Revision #1 Authors: Daniel Augot, Sarah Bordage, Jade Nardi

Accepted on: 5th October 2022 17:09

Downloads: 59

Keywords:

We consider the proximity testing problem for error-correcting codes which consist in evaluations of multivariate polynomials either of bounded individual degree or bounded total degree. Namely, given an oracle function $f \colon L^m \rightarrow \mathbb F_q$, where $L\subset \mathbb F_q$, a verifier

distinguishes whether $f$ is the evaluation of a low-degree polynomial or is far (in relative Hamming distance) from being one, by making only a few queries to $f$. This topic has been studied in the context of locally testable codes, interactive proofs, probalistically checkable proofs, and interactive oracle proofs.

We present the first interactive oracle proofs of proximity (IOPP) for tensor products of Reed-Solomon codes (evaluation of polynomials with bounds on individual degrees) and for Reed-Muller codes (evaluation of polynomials with a bound on the total

degree) that simultaneously achieve logarithmic query complexity, logarithmic verification time, linear oracle proof length and linear prover running time.

Such low-degree polynomials play a central role in constructions of probabilistic proof systems and succinct non-interactive arguments of knowledge with zero-knowledge. For these applications, highly-efficient multivariate low-degree tests are desired, but prior probabilistic proofs of proximity required

super-linear proving time. In contrast, for multivariate codes of length $N$, our constructions admit a prover running in time linear in $N$ and a verifier which is logarithmic in $N$.

Our constructions are directly inspired by the IOPP for Reed-Solomon codes of [Ben-Sasson \emph{et al.}, ICALP 2018] named “FRI protocol”. Compared to the FRI protocol, our IOPP for tensor products of Reed-Solomon codes achieves the same efficiency parameters. As for Reed-Muller codes, for fixed constant number of variables $m$, the concrete efficiency of our IOPP for Reed-Muller codes compares well, all things equal.

Reason of the revision: improved IOPP for the individual degree case. The changes implied are:

- result presented in figure 1 (last row)

- syntactic changes to section 3

- sections 7.4 and 7.5 are replaced by section 8

TR21-118 Authors: Daniel Augot, Sarah Bordage, Jade Nardi

Publication: 13th August 2021 16:52

Downloads: 507

Keywords:

We consider the proximity testing problem for error-correcting codes which consist in evaluations of multivariate polynomials either of bounded individual degree or bounded total degree. Namely, given an

oracle function $f : L^m \rightarrow \mathbb F_q$, where $L\subset \mathbb F_q$, a verifier distinguishes whether $f$ is the evaluation of a low-degree polynomial or is far (in relative Hamming distance) from being one, by making only a few queries to $f$. This topic has been studied in the context of locally testable codes, interactive proofs, probabilistically checkable proofs, and interactive oracle proofs.

We present the first interactive oracle proofs of proximity (IOPP) for tensor products of Reed-Solomon codes (evaluation of polynomials with bounds on individual degrees) and for Reed-Muller codes (evaluation of polynomials with a bound on the total

degree).

Such low-degree polynomials play a central role in constructions of probabilistic proof systems and succinct non-interactive arguments of knowledge with zero-knowledge. For these applications, highly-efficient multivariate low-degree tests are

desired, but prior probabilistic proofs of proximity required super-linear proving time. In contrast, for multivariate codes of length $N$, our constructions admit a prover running in time linear in $N$ and a verifier which is logarithmic in $N$.

For fixed constant number of variables $m$, the efficiency parameters of our IOPPs for multivariate codes compare well, all things equal, with those of the IOPP for Reed-Solomon codes of [Ben-Sasson et al., ICALP 2018] from which they are directly inspired.