LATTICES AND CODES ISHAY HAVIV TEL AVIV UNIVERSITY THE RAYMOND AND BEVERLY SACKLER FACULTY OF EXACT SCIENCES THE BLAVATNIK SCHOOL OF COMPUTER SCIENCE

Transcription

1 TEL AVIV UNIVERSITY THE RAYMOND AND BEVERLY SACKLER FACULTY OF EXACT SCIENCES THE BLAVATNIK SCHOOL OF COMPUTER SCIENCE LATTICES AND CODES THESIS SUBMITTED FOR THE DEGREE OF DOCTOR OF PHILOSOPHY BY ISHAY HAVIV UNDER THE SUPERVISION OF PROFESSOR ODED REGEV SUBMITTED TO THE SENATE OF TEL AVIV UNIVERSITY JUNE 2011

2 ii

3 Abstract This thesis is concerned with theoretical aspects of computer science and focuses on two important mathematical objects lattices and codes. Lattices. An n-dimensional full-rank lattice L R n is the set of all integer combinations of n linearly independent vectors. Two main computational problems associated with lattices are the Shortest Vector Problem (SVP) and the Closest Vector Problem (CVP). In the former, for a lattice given by some basis we are supposed to find (the length of) a shortest nonzero vector in the lattice. The problem CVP is an inhomogeneous variant of SVP, in which given a lattice and some target point one has to find (the distance from) the closest lattice point. We show that unless NP RTIME(2 poly(log n) ), for any ε > 0 there is no polynomial-time algorithm approximating SVP on n-dimensional lattices in the l p norm (1 p < ) to within a factor of 2 (log n)1 ε. This improves the previous best factor of 2 (log n)1/2 ε under the same complexity assumption due to Khot (J. ACM, 2004). Under the stronger assumption NP RSUBEXP, we obtain a hardness factor of n c/ log log n for some c > 0. Motivated by a preprocessing variant of CVP, we study the ability to embed a torus R n /L into a Hilbert space in a distance-preserving manner. We show that for every n-dimensional lattice L the torus R n /L can be embedded with distortion O(n log n) into a Hilbert space. This improves the exponential upper bound of O(n 3n/2 ) due to Khot and Naor (Math. Annal., 2006) and gets close to their lower bound of Ω( n). We also obtain tight bounds for certain families of lattices. Codes. In the index coding problem, introduced by Birk and Kol (INFOCOM, 1998), the goal is to broadcast an n bit word to n receivers, where the receivers have side information represented by a graph G and each of them is interested in one bit of the word. The objective is to minimize the length of the code (i.e., the number of bits in the transmitted message). For linear index coding, the minimum possible length is known to be equal to a graph parameter called minrank (Bar-Yossef et al., FOCS, 2006). We show a polynomial time algorithm that, given an n vertex graph G with minrank k, finds iii

4 a linear index code for G of length Õ(nf(k) ), where f(k) depends only on k. For example, for k = 3 we obtain f(3) Our algorithm employs a semidefinite program (SDP) introduced by Karger, Motwani and Sudan (J. ACM, 1998) for graph coloring. A crucial component of our analysis is bounding the objective value of the SDP in terms of the minrank. As a side effect of our analysis, we show an exact expression for the maximum possible value of the Lovász ϑ-function of a graph with minrank k. This compares two classical upper bounds on the Shannon capacity of a graph. We also study the typical minimum length of a linear index code for the random graph G(n, p). First, we prove that for every constant p, the minimum length of a linear index code for G(n, p), i.e., the minrank of G(n, p), is almost surely Ω( n). Second, we introduce and study two restricted models of index coding. In the first we consider index codes which are locally decodable. These are index codes in which the receivers are allowed to query a limited number of characters from the encoded message. In the second we consider low density index codes linear codes whose generator matrix has a few nonzero entries in each row. For these restricted models of index coding we show lower bounds that beat our lower bound on linear index coding for G(n, p). The final topic studied in this thesis is the online channel coding model. In this model a sender wishes to communicate a message to a receiver by transmitting a codeword x = (x 1,..., x n ) {0, 1} n bit by bit via a channel limited to at most pn corruptions. The channel is online in the sense that at the ith step the channel decides whether to flip the ith bit or not and its decision is based only on the bits transmitted so far, i.e., (x 1,..., x i ). This is in contrast to the classical adversarial channel in which the corruption is chosen by a channel that has full knowledge on the sent codeword x. The best known lower bound on the capacity of both the online channel and the classical adversarial channel is the well-known Gilbert-Varshamov bound. In this thesis we prove a lower bound on the capacity of the online channel which beats the Gilbert-Varshamov bound for any positive p such that H(2p) < 1 2 (where H is the binary entropy function). To do so, we prove that for any such p, a code chosen at random combined with the nearest neighbor decoder achieves with high probability a rate strictly higher than the Gilbert-Varshamov bound (for the online channel). iv

5 Contents Abstract iii 1 Introduction Lattices Hardness of the Shortest Vector Problem The Euclidean Distortion of Flat Tori Codes Index Coding The Online Channel Hardness of the Shortest Vector Problem Preliminaries Proof of Results Basic SVP Boosting the SVP Hardness Factor Basic SVP Proof Comparison with Khot s Theorem The Proof The Euclidean Distortion of Flat Tori Preliminaries Properties of Gaussian Distributions Properties of Korkine-Zolotarev Bases The Embedding Upper Bounds in Terms of Lattice Parameters General Upper Bound Lower Bound v

6 3.6 On the Embedding of Khot and Naor Linear Index Coding via Semidefinite Programming Preliminaries The Graph Family G k Symmetry Properties of G k Spectral Analysis of G k Minrank versus Lovász ϑ-function Algorithms for Linear Index Coding Graph Coloring An Algorithm for Linear Index Coding for Graphs with Constant Minrank An Improved Algorithm for Linear Index Coding for Graphs with Minrank Proof of Theorem Linear Index Coding for Random Graphs Preliminaries G(n, p) versus G(n, p) The Ω( n) Lower Bound Locally Decodable Index Codes Low Density Generator Matrix Index Codes The Reduction to q = ω(1) The Lower Bounds for q {2, 3} Beating the Gilbert-Varshamov Bound for Online Channels Preliminaries Proof of Results The Forbidden Ball B (p,q) α (z) Errors Caused by Codewords with Distinct Prefixes Errors Caused by Codewords with the Same Prefix Proof of Theorem Bibliography 101 vi

7 Chapter 1 Introduction This thesis is concerned with theoretical aspects of computer science and focuses on two important mathematical objects lattices and codes. Lattices are known to be very useful in algorithms as well as in cryptography, and codes are useful in several areas of research such as data compression, error-correction, network coding and cryptography. In what follows, we overview the problems considered in the thesis and describe our contribution. Prior to delving into the details, let me mention that during my Ph.D. studies I have also published the following results [16, 58], which are not included in this thesis. 1.1 Lattices An n-dimensional full-rank lattice L R n is a periodic geometric object defined as the set of all integer combinations of n linearly independent vectors. The interesting combinatorial structure of lattices was investigated by mathematicians over the last two centuries, and in the last two decades it was also studied from a computational point of view. Roughly speaking, most fundamental problems on lattices are not known to be efficiently solvable. Moreover, there are hardness results showing that such problems cannot be solved by polynomial-time algorithms unless the polynomial-hierarchy collapses. One of the main motivations for research on the hardness of lattice problems is their applications in cryptography, as was demonstrated by Ajtai [4], who came up with a construction of cryptographic primitives whose security relies on the worst-case hardness of certain lattice problems. Two main computational problems associated with lattices are the Shortest Vector Problem (SVP) and the Closest Vector Problem (CVP). In the former, for a lattice given by some basis we are supposed to find (the length of) a shortest nonzero vector in the lattice. The problem CVP is an inhomogeneous variant of SVP, in which given a lattice and some target point one has to find 1

8 2 CHAPTER 1. INTRODUCTION (the distance from) the closest lattice point. The hardness of lattice problems partly comes from the fact that there are many possible bases for the same lattice Hardness of the Shortest Vector Problem In Chapter 2, we improve the best hardness result known for SVP. Before presenting our results let us start with an overview of related work. Related Work. In the early 1980s, Lenstra, Lenstra and Lovász (LLL) presented the first polynomialtime approximation algorithm for SVP [79]. Their algorithm achieves an approximation factor of 2 O(n), where n is the dimension of the lattice. Using their algorithm, Babai gave an approximation algorithm for CVP achieving the same approximation factor [13]. A few years later, improved algorithms were presented for both problems, obtaining a slightly sub-exponential approximation factor, namely 2 O(n(log log n)2 / log n) [98], and this has since been improved slightly [6]. The best algorithm known for solving SVP exactly requires exponential running time in n [63, 6, 89]. All the above results hold with respect to any l p norm. On the hardness side, it was proven in 1981 by van Emde Boas that it is NP-hard to solve SVP exactly in the l norm [101]. The question of extending this result to other norms, and in particular to the Euclidean norm l 2, remained open till the breakthrough result by Ajtai showing that exact SVP in the l 2 norm is NP-hard under randomized reductions [3]. Then, Cai and Nerurkar obtained hardness of approximation to within 1 + n ε for any ε > 0 [27]. The first inapproximability result of SVP to within some constant bounded away from 1 is that of Micciancio, who showed that under randomized reductions SVP in the l p norm is NP-hard to approximate to within any factor smaller than p 2 [86]. For the l norm, a considerably stronger result is known: Dinur [39] showed that SVP is NP-hard to approximate in the l norm to within a factor of n c/ log log n for some constant c > 0. Prior to our work, the strongest hardness result known for SVP in the l p norm was due to Khot [69] who showed NP-hardness of approximation to within arbitrarily large constants under randomized reductions for any 1 < p <. Furthermore, under quasi-polynomial randomized reductions (i.e., reductions that run in time 2 poly(log n) ), the hardness factor becomes 2 (log n)1/2 ε for any ε > 0. Khot speculated there that it might be possible to improve this to 2 (log n)1 ε, as this is the hardness factor known for the analogous problem in linear codes [43]. Khot s proof does not work for the l 1 norm. However, a result in [95] shows that for lattice problems, the l 2 norm is the easiest in the following sense: for any 1 p, there exists a randomized reduction from lattice problems such as SVP and CVP in the l 2 norm to the respective problem in the l p norm. In particular, this implies that Khot s results also hold for the l 1 norm.

9 1.1. LATTICES 3 Finally, we mention that a considerably stronger result is known for CVP, namely that for any 1 p, it is NP-hard to approximate CVP in the l p norm to within n c/ log log n for some constant c > 0 [40]. We also mention that in contrast to the above hardness results, it is known that SVP and CVP are unlikely to be NP-hard to approximate to within n/ log n, as this would imply the collapse of the polynomial-time hierarchy [49, 1]. Our Contribution. Our result improves the best NP-hardness factor known for SVP under randomized quasi-polynomial reductions. This and two additional hardness results are stated in the following theorem. Theorem 1.1. For any 1 p the following holds. 1. For any c 1, there is no polynomial-time algorithm that approximates SVP in the l p norm to within c unless NP RP. 2. For any ε > 0, there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the l p norm to within a factor of 2 (log n)1 ε unless NP RTIME(2 poly(log n) ). 3. There exists a c > 0 such that there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the l p norm to within a factor of n c/ log log n unless NP RSUBEXP = δ>0 RTIME(2 nδ ). Theorem 1.1 improves on the best known hardness result for any p <. For p =, a better hardness result is already known, namely that for some c > 0, approximating to within nc/ log log n is NP-hard [39]. Moreover, Item 1 was already proved by Khot [69] and we provide an alternative proof. As we will show later, Theorem 1.1 follows easily from the following theorem. Theorem 1.2. There exist c, c > 0, such that for any 1 p, there exists a c > 0 such that for any k = k(n), there is no polynomial-time algorithm that approximates SVP in the l p norm on N c k -dimensional lattices to within a factor of 2 c k unless SAT is in RTIME(n O(k(nc )) ). We note that the proofs of the results presented in Chapter 2 were simplified in a later manuscript due to Micciancio [85]. Techniques. A standard method to prove hardness of approximation for large constant or superconstant factors is to first prove hardness for some fixed constant factor, and then amplify the constant using some polynomial-time (or quasi-polynomial time) transformation. For example, the tensor product of linear codes is used to amplify the NP-hardness of approximating the minimum distance in a linear code of block length n to arbitrarily large constants under polynomial-time

10 4 CHAPTER 1. INTRODUCTION reductions and to 2 (log n)1 ε (for any ε > 0) under quasi-polynomial-time reductions [43]. This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP. However, whereas the minimum distance of the k-fold tensor product of a code C is simply the kth power of the minimum distance of C, the behavior of the length of a shortest nonzero vector in a tensor product of lattices is more complicated and not so well understood. Khot s approach in [69] was to prove a constant hardness factor for SVP instances that have some code-like properties. The rationale is that such lattices might behave in a more predictable way under the tensor product. The construction of these basic SVP instances is ingenious, and is based on BCH codes as well as a restriction into a random sublattice. However, even for these code-like lattices, the behavior of the tensor product was not clear. To resolve this issue, Khot introduced a variant of the tensor product, which he called augmented tensor product, and using it he showed the hardness factor of 2 (log n)1/2 ε. This unusual hardness factor can be seen as a result of the augmented tensor product. In more detail, for the augmented tensor product to work, Khot s basic SVP instances must depend on the number of times k that we intend to apply the augmented tensor product, and their dimension grows like n O(k). After applying the augmented tensor product, the dimension grows to n O(k2) and the hardness factor becomes 2 O(k). This limits the hardness factor as a function of the dimension n to 2 (log n)1/2 ε. Our main contribution is showing that Khot s basic SVP instances do behave well under the (standard) tensor product. The proof of this fact uses a new method to analyze vectors in the tensor product of lattices, and is related to a technique used by de Shalit and Parzanchevski [36]. Theorem 1.2 now follows easily: we start with (a minor modification of) Khot s basic SVP instances, which are known to be hard to approximate to within some constant. We then apply the k-fold tensor product and obtain instances of dimension n O(k) with hardness 2 O(k). Open Questions. Some open problems remain. The most obvious is proving that SVP is hard to approximate for factors greater than n c/ log log n under some plausible complexity assumption. Such a result, however, is not known for CVP nor for the minimum distance problem in linear codes, and most likely proving it there first would be easier. An alternative goal is to improve on the n/ log n upper bound beyond which SVP is not believed to be NP-hard [49, 1]. A second open question is whether our complexity assumptions can be weakened. For instance, our n c/ log log n hardness result is based on the assumption that NP RSUBEXP. For CVP, such a hardness factor is known based solely on P NP [40]. Showing something similar for SVP would be very interesting. In fact, all known hardness proofs for SVP in l p norms, p <, are shown through randomized reductions (but see [86] for a possible exception). Finding a deterministic reduction would thus be interesting. A possible approach to this task is to try to use ideas of the NP-hardness proof of the analogue of SVP in coding theory the Minimum Distance Problem.

11 1.1. LATTICES 5 There are two different proofs for the NP-hardness of this problem: one due to Cheng and Wan [28] and another recent proof due to Austrin and Khot [12]. References. The results of this chapter appear in [59]: I. Haviv and O. Regev, Tensor-based Hardness of the Shortest Vector Problem to within Almost Polynomial Factors, Proceedings of the 39th Annual ACM Symposium on Theory of Computing (STOC), pages , The Euclidean Distortion of Flat Tori For an n-dimensional full-rank lattice L R n consider the torus R n /L, i.e., the space R n where two points are identified if and only if the difference between them is a lattice vector. For u, v R n /L the distance dist R n /L(u, v) in the torus R n /L is defined as the distance between a representative of u v in R n from the lattice L. In Chapter 3, we study the ability to embed a torus R n /L into a Hilbert space in a distancepreserving manner. For a lattice L we are interested in a Hilbert space L 2, an embedding H : R n /L L 2 and a number c 2 > 0 such that for any u, v R n /L, dist R n /L(u, v) dist L2 (H(u), H(v)) c 2 dist R n /L(u, v). The distortion of an embedding H is the least c 2 for which the above holds. The least distortion that one can get over all the embeddings H is known as the Euclidean distortion of R n /L and is denoted by c 2 (R n /L). For example, consider the n-dimensional lattice Z n. The torus R n /Z n can be embedded into the Euclidean space R 2n by the embedding H : R n /Z n R 2n defined by H(x 1,..., x n ) = (cos 2πx 1, sin 2πx 1,..., cos 2πx n, sin 2πx n ). It is easy to see that H has a constant distortion independent of n. It is not difficult to extend this example and to achieve an embedding with constant distortion for every lattice generated by n orthogonal vectors. Metric embeddings have been extensively investigated in the last few years by the theoretical computer science community. One of the main motivations for research on embedding metric spaces comes from applications to designing geometric approximation algorithms. Indeed, in order to approximate the distance between two points in a certain metric space one can apply an efficient low distortion embedding and then compute (or approximate) the distance between the corresponding embedded points. Studying the Euclidean distortion of flat tori might have applications to the

12 6 CHAPTER 1. INTRODUCTION complexity of lattice problems, and might also lead to more efficient algorithms for lattice problems through the use of our metric embeddings. For example, consider the Closest Vector Problem with Preprocessing (CVPP). In this problem a (not necessarily efficient) preprocessing step is applied to the lattice. Then, given a target point, we are supposed to efficiently approximate its distance from the lattice. Embedding flat tori suggests a special type of algorithms for CVPP, in which the data performed in the preprocessing step enables to approximate distances in the embedded space efficiently. A recent result by Micciancio and Voulgaris [89] demonstrates how CVPP can lead to breakthroughs for standard lattice problems. For further information on CVPP we refer the reader to [45]. Related Work. In this work we study the distortion required to embed an n-dimensional torus into a Hilbert space. This question was introduced by Khot and Naor in [70] who provided a partial answer as stated below. The following theorem provides a lower bound on c 2 (R n /L) in terms of λ 1 (L ) and µ(l ), which are, respectively, the length of a shortest nonzero vector and the covering radius of L, the dual lattice of L. Theorem 1.3 ([70]). For any n 1 and an n-dimensional lattice L, c 2 (R n /L) = Ω ( λ1 (L ) µ(l ) n). It is known that for every large enough n there exists an n-dimensional self-dual lattice L (i.e., L = L ) such that λ 1 (L) = Θ(µ(L)). This fact is due to Conway and Thompson; see [90, Page 46] for details. Theorem 1.3 and this family of lattices imply that for any large enough n there exists an n-dimensional lattice L for which c 2 (R n /L) = Ω( n). We note that in [70] it was shown that the bound in Theorem 1.3 holds even for embeddings into the space L 1. The next theorem shows an upper bound on c 2 (R n /L) for n-dimensional lattices and in particular implies that the supremum of c 2 (R n /L) over all n-dimensional lattices L is finite. Theorem 1.4 ([70]). For any n 1 and an n-dimensional lattice L, c 2 (R n /L) = O(n 3n/2 ). We note that the true performance of the embedding of Khot and Naor used in the proof of Theorem 1.4 is not clear. Yet, it can be shown that there are lattices for which the distortion achieved by their embedding is super-polynomial. We discuss this issue in Section 3.6. Our Contribution. The gap between the above lower and upper bounds on c 2 (R n /L) is huge. In this work we significantly reduce this gap. Our main result is that for every lattice the torus R n /L can be embedded into a Hilbert space with distortion slightly higher than linear in n. Theorem 1.5. For any n 1 and an n-dimensional lattice L, c 2 (R n /L) = O(n log n). For n-dimensional lattices L with ratio µ(l) λ 1 (L) no(n) we provide the following better bound.

13 1.1. LATTICES 7 Theorem 1.6. For any n 1 and an n-dimensional lattice L, c 2 (R n /L) = O( n log ( )) 4µ(L) λ 1 (L). Notice that Theorem 1.3 yields that the bound in Theorem 1.6 is tight up to a multiplicative constant for the self-dual lattices that were mentioned above (see Corollary 3.14). Finally, we observe that Theorem 1.3 can be slightly improved to the following. Theorem 1.7. For any n 1 and an n-dimensional lattice L, c 2 (R n /L) λ 1(L ) µ(l) 4. n It can be shown that µ(l) µ(l ) Ω(n) holds for any n-dimensional lattice and hence Theorem 1.7 improves Theorem 1.3 (see Remark 3.17 in Section 3.5). Techniques. Our goal is to construct, given a lattice L, a function H from the torus R n /L to a Hilbert space such that H preserves distances up to a multiplicative factor that is as small as possible. Our basic idea is to map any u R n to the Gaussian function defined on R n centered at u with parameter s, i.e., the function mapping x R n to e π (x u)/s 2. It is not difficult to see that the L 2 distance between H(u) and H(v) depends more or less linearly on the distance between u and v as long as the latter is at most s, beyond which the distance between H(u) and H(v) is saturated and no longer increases linearly. This is illustrated in the left side of Figure 1.1. However, the embedding defined above is not an embedding of R n /L because it is not L- periodic. We therefore replace the Gaussian function centered at u with the sum of all Gaussian functions centered at points in u + L, i.e., all the shifts of u by vectors of L. See the right side of Figure Figure 1.1: The left plot shows the L 2 distance between the (one-dimensional) Gaussian function centered at 0 and the Gaussian function centered at u R (as a function of u; s = 1). The right plot shows the L 2 distance between the sum of all Gaussian functions centered at points in Z and the sum of all Gaussian functions centered at points in u + Z (as a function of u; s = 0.3). An important role in the performance of our basic embedding is played by the choice of the parameter s. Notice that we cannot take s to be significantly smaller than the covering radius of L

14 8 CHAPTER 1. INTRODUCTION (the maximum distance between two elements in R n /L). Indeed, as mentioned above, the distance between the embedded functions is saturated beyond distance s, thereby leading to a distortion of at least µ(l)/s. On the other hand, s cannot be larger than λ 1 (L): for such s, small shifts in the direction of a shortest vector of L are much less noticeable than shifts in directions orthogonal to it, and this creates a huge distortion. By choosing s to be slightly smaller than λ 1 (L) our basic embedding achieves distortion proportional to µ(l) λ 1 (L) (see Theorem 3.13). In order to improve the distortion we need two more ideas. First, we combine several basic embeddings for various choices of the parameter s in the range [λ 1 (L), µ(l)]. The idea is that every distance in R n /L is handled by at least one of these choices. This proves Theorem 1.6. The second idea which is used in the proof of Theorem 1.5 is to use our basic embedding on projected lattices using Korkine-Zolotarev bases. In our analysis of the basic embedding we employ and extend techniques originating in a paper by Banaszczyk [14] that were found useful in several recent papers on the complexity of lattice problems (see, e.g., [1]). Open Questions. As mentioned before, we show in this work that any n-dimensional lattice L satisfies c 2 (R n /L) = O(n log n), and it was shown in [70] that there are lattices for which c 2 (R n /L) = Ω( n). The main open question raised by our work is the following. Question 1.8. Is it true that for any n-dimensional lattice L, c 2 (R n /L) = O( n)? We observe that a positive answer to this question using Theorem 1.7 immediately implies that any n-dimensional lattice L satisfies λ 1 (L ) µ(l) O(n). The only proof we are aware of for this tight bound is the one of Banaszczyk [14] whose tools and techniques are the heart of the current work. This might hint that our approach to the embedding question is natural and that it has not been pushed to its limit yet. A more ambiguous open question is to obtain tight bounds on c 2 (R n /L) for every lattice L in terms of geometrical parameters of L. References. The results of this chapter appear in [60]: I. Haviv and O. Regev, The Euclidean Distortion of Flat Tori, Proceedings of the 13th Intl. Workshop on Approximation Algorithms for Combinatorial Optimization Problems (APPROX), pages , 2010.

15 1.2. CODES Codes Index Coding In the index coding problem, a sender wishes to broadcast an n character word x F n (for a finite field F) to n receivers R 1,..., R n in a way that enables every R i to retrieve the ith character x i. Every receiver has some side information on x. The side information is represented by a directed graph G on the vertex set [n] = {1, 2,..., n} in which a vertex i is connected to a vertex j if and only if the receiver R i knows x j. Given a side information graph G, the goal is to find a coding scheme of minimum length, by which every receiver R i is able to retrieve x i given the encoded message and the side information that it has on x according to G. The setting is naturally extended to undirected graphs in which an edge {i, j} meas that R i knows x j and R j knows x i. For example, assume that every receiver R i knows x j for every j [n]\{i}. The corresponding side information graph is the complete graph on the vertex set [n]. In this case, broadcasting the sum i [n] x i over F enables every receiver R i to retrieve x i, and hence the minimum message length required here is 1. The study of index coding was initiated by Birk and Kol in [20] and further developed by Bar-Yossef, Birk, Jayram and Kol in [15]. This research is motivated by applications, such as video on demand and wireless networking, in which a network transmits information to clients, and during the transmission every client misses some of the information. At this step, the clients have side information on the transmitted information, and the network is interested in minimizing the broadcast length in a way that enables the clients to decode their target (see, e.g., [104]). Research on index coding is also motivated by several questions in theoretical computer science. For example, index coding is a natural version of the one-way communication complexity problem of the indexing function studied in [73]. In this problem, Alice is given an n bit string x, sends a single message to Bob, and Bob, given an index i, should be able (possibly probabilistically) to discover x i. The goal is to minimize the length of Alice s message. The index coding problem over F 2 is equivalent to this question once we restrict Bob to act deterministically and allow him to use some side information on x, depending on i. Index coding is a special case of the more general problem of network coding, introduced by Ahlswede et al. [2]. El Rouayheb et al. showed in [44] that network coding instances can be efficiently reduced to index coding instances. Hence, understanding index coding capacities is motivated by applications in computational complexity regarding deciding and approximating the network coding problem (see [78, 76]). For a graph G and a field F we denote by β 1 (G) the minimum length of an index code for G over F. This graph parameter is known to be related to several classical graph parameters. Indeed, for an undirected graph G, β 1 (G) is bounded from below by α(g), the maximum size of an independent set in G, as follows from the fact that an independent set in G corresponds to a set of receivers

16 10 CHAPTER 1. INTRODUCTION with no mutual information. On the other hand, for an undirected graph G, β 1 (G) is bounded from above by χ(g), the clique cover number of G, as follows from broadcasting the sum over F of the characters corresponding to the vertices in every clique in an optimal clique cover. In [15], Bar-Yossef et al. identified an algebraic graph parameter, called minrank and denoted by minrk F (G), which upper bounds β 1 (G). This graph parameter is defined as the minimum rank over F of a matrix that has nonzero entries in the diagonal and zeros in the entries that correspond to non-edges (and arbitrary values from F in the other entries). Interestingly, they proved that the minrank of a graph G over F equals the minimum length of a linear index code for G over F (i.e., an index code whose encoding function is linear). They also proved that their upper bound is tight and is equal to β 1 (G) for several graph families for the binary field F 2 (for which we use the notation minrk 2 ). This includes directed acyclic graphs, perfect graphs, odd holes (undirected odd-length cycles of length at least 5) and odd anti-holes (complements of odd holes). These results raised the question whether the minrank parameter characterizes the minimum length of general index codes. This question was answered in the negative by Lubetzky and Stav [81], who showed that for any ε > 0 and a sufficiently large n there is an n vertex graph G with β 1 (G) n ε and minrk 2 (G) n 1 ε (see [8] for additional counterexamples). We note that the proof in [81] uses a property of the minrank (see also [54]), saying that for every field F and an n vertex undirected graph G, minrk F (G) minrk F (G) n. (1.1) The following theorem summarizes some of the bounds mentioned above. All the inequalities in the statement below are known to be strict for certain graphs. Theorem 1.9 ([53, 54, 15]). For every field F and an undirected graph G, α(g) β 1 (G) minrk F (G) χ(g). Now we turn to present our research on index coding. Our results include algorithms for linear index coding based on semidefinite programming and bounds on linear index coding for random graphs. Linear Index Coding via Semidefinite Programming In the work presented in Chapter 4 we initiate the study of algorithms for linear index coding over F 2 for graphs with bounded minrank (recall that minrank measures the minimum length of a linear index code [15]). That is, given a graph G with minrk 2 (G) = k, where k is a fixed constant, find a

17 1.2. CODES 11 linear index code for G over F 2, where the objective is to minimize the code length. We start with some background and then review our results. Shannon Capacity. The original motivation to study the minrank parameter came from the research on Shannon capacity of graphs. In [100], Shannon introduced the parameter c(g), the Shannon capacity of a graph G, which is the limit lim k k α(g k ), where G k is what known as the k-fold strong graph product of G with itself. Haemers [54] defined the minrank parameter and proved that it upper bounds c(g). A more well-known and tractable upper bound on c(g) is the one of Lovász [80], known as Lovász ϑ-function (see [71]). Although for most graphs the ϑ-function is a tighter upper bound than the minrank bound, Haemers [53] showed that there are graphs for which the minrank bound is tighter. For example, it is known that for every odd k there is a graph S k with minrk 2 (S k ) = k and ϑ(s k ) = k 1 2 (see [54]). In this work we improve this gap and, moreover, show that our gap is the strongest possible (see Theorem 1.12). Graph Coloring. For an integer q a graph G is q-colorable if it is possible to assign a color from {1,..., q} to every vertex so that no edge is monochromatic. Such an assignment is called a q-coloring. The chromatic number χ(g) of G is the smallest q for which G is q-colorable. It is well-known that the problem of deciding whether a graph is q-colorable is NP-complete for any q 3 [47] and can be easily solved in polynomial time for q {1, 2}. For the problem of deciding between χ(g) q and χ(g) Q, Khot proved in [67] NPhardness with Q = q log q 25 for any large enough constant q. The largest Q for which deciding between χ(g) 3 and χ(g) Q is known to be NP-hard is Q = 5 [66, 50]. However, Dinur, Mossel and Regev [41] proved hardness for any constants 3 q < Q under a certain complexity assumption, related to Khot s unique games conjecture [68]. Recently, Dinur and Shinkar [42] improved the analysis of [41] and showed that, whenever q 4, the hardness result holds even for Q = log c n for some c > 0 where n stands for the number of vertices in the graph. In addition, it is known that it is NP-hard, given an n vertex graph, to decide between chromatic number at most n ε and chromatic number at least n 1 ε for any ε > 0 [67, 105]. On the other hand, there is a long line of research on (randomized) polynomial time algorithms for graphs with bounded chromatic number. These algorithms, given an n vertex q-colorable graph, find a Q-coloring of G where Q = O(n δ ) for some constant δ = δ(q) > 0. For example, for q = 3, a simple algorithm due to Wigderson [103] colors a 3-colorable graph using O(n 1 2 ) colors. It is interesting to note that Wigderson s algorithm works even if the input graph G is not 3-colorable but has the weaker property that any subgraph induced by the neighbors of a vertex is 2-colorable. In a series of increasingly sophisticated combinatorial algorithms, Blum [23] im-

18 12 CHAPTER 1. INTRODUCTION proved the number of colors to Õ(n 3 8 ). 1 Then, Karger, Motwani and Sudan [64] introduced an algorithm for this problem based on a semidefinite relaxation and improved the number of colors to Õ(n 1 4 ). Combining the combinatorial approach of [23] and the semidefinite relaxation of [64], Blum and Karger [23, 24] improved it to Õ(n 3 14 ). Recently, a sequence of improvements by Arora, Chlamtac and Charikar [11] and Chlamtac [29] reduced the number of colors to Õ(n ) and Õ(n ) respectively. The situation with coloring q-colorable graphs for q 4 is similar. The best known algorithm, due to Halperin et al. [55], colors n vertex q-colorable graphs using Õ(nα q ) colors, where 0 < α q < 1 is some constant depending on q. For example, α 4 = and α 5 = A major ingredient in the above coloring algorithms is a semidefinite programming relaxation of the chromatic number [64] called vector chromatic number, which we denote by χ v. As a relaxation of the chromatic number, the vector chromatic number satisfies χ v (G) χ(g) for every graph G. The main tool in [64] is a randomized rounding algorithm that given a graph G with χ v (G) = κ finds a large independent set (whose cardinality is monotone decreasing in κ). Interestingly, it was proven in [64] that a tighter relaxation, called the strict vector chromatic number and denoted by χ (s) v, is related to Lovász ϑ-function and satisfies for every graph G, χ (s) v (G) = ϑ(g). (1.2) The Complexity of the minrank Parameter. Consider the problem of deciding whether a graph G satisfies minrk 2 (G) = k where k is a fixed constant. For k {1, 2} the problem is easy. Indeed, minrk 2 (G) = 1 holds only for the complete graph, while minrk 2 (G) = 2 holds precisely for the complement of a (non-empty) bipartite graph [94]. For k = 3, Peeters [94] proved that the problem is NP-complete (even if the input graphs are planar) via a reduction from 3-colorability. Langberg and Sprintson [76] observed that every graph G satisfies minrk 2 (G) log 2 χ(g), (1.3) and concluded (using the upper bound in Theorem 1.9 and the hardness result of [41]) that it is NPhard to approximate the minrank of a given graph to within any constant, assuming the same variant of the unique games conjecture as in [41]. In fact, using the recent result of [42] one can obtain a corresponding hardness result even for an approximation factor of Ω(log log n), where n is the number of vertices. We note that the hardness result of Langberg and Sprintson [76] is proven for additional problems, including vector linear index coding, non-linear index coding, and the network coding problem. 1 The Õ and Ω notations are used to hide factors which are poly-logarithmic in n.

19 1.2. CODES 13 Our contribution. In this work we study algorithms for linear index coding for graphs with bounded minrank (recall that minrank measures the minimum length of a linear index code). Our approach to the problem is to design an algorithm that given a graph G with minrk 2 (G) = k finds a coloring of G of as few colors as possible. As we have mentioned, such a coloring yields a linear index code whose length is the number of used colors. In what follows, for simplicity of presentation, the roles of G and G will be reversed. In the following discussion let us consider the case of k = 3 (recall that for k {1, 2} the problem is easy). Let G be a graph satisfying minrk 2 (G) = 3. Our goal is to find a coloring of G with few colors. One strategy would be to use the fact that such a graph has the property that any subgraph induced by the neighbors of a vertex is 2-colorable (see Lemma 4.8). As mentioned earlier, for such graphs Wigderson s algorithm [103] can find an O(n 1 2 )-coloring of G. Another strategy is to find the largest possible chromatic number q of a graph G satisfying minrk 2 (G) = 3, and to apply an algorithm for coloring q-colorable graphs to G. For example, by Inequality (1.3), χ(g) 8, and therefore the algorithm of [55] for coloring 8-colorable graphs gives an Õ(nα 8 )-coloring of G where α 8 = (which is worse than [103]), and hence a linear index code of such length. However, this can be somewhat improved. Peeters defined in [94] a graph family G k (see Section 4.2) such that for any k, G k is the graph that has a maximum chromatic number among all the graphs whose complement has minrank k. That is, for any k, χ(g k ) = max{χ(g) minrk 2 (G) = k}. It turns out that G 3 is a graph on 28 vertices with chromatic number 4, and this enables us to use the algorithm of [55] for coloring 4-colorable graphs and to get a polynomial time algorithm that given a graph G with minrk 2 (G) = 3 finds a linear index code for G of length Õ(nα 4 ) where α In order to improve the number of colors used in the above algorithm we need to improve the analysis of the coloring algorithms in a way that uses the fact that our graphs have minrk 2 (G) = 3 and not only χ(g) 4. As mentioned earlier, the performance of the best known coloring algorithms crucially depends on the vector chromatic number of the input graph. This suggests studying the maximum possible vector chromatic number of G assuming minrk 2 (G) = 3. A bound strictly smaller than 4 might imply an improved algorithm for our problem. In this work we observe that the graph family G k of Peeters [94] satisfies, for any k, χ v (G k ) = max{χ v (G) minrk 2 (G) = k}. For k = 3, we show that χ v (G 3 ) = < 4 (see Corollary 4.30) and use it to show that it is possible to efficiently color a graph G satisfying minrk 2 (G) = 3 using fewer colors

20 14 CHAPTER 1. INTRODUCTION than guaranteed by the algorithm for coloring 4-colorable graphs of [55]. This, combined with additional properties of graphs with minrk 2 (G) = 3 and some techniques used in [11, 30], yields the following theorem and its immediate corollary. We also prove similar results for general k 3 (see Theorem 4.34). Theorem There exists a randomized polynomial time algorithm that given an n vertex graph G with minrk 2 (G) = 3 finds an Õ(n )-coloring of G. Corollary There exists a randomized polynomial time algorithm that given an n vertex graph G, for which there is a linear index code (over F 2 ) of length 3, finds a linear index code for G of length Õ(n ). We note that the way we use semidefinite programming in this work is different from the way it is usually used for approximation algorithms (e.g., in [64]). In the usual framework, the semidefinite program is a relaxation of the studied parameter and a rounding algorithm is used to get an approximation for this parameter based on the semidefinite relaxation. However, in our case, the vector chromatic number (of the complement graph) is not a relaxation of the minrank parameter. Therefore, a crucial component in the analysis is bounding the largest possible gap between the minrank parameter and the vector chromatic number. In addition to our algorithmic application, the graph family G k is interesting from a combinatorial point of view. Recall that both ϑ(g) and minrk 2 (G) are upper bounds on the Shannon capacity c(g) of a graph. A natural question to ask is how large ϑ(g) can be if G satisfies minrk 2 (G) = k, or, equivalently, how bad the ϑ(g) upper bound can be, compared to the bound minrk 2 (G). We show that the largest ϑ(g) for a graph G with minrk 2 (G) = k is attained at G k for which we calculate the exact ϑ value. Theorem For every k, every graph G with minrk 2 (G) = k satisfies ϑ(g) k k 2. In addition, equality holds for the graph G k. Our calculation of the ϑ value of G k is based on strong symmetry properties of G k which relate the ϑ value to the spectrum of G k. In order to calculate the eigenvalues, we employ a group theoretic approach, partitioning the vertex set into orbits of a vertex stabilizer relative to the automorphism group of the graph. For details see Section Open Questions. The approach taken in this work for finding a short linear index code for a given graph relies on coloring the complement of the graph. This is done via studying the maximum

21 1.2. CODES 15 vector chromatic number of graphs whose complement has minrank k. For graphs with bounded chromatic number (as opposed to bounded vector chromatic number), stronger results exist, such as the combinatorial algorithm of Blum [23] and the SDP hierarchy approach of Chlamtac [29]. However, it seems difficult to gain any additional improvements from such techniques, as the worst-case bound on the chromatic number is strictly weaker than the bound on the vector chromatic number. A possible interesting alternative would be to rely directly on the minrank guarantee (possibly via a semidefinite relaxation for minrank), and thus get around the gap between the minrank and the chromatic number of the complement. Such an approach might even generalize to directed graphs. It would also be interesting to extend our algorithms to the case of general (non-linear) index coding. We note that it was shown in [76] that the complement of a graph that has an index code of length k has a coloring that uses at most 2 2k colors. This, together with the coloring algorithm of [55], immediately implies an algorithm for general index coding. However, it is possible that properties of graphs with bounded length index codes can be exploited to improve the guarantee of this algorithm. The techniques used in this work, though, seem to be beneficial only for linear index coding which is characterized by the minrank parameter. References. The results of this chapter appear in [31]: E. Chlamtac and I. Haviv, Linear Index Coding via Semidefinite Programming, Manuscript, Linear Index Coding for Random Graphs A fundamental parameter to study in the context of index coding is the typical value of β 1 (G) for random graphs G. This question was raised by Lubetzky and Stav in [81] for the well-known random graph G(n, 1 2 ), where G(n, p) denotes the random undirected graph with n vertices and edge probability p. In Chapter 5 we study the following question: What is the typical minimum length of a linear index code for the random graph G(n, p) over F? Equivalently, we are asking for the typical minrank over F of the random graph G(n, p). Let us start with some bounds yielded by Theorem 1.9. Both the independence number and the clique cover number of G(n, p) are well understood (see [26] for the former and [25, 82] for the latter). For a constant edge probability p, we obtain that almost surely (i.e., with probability that tends to 1 as n tends to infinity), (1 ± o(1)) 2 log n log 1 1 p minrk F (G(n, p)) (1 ± o(1)) n log 1 p 2 log ((1 p)n).

22 16 CHAPTER 1. INTRODUCTION In short, for a constant p, almost surely, Ω(log n) minrk F (G(n, p)) O( n log n ). The gap between these lower and upper bounds is exponential, and, surprisingly, no better bounds are known to hold almost surely for G(n, p). Yet, it is plausible to expect the minrank of G(n, p) to be much higher than the Ω(log n) lower bound, since the bound in (1.1) implies that the expected minrank of G(n, p) is Ω( n) for p = 1 2 (and hence for any p 1 2 as well). To see this, notice that if G is distributed according to G(n, 1 2 ) then so is its complement, and hence the probability that minrk F (G) n is at least 1 2. We note, though, that any ω( n) lower bound on the expectation above would imply an ω( n) lower bound which holds almost surely, as follows from the large deviation inequality for vertex exposure martingale (see, e.g., [9], Chapter 7). Understanding the true value of minrk F (G(n, p)) and, more specifically, the question whether one can show an ω( n) lower bound on it, are the driving force of this work. Our Contribution. In the current work we study the typical minimum length of a linear index code for the random graph G(n, p) over a field F. We start by showing that an Ω( n) lower bound holds with probability that (exponentially) tends to 1 as n tends to infinity (and not only in expectation). In addition, the bound holds for every constant size field F and a constant edge probability p. 2 Theorem For every constant size field F and a constant p (0, 1), almost surely minrk F (G(n, p)) = Ω( n). Observe that Theorem 1.13 implies that the random graph G(n, 1 2 ) almost surely has an exponential gap between its independence number and its minrank over any constant size field. In [7], Alon conjectured that the Shannon capacity of G(n, 1 2 ) satisfies c(g(n, 1 2 )) = O(log n) almost surely. This, if true, would imply an exponential gap between the Shannon capacity and the minrank upper bound of Haemers [54] on it for a typical graph G(n, 1 2 ). In the attempt to understand where the minrank of G(n, p) exactly lies in the range from n to n log n we introduce and study two natural restricted models of index coding. Locally decodable index coding. In our first model we study index codes in which the decoders are allowed to query a limited number of characters from the encoded message. More precisely, these are index codes in which the sender maps x F n to an encoded message, and each of the receivers should be able to recover x i using at most q queries to the encoded message and the information that the receiver has on x according to the side information graph. The following 2 In fact, our proof provides a lower bound also for the case that F and p depend on n. For the full statement of this theorem see Theorem 5.6.