder Theorem x Z x 1 x 2... x k x k+1... x n where m 1 m n > x and x i = x mod m i i Definition { (n, k)-code: C = { x < m1... m (x 1,..., x n ) Z m1 Z mn s.t. x, k x i = x mod m i i }

72 Principle Property X C iff X < Π k. Π n = p 1 p n p 1 p 2... p k p k+1... p n Π k = p 1 p k Redundancy : r = n k

73 ABFT with Chinese remainder algorithm Input A Encoding A = (A 1,... A n) Computation Solution x < Π n x < Π k x = (r 1,..., r n) Correction x = (x 1,..., x n) Decoding

74 Properties of the code Error model: Error: E = X X Error support: I = {i 1... n, E 0 mod m i } Impact of the error: Π F = i I m i

75 Properties of the code Error model: Error: E = X X Error support: I = {i 1... n, E 0 mod m i } Impact of the error: Π F = i I m i Detects up to r errors: If X = X + E with X C, #I r, then X > Π k. Redundancy r = n k, distance: r + 1 can correct up to r 2 errors in theory More complicated in practice...

76 Correction i / I : E mod m i = 0 E is a multiple of Π V : E = ZΠ V = Z i/ I m i gcd(e, Π) = Π V Property The Extended Euclidean Algorithm, applied to (Π, E) and to (X = X + E, Π), performs the same first iterations until r i < Π V. Π X X E + = u 0 Π + v 0 E = Π u 0 Π + v 0 X = X.. u i 1 Π + v i 1 E = Π v u i 1 Π + v i 1 X = r i 1 u i Π + v i E = 0 u i Π + v i X = r i v i X = r i

77 Correction capacity Mandelbaum 78: 1 symbol = 1 residue Polynomial time algorithm if e (n k) log m min log 2 log m max+log m min worst case: exponential (random perturbation) Goldreich Ron Sudan 99 weighted residues equivalent Guruswami Sahai Sudan 00 invariably polynomial time

78 Correction capacity Mandelbaum 78: 1 symbol = 1 residue Polynomial time algorithm if e (n k) log m min log 2 log m max+log m min worst case: exponential (random perturbation) Goldreich Ron Sudan 99 weighted residues equivalent Guruswami Sahai Sudan 00 invariably polynomial time Interpretation: Errors have variable weights depending on their impact i I m i Example: m 1 = 3, m 2 = 5, m 3 = 3001 Mandelbaum: only corrects 1 error provided X < 3 Adaptive: also corrects 1 error mod 3 if X < error mod 5 if X < errors mod 2 and 3 if X < 13

79 Generalized point of view: amplitude code Over a Euclidean ring A with a Euclidean function ν, multiplicative and sub-additive, ie such that ν(ab) = ν(a)ν(b) ν(a + b) ν(a) + ν(b) eg. over Z: ν(x) = x over K[X]: ν(p) = 2 deg(p) Definition Error impact between x and y: Π F = i x y[m i ] m i Error amplitude: ν(π F )

80 Amplitude codes Distance : A A R + (x, y) i x y[m i ] log 2 ν (m i ) (x, y) = log 2 ν(π F )

81 Definition ((n, k)-amplitude code) Given {m i } i m pairwise rel. prime, and κ R + The set C = {x A : ν(x) < κ}, n = log 2 i m m i, k = log 2 κ. is a (n, k)-amplitude code.

82 Definition ((n, k)-amplitude code) Given {m i } i m pairwise rel. prime, and κ R + The set C = {x A : ν(x) < κ}, n = log 2 i m m i, k = log 2 κ. is a (n, k)-amplitude code. Property (Quasi MDS) (x, y) C (x, y) > n k 1 correction capacity = maximal amplitude of an error that can be corrected

83 Definition ((n, k)-amplitude code) Given {m i } i m pairwise rel. prime, and κ R + The set C = {x A : ν(x) < κ}, n = log 2 i m m i, k = log 2 κ. is a (n, k)-amplitude code. Property (Quasi MDS) (x, y) C, A = K[X] Singleton bound (x, y) n k + 1 correction capacity = maximal amplitude of an error that can be corrected

84 Advantages Generalization over any Euclidean ring Natural representation of the amount of information No need to sort moduli Finer correction capacities

85 Advantages Generalization over any Euclidean ring Natural representation of the amount of information No need to sort moduli Finer correction capacities Adaptive decoding: taking advantage of all the available redundancy Early termination: with no a priori knowledge of a bound on the result

86 Amplitude decoding, with static correction capacity Amplitude based decoder over R Input: Π, X Input: τ R + τ < ν(π) 2 : bound on the maximal error amplitude Output: X R: corrected message s.t. ν(x)4τ 2 ν(π) begin u 0 = 1, v 0 = 0, r 0 = Π; u 1 = 0, v 1 = 1, r 1 = X ; i = 1; while (ν(r i ) > ν(π)/2τ) do Let r i 1 = q i r i + r i+1 be the Euclidean division of r i 1 by r i ; u i+1 = u i 1 q i u i ; v i+1 = v i 1 q i v i ; i = i + 1; return X = ri v i reaches the quasi-maximal correction capacity

87 Amplitude decoding, with static correction capacity Amplitude based decoder over R Input: Π, X Input: τ R + τ < ν(π) 2 : bound on the maximal error amplitude Output: X R: corrected message s.t. ν(x)4τ 2 ν(π) begin u 0 = 1, v 0 = 0, r 0 = Π; u 1 = 0, v 1 = 1, r 1 = X ; i = 1; while (ν(r i ) > ν(π)/2τ) do Let r i 1 = q i r i + r i+1 be the Euclidean division of r i 1 by r i ; u i+1 = u i 1 q i u i ; v i+1 = v i 1 q i v i ; i = i + 1; return X = ri v i reaches the quasi-maximal correction capacity requires an a priori knowledge of τ How to make the correction capacity adaptive?

88 Adaptive approach Multiple goals: With a fixed n, the correction capacity depends on a bound on ν(x) pessimistic estimate how to take advantage of all the available redundancy? redundancy effectively available X bound on v(x) redundancy being used

89 A first adaptive approach: divisibility check Termination criterion in the Extended Euclidean alg.: u i+1 Π + v i+1 E = 0 E = u i+1 Π/v i+1 test if v j divides Π check if X satisfies: ν(x) ν(π) 4ν(v j ) 2 But several candidates are possible discrimination by a post-condition on the result

90 A first adaptive approach: divisibility check Termination criterion in the Extended Euclidean alg.: u i+1 Π + v i+1 E = 0 E = u i+1 Π/v i+1 test if v j divides Π check if X satisfies: ν(x) ν(π) 4ν(v j ) 2 But several candidates are possible discrimination by a post-condition on the result Example x = 23 with 0 error x = 2 with 1 error m i x i 2 3 2

91 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix

92 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix

93 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix

94 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i.

95 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

96 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

97 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

98 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g

99 Detecting a gap u i Π + v i (X + E) = r i u i Π + v i E = r i v i X r i v ix 2 g X = r i /v i At the final iteration: ν(r i ) = ν(v i X) If necessary, a gap appears between r i 1 and r i. Introduce a blank 2 g in order to detect a gap > 2 g Property Loss of correction capacity: very small in practice Test of the divisibility for the remaining candidates Strongly reduces the number of divisibility tests

100 Experiments Size of the error g = 2 1/446 1/765 1/1118 2/1183 2/4165 1/7907 g = 3 1/244 1/414 1/576 2/1002 2/2164 1/4117 g = 5 1/53 1/97 1/153 2/262 1/575 1/1106 g = 10 1/1 1/3 1/9 1/14 1/26 1/35 g = 20 1/1 1/1 1/1 1/1 1/1 1/1 Table: Number of remaining candidates after the gap detection: c /d means d candidates with a gap > 2 g, and c of them passed the divisibility test. n 6001 (3000 moduli), κ 201 (100 moduli).

101 Experiments Divisibility Gap g=2 Gap g=5 Gap g=10 Threshold T= Time (s) Size of the errors Figure: Comparison for n (m = 1300 moduli of 20 bits), κ 6001 (300 moduli) and τ (about 500 moduli).

102 Conclusion Adaptive decoding of CRT codes finer bounds on the correction capacity adaptive decoding using the best effective redundancy efficient termination heuristics Sparse interpolation code over K[X] lower bound on the necessary number of evaluations optimal unique decoding algorihtm list decoding variant Perspectives Generalization to adaptive list decoding of CRT codes Tight bound on the size of the list when n 2t(E + 1), Sparse Cauchy interpolation with errors.

103 Bonus : Dense rational function interpolation with errors (Cauchy interpolation) y i = f (x i) g(x i ) Rational function interpolation: Pade approximant Find h K[X] s.t. h(x i ) = y i (interpolation) Find f, g s.t. hg = f mod (X x i ) (Pade approx)

104 Bonus : Dense rational function interpolation with errors (Cauchy interpolation) y i = f (x i) g(x i ) Rational function interpolation: Pade approximant Find h K[X] s.t. h(x i ) = y i (interpolation) Find f, g s.t. hg = f mod (X x i ) (Pade approx) Introducing an error of impact Π F = i I (X x i): hgπ F = f Π F mod (X x i ) Property If n deg f + deg g + 2e, one can interpolate with at most e errors

Computing over Z, Q, K[X]

Computing over Z, Q, K[X] Clément PERNET M2-MIA Calcul Exact Outline Introduction Chinese Remainder Theorem Rational reconstruction Problem Statement Algorithms Applications Dense CRT codes Extension to