Decoding Multivariate Multiplicity Codes on Product Sets
Siddharth Bhandari, Prahladh Harsha, Mrinal Kumar, Madhu Sudan
aa r X i v : . [ c s . I T ] D ec Decoding Multivariate Multiplicity Codes on Product Sets
Siddharth Bhandari * Prahladh Harsha * Mrinal Kumar † Madhu Sudan ‡ Abstract
The multiplicity Schwartz-Zippel lemma bounds the total multiplicity of zeroes of a multi-variate polynomial on a product set. This lemma motivates the multiplicity codes of Kopparty,Saraf and Yekhanin [J. ACM, 2014], who showed how to use this lemma to construct high-ratelocally-decodable codes. However, the algorithmic results about these codes crucially rely onthe fact that the polynomials are evaluated on a vector space and not an arbitrary product set.In this work, we show how to decode multivariate multiplicity codes of large multiplicitiesin polynomial time over finite product sets (over fields of large characteristic and zero char-acteristic). Previously such decoding algorithms were not known even for a positive fractionof errors. In contrast, our work goes all the way to the distance of the code and in particularexceeds both the unique decoding bound and the Johnson bound. For errors exceeding theJohnson bound, even combinatorial list-decodablity of these codes was not known.Our algorithm is an application of the classical polynomial method directly to the multivari-ate setting. In particular, we do not rely on a reduction from the multivariate to the univariatecase as is typical of many of the existing results on decoding codes based on multivariate poly-nomials. However, a vanilla application of the polynomial method in the multivariate settingdoes not yield a polynomial upper bound on the list size. We obtain a polynomial bound onthe list size by taking an alternative view of multivariate multiplicity codes. In this view, weglue all the partial derivatives of the same order together using a fresh set z of variables. Wethen apply the polynomial method by viewing this as a problem over the field F ( z ) of rationalfunctions in z . * Tata Institute of Fundamental Research, Mumbai, India. {siddharth.bhandari,prahladh}@tifr.res.in. Research sup-ported by the Department of Atomic Energy, Government of India, under project no. 12-R&D-TFR-5.01-0500 and inpart by the Google PhD Fellowship and Swarnajayanti fellowship. † Department of Computer Science & Engineering, IIT Bombay, Mumbai, India. [email protected]. ‡ School of Engineering and Applied Sciences, Harvard University, Cambridge, MA, USA. [email protected] in part by a Simons Investigator Award and NSF Award CCF 1715187. Introduction
The classical Schwartz-Zippel Lemma (due to Ore [Ore22], Schwartz [Sch80], Zippel [Zip79] andDeMillo & Lipton [DL78]) states that if F is a field, and f ∈ F [ x , x , . . . , x k ] is a non-zero polynomialof degree d , and S ⊆ F is an arbitrary finite subset of F , then the number of points on the grid S k where f is zero is upper bounded by d | S | k − . A higher order multiplicity version of this lemma(due to Dvir, Kopparty, Saraf and Sudan [DKSS13]) states the number of points on the grid S k where f is zero with multiplicity at least s is upper bounded by d | S | k − s . This innately basic statement about low degree polynomials has had innumerable applicationsin both theoretical computer science and discrete mathematics and has by now become a part ofthe standard toolkit when working with low degree polynomials [Sar11, Gut16]. Despite this, thefollowing natural algorithmic version of this problem remains open.
Algorithmic SZ question.
Let F be a field, and S, d, k be as above. Design an efficient algorithm thattakes as input an arbitrary function P : S k → F ( s + k − k ) and finds a polynomial f ∈ F [ x , x , . . . , x k ] ofdegree at most d (if one exists) such that the function Enc ( f ) : S k → F ( s + k − k ) defined as Enc ( f )( a ) = (cid:18) ∂ f ∂ x e ( a ) : deg ( x e ) < s (cid:19) differs from P on less than (cid:16) − ds | S | (cid:17) fraction of points on S k . The aforementioned multiplicity Schwartz-Zippel lemma (henceforth, referred to as the multi-plicity SZ lemma for brevity) assures us that if there is a polynomial f ∈ F [ x , x , . . . , x k ] such that Enc ( f ) differs from P on less than (cid:16) − ds | S | (cid:17) fraction of points, then it must be unique! Thus, insome sense, the above question is essentially asking for an algorithmic version of the multiplicitySZ lemma.Although a seemingly natural problem, especially given the ubiquitous presence of the SZlemma in computer science, this question continues to remain open for even bivariate polynomi-als! In fact, even the s = s >
1, andthey mention this as one of the open problems.In this work, we make some progress towards answering the algorithmic SZ question. Inparticular, we design an efficient deterministic algorithm for this problem when the field F hascharacteristic zero or larger than the degree d , the dimension k is an arbitrary constant and the We use “grids” and “product sets” interchangeably (see also Remark 1.2). This means that all the partial derivatives of f of order at most s − This bound is only interesting when | S | > d / s so that d | S | k − s is less than the trivial bound of | S | k . s is a sufficiently large constant. In fact, in this setting we prove a strongerresult, which we now informally state (see Theorem 1.1 for a formal statement). Main result.
Let ε ∈ (
0, 1 ) be an arbitrary constant, k ∈ N be a positive constant and s be a large enoughpositive integer. Over fields F of characteristic zero or characteristic larger than d, there is a deterministicpolynomial algorithm that on input P outputs all degree d polynomials f ∈ F [ x , x , . . . , x k ] such that Enc ( f ) differs from the input function P : S k → F ( s + k − k ) on less than (cid:16) − ds | S | − ε (cid:17) fraction of points onthe grid S k . We note that the fraction of errors that can be tolerated in the above result is 1 − ds | S | − ε , whichis significantly larger than the error parameter in the algorithmic SZ question. Therefore, we nolonger have the guarantee of a unique solution f such that the function Enc ( f ) which is close to P .In fact, for this error regime, it is not even clear that the number of candidate solutions is polyno-mially bounded. The algorithm stated in the main result outputs all such candidate solutions, andin particular, shows that their number is polynomially bounded (for constant k ). This fraction oferrors is the best one can hope for since there are functions P (for instance, the all zero’s function)which have super-polynomially many polynomials of degree d which are (cid:16) − ds | S | (cid:17) -close to P .(see Appendix A).In the language of error correcting codes, the algorithmic SZ question is the question of de-signing efficient unique decoding algorithms for multivariate multiplicity codes over arbitraryproduct sets when the error is at most half the minimum distance, and main result gives an ef-ficient algorithm for the possibly harder problem of list decoding these codes from relative error δ − ε , where δ : = − ds | S | is the distance of the code, provided that the field has characteristic largerthan d or zero, k is a constant and s is large enough. In the next section, we define some of thesenotions, state and discuss the results and the prior work in this language. Polynomial based error correcting codes, such as the Reed-Solomon codes and Reed-Muller codes,are a very important family of codes in coding theory both in theory and practice. Multiplicitycodes are a natural generalization of Reed-Muller codes wherein at each evaluation point, one notonly gives the evaluation of the polynomial f , but also all its derivatives up to a certain order.Formally, let F be a field, s a positive integer, S ⊂ F an arbitrary subset of the field F , d ≤ s | S | the degree parameter and k ≥ k -variate order- s multiplicity code of degree- d polynomials over F on the grid S k is obtained by evaluating a k -variate polynomial of total degree at most d , along with all its derivatives of order less than s at allpoints in the grid S k . Thus, a codeword corresponding to the polynomial f of total degree at most3 can be viewed as a function Enc s , S ( f ) : S k → F | E | where E : = { e ∈ Z k ≥ | ≤ k e k < s } and Enc s , S ( f ) | a = (cid:18) ¯ ∂ f ¯ ∂ x e ( a ) : e ∈ E (cid:19) where ¯ ∂ f ¯ ∂ x e is the Hasse derivative of the polynomial f with respect to x e . The s = k =
1) andReed-Muller codes (multivariate setting, k > δ : = − ds | S | , whichfollows from the multiplicity SZ Lemma mentioned earlier in the introduction.Univariate multiplicity codes were first studied by Rosenbloom & Tsfasman [RT97] and Nielsen[Nie01]. Multiplicity codes for general k and s were introduced by Kopparty, Saraf and Yekhanin[KSY14] in the context of local decoding. Subsequently, Kopparty [Kop15] and Guruswami &Wang [GW13] independently proved that the univariate multiplicity codes over prime fields (ormore generally over fields whose characteristic is larger than the degree of the underlying poly-nomials) achieve “list-decoding capacity”. In the same work, Kopparty [Kop15] proved that mul-tivariate multiplicity codes were list decodable up to the Johnson bound.We remark that in the case of univariate multiplicity codes (both Reed-Solomon and larger or-der multiplicity codes), the decoding algorithms work for all choices of the set S ⊂ F . However,all decoding algorithms for the multivariate setting (both Reed-Muller and larger order multiplic-ity codes) work only when the underlying set S has a nice algebraic structure (eg., S = F ) or whenthe degree d is very small (cf, the Reed-Muller list-decoding algorithm of Sudan [Sud97] and itsmultiplicity variant due to Guruswami & Sudan [GS99]). The only exception to this is the uniquedecoding algorithm of Kim and Kopparty [KK17] of Reed-Muller codes over product sets. Below we state and contrast our results on the problem of decoding multivariate multiplicity codes(over grids) from a δ − ε fraction of errors for any constant ε ∈ (
0, 1 ) where δ is the distance of thecode. Our first result is as follows. Theorem 1.1 (List decoding of multivariate multiplicity codes with polynomial list size) . For every ε ∈ (
0, 1 ) and integer k, there exists an integer s such that for all s ≥ s , degree parameter d, fields F ofsize q and characteristic larger than d, and any set S ⊆ F where d < s | S | , the following holds.For k-variate order-s multiplicity code of degree-d polynomials over F on the grid S k , there is an efficientalgorithm which when given a received word P , outputs all code words with agreement at least ( − δ + ε ) with P, where δ = − d / ( s | S | ) is the relative distance of this code. Remark 1.2.
A general product set in F k is of the form S × S × · · · S k , where each S i is a subset of F .For the ease of notation, we always work with product sets which are grids S k for some S ⊆ F even thoughall of our results hold for general product sets. y
4s indicated before, this is the best one can hope for with respect to polynomial time list-decoding algorithms for multiplicity codes since there are super-polynomially many codewordswith minimum distance δ = − d / ( s | S | ) (see Appendix A). Till recently, it was not known ifmultivariate multiplicity codes were list decodable beyond the Johnson bound (even for the case S = F ). For the case of grids S k , where S ⊆ F is an arbitrary set, even unique decoding algorithmswere not known. We note that the above result does not yield a list-decoding algorithm for allmultiplicities, but only for large enough multiplicities (based on the dimension k and the errorparameter ε ).Kopparty, Ron-Zewi, Saraf and Wootters [KRSW18] showed how to reduce the size of thelist for univariate multiplicity codes from polynomial to constant (dependent only on the errorparameter ε ). We use similar ideas, albeit in the multivariate setting, to reduce the list size inTheorem 1.1 to constant (dependent only on the error parameter ε and the dimension k ). Theorem 1.3 (List decoding of multivariate multiplicity codes with constant list size) . For every ε ∈ (
0, 1 ) and integer k, there exists an integer s such that for all s ≥ s , degree parameter d, fields F ofsize q and characteristic larger than d, and any set S ⊆ F where d < s | S | , the following holds.For k-variate order-s multiplicity code of degree-d polynomials over F on the grid S k , there is a ran-domized algorithm which requires poly (cid:16) d k , | S | k , exp (cid:16) O (cid:16) k ε log ε (cid:17)(cid:17)(cid:17) operations over the field F andwhich when given a received word P, outputs all code words with agreement at least ( − δ + ε ) with P,where δ = − d / ( s | S | ) is the relative distance of this code.Moreover, the number of such codewords is at most exp (cid:16) O (cid:16) k ε log ε (cid:17)(cid:17) . Remark 1.4.
We remark that by taking a slightly different view of the list decoding algorithm Theorem 1.1and Theorem 1.3, the upper bound on the number of field operations needed in Theorem 1.1 and Theorem 1.3can be improved to poly ( | S | k , d k ) . We sketch this view in subsection 4.7 and note the runtime analysis inRemark 4.8. y The above two results are a generalization (and imply) the corresponding theorems for theunivariate setting due to Kopparty [Kop15] and Guruswami & Wang [GW13] and Kopparty,Ron-Zewi, Saraf & Wootters [KRSW18]. We remark that Kopparty, Ron-Zewi , Saraf and Woot-ters [KRSW18] in the recent improvement to their earlier work prove a similar list-decoding algo-rithm for multivariate multiplicity codes as Theorem 1.3 for the case when S = F . Though theirlist-decoding algorithm does not extend to products sets, it has the added advantage that it is local .As noted earlier the only previous algorithmic method for decoding polynomial-based codesover product sets was that of Kim and Kopparty [KK17]. We describe the ideas in our algorithmshortly (in Section 2), but stress here that our approach is very different from that of Kim andKopparty. Their work may be viewed as an algorithmic version of the inductive proof of theSZ lemma, and indeed recovers the SZ lemma as a consequence. Their work uses algorithmicaspects of algebraic decoding as a black box (to solve univariate cases). Our work, in contrast, onlyrelies on the multiplicity SZ lemma as a black box. Instead, we open up the "algebraic decoding”5lack box and make significant changes there, thus adding to the toolkit available to deal withpolynomial evaluations over product sets. Our result falls short of completely resolving the algorithmic SZ question in two respects; thoughit works for all dimensions k it only works when the multiplicity parameter s is large enough andwhen the characteristic of the field is either zero or larger than the degree parameter. Makingimprovements on any of these fronts is an interesting open problem. All multiplicities:
The algorithms presented in this paper decode all the way up to distance if themultiplicity parameter s is large enough. However, for small multiplicities, even the uniquedecoding problem is open. For s =
1, the result due to Kim and Kopparty [KK17] addressesthe unique decoding question, but the list-decoding question for product sets is open.
Fields of small characteristic:
All known proofs of list-decoding multiplicity codes beyond theJohnson bound (both algorithmic and combinatorial) require the field to be of zero char-acteristic or large enough characteristic. The problem of list-decoding multiplicity codesover small characteristic beyond the Johnson bound is open even for the univariate setting.As pointed to us by Swastik Kopparty, this problem of list-decoding univariate multiplicitycodes over fields of small characteristic beyond the Johnson bound is intimately related tolist-decoding Reed-Solomon codes beyond the Johnson bound.For a more detailed discussion of multiplicity codes and related open problems, we refer thereader to the excellent survey by Kopparty [Kop14].
Organization
The rest of this paper is organized as follows. We begin with an overview of our proofs in Section 2followed by some preliminaries (involving Hasse derivatives, their properties, multiplicity codes)in Section 3. We then describe and analyze the list-decoding algorithm for multivariate multi-plicity codes in Section 4, thus proving Theorem 1.1. In Section 5, we then show how to furtherreduce the list-size to a constant, thus proving Theorem 1.3. In Section 6, we prove some proper-ties of subspace restriction of multivariate multiplicity codes needed in Section 5. In Appendix A,we show that there are super-polynomially many minimum-weight codewords, thus proving thetightness of Theorems 1.1 and 1.3 with respect to list-decoding radius.
In this section, we first describe some of the hurdles in extending the univariate algorithms ofKopparty [Kop15] and Guruswami & Wang [GW13] to the multivariate setting, especially for6roduct sets and then given a detailed overview of the proofs of Theorem 1.1 and Theorem 1.3.
To explain our algorithm, it will be convenient to recall the general polynomial method frameworkunderlying the list-decoding algorithms in the univariate setting due to Kopparty [Kop15] andGuruswami & Wang [GW13]. . Let P : S → F s be the received word and 1 ≤ m ≤ s Step 1: Algebraic Explanation.
Find a polynomial Q ( x , y , . . . , y m ) ∈ F [ x , y , . . . , y m ] of appropri-ate degree constraints that “explains” the received word P . Step 2: Q contains the close codewords. Show that every low-degree polynomial f whose en-coding agrees with P in more than ( − δ + ε ) -fraction of points satisfies the following con-dition. Q (cid:18) x , f ( x ) , ¯ ∂ f ¯ ∂ x , ¯ ∂ f ¯ ∂ x , . . . , ¯ ∂ f ¯ ∂ x m − (cid:19) = Step 3: Reconstruction step.
Recover every polynomial f that satisfies the above condition.The main (and only) difference between the list-decoding algorithms of Kopparty [Kop15]and Guruswami & Wang [GW13] is that Guruswami and Wang show that it suffices to workwith a polynomial Q which is linear in the y -variables, more precisely, Q ( x , y , . . . , y m ) of theform Q ( x ) + Q ( x ) · y + · · · + Q m ( x ) · y m , while Kopparty allows for larger degrees in the y -variables. As a result, Kopparty performs the recovery step by solving a differential equationwhile Guruswami and Wang observe that dueto the simple structure of Q , the solution can beobtained by solving a linear system of equations.How is multivariate list-decoding performed? There are by now two standard approaches.Inspired by the Pellikaan-Wu [PW04] observation that Reed-Muller codes are a subcode of Reed-Solomon codes over an extension field, Kopparty performs a similar reduction of the multivariatemultiplicity code to a univariate multiplicity code over an extension field. Another approach isto solve the multivariate case by solving the univariate subproblem on various lines in the space.However, both these approaches work only if the set S = F or has some special algebraic structure.For our proof, we take an alternate approach and always work in the multivariate settingwithout resorting to a reduction to the univariate setting. As we shall see, our approach has someadvantages over that of Kopparty [Kop15], both in quantitative terms, since the algorithm cantolerate a larger number of errors, and in qualitative terms, since the underlying set of evaluationpoints does not have to be an algebraically nice subset of F k as in [Kop15]; evaluations on anarbitrary grid suffice for the algorithm to work.To extend the univariate list-decoding algorithm outlined above to the multivariate setting,we adopt the following approach. We consider a new set of formal variables z and instead of7irectly working with the information about partial derivatives in the received word, we thinkof the partial derivatives of the same order as being glued together using monomials in z . Withthis reorganized (and somewhat mysterious) view of the partial derivatives, we follow the outlineof the univariate setting as described above. We find a polynomial Q with coefficients from thefield of fractions F ( z ) instead of just F in the interpolation step to explain the received word P .Thus, in this instance, the linear system in the interpolation step is over the field F ( z ) . We thenargue that Q contains information about all the codewords that are close to the received word, andeventually solve Q to recover all the codewords close to the received word. This might seem ratherstrange to begin with, but these ideas of gluing together the partial derivatives and working overthe field F ( z ) immediately generalize the univariate list decoding algorithm to the multivariatesetting. Working with this field of fractions F ( z ) comes with its costs; it makes some of the stepscostly and in particular, the recovery step far more elaborate than that in the Guruswami-Wangsetting. However, this recovery step happens to be a special case of similar step in the recent workof Guo, Kumar, Saptharishi and Solomon [GKSS19] and we adapt their algorithm to our setting.As a first attempt, a more standard way to generalize the algorithms of Kopparty [Kop15]and Guruswami & Wang [GW13] to the multivariate setting would have been to work with thepartial derivatives directly. And, while this approach seems alright for the interpolation step,it seems hard to work with when we try to solve the resulting equation to recover all the closeenough codewords. In particular, it isn’t even clear in this set up that the number of solutionsof the algebraic explanation (and hence, the number of close enough codewords) is polynomiallybounded. This mysterious step of gluing together derivatives of the same order in a reversiblemanner (in the sense that we can read off the individual derivatives from the glued term) getsaround this problem, and makes it viable to prove a polynomial upper bound on the number ofsolutions, and eventually solve the equation to recover all the close enough codewords.Given this background, we now give a more detailed outline of our algorithm below. Viewing the encoding as a formal power series
Multiplicity codes are described by saying that the encoding of a polynomial f ∈ F [ x ] consists ofthe evaluation of all partial derivatives of f of order at most s − S k . For our algorithm, we think of these partial derivatives of f asbeing rearranged on the basis of the order of the derivatives as follows. We take a fresh set offormal variables z and define the following differential operators. ∆ i ( f ) : = ∑ e : k e k = i z e · ¯ ∂ f ( x ) ¯ ∂ x e ¯ ∂ f ¯ ∂ x e denotes the Hasse derivative of the polynomial f with respect to x e .Let ∆ ( f ) be an s tuple of polynomials defined as follows. ∆ ( f ) : = ( ∆ ( f ) , ∆ ( f ) , . . . , ∆ s − ( f )) .We view the encoding for f as giving us the evaluation of the tuple ∆ ( f ) ∈ F [ x , z ] as x varies in S k .Note that for every fixing of x to some a ∈ S k , ∆ ( f )( a ) is in F [ z ] s . Thus, the alphabet size is stilllarge. Clearly, this is just a change of viewpoint, as we can go from the original encoding to thisand back efficiently, and at this point it is unclear that this change of perspective would be useful. Finding an equation satisfied by all close enough codewords
Let P be a received word. We view P as a function P : S k → Σ s , where Σ = F [ z ] , as discussed inthe previous step. The goal of the decoding step is to find all the polynomials f ∈ F [ x ] of degreeat most d , whose encoding is close enough to P .As a first step towards this, we find a non-zero polynomial Q ( x , y ) ∈ F ( z )[ x , y ] of the form Q ( x , y ) = Q ( x ) y + · · · + Q m ( x ) y m ,which explains the received word P , i.e., for every a ∈ S k , Q ( a , P ( a )) =
0, and Q satisfies someappropriate degree constraints. Here m ≤ s is a parameter. For technical reasons, we also end upimposing some more constraints on Q in terms of its partial derivatives, the details of which canbe found in Section 4.3. Each of these constraints can be viewed as a homogeneous linear equationin the coefficients of Q over the field F ( z ) . We choose the degree of Q to be large enough to ensurethat this system has more variables than constraints, and therefore, has a non-zero solution.This step is the interpolation step which shows up in any standard application of the polyno-mial method, and our set up is closest and a natural generalization of the set up in the list decodingalgorithm of Guruswami and Wang [GW13] for univariate multiplicity codes.The key property of the polynomial Q thus obtained is that for every degree d polynomial f ∈ F [ x ] whose encoding is close enough to P , Q ( x , ∆ ( f )) = Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ Q and the fact that f has degreeat most d , the polynomial Q ( x , ∆ ( f )) ∈ F ( z )[ x ] is of not too high degree in x . Moreover, from theconstraints imposed on Q during interpolation, it follows that at every a ∈ S k where the encodingof f and P agree, Q ( x , ∆ ( f )) vanishes with high multiplicity. Thus, if the parameters are favorably Since we have both x and z variables, we use the notation ¯ ∂ f ¯ ∂ x to denote the Hasse derivative wrt variable x toexplicitly indicate which variable the derivative is being taken Q ( x , ∆ ( f )) has too many zeroes of high multiplicity on a grid, and hence by themultiplicity Schwartz-Zippel emma (see Lemma 3.4), Q ( x , ∆ ( f )) must be identically zero.We note that this is the only place in the proof where we use anything about the structure ofthe set of evaluation points, i.e., the set of evaluation points is a grid. Solving the equation to recover all close enough codewords
As the final step of our algorithm, we try to recover all polynomials f ∈ F [ x ] of degree at most d such that Q ( x , ∆ ( f )) = Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ Q ( x , ∆ ( f )) can be viewed as a partial differential equation of order m − f via the method of power series. We start by trying all possiblechoices of field elements for coefficients of monomials of degree at most m − f , and iterativelyrecover the remaining coefficients of f by reconstructing f one homogeneous component at a time.Moreover, we observe that for each choice of the initial coefficients, there is a unique lift to a degree d polynomial. Thus, the number of solutions is upper bounded by the number of initial choices,which is at most | F | ( m + k − k ) .We note that this is one place where working with ∆ i ( f ) as opposed to having an equation inthe individual partial derivatives of f is of crucial help. Even though the equation Q ( x , ∆ ( f )) = f , the fact that these derivatives appear in astructured form via the operators ∆ i ( f ) helps us prove a polynomial upper bound on the numberof such solutions and solve for f . Without this additional structure, it is unclear if one can prove apolynomial upper bound on the number of solutions of the corresponding equation.This reconstruction step is a multivariate generalization of similar reconstruction steps in thelist decoding algorithms of Kopparty [Kop15] and Guruswami & Wang [GW13] for univariatemultiplicity codes. Interestingly, this is also a special case of a similar reconstruction procedure inthe work of Guo, Kumar, Saptharishi and Solomon [GKSS19], where the polynomial Q could po-tentially be of higher degree in y variables, and is given to us via an arithmetic circuit of small sizeand degree and the goal is to show that all (low degree) polynomials f , satisfying Q ( x , ∆ ( f )) ≡ Q which is linear in y and we have accessto the coefficient representation of this polynomial, and construct the solutions f in the monomialrepresentation. As a consequence, the details of this step are much simpler here, when comparedto that in [GKSS19].In this step of our algorithm viewing the encoding in terms of the differential operators ∆ i () turns out to be useful. The iterative reconstruction outlined above crucially uses the fact that forany homogeneous polynomial g ∈ F [ x ] of degree r , ∆ i ( g ) is a homogeneous polynomial in the x r − i +
1. The other property that we use from ∆ i () is that given ∆ i ( g ) for any homogeneous polynomial g , we can uniquely read off all the partial derivatives of order i − g , and via a folklore observation of Euler, uniquely reconstruct the polynomial g itself (seeLemma 4.4).Finally, we note that the precise way of gluing together the partial derivatives of order i in thedefinition of the operator ∆ i () is not absolutely crucial here, and as is evident in Lemma 4.4, manyother candidates would have satisfied the necessary properties.The details of this step are in Section 4.5, and essentially complete the proof of Theorem 1.1. In Section 5, we combine our proof of Theorem 1.1 with the techniques in the recent work ofKopparty, Ron-Zewi, Saraf and Wootters [KRSW18] to show that the list size in the decodingalgorithm in Theorem 1.1 can be reduced to a constant.The key to this step is the observation that since Q ( x , y ) is linear in the y variables, the solutions f of the equation Q ( x , ∆ ( f )) ≡ V ⊆ F [ x ] of polynomials of degree atmost d which consists of all the solutions of Q ( x , ∆ ( f )) ≡ Q ( x , ∆ ( f )) ≡ We use the following notation.• F is the field we work over, and we assume the characteristic of F to be either zero or largerthan the degree parameter d of the message space.• We use bold letters to denote tuples of variables (i.e., x , z , y for ( x , . . . , x k ) , ( z , . . . , z k ) and ( y , . . . , y m ) respectively). 11 We work with polynomials which are in general members of F ( z )[ x , y ] . We denote mono-mials in x and z by x e ( = ∏ i ∈ [ k ] x e i i ), z e ( = ∏ i ∈ [ k ] z e i i ) respectively where e ∈ Z k ≥ . The degreeof the monomial is k e k = ∑ ki = e i .• For e , e ′ ∈ Z k ≥ we say e ′ ≤ e iff for all i ∈ [ k ] we have e ′ i ≤ e i . Also, we use ( ee ′ ) to denote ∏ i ∈ [ k ] ( e i e ′ i ) .• For a natural number n , [ n ] denotes the set {
1, 2, . . . , n } . Throughout the paper we work with Hasse derivatives: we interchangeably use the term partialderivatives.
Definition 3.1 (Hasse Derivative) . For a polynomial f ∈ F [ x ] the Hasse derivative of type e is thecoefficient of z e in the polynomial f ( x + z ) ∈ F [ x , z ] . We denote this by ¯ ∂ f ¯ ∂ x e or ¯ ∂ f ( x ) ¯ ∂ x e y We state some basic properties of Hasse Derivatives below. Some of these are taken from [DKSS13,Proposition 4].
Proposition 3.2 (Basic Properties of Hasse Derivatives) . Let f , g ∈ F [ x ] and consider e , e ′ ∈ Z k ≥ .1. ¯ ∂ f ¯ ∂ x e + ¯ ∂ g ¯ ∂ x e = ¯ ∂ ( f + g ) ¯ ∂ x e .2. If f is a homogeneous polynomial of degree d then ¯ ∂ f ¯ ∂ x e is homogeneous polynomial of degree d − k e k .3. If f = x e ′ then ¯ ∂ f ¯ ∂ x e = ( ee ′ ) x e − e ′ .4. Hasse derivatives compose in the following manner: ¯ ∂ ¯ ∂ x e ¯ ∂ f ( x ) ¯ ∂ x e ′ = (cid:18) e + e ′ e (cid:19) · ¯ ∂ f ( x ) ¯ ∂ x e + e ′ .
5. Product rule for Hasse derivatives: ¯ ∂ (cid:16) ∏ i ∈ [ w ] f i (cid:17) ¯ ∂ x e = ∑ u + u + ... + u w = e ∏ i ∈ [ w ] ¯ ∂ f i ¯ ∂ x u i ! . Proof.
Items 1 to 3 and 5 follow directly from Definition 3.1. For Item 4, observe that by linearityof Hasse derivatives we may assume WLOG that f is a monomial, say x ˜ e : in this case the claimfollows from Item 3 and the fact that ( ˜ ee ) · ( ˜ e − ee ′ ) = ( e + e ′ e ) · ( ˜ ee + e ′ ) .12 .3 Multiplicity code We now define the notion of multiplicity of a polynomial f ∈ F [ x ] at a point a ∈ F k . The multiplic-ity of f at the origin is ℓ iff ℓ is the highest integer such that no monomial of total degree less than ℓ appears in the coefficient representation of f . We formalize this below using Hasse derivatives. Definition 3.3 (multiplicity) . A polynomial f ∈ F [ x ] is said to have multiplicity ℓ at a point a ∈ F k ,denoted by mult ( f , a ) , iff ℓ is the largest integer such that for all e ∈ Z k ≥ with k e k < ℓ we have ¯ ∂ f ¯ ∂ x e ( a ) = . If no such ℓ exists then mult ( f , a ) = ∞ . y Dvir, Kopparty, Saraf and Sudan proved the following higher order multiplicity version of theclassical Schwartz-Zippel lemma.
Lemma 3.4 (multiplicity SZ lemma [DKSS13, Lemma 2.7]) . Let F be any field and let S be an arbitrarysubset of F . Then, for any non-zero k-variate polynomial P of degree at most d, ∑ a ∈ S k mult ( P , a ) ≤ d | S | k − .The above lemma implies the classical SZ lemma, which states that two distinct k -variate poly-nomials of degree d cannot agree everywhere on a grid S k for any set S of size larger than d trivially.This in particular tells us that the grid S k serves as hitting set for polynomials of degree at most d provided d < | S | .As mentioned before, a multiplicity code over a grid S k consists of evaluations of the messagepolynomial f along with its derivatives of various orders (up to s − Definition 3.5 (multiplicity code) . Let s , k ∈ N , d ∈ Z ≥ , F a field and S ⊂ F a non-empty finitesubset. The k-variate order-s multiplicity code of degree-d polynomials over F on the grid S k is defined asfollows.Let E : = { e ∈ Z k ≥ | ≤ k e k < s } . Note that | E | = ( s + k − k ) . The code is over alphabet F E and haslength S k (where the coordinates are indexed by elements of S k ).The code is an F -linear map from the space of degree d polynomials in F [ x ] to (cid:0) F E (cid:1) S k . The encoding off ∈ F [ x ] at a point a ∈ S k is given by: Enc s , S ( f ) | a = (cid:18) ¯ ∂ f ¯ ∂ x e ( a ) : e ∈ E (cid:19) . y Remark 3.6. • The distance of the code is exactly δ : = − ds | S | and the rate of the of the code is ( d + kk )( s + k − k ) ·| S | k . • As mentioned in the introduction we can also view the encoding by clubbing partial derivatives of thesame degree. Thus, the encoding of f at a point a is ( ∆ ( f )( a ) , ∆ ( f )( a ) , . . . , ∆ s − ( f )( a )) ∈ F [ z ] s here ∆ i ( f )( a ) = ∑ e : k e k = i z e · ¯ ∂ f ( x ) ¯ ∂ x e ( a ) . • We think of k, m and s as constants, but m much larger than k and s is much larger than m. Theprecise trade-offs will be alluded to when we need to set parameters in our proofs. y In this section, we state a few basic results that show how to perform algebraic operations overpolynomial rings.The following lemma, proved via an easy application of polynomial interpolation, lets us con-struct the coefficient representation of a polynomial given an arithmetic circuit for it.
Lemma 3.7.
Let k ∈ N . There exists a deterministic algorithm that takes as input an arithmetic circuitC of size s that computes a k-variate polynomial P ∈ F [ z ] of degree at most d and outputs the coefficientvector of P in at most poly ( d k , s ) field operations over F Proof.
From Lemma 3.4, we know that no two degree d polynomials can agree everywhere on agrid of size larger than d . So, we pick an arbitrary subset S of F of size d + C at all points on the grid | S | k . This requires at most poly ( d k , s ) field operations. Now,given these evaluations, we set up a linear system in the coefficients of P where for every a in thegrid, we have a constraint of the form P ( a ) = C ( a ) . We know that this system has a solution.Furthermore, from Lemma 3.4, we know that this system has a unique solution.Solving this system gives us the coefficient vector of P and requires at most d k additional fieldoperations.The next lemma tells us how to perform linear algebra over the polynomial ring F [ z ] . Lemma 3.8 (linear algebra over polynomial rings) . Let A ( z ) ∈ F [ z ] t ′ × t be a matrix such that eachof its entries is a polynomial of degree at most m in the variables z = ( z , z , . . . , z k ) and t ′ ≤ t. Then,there is a deterministic algorithm which takes as input the coefficient vectors of the entries of A and outputsa non-zero vector u ∈ F [ z ] t in time poly ( m k , t k ) such that A · u = . Moreover, every entry in u is apolynomial of degree at most tm.Proof. As a first step, we reduce this to the problem of solving a linear system of the form A ′ · u ′ = b , where A ′ and b have entries in F [ z ] of degree at most m , and A ′ is a square matrix of dimensionat most t ′ , which is non-singular. At this point, we can just apply Cramer’s rule to find a solutionof this system.Since t ′ ≤ t , the rank r of A ( z ) over F ( z ) is at most t ′ . Thus, there is a square submatrix A ′ ( z ) of A such that det ( A ′ ) is a non-zero polynomial of degree at most mr ≤ mt ′ in F [ z ] . For a hitting set H mt ′ , k of polynomials of degree at most mt ′ on k variables over F , we consider the set of matrices14 A ( c ) : c ∈ H mt ′ , k } . From the guarantees of the hitting set, we know that there is a c ∈ H mt ′ , k suchthat A ′ ( c ) is of rank equal to r . Let c ∈ H mt ′ , k be such that the rank of A ( c ) over F is maximumamong all matrices in the set { A ( c ) : c ∈ H mt ′ , k } . Moreover, let A ′ ( z ) be a submatrix of A ( z ) suchthat rank ( A ′ ( c )) equals rank ( A ( c )) . From Lemma 3.4, there is an explicit hitting set H mt ′ , k ofsize at most ( mt ′ + ) k ≤ ( mt + ) k . Thus, we can find A ′ ( z ) of rank equal to the rank of A ( z ) with at most poly ( m k , t k ) field operations over F . Without loss of generality, let us assume that A ′ is the top left submatrix of A of size r . Clearly, the ( r + ) -st column of A is linearly dependent onthe first r columns of A over the field F ( z ) . In other words, the linear system given by A ′ · u ′ = b where b = ( A r + , A r + , . . . , A r , r + ) , has a solution in F ( z ) . Moreover, for every solution u ′ of this system, where u ′ = ( u ′ , u ′ , . . . , u ′ r ) , the t dimensional vector ( u ′ , u ′ , . . . , u ′ r , −
1, 0, . . . , 0 ) isin the kernel of A ( z ) . Also, since A · u = is a homogeneous linear system, for any non-zeropolynomial P ( z ) , ( P · u ′ , P · u ′ , . . . , P · u ′ r , − P , 0, . . . , 0 ) continues to be a non-zero vector in thekernel of A ( z ) .Since A ′ is non-singular, u ′ = ( A ′ ) − · b is a solution to this system. Moreover, by Cramer’srule, ( A ′ ) − = adj ( A ′ ) / det ( A ′ ) , where adj ( A ′ ) is the adjugate matrix of A ′ and det ( A ′ ) is its de-terminant. Since, every entry of adj ( A ′ ) is a polynomial in F [ z ] of degree at most tm , we get asolution of the form u ′ = ( p / det ( A ′ ) , p / det ( A ′ ) , . . . , p r / det ( A ′ )) where each p i is a polyno-mial in F [ z ] of degree at most tm . By getting rid of the denominators by scaling by det ( A ′ ) , we getthat the non-zero t dimensional vector ( p , p , . . . , p r , − det ( A ′ ) , 0, . . . , 0 ) is in the kernel of A ( z ) .Moreover, using the fact that the determinant polynomial has a polynomial size efficientlyconstructible circuit, and Lemma 3.7, we can output this vector, with each entry being a list ofcoefficients in F in time poly ( m k , t k ) via an efficient deterministic algorithm. In this section, we prove Theorem 1.1. We follow the outline of the proof described in Section 2.We start with the interpolation step.
The message space is the space of k -variate polynomials of degree at most d over F . In the standardencoding, we have access to evaluations of the polynomial and all its derivatives of order up to s − S k ⊆ F k .For our proof, it will be helpful to group the derivatives of the same order together.15 efinition 4.1. Let f ∈ F [ x ] be a polynomial. Then, for any i ∈ Z ≥ , ∆ i ( f ) is defined as ∆ i ( f ) : = ∑ e : k e k = i z e · ¯ ∂ f ( x ) ¯ ∂ x e . y So, we have a distinct monomial in z attached to each of the derivatives. The precise form ofthe monomial in z is not important, and all that we will use is that these monomials are linearlyindependent over the underlying field, don’t have very high degree and there aren’t too manyvariables in z .Now, we think of the encoding of f as giving us the evaluation of the tuple of polynomials ∆ ( f ) = ( ∆ ( f ( x )) , ∆ ( f ( x )) , . . . , ∆ s − ( x )) ∈ F ( z )[ x ] s as x takes values in F k .Note that ∆ i ( f ) is a homogeneous polynomial of degree at equal to i in z . τ operator We will need to compute the Hasse derivative of ∆ i ( f ) with respect to x e , i.e., ¯ ∂ ∆ i ( f ) ¯ ∂ x e . From thedefinition of ∆ i ( f ) , we have¯ ∂ ∆ i ( f ) ¯ ∂ x e = ∑ e ′ : k e ′ k = i z e ′ · ¯ ∂ ¯ ∂ x e ¯ ∂ f ( x ) ¯ ∂ x e ′ = ∑ e ′ : k e ′ k = i z e ′ · (cid:18) e + e ′ e (cid:19) · ¯ ∂ f ( x ) ¯ ∂ x e + e ′ = ∑ e ′ : k e ′ k = i z e ′ · (cid:18) e + e ′ e (cid:19) · coeff z e + e ′ ( ∆ i + k e k f ( x )) .The key point to note is that the Hasse derivative of ∆ i ( f ) with respect to x e can be read off thecoefficients of ∆ i + k e k ( f ) .This motivates the following definition. Consider a tuple P = ( P , P , . . . , P s − ) , where for each i , P i is a homogeneous polynomial of degree i in F [ z ] . For any e ∈ Z k ≥ , and i ≤ s − i + k e k ≤ s −
1, we define τ ( i ) e ( P ) : = ∑ e ′ : k e ′ k = i z e ′ · (cid:18) e + e ′ e (cid:19) · coeff z e + e ′ ( P i + k e k ) .Thus, for ∆ ( f ) = ( ∆ ( f ( x )) , ∆ ( f ( x )) , . . . , ∆ s − ( x )) , we have τ ( i ) e ( ∆ ( f )) = ¯ ∂ ∆ i ( f ) ¯ ∂ x e . Let P be the received word, Thus, we are given a collection of s -tuples of polynomials P ( a ) =( P ( a ) , P ( a ) , . . . , P s − ( a )) for every a ∈ S k , where each P i ( a ) is a homogeneous polynomial of16egree i in z . From the earlier definition of τ , given such a P ( a ) , we have τ ( i ) e ( P ( a )) for every i ≤ m and e with k e k ≤ s − − m . Lemma 4.2.
Let k and s be constants. For every natural number m ≤ s − − k, and D = | S | ( s − m ) / m k , there is a non-zero polynomial Q ( x , y ) = Q ( x ) y + · · · + Q m ( x ) y m ∈ F ( z )[ x , y ] such that • For every i ∈ {
1, 2, . . . , m } , the x -degree of each Q i is at most D. • For every a ∈ S k and every e ∈ Z k ≥ such that ≤ k e k ≤ s − − m, ∆ e ( Q )( a ) = , where ∆ e ( Q )( a ) : = m ∑ i = ∑ e ′ ≤ e ¯ ∂ Q i ( x ) ¯ ∂ x e ′ ( a ) · τ ( i − ) e − e ′ ( P ( a )) . Here, e ′ ≤ e means that e dominates e ′ coordinate wise.Moreover, the coefficients of Q are polynomials in F [ z ] of degree at most O ( | S | k s k ) , and such a Q can bedeterministically constructed by using at most poly ( | S | k , s k , d k ) operations over the field F .Proof. We start by showing the existence of a polynomial Q with the appropriate degree con-straints, followed by an analysis of the running time. Existence of Q . We view the above constraints as a system of linear equations over the field F ( z ) ,where the variables are the coefficients of Q . The number of homogeneous linear constraints is | S | k ( s − m + kk ) and the number of variables is m ( D + kk ) .By using the fact that k is much smaller than s , and a crude approximation of the binomialcoefficients, we have | S | k ( s − m + kk ) ≤ ( e | S | ( s − m ) / k ) k and m ( D + kk ) > m ( D / k ) k . Plugging in thevalue of D , we get m ( D / k ) k = ( | S | ( s − m ) / k ) k , which is clearly greater than the number ofconstraints. Hence, there is a non-zero solution, where the coefficients of the polynomial are fromthe field F ( z ) , i.e., are rational functions in z .Next we analyze the degree of these coefficients and show that we can recover such a Q effi-ciently, with the appropriate degree bounds. The running time.
For the running time, we recall that each τ i e is a polynomial of degree atmost m − z variables. As a consequence, observe that the linear system we have for thecoefficients of Q is of the form A · u =
0, where A is a matrix with dimension at most O ( | S | k ( s − m ) k ) over the ring F [ z ] , and every entry of A is a polynomial in F [ z ] of degree at most m . FromLemma 3.8, we get that we can find a non-zero solution in F [ z ] using at most poly ( | S | k , s k ) fieldoperations over F . Moreover, each of the coordinates of this output vector is a polynomial ofdegree at most O ( | S | k ( s − m ) k ) · m = O ( | S | k s k ) in F [ z ] .Going forward, we work with the polynomial Q and the degree parameter D as set in Lemma 4.2.17 .4 Close enough codewords satisfy the equation We now show that for every polynomial f ∈ F [ x ] of degree at most d whose encoding is closeenough to the received word P , f satisfies the equation Q in some sense. Lemma 4.3.
If f ∈ F [ x ] is a degree d polynomial such that the number of a ∈ S k which satisfyP ( a ) = ∆ ( f )( a ) , is at least T > ( D + d ) · | S | k − / ( s − m ) , then Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) is identically zero as apolynomial in F ( z )[ x ] .Proof. Define the polynomial R ∈ F ( z )[ x ] as follows R ( x ) : = Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) = m ∑ i = Q i ( x ) · ∆ i − ( f ) . R is a polynomial in x of degree at most D + d over the field F ( z ) . Whenever a satisfies that P ( a ) = ∆ ( f )( a ) , from the definitions of τ ( i ) e and ∆ e , we have that for all e such that 0 ≤ k e k ≤ s − m − ∂ R ( x ) ¯ ∂ x e ( a ) = m ∑ i = ∑ e ′ ≤ e ¯ ∂ Q i ( x ) ¯ ∂ x e ′ ( a ) · ¯ ∂ ∆ i − ( f ) ¯ ∂ x e − e ′ ( a )= m ∑ i = ∑ e ′ ≤ e ¯ ∂ Q i ( x ) ¯ ∂ x e ′ ( a ) · τ ( i − ) e − e ′ ( P ( a ))= ∆ e ( Q )( a )= ∆ ( f ) and the received word P , R ( x ) vanishes withmultiplicity at least s − m . From Lemma 3.4, we know that if T ( s − m ) > ( D + d ) | S | k − ,then, R must be identically zero.Let us try to get a sense of the parameters here. The relative distance of this code is δ = − ds | S | .Now, in T | S | k > D + d | S | ( s − m ) , plugging in the value of D from the earlier discussion gives us T | S | k > d | S | ( s − m ) + | S | ( s − m ) / m k | S | ( s − m )= m k + (cid:18) ss − m (cid:19) · ds | S | m k + (cid:18) ms − m (cid:19) · ds | S | + ds | S | .In our final analysis for the proof of Theorem 1.1, we choose m and s large enough as a function of ε , so that this bound is of the form ε + ( − δ ) , which is precisely what is claimed in Theorem 1.1. All that remains now is to solve equations of the form Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) to recover f . This would be done via iteratively constructing f one homogeneous component at a time. Wewill need the following easy observations. Lemma 4.4.
Let F be a field of characteristic zero or larger than d. Let f ∈ F [ z ] be a polynomial of degree d,and for every i ∈ Z ≥ , ∆ i be the differential form of order i as defined in Definition 4.1. Then, the followingare true. • For each i ∈ Z ≥ , ∆ i ( f ) is homogeneous in z and has degree i in the z variables. Moreover, for anymonomial z e of degree i, its coefficient in ∆ i ( f ) equals ¯ ∂ f ¯ ∂ x e . • If f is a homogeneous polynomial, then, for every i ≤ d, f can be uniquely recovered from all itspartial derivatives of order i. As a consequence, for any homogeneous f , given the formal polynomial ∆ i ( f ) , we can recover f .Proof. The first item follows directly from the definition of ∆ in Definition 4.1.The second item follows from an immediate generalization of the following well known ob-servation of Euler to Hasse derivatives. For any homogeneous polynomial f of degree d , d · f = ∑ i x i · ¯ ∂ f ( x ) ¯ ∂ x i .We also have that¯ ∂ ¯ ∂ x e ¯ ∂ f ( x ) ¯ ∂ x e ′ = (cid:18) e + e ′ e (cid:19) · ¯ ∂ f ( x ) ¯ ∂ x e + e ′ .Using this we can compute the first order Hasse derivatives of ¯ ∂ f ¯ ∂ x e ′ for all k e ′ k = i − ∆ i ( f ) .So, for any i , given all Hasse derivatives of degree i , we can recover Hasse derivatives of degree i − f . Remark 4.5.
We remark that the second item in Lemma 4.4 is false for fields of small characteristic. Forinstance, if the characteristic is smaller than d, then even for a non-zero f , all its first order derivatives couldbe zero, and hence f cannot be recovered from its first order derivatives. y Q ( x , y ) , we can (efficiently)recover all polynomials f of degree at most d such that Q ( x , ∆ < m ( f )) ≡
0. This will complete allthe ingredients needed for the proof of Theorem 1.1.
Lemma 4.6.
Let F be a finite field of characteristic larger than d and let Q ( x , y ) = Q y + · · · + Q m y m be any non-zero polynomial in F [ z , x , y ] where, deg x ( Q ) ≤ D + d, deg z ( Q ) ≤ Γ and Q i does not dependon y . Then, there is a deterministic algorithm that outputs all polynomials f ∈ F [ x ] of degree at most dsuch thatQ ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ Moreover, the algorithm requires at most poly (cid:16) D k , d k , | F | ( m + km ) , Γ k (cid:17) arithmetic operations over the un-derlying field F .Proof. We will reconstruct f iteratively, one homogeneous component at a time. This iterativeprocess has to be started by fixing the homogeneous components of f of degree at most m , and aswill be evident from the discussion ahead, every fixing of this initial seed can be lifted to a unique f of degree at most d satisfying Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ Preprocessing.
We know from the hypothesis of the lemma that Q depends on at least one y variable. Let j be the largest index in {
1, . . . , m } such that Q depends on y j , i.e., Q j is non-zero and Q i is identically zero for all i > j . For the ease of notation, we shall assume that j = m , thus, Q m is a non-zero polynomial. Recall that f is a polynomial in F [ x ] and each ∆ i ( f ) is a polynomial in F [ x , z ] .Since Q m ( x ) ∈ F [ x ] is a non-zero polynomial, there is an a ∈ F k such that Q m ( a ) = Replacing the variable x i by x ′ i + a i (i.e., translating the origin), we can ensure that in this translatedcoordinate system, Q m ( x ′ + a ) is non-zero at the origin, i.e., when x ′ is set to . We work in thistranslated coordinate system for the ease of notation. Observe that every solution f ( x ) ∈ F [ x ] isbijectively mapped to a solution ˜ f ( x ′ ) = f ( x ′ + a ) ∈ F [ x ′ ] and given ˜ f , we can efficiently recover f .Also, note that ∆ i ( f )( x ′ + a ) = ∆ i ( f ( x ′ + a )) = ∆ i ( ˜ f ( x )) , i.e., taking derivatives and then setting x = x ′ + a is equivalent to first doing the translation x = x ′ + a and then taking derivatives. Let Q ′ ( x ′ ) : = Q ( x ′ + a ) = Q ( x ′ + a ) y + · · · + Q m ( x ′ + a ) y m , This is assuming F is large enough, else we can find such an a in a large enough extension field of F . I = h x ′ , . . . , x ′ k i be the ideal generated by { x ′ , . . . , x ′ k } . Iterative Reconstruction.
We are now ready to describe the iterative reconstruction of ˜ f .• Base Case :
We will try all possible values for the coefficients of monomials of degree atmost m in ˜ f from the field F . There are | F | ( m + kk ) possible choices. The next steps are going touniquely lift each of these candidate solutions to a degree d polynomial, so the number ofsolutions remains | F | ( m + kk ) .• Induction Step :
We now assume that we have recovered ˜ f , ˜ f , . . . , ˜ f t ∈ F [ x ′ ] for some t ≥ m , where ˜ f i is a homogeneous component of ˜ f of degree i . The goal is to recover ˜ f t + ,the ( t + ) -st homogeneous component. Let ˜ f ≤ t = ˜ f + ˜ f + · · · + ˜ f t . Now, let us considerthe equation Q ′ ( x ′ , ∆ ( ˜ f ) , ∆ ( ˜ f ) , . . . , ∆ m − ( ˜ f )) = I t − m + .Clearly, the homogeneous components of ˜ f of degree larger than t + I t − m + , and so we have, Q ′ ( x ′ , ∆ ( ˜ f ≤ t ) , ∆ ( ˜ f ≤ t ) , . . . , ∆ m − ( ˜ f ≤ t + ˜ f t + )) = I t − m + .Using the linearity of ∆ i and the fact that Q ′ is linear in y , we get Q ′ ( x ′ , ∆ ( ˜ f ≤ t ) , ∆ ( ˜ f ≤ t ) , . . . , ∆ m − ( ˜ f ≤ t )) + Q m ( x ′ + a ) · ∆ m − ( ˜ f t + ) = I t − m + .We know that the degree of ∆ m − ( ˜ f t + ) equals t + − ( m − ) = t − m +
2, and it is homo-geneous in x ′ . Also, we have ensured in the preprocessing phase that Q m ( x ′ + a ) mod I = Q m ( a ) is some non-zero constant F . Thus, this is a non-trivial linear equation in ∆ m − ( ˜ f t + ) and if we can use it to recover all the partial derivatives of ˜ f t + of order m −
1, we can thenuse Lemma 4.4 to recover ˜ f t + itself. We elaborate on the details of this step of recoveringthe partial derivatives of ˜ f t + from ∆ m − ( f t + ) next. Recovering partial derivatives of ˜ f t + from ∆ m − ( ˜ f t + ) . Recall that since ˜ f t + is a homogeneouspolynomial in F [ x ] of degree t +
1, each of its partial derivatives of order m − x ′ of degree equal to t + − ( m − ) = t − m +
2. Thus, ∆ m − ( ˜ f t + ) : = ∑ e : k e k = m − z e · ¯ ∂ ˜ f t + ( x ′ ) ¯ ∂ x ′ e .is a homogeneous polynomial in both z and x ′ , with degree m − z and degree t − m + x ′ . Our goal is to recover the coefficients of all monomials z e of degree m − z when viewing21 m − ( ˜ f t + ) as a polynomial in F [ x ][ z ] , and we have access to the expression Q ′ ( x ′ , ∆ ( ˜ f ≤ t ) , ∆ ( ˜ f ≤ t ) , . . . , ∆ m − ( ˜ f ≤ t )) = − Q m ( a ) ∆ m − ( ˜ f t + ) mod I t − m + .As a first step, observe that the polynomial Q m ( a ) ∆ m − ( ˜ f t + ) has degree at most Γ + m − z and degree exactly t − m + x ′ . Moreover, since Q m ( a ) ∈ F [ z ] is non-zero, the polynomi-als { Q m ( a ) z e : deg ( z e ) = m − } are linearly independent as polynomials of degree at most Γ + ( m − ) in z over the field over the field F . Therefore, for any hitting set H ⊆ F k for k -variatepolynomials of degree at most Γ + ( m − ) , the evaluation vectors Eval H ( Q m ( a ) z e ) of these poly-nomials on H are linearly independent over F . So, for every x ′ e of degree m −
1, there existsan F linear combination of the polynomials { Q m ( a ) ∆ m − ( ˜ f t + ) b : b ∈ H } which equals ¯ ∂ ˜ f t + ( x ′ ) ¯ ∂ x ′ e .Moreover, such a linear combination can be found (e.g. via Gaussian Elimination over the field F )efficiently in the size of this linear system.Thus, to recover the partial derivatives of order m − f t + given a monomial representationof Q m ( a ) ∆ m − ( ˜ f t + ) , we consider the hitting set H of size O ( Γ · m ) k for k -variate degree Γ ( m − ) polynomials given by Lemma 3.4, compute the evaluation of the polynomials Q m ( a ) · ∆ m − ( ˜ f t + ) = ∑ e : k e k = m − Q m ( a ) z e · ¯ ∂ ˜ f t + ( x ) ¯ ∂ x e ,at every b ∈ H , and take appropriate weighted linear combinations to recover each of the partialderivatives ¯ ∂ ˜ f t + ( x ) ¯ ∂ x e .Since Q ′ ( x ′ , ∆ ( ˜ f ≤ t ) , ∆ ( ˜ f ≤ t ) , . . . , ∆ m − ( ˜ f ≤ t )) is a polynomial of degree at most Γ + m in z andat most D + d in x , we can do the evaluations by writing the coefficient vector of this polynomialin time poly ( D k , d k , Γ k , m k ) and doing evaluations one monomial at a time. The running time.
Observe that we can go from the original polynomial Q to the polynomial Q ′ by finding an appropriate a deterministically in time at most ( D + d ) k by just querying all pointson a large enough grid in F k (or a grid in an extension field of F , if F isn’t large enough). Thisfollows from Lemma 3.4.Once we have Q ′ , we reconstruct f in d iterations, so it suffices to estimate the cost of each iter-ation. As we just argued in the earlier part of the proof, every iteration just involves evaluating thepolynomial Q ′ ( x ′ , ∆ ( ˜ f ≤ t ) , ∆ ( ˜ f ≤ t ) , . . . , ∆ m − ( ˜ f ≤ t )) at a hitting set H of size at most poly ( Γ k , m k ) and solving about m k linear systems of the same size. The straightforward implementation of thistakes no more than poly ( D k , d k , Γ k , m k ) field operations.As is evident from the proof of Lemma 4.6, the following more structured version of Lemma 4.6is true. 22 emma 4.7. Let F be a field of characteristic zero or larger than d and let Q ( x , y ) = Q y + · · · + Q m y m be any polynomial in F [ z , x , y ] where, deg x ( Q ) ≤ D + d, deg z ( Q ) ≤ Γ and Q i ’s do not depend on y .Then, there is a deterministic algorithm that outputs a linear space of polynomials in F [ x ] of dimension atmost ( m + kk ) over F which contains all polynomials f ∈ F [ x ] of degree at most d such thatQ ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ Moreover, the algorithm requires at most poly (cid:0) D k , d k , Γ k (cid:1) arithmetic operations over the underlyingfield F . To bound the true running time of the algorithm in Lemma 4.7, we need to add a poly ( log F ) factor in the the upper bound on the field operations for finite fields and a polynomial factor in thebit complexity of the input over the field of rational numbers. While working over rationals, wemight need a bit more care to solve the linear systems appearing in the proof of Lemma 4.6 effi-ciently, since the naive implementation of Gaussian Elimination might blow up the bit complexityof the numbers appearing at various intermediate stages. We are now ready to prove Theorem 1.1.
Proof of Theorem 1.1.
We start by setting the parameters. ε and k are fixed apriori, and we choose s , m such that s = m and m is large enough so that10 m k + ms − m < ε .With this choice of parameters, we use Lemma 4.2 to construct a non-zero polynomial Q which explains the received word P . Then, we use Lemma 4.6 to find all polynomials f ∈ F [ x ] of degreeat most d such that Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ | F | ( m + kk ) andfrom Lemma 4.3 that every polynomial f of degree at most d in F [ x ] such that Dist ( Enc ( f ) , P ) isat most ( − δ ) − ε , where δ = − d / ( s | S | ) satisfies the equation Q ( x , ∆ ( f ) , ∆ ( f ) , . . . , ∆ m − ( f )) ≡ f are included in the list of outputs. The running time of the algorithmimmediately follows from the running time guarantees in Lemma 4.2 and Lemma 4.6.23 .7 Another view of the algorithm We now discuss an alternative description of the decoding algorithm. In essence, this is just arewording of the previous algorithm, but appears to have some qualitative advantages. For in-stance, the description itself seems simpler here as we don’t need to introduce the z variables, butinstead, end up working with a system of equations over the original field F itself. Moreover, theruntime analysis of the algorithm gives a slightly better bound of poly ( | S | k , d k ) on the number offield operations needed by the decoding algorithm as opposed to the bound of poly ( | S | k , d k ) thatis claimed in Theorem 1.1.Given the received word P : S k → F ( s + k − k ) , we assume that the coordinates of F ( s + k − k ) areindexed by k -variate monomials of degree at most s −
1. Let t = m k + and for each i ∈ [ s ] and j ∈ [ t ] , let a i , j ∈ F ( i − + kk ) be vectors such that for every i , the dimension of the space spanned by { a i ,1 , a i ,2 , . . . , a i , t } over F equals ( i − + kk ) . Again we think of the coordinates of a i , j as being indexedby k -variate monomials of degree equal to i − P , we construct P , P , . . . , P t where each P j is a function S k to F s , such that for every b ∈ S k , the i th coordinate of P j ( b ) equals the weighted linear combination of the coordinates of P ( b ) indexed by monomials of degree exactly i −
1, with weights according to a i , j . In other words,the i th coordinate of P j ( b ) equals ∑ e ∈ Z k ≥ , k e k = i − a i , j ( e ) · P ( b ) e ,where P ( b ) e is the coordinate of P ( b ) indexed by e . Now, for the interpolation step, for each j ∈ [ t ] , we find a polynomial ˜ Q j = ∑ mi = ˜ Q i , j ( x ) y j of not too high degree which explains P j inthe sense of Lemma 4.2. Note that each ˜ Q j is now a polynomial over the original field F . Animmediate instantiation of Lemma 4.3 for this setting shows that if f ∈ F [ x ] of degree at most d and Enc ( f ) and P are close enough, then for every j ∈ [ t ] , ˜ Q j ( x , Ψ j ( f )) must be identically zero,where Ψ j ( f ) = (cid:0) Ψ j ,1 ( f ) , . . . , Ψ j , m ( f ) (cid:1) is defined as Ψ j , i ( f ) = ∑ e ∈ Z k ≥ , k e k = i − a i , j ( e ) · ¯ ∂ f ¯ ∂ x e .Before going to the reconstruction step, we note that it might be the case that ˜ Q , ˜ Q , . . . , ˜ Q t depend on different subsets of y variables. But since t > m k + , by averaging, it follows that thereexist an ℓ ∈ [ m ] such that at least m k of the polynomials { ˜ Q j : j ∈ [ t ] } have the property that theydepend on y ℓ and do not depend on y ℓ ′ for any ℓ ′ > ℓ . For the ease of notation, let us assume that˜ Q , ˜ Q , . . . , ˜ Q t ′ depend on y m , where t ′ = m k .Now, to recover f , we solve the equations ˜ Q j ( x , Ψ j ( f )) ≡ j ∈ [ t ′ ] . We solve for f one homogeneous component as in the proof of Lemma 4.6. Assuming that we have recovered24omogeneous components of degree at most u of f , we can follow the proof of Lemma 4.6 torecover Ψ j , m ( f u + ) for every j ∈ [ t ′ ] , where f u + is the homogeneous component of f of degree u + At this point, the choice of the vectors a i , j , the definition of Ψ j , m ( f u + ) and the fact that t ′ ≥ m k , we get that we have sufficiently many linearly independent homogeneous linear equations inall the partial derivatives of f u + of order ( m − ) . Thus, we can solve this linear system to recovereach of these partial derivatives and combine them according to Lemma 4.4 to obtain f u + , andproceed to the next step. Moreover, as in Lemma 4.6, if we start from the correct coefficients of f in the base case of this process, each of the subsequent steps are unique.Thus, instead of working with a single polynomial equation as in a standard application of thepolynomial method, this algorithm proceeds via working simultaneously with many equations.We now remark on the running time. Remark 4.8.
We note that in algorithm sketched above, the number of field operations needed is upperbounded by poly ( | S | k , d k ) . This follows from the observation that in this algorithm we are essentiallysolving m k < d k linear systems of size poly ( | S | k , d k ) over the underlying field F to recover all codewordsclose to the received word. y In this section, we use the pruning algorithm due to Kopparty, Ron-Zewi, Saraf and Wootters[KRSW18] together with Lemma 4.7 to obtain a shorter list of correct polynomials, thereby im-proving the bound on the list size in Theorem 1.1 from a polynomial (in the input size) to anabsolute constant depending only on the parameter ε and dimension k . This would complete theproof of Theorem 1.3. The first step towards the goal of recovering codewords from a small linearspace is the following theorem, which is a natural multivariate analog of [GK16, Theorem 17] inthe work of Guruswami and Kopparty [GK16]. Our proof is essentially the same, apart from thefact that we are in the multivariate setting and hence have to work with Generalized Wronskiansmatrices. Theorem 5.1 (subspace restrictions) . Let F be a field of characteristic zero or larger than d. Let µ ≥ w ∈ N be parameters and let W ⊆ F [ x ] be an F -linear subspace of k-variate polynomials of degree at mostd, such that dimension of W is at most w. For any a ∈ F k , let H a be the F -linear space of polynomials ofdegree at most d which vanish with multiplicity at least µ at a . Then, for every set S ⊆ F , we have, ∑ a ∈ S k dim ( H a ∩ W ) ≤ dw | S | k − ( µ − w + ) .We use this statement in our proof in this section, and prove it in Section 6. We might have to do an initial translation of coordinates as in the proof of Lemma 4.6. .1 The pruning algorithm The input to this algorithm is a received word P and a linear subspace W of polynomials of degreeat most d in F [ x ] of dimension at most w . The goal is to output all polynomials in f ∈ W suchthat Enc s , S ( f ) agrees with P on at least α = δ + ε locations. The description of the algorithm has aparameter r , which we later set to an appropriate value. Algorithm A
1. Choose a , a , . . . , a r independently and uniformly at random from S k .2. If there is a unique polynomial f ∈ W such that Enc s , S ( f ) and P agree on each of a , . . . , a r ,then output f .Clearly, the second step of the algorithm can be implemented efficiently via Gaussian Elimination.The final pruning algorithm invokes Algorithm A multiple times and outputs the union of allthe lists. In the rest of this section, we show that with high probability, this will output the list ofall codewords close to the received word that are contained in the input linear space.The algorithm and the analysis is precisely the same as that in the work of Kopparty, Ron-Zewi,Saraf and Wootters [KRSW18], apart from the fact that we invoke it for multivariate multiplicitycodes, whereas in [KRSW18] it was designed for folded Reed Solomon Codes and univariate mul-tiplicity codes. We briefly sketch some of the details in the rest of this section. For brevity, weagain use Enc () for Enc s , S () . We also assume that the dimension w of W is less than the multiplic-ity parameter s of the code. Lemma 5.2 (Analogous to [KRSW18, Lemma IV.5 (conference version)]) . For any polynomial f ∈ Wsuch that
Dist ( Enc ( f ) , P ) < α , f is output by Algorithm A with probability at least ( − α ) r − w (cid:18) d | S | ( s − w ) (cid:19) r . Moreover, Algorithm A runs in polynomial time in the input size.Proof Sketch.
The proof of the lemma is precisely the same as that of [KRSW18, Lemma IV.5 (con-ference version)] except we use Theorem 5.1 as opposed to an analogous statement for foldedReed Solomon codes.We are now ready to prove Theorem 1.3.
Proof of Theorem 1.3.
Given the error parameter ε and the number of variables k , we choose s , m asfollows.• m = (cid:0) ε (cid:1) k , 26 s = ε · ( m + kk ) .We note that for this choice of parameters, ms − m < ε and hence,10 m k + ms − m < ε ,as is needed to invoke Lemma 4.2. We now use Lemma 4.2 to construct the polynomial Q which explains the received word P , and Lemma 4.7 to give us a subspace W of polynomials in F [ x ] ofdimension at most w = ( m + kk ) over F , that contains all polynomials f ∈ F [ x ] of degree at most d such that Dist ( Enc ( f ) , P ) < ( δ − ε ) , where δ = − d / ( s | S | ) is the relative distance of the code. Letthe parameter r be set as r = log ( · ( m + kk )) log ( + ε /4 ) ≤ O (cid:18) k log 1/ εε (cid:19) .We now instantiate Lemma 5.2 with inputs being the received word P , the subspace W of dimen-sion at most w = ( m + kk ) and the parameter r as set above.A single run of Algorithm A returns at most one polynomial f in W such that Dist ( Enc ( f ) , P ) < ( δ − ε ) . Moreover, every such f is output with probability at least ρ = ( − δ + ε ) r − w (cid:18) d | S | ( s − w ) (cid:19) r .To simplify this, we note that from the choice of parameters w (cid:18) d | S | ( s − w ) (cid:19) r = (cid:18) m + kk (cid:19) (cid:18) s ( s − w ) · ( − δ ) (cid:19) r ≤ · ( + ε /4 ) r (cid:18) ( − ε /4 ) · ( − δ ) (cid:19) r [plugging in the values of s , r ] ≤ · (cid:18) + ε /41 − ε /4 · ( − δ ) (cid:19) r ≤ · ( − δ + ε ) r ,where the last inequality follows from the fact that + ε /41 − ε /4 · ( − δ ) ≤ ( − δ + ε ) , whenever 1 + δ − ε /2 >
0, which is always true in our setting, since δ , ε ∈ (
0, 1 ) . Thus, we get ρ ≥ ( − δ + ε ) r .Hence, the number of polynomials in the space W such that Dist ( Enc ( f ) , P ) < ( δ − ε ) is at most ρ = ( − δ + ε ) r . 27t follows from a union bound that if we run Algorithm A about O (cid:16) ρ · log ρ (cid:17) times with freshrandomness each time, and output every polynomial obtained, with high probability, we wouldhave output all the polynomials f in W with Dist ( Enc ( f ) , P ) < ( δ − ε ) . Thus the number of runsof Algorithm A is O (cid:18) ρ · log 1 ρ (cid:19) = O r log ( − δ + ε )( − δ + ε ) r ! ≤ exp (cid:18) O (cid:18) k ε log ε (cid:19)(cid:19) .The upper bound on the running time immediately follows from the running time guaranteesin Lemma 4.2, Lemma 4.7 and the final pruning that happens in the process of recovering therelevant codewords from the subspace output by Lemma 4.7. In this section, we prove Theorem 5.1. For the proof, we follow the outline of Guruswami andKopparty [GK16] and essentially observe that (almost) everything works even for multivariatepolynomials. The only difference is that instead of the Wronskian criterion for univariate poly-nomial, we need to work with the following generalized Wronskian criterion for multivariatepolynomials.
Theorem 6.1 (generalized Wronskian criterion) . Let f , f , . . . , f w ∈ F [ x ] be k-variate polynomials ofmaximum individual degree at most d. If the characteristic of F is zero or larger than d, then the followingis true. f , f , . . . , f w are linearly independent over F if and only if there exist monomials x e , x e , . . . , x e w such that for every i ∈ [ w ] , deg ( x e i ) ≤ i − , and the w × w matrix M ( e ,..., e w ) whose ( i , j ) entry equals ¯ ∂ f j ¯ ∂ x e i is full rank over the field F ( x ) . The classical Wronskian criterion (and its generalized counterpart) are typically proved for fieldsof characteristic zero and with the usual notion of partial derivatives (cf., Bostan and Dumas [BD10,Theorem 3]). These proofs extend to the above setting. For the sake of completeness, we providean alternative proof of the above theorem in Appendix B.Equipped with this criterion, we are now ready to prove Theorem 5.1
Proof of Theorem 5.1.
Let f , f , . . . , f w ∈ W be linearly independent polynomials of degree at most d which span W . Let E be a subset of µ -tuples of monomials defined as follows. E : = { ( x e , x e , . . . , x e µ ) : deg ( x e i ) ≤ i − } .28or every ψ = ( x e , x e , . . . , x e µ ) in E , let M ψ ∈ F [ x ] µ × w matrix defined as follows. M ψ : = ¯ ∂ f ¯ ∂ x e ¯ ∂ f ¯ ∂ x e . . . ¯ ∂ f w ¯ ∂ x e ¯ ∂ f ¯ ∂ x e ¯ ∂ f ¯ ∂ x e . . . ¯ ∂ f w ¯ ∂ x e ... ... ... ...... ... ... ... ¯ ∂ f ¯ ∂ x e µ ¯ ∂ f ¯ ∂ x e µ . . . ¯ ∂ f w ¯ ∂ x e µ .And, let ˜ M ψ denote the w × w submatrix of M ψ by taking the first w rows and columns, i.e.,˜ M ψ : = ¯ ∂ f ¯ ∂ x e ¯ ∂ f ¯ ∂ x e . . . ¯ ∂ f w ¯ ∂ x e ¯ ∂ f ¯ ∂ x e ¯ ∂ f ¯ ∂ x e . . . ¯ ∂ f w ¯ ∂ x e ... ... ... ...... ... ... ... ¯ ∂ f ¯ ∂ x e w ¯ ∂ f ¯ ∂ x e w . . . ¯ ∂ f w ¯ ∂ x e w .From Theorem 6.1, we know that there exists ψ in E such that ˜ M ψ (and hence, M ψ ) is full rankover F ( x ) . Let L ψ denote the determinant of ˜ M ψ . Clearly, L ψ is a non-zero k -variate polynomialof degree at most dw . We note that for many choices of ψ ∈ E , the corresponding matrix M ψ couldbe of rank less than w . Perhaps somewhat surprisingly, all these matrices play a role in the proof.The proof essentially follows from the following claim. Claim 6.2.
For every a ∈ F k , the multiplicity of L ψ ( x ) at a is at least ( µ − w + ) dim ( H a ∩ W ) . We first complete the proof of the theorem using the above claim and then prove the claim.From Claim 6.2, we get ∑ a ∈ S k ( µ − w + ) dim ( H a ∩ W ) ≤ ∑ a ∈ S k mult ( L ( x ) , a ) .From the earlier discussion, L ψ is a non-zero polynomial of degree at most dw . Thus, by Lemma 3.4,the quantity ∑ a ∈ S k mult ( L ( x ) , a ) is upper bounded by dw | S | k − , and this completes the proof ofTheorem 5.1.We now prove the claim. For this, we need the following claim. Claim 6.3.
For every ψ ∈ E, and for every a ∈ F k , rank ( M ψ ( a )) ≤ w − dim ( H a ∩ W ) . 29 roof of Claim 6.3. We just follow the definition.dim ( H a ∩ W ) = dim ( b = ( b , b , . . . , b w ) ∈ F w : mult ( w ∑ i = b i f i , a ) ≥ µ )! = dim ( b = ( b , b , . . . , b w ) ∈ F w : ∀ x e s.t deg ( x e ) < µ , w ∑ i = b i ¯ ∂ f i ¯ ∂ x e ( a ) = )! = dim (cid:0)(cid:8) b = ( b , b , . . . , b w ) ∈ F w : ∀ ψ ∈ E , ( M ψ ( a )) b = (cid:9)(cid:1) ≤ min ψ ∈ E ( dim ( Kernel ( M ψ ( a )))) ≤ min ψ ∈ E ( w − rank ( M ψ ( a ))) . Proof of Claim 6.2.
To show the claim, we show that for every monomial x f of degree less than ( µ − w + ) dim ( H a ∩ W ) , the Hasse derivative ¯ ∂ L ψ ¯ ∂ x f is zero at a . Let ψ = ( e , e , . . . , e w ) . Then,we have (using Proposition 3.2: Items 4 and 5).¯ ∂ L ψ ¯ ∂ x f ( a ) = ∑ u + u + ··· + u w = f ∏ j ∈ [ w ] (cid:18) e j + u j u j (cid:19) det ( ˜ M ( e + u ,..., e w + u w ) )( a ) .Now, we know that ∑ j k u j k < ( µ − w + ) dim ( H a ∩ W ) , so there are less than dim ( H a ∩ W ) values of j ∈ {
1, 2, . . . , w } such that k u j k is more than µ − w . Moreover, k u j k ≤ µ − w impliesthat k e j k + k u j k ≤ µ −
1. Thus, there is a ψ ∈ E , such that there are more than w − dim ( H a ∩ W ) rows of the matrix ˜ M ( e + u ,..., e w + u w ) ( a ) which are also rows in the matrix M ψ ( a ) . But, fromClaim 6.3, we know that for every ψ ∈ E , M ψ ( a ) has rank at most w − dim ( H a ∩ W ) . Thus,each of the matrices ˜ M ( e + u ,..., e w + u w ) ( a ) in the summand above is rank deficient, and hence hasdeterminant zero. Acknowledgments
Madhu, Mrinal, and Prahladh thank Swastik Kopparty for many insightful discussions on multi-plicity codes and on the results in [KSY14, Kop15].
References [BD10] A
LIN B OSTAN and P
HILIPPE D UMAS . Wronskians and linear independence . Amer. Math. Monthly,117(8):722–727, 2010. arXiv:1301.6598 . (Referenced on page 28.) [DKSS13] Z EEV D VIR , S
WASTIK K OPPARTY , S
HUBHANGI S ARAF , and M
ADHU S UDAN . Extensions to themethod of multiplicities, with applications to Kakeya sets and mergers . SIAM J. Comput., 42(6):2305– , 2009). eccc:2009/TR09-004 . (Referenced on pages 2, 12, and 13.) [DL78] R ICHARD
A. D E M ILLO and R
ICHARD
J. L
IPTON . A probabilistic remark on algebraic programtesting . Inform. Process. Lett., 7(4):193–195, 1978. (Referenced on page 2.) [GK16] V
ENKATESAN G URUSWAMI and S
WASTIK K OPPARTY . Explicit subspace designs . Comb.,36(2):161–185, 2016. (Preliminary version in , 2013). eccc:2013/TR13-060 . (Referenced on pages 25 and 28.) [GKSS19] Z EYU G UO , M RINAL K UMAR , R
AMPRASAD S APTHARISHI , and N
OAM S OLOMON . Derandom-ization from algebraic hardness: Treading the Borders . In
Proc. th IEEE Symp. on Foundations ofComp. Science (FOCS) , pages 147–157. 2019. arXiv:1905.00091 , eccc:2019/TR19-065 . (Referenced on pages 8 and 10.) [GS99] V ENKATESAN G URUSWAMI and M
ADHU S UDAN . Improved decoding of Reed-Solomon and alge-braic-geometry codes . IEEE Trans. Inform. Theory, 45(6):1757–1767, 1999. (Preliminary version in , 1998). eccc:1998/TR98-043 . (Referenced on page 4.) [Gut16] L ARRY G UTH . Polynomial Methods in Combinatorics , volume 64 of
University Lecture Series . Amer.Math. Soc., 2016. (Referenced on page 2.) [GW13] V
ENKATESAN G URUSWAMI and C
AROL W ANG . Linear-algebraic list decoding for variants ofReed-Solomon codes . IEEE Trans. Inform. Theory, 59(6):3257–3268, 2013. (Preliminary ver-sion in , 2011 and , 2011). eccc:2012/TR12-073 . (Referenced on pages 4, 5, 6, 7, 8, 9, and 10.) [KK17] J OHN
Y. K IM and S WASTIK K OPPARTY . Decoding Reed-Muller codes over product sets . TheoryComput., 13(1):1–38, 2017. (Preliminary version in , 2016). arXiv:1511.07488 . (Referenced on pages 2, 4, 5, and 6.) [Kop14] S WASTIK K OPPARTY . Some remarks on multiplicity codes . In A
LEXANDER B ARG and O
LEG
R.M
USIN , eds.,
Discrete Geometry and Algebraic Combinatorics , volume 625 of
Contemporary Mathe-matics , pages 155–176. AMS, 2014. arXiv:1505.07547 . (Referenced on page 6.) [Kop15] ———. List-decoding multiplicity codes . Theory of Computing, 11:149–182, 2015. eccc:2012/TR12-044 . (Referenced on pages 4, 5, 6, 7, 8, 10, and 30.) [KRSW18] S WASTIK K OPPARTY , N
OGA R ON -Z EWI , S
HUBHANGI S ARAF , and M
ARY W OOTTERS . Improveddecoding of Folded Reed-Solomon and Multiplicity codes . In
Proc. th IEEE Symp. on Foundations ofComp. Science (FOCS) , pages 212–223. 2018. arXiv:1805.01498 , eccc:2018/TR18-091 . (Referenced on pages 5, 11, 25, and 26.) KSY14] S
WASTIK K OPPARTY , S
HUBHANGI S ARAF , and S
ERGEY Y EKHANIN . High-rate codes with sub-linear-time decoding . J. ACM, 61(5):28:1–28:20, 2014. (Preliminary version in , 2011). eccc:2010/TR10-148 . (Referenced on pages 4 and 30.) [LN96] R UDOLF L IDL and H
ARALD N IEDERREITER . Finite Fields , volume 2 of
Encyclopedia of Mathemat-ics and its Applications . Cambridge University Press, 2nd edition, 1996. (Referenced on page 32.) [Nie01] R
ASMUS R EFSLUND N IELSEN . List decoding of linear block codes . Ph.D. thesis, Technical Univer-sity of Denmark, 2001. (Referenced on page 4.) [Ore22] Ø
YSTEIN O RE . Über höhere kongruenzen (German) [About higher congruences] . Norsk Mat. Foren-ings Skrifter, 1(7):15, 1922. (see [LN96, Theorem 6.13]). (Referenced on page 2.) [PW04] R
UUD P ELLIKAAN and X IN -W EN W U . List decoding of q-ary Reed-Muller codes . IEEE Trans.Inform. Theory, 50(4):679–682, 2004. (Referenced on page 7.) [RT97] M. Y U R OSENBLOOM and M
ICHAEL A NATOLÉVICH T SFASMAN . Коды для m-метрики (Rus-sian) [Codes for the m-metric] . Probl. Peredachi Inf., 33(1):55–63, 1997. (English translation in
Problems Inform. Transmission , 33(1):45–52, 1997). (Referenced on page 4.) [Sar11] S
HUBHANGI S ARAF . The method of multiplicities . Ph.D. thesis, Massachusetts Institute of Tech-nology, 2011. (Referenced on page 2.) [Sch80] J
ACOB
T. S
CHWARTZ . Fast probabilistic algorithms for verification of polynomial identities . J. ACM,27(4):701–717, October 1980. (Referenced on page 2.) [Sud97] M
ADHU S UDAN . Decoding of Reed-Solomon codes beyond the error-correction bound . J. Complexity,13(1):180–193, 1997. (Preliminary version in , 1996). (Referenced on page 4.) [Zip79] R
ICHARD Z IPPEL . Probabilistic algorithms for sparse polynomials.
In E
DWARD
W. N G , ed., Proc. In-ternational Symp. of Symbolic and Algebraic Computation (EUROSAM) , volume 72 of
LNCS , pages216–226. Springer, 1979. (Referenced on page 2.)
A Exponential number of codewords at a distance δ Let T ⊆ S be an arbitrary subset of size d / s . For a variable x , consider the polynomial f ( x ) = ∏ b ∈ T ( x − b ) s − . At every point a ∈ S k such that a ∈ T , f ( x ) vanishes with multiplicity at least32 . Moreover, the set { a ∈ S k : a ∈ T } ⊆ S k is of size exactly ds | S | k − . Thus, the encoding of everypolynomial in the set M = ( ∏ b ∈ T ( x − b ) s − : deg ( L ( x )) = T ⊆ S , | T | = d / s ) under the k -variate multiplicity code, with multiplicity parameter s agrees with the encoding ofthe polynomial 0 on at least d / ( qs ) fraction of points, i.e., the relative distance between themis ( − δ ) , where δ is the distance of the code. Moreover, the set M is of size ( qd / s ) , which issuperpolynomially growing in d . In this sense, the error tolerance of the result in Theorem 1.1 isthe best one could hope for (up to the ε > B Generalized Wronskian criterion
In this section, we give a proof of the generalized Wronskian criterion in the multivariate settingthat works over fields of finite characteristic, and using the notion of Hasse derivatives.We first state and prove a proposition which we will use to prove Theorem 6.1. Given a se-quence f , f , . . . , f w of w k -variate polynomials of individual degree at most d and a sequence e , e , . . . , e w of w monomials, let M ( e ,..., e w ) ( f , . . . , f w ) be the w × w matrix whose ( i , j ) -th entry is ¯ ∂ f j ¯ ∂ x e i . Let W ( e ,..., e w ) ( f , . . . , f w ) : = det ( M ( e ,..., e w ) ( f , . . . , f w )) : so, W ( e ,..., e w ) ( f , . . . , f w ) ∈ F [ x ] .We say that x e ′ ≤ x e if e ′ ≤ e , that is, for all i ∈ [ k ] : e ′ i ≤ e i . Let . be the degree-stratified-lexicographic-total order, which is a extension of the ≤ ordering: so, for distinct e and e ′ , we have x e ′ . x e iff k e ′ k < k e k or k e ′ k = k e k and e ′ i < e i where i is the first index where e ′ i < e i . Also,for a polynomial f ∈ F [ x ] , let e f denote its monomial of minimum degree under . if f is non-zeroand 0 otherwise. Thus, for every non-zero polynomial f of the form ∑ e α e · x e with α e ∈ F , e f is x e ∗ where x e ∗ is the least monomial among the set of monomials { x e : α e = } . For a monomial, ℓ = x e we denote k e k by | ℓ | . Proposition B.1.
1. (linear combinations) For a fixed i, let f i = α i f ′ i + ∑ j = i α j f j where α j ∈ F . ThenW ( e ,..., e w ) ( f , . . . , f w ) = α i · W ( e ,..., e w ) ( f , . . . , f i − , f ′ i , f i + , . . . , f w ) .
2. (translation) Let x + = ( x + x +
1, . . . , x k + ) . Then ( W ( e ,..., e w ) ( f ( x ) , . . . , f w ( x )))( x + ) = ( W ( e ,..., e w ) ( f ( x + ) , . . . , f w ( x + )))( x ) .33 . (minimum monomial) If W ( e ,..., e w ) ( e f , . . . , f f w ) = , then e W ( e ,..., e w ) ( f , . . . , f w ) = W ( e ,..., e w ) ( e f , . . . , f f w ) . Proof.
By linearity of Hasse derivatives we have¯ ∂ f ′ i ¯ ∂ x e = α i ¯ ∂ f i ¯ ∂ x e + ∑ j = i α j ¯ ∂ f j ¯ ∂ x e .Hence, M ( e ,..., e w ) ( f , . . . , f w ) and M ( e ,..., e w ) ( f , . . . , f i − , f ′ i , f i + , . . . , f w ) are related by column el-ementary operations. Thus, their determinants are the same modulo a multiplicative factor of α i . This proves item 1. The proof of item 2 follows from the fact that for any f ∈ F [ x ] we have ( ¯ ∂ f ¯ ∂ x e )( x + ) = ( ¯ ∂ f ( x + ) ¯ ∂ x e )( x ) . Also, item 3 follows directly by expanding out the determinant.Equipped with this proposition, we will now show that if f , . . . , f w are linearly indepen-dent over F , then there exist monomials x e , . . . , x e w such that W ( x e ,..., x e w ) ( f , . . . , f w ) = ( x e i ) < i . Proof of Theorem 6.1.
Using Proposition B.1-Item 1 we can WLOG assume that each f i has a distinctminimum monomial. We can take an appropriate linear combination of the f i s of the form f i ← f i + ∑ j = i α j f j (this preserves linear independence) to clear out a minimum monomial if it repeats.Hence, the minimal monomials e f i s are all distinct. Further, by reordering if necessary we canassume that e f i s are in increasing order according to . . Now, using Proposition B.1-Item 3, we areleft to show that there are x e , . . . , x e w such that deg ( x e i ) < i and W ( e ,..., e w ) ( e f , . . . , f f w ) =
0. Toshow this first we massage the monomials in the following manner.1. Set t ← i ∈ [ w ] let ℓ i ← e f i .2. While ( ∃ i : | ℓ ti | ≥ i ):(a) For all i let g t + i = ℓ ti ( x + ) .(b) Take appropriate linear combinations of the form g t + i ← g t + i − ∑ j < i α j · g t + j to ensurethat all e g t + i s are distinct.(c) For all i set ℓ t + i ← e g t + i . Reorder to ensure that ℓ t + i s are in increasing order wrt . .(d) t ← t + w steps and at the end we have | ℓ ti | < i for all i ∈ [ w ] . Suppose we enter the while loop at a particular value of t . Let i ∗ be the34rst index such that | ℓ ti | ≥ i . Observe that g t + i ∗ will include all monomials x e ′ such that e ′ ≤ e where ℓ ti ∗ = x e . This is because the characteristic of F is larger than the maximum individualdegree. Hence, at time t + | ℓ t + j | < j for all j ≤ i ∗ : for j < i ∗ step 2 ( b ) does notincrease the degree of g t + j and for j = i ∗ the minimal monomial e g t + i ∗ will be of degree less than i ∗ as g t + i ∗ includes a monomial of degree i ∗ − g t + j for j < i ∗ . Thus attermination, we have | ℓ ti | < i for all i ∈ [ w ] and further the ℓ ti s are all distinct monomials and inincreasing order.Also, by Proposition B.1 we have that if W e ,..., e w ( ℓ t + , . . . , ℓ t + w ) =
0, then, W e ,..., e w ( ℓ t , . . . , ℓ tw ) =
0. At termination set ℓ i = ℓ ti . Hence, we are left to show that there are x e , . . . , x e w such thatdeg ( x e i ) < i and W ( e ,..., e w ) ( ℓ , . . . , ℓ w ) =
0. Towards this end observe that the matrix M ( ℓ ,..., ℓ w ) ( ℓ , . . . , ℓ w ) is upper triangular with all the diagonal entries as 1. For contradiction suppose that i > j and ¯ ∂ ℓ i ¯ ∂ ℓ j =
0: then ℓ j > ℓ i which is a contradiction. Hence, W ( ℓ ,..., ℓ w ) ( ℓ , . . . , ℓ w ) =
1. Thus, letting x e i = ℓ i for all i ∈ [ w ] gives us the requisite monomials x e i .The other direction that if there are monomials x e , . . . , x e w such that W ( x e ,..., x e w ) ( f , . . . , f w ) = f , . . . , f w are linearly independent, is simpler. Suppose the f i s are linearly dependent and inparticular, ∑ i α i f i be a non-trivial linear combination which is zero. Due to linearity of Hassederivatives we have ( α , . . . , α w ) ∈ ker ( M ( x e ,..., x e w ) ( f , . . . , f w ))))