Locally Decodable Codes From Nice Subsets of Finite Fields and Prime Factors of Mersenne Numbers
A -query Locally Decodable Code (LDC) encodes an -bit message as an -bit codeword such that one can probabilistically recover any bit of the message by querying only bits of the codeword , even after some constant fraction of codeword bits has been corrupted. The major goal of LDC related research is to establish the optimal trade-off between length and query complexity of such codes.
Recently  introduced a novel technique for constructing locally decodable codes and vastly improved the upper bounds for code length. The technique is based on Mersenne primes. In this paper we extend the work of  and argue that further progress via these methods is tied to progress on an old number theory question regarding the size of the largest prime factors of Mersenne numbers.
Specifically, we show that every Mersenne number that has a prime factor yields a family of -query locally decodable codes of length Conversely, if for some fixed and all one can use the technique of  to obtain a family of -query LDCs of length then infinitely many Mersenne numbers have prime factors larger than known currently.
Classical error-correcting codes allow one to encode an -bit string into in -bit codeword in such a way that can still be recovered even if gets corrupted in a number of coordinates. It is well-known that codewords of length already suffice to correct errors in up to locations of for any constant The disadvantage of classical error-correction is that one needs to consider all or most of the (corrupted) codeword to recover anything about Now suppose that one is only interested in recovering one or a few bits of In such case more efficient schemes are possible. Such schemes are known as locally decodable codes (LDCs). Locally decodable codes allow reconstruction of an arbitrary bit from looking only at randomly chosen coordinates of where can be as small as Locally decodable codes have numerous applications in complexity theory [15, 29], cryptography [6, 11] and the theory of fault tolerant computation . Below is a slightly informal definition of LDCs:
A -locally decodable code encodes -bit strings to -bit codewords such that for every the bit can be recovered with probability by a randomized decoding procedure that makes only queries, even if the codeword is corrupted in up to locations.
One should think of and as constants. The main parameters of interest in LDCs are the length and the query complexity Ideally we would like to have both of them as small as possible. The concept of locally decodable codes was explicitly discussed in various papers in the early 1990s [2, 28, 21]. Katz and Trevisan  were the first to provide a formal definition of LDCs. Further work on locally decodable codes includes [3, 8, 20, 4, 16, 30, 34, 33, 14, 23].
Below is a brief summary of what was known regarding the length of
LDCs prior to . The length of optimal -query LDCs
was settled by Kerenidis and de Wolf in  and is
The recent work  improved the upper bounds to the extent that it changed the common perception of what may be achievable [12, 11].  introduced a novel technique to construct codes from so-called nice subsets of finite fields and showed that every Mersenne prime yields a family of -query LDCs of length Based on the largest known Mersenne prime , this translates to a length of less than Combined with the recursive construction from , this result yields vast improvements for all values of It has often been conjectured that the number of Mersenne primes is infinite. If indeed this conjecture holds,  gets three query locally decodable codes of length for infinitely many Finally, assuming that the conjecture of Lenstra, Pomerance and Wagstaff [31, 22, 32] regarding the density of Mersenne primes holds,  gets three query locally decodable codes of length for all for every
1.1 Our results
In this paper we address two natural questions left open by :
We extend the work of  and answer both of the questions above. In what follows let denote the largest prime factor of We show that one does not necessarily need to use Mersenne primes. It suffices to have Mersenne numbers with polynomially large prime factors. Specifically, every Mersenne number such that yields a family of -query locally decodable codes of length A partial converse also holds. Namely, if for some fixed and all one can use the technique of  to (unconditionally) obtain a family of -query LDCs of length then for infinitely many we have
The bound (1) may seem quite weak in light of the widely accepted conjecture saying that the number of Mersenne primes is infinite. However (for any ) this bound is substantially stronger than what is currently known unconditionally. Lower bounds for have received a considerable amount of attention in the number theory literature [25, 26, 10, 27, 19, 18]. The strongest result to date is due to Stewart . It says that for all integers ignoring a set of asymptotic density zero, and for all functions where tends to zero monotonically and arbitrarily slowly:
There are no better bounds known to hold for infinitely many values of unless one is willing to accept some number theoretic conjectures [19, 18]. We hope that our work will further stimulate the interest in proving lower bounds for in the number theory community.
In summary, we show that one may be able to improve the unconditional bounds of  (say, by discovering a new Mersenne number with a very large prime factor) using the same technique. However any attempts to reach the length for some fixed query complexity and all require either progress on an old number theory problem or some radically new ideas.
In section 3 we introduce the key concepts of , namely that of combinatorial and algebraic niceness of subsets of finite fields. We also briefly review the construction of locally decodable codes from nice subsets. In section 4 we show how Mersenne numbers with large prime factors yield nice subsets of prime fields. In section 5 we prove a partial converse. Namely, we show that every finite field containing a sufficiently nice subset, is an extension of a prime field where is a large prime factor of a large Mersenne number. Our main results are summarized in sections 4.3 and 5.4.
We use the following standard mathematical notation:
denotes integers modulo
is a finite field of elements;
denotes the Hamming distance between binary vectors and
stands for the dot product of vectors and
For a linear space denotes the dual space. That is,
For an odd prime denotes the smallest integer such that
3 Nice subsets of finite fields and locally decodable codes
In this section we introduce the key technical concepts of , namely that of combinatorial and algebraic niceness of subsets of finite fields. We briefly review the construction of locally decodable codes from nice subsets. Our review is concise although self-contained. We refer the reader interested in a more detailed and intuitive treatment of the construction to the original paper . We start by formally defining locally decodable codes.
A binary code is said to be -locally decodable if there exists a randomized decoding algorithm such that
For all and such that Pr where the probability is taken over the random coin tosses of the algorithm
makes at most queries to
We now introduce the concepts of combinatorial and algebraic niceness of subsets of finite fields. Our definitions are syntactically slightly different from the original definitions in . We prefer these formulations since they are more appropriate for the purposes of the current paper. In what follows let denote the multiplicative group of
A set is called combinatorially nice if for some constant and every positive integer there exist two -sized collections of vectors and in such that
For all such that
A set is called algebraically nice if is odd and there exists an odd and two sets such that
is not empty;
For all and
The following lemma shows that for an algebraically nice set the set can always be chosen to be large. It is a straightforward generalization of [34, lemma 15].
Let be a algebraically nice set. Let be sets from the definition of algebraic niceness of One can always redefine the set to satisfy
Proof: Let be the linear subspace of spanned by the incidence vectors of the sets for and Observe that is invariant under the actions of a -transitive permutation group (permuting the coordinates in accordance with addition in ). This implies that the space is also invariant under the actions of the same group. Note that has positive dimension since it contains the incidence vector of the set The last two observations imply that has full support, i.e., for every there exists a vector such that It is easy to verify that any linear subspace of that has full support contains a vector of Hamming weight at least Let be such a vector. Redefining the set to be the set of nonzero coordinates of we conclude the proof.
We now proceed to the core proposition of  that shows how sets exhibiting both combinatorial and algebraic niceness yield locally decodable codes.
Suppose is combinatorially nice and algebraically nice; then for every positive integer there exists a code of length that is locally decodable for all
Proof: Our proof comes in three steps. We specify encoding and local decoding procedures for our codes and then argue the lower bound for the probability of correct decoding. We use the notation from definitions 2 and 3.
Encoding: We assume that our message has length for some value of (Otherwise we pad the message with zeros. It is easy to see that such padding does not not affect the asymptotic length of the code.) Our code will be linear. Therefore it suffices to specify the encoding of unit vectors where has length and a unique non-zero coordinate We define the encoding of to be a long vector, whose coordinates are labelled by elements of For all we set:
It is straightforward to verify that we defined a code encoding bits to bits.
Local decoding: Given a (possibly corrupted) codeword and an index the decoding algorithm picks such that uniformly at random, reads coordinates of and outputs the sum:
Probability of correct decoding: First we argue that decoding is always correct if picks such that all bits of in locations are not corrupted. We need to show that for all and such that :
where if and zero otherwise. Now note that
Now assume that up to fraction of bits of are corrupted. Let denote the set of coordinates whose labels belong to Recall that by lemma 4, Thus at most fraction of coordinates in contain corrupted bits. Let be the family of -tuples of coordinates that may be queried by implies that elements of uniformly cover the set Combining the last two observations we conclude that with probability at least picks an uncorrupted -tuple and outputs the correct value of
All locally decodable codes constructed in this paper are obtained by applying proposition 5 to certain nice sets. Thus all our codes have the same dependence of (the probability of the decoding error) on (the fraction of corrupted bits). In what follows we often ignore these parameters and consider only the length and query complexity of codes.
4 Mersenne numbers with large prime factors yield nice subsets of prime fields
In what follows let denote the multiplicative subgroup of generated by In  it is shown that for every Mersenne prime the set is simultaneously algebraically nice and combinatorially nice. In this section we prove the same conclusion for a substantially broader class of primes.
Suppose is an odd prime; then is combinatorially nice.
Proof: Let Clearly, divides We need to specify a constant such that for every positive integer there exist two -sized collections of long vectors over satisfying:
For all such that
First assume that has the shape for some integer In this case [34, lemma 13] gives us a collection of vectors with the right properties. Observe that for a constant that depends only on and Now assume does not have the right shape, and let be the largest integer smaller than that does have it. In order to get vectors of length we use vectors of length coming from [34, lemma 13] padded with zeros. It is not hard to verify such a construction still gives us large families of vectors for a suitably chosen constant
We use the standard notation to denote the algebraic closure of the field Also let denote the multiplicative subgroup of -th roots of unity in . The next lemma generalizes [34, lemma 14].
Let be a prime and be odd. Suppose there exist such that
then is algebraically nice.
Proof: In what follows we define the set and prove the existence of a set such that that together and yield algebraic niceness of Identity 8 implies that there exists an odd integer and distinct -th roots of unity such that
Let Observe that Let be a generator of Identity (9) yields for some distinct values of Set
Consider a natural one to one correspondence between subsets of and polynomials in the ring It is easy to see that for all sets and all such that
Let be a variable ranging over and be a variable ranging over We are going to argue the existence of a set that has even intersections with all sets of the form by showing that all polynomials belong to a certain linear space of dimension less than In this case any nonempty set such that can be used as the set Let Note that since is a common root of and Let be the space of polynomials in that are multiples of Clearly, Fix some and Let us prove that is in
The last identity above follows from the fact that for any and any integer
In what follows we present sufficient conditions for the existence of -tuples of -th roots of unity in that sum to zero. We treat the case separately since in that case we can use a specialized argument to derive a more explicit conclusion.
4.1 A sufficient condition for the existence of three -th roots of unity summing to zero
Let be an odd prime. Suppose then there exist three -th roots of unity in that sum to zero.
Proof: We start with a brief review of some basic concepts of projective algebraic geometry. Let be a field, and be a homogeneous polynomial. A triple is called a zero of if A zero is called nontrivial if it is different from the origin. An equation defines a projective plane curve . Nontrivial zeros of considered up to multiplication by a scalars are called -rational points of If is a finite field it makes sense to talk about the number of -rational points on a curve.
Let Note that Consider a projective plane Fermat curve defined by
Let us call a point on trivial if one of the coordinates of is zero. Cyclicity of implies that contains exactly trivial -rational points. Note that every nontrivial point of yields a triple of elements of that sum to zero. The classical Weil bound [17, p. 330] provides an estimate
for the number of -rational points on an arbitrary smooth projective plane curve of degree (11) implies that in case
and (13) follows from
Now note that the first inequality above follows from and the second follows from
Note that the constant in lemma 8 cannot be improved to 2: there are no three elements of that sum to zero, even though
4.2 A sufficient condition for the existence of -th roots of unity summing to zero
Our argument in this section comes in three steps. First we briefly review the notion of (additive) Fourier coefficients of subsets of Next, we invoke a folklore argument to show that subsets of with appropriately small nontrivial Fourier coefficients contain -tuples of elements that sum to zero. Finally, we use a recent result of Bourgain and Chang  (generalizing the classical estimate for Gauss sums) to argue that (under certain constraints on ) all nontrivial Fourier coefficients of are small.
For let denote the trace of It is not hard to verify that for all Characters of are homomorphisms from the additive group of into the multiplicative group There exist characters. We denote characters by where ranges in and set Let denote the incidence function of a set For arbitrary the Fourier coefficient is defined by where the sum is over all Fourier coefficient is called trivial, and other Fourier coefficients are called nontrivial. In what follows stands for summation over all characters of We need the following two standard properties of characters and Fourier coefficients.
The following lemma is a folklore.
Let and be a positive integer. Let be the largest absolute value of a nontrivial Fourier coefficient of Suppose
then there exist elements of that sum to zero.
The following lemma is a special case of [5, theorem 1].
Assume that and satisfies the condition
where is arbitrary and fixed. Then for all
where and are absolute constants.
Below is the main result of this section. Recall that denotes the set of -th roots of unity in
For every there exists an odd integer such that the following implication holds. If is an odd prime and then some elements of sum to zero.
Proof: Note that if there exist elements of a set that sum to zero, where is odd; then there exist elements of that sum to zero for every odd Also note that the sum of all -th roots of unity is zero. Therefore given it suffices to prove the existence of an odd that works for all sufficiently large Let Observe that Assume is sufficiently large so that Next we show that the precondition of lemma 10 holds for and Let and Clearly Therefore
where the inequality follows from Clearly, yields Multiplying the right hand side of (21) by and using we get
Observe that takes every value in exactly times when ranges over Thus (23) implies
where denotes that largest nontrivial Fourier coefficient of (24) yields Pick to be the smallest odd integer such that We now have
for all sufficiently large values of Combining with (25) we get
and the application of lemma 9 concludes the proof.
In this section we summarize our positive results and show that one does not necessarily need to use Mersenne primes to construct locally decodable codes via the methods of . It suffices to have Mersenne numbers with polynomially large prime factors. Recall that denotes the largest prime factor of an integer Our first theorem gets -query LDCs from Mersenne numbers with prime factors larger than
Suppose then for every message length there exists a three query locally decodable code of length
Suppose for infinitely many we have then for every there exists a family of three query locally decodable codes of length
The next theorem gets constant query LDCs from Mersenne numbers with prime factors larger than for every value of
For every there exists an odd integer such that the following implication holds. Suppose then for every message length there exists a query locally decodable code of length
As an immediate corollary we get:
Suppose for some and infinitely many we have then there is a fixed such that for every there exists a family of query locally decodable codes of length
5 Nice subsets of finite fields yield Mersenne numbers with large prime factors
We say that a sequence of subsets of finite fields is -nice if every is algebraically nice and combinatorially nice, for some integer valued monotonically increasing function
The core proposition 5 asserts that a subset that is algebraically nice and combinatorially nice yields a family of -query locally decodable codes of length Clearly, to get -query LDCs of length for some fixed and every via this proposition, one needs to exhibit a -nice sequence. In this section we show how the existence of a -nice sequence implies that infinitely many Mersenne numbers have large prime factors. Our argument proceeds in two steps. First we show that a -nice sequence yields an infinite sequence of primes where every contains a -tuple of elements summing to zero. Next we show that contains a short additive dependence only if is a large factor of a Mersenne number.
5.1 A nice sequence yields infinitely many primes with short dependencies between -th roots of unity
We start with some notation. Consider a a finite field where is prime. Fix a basis of over In what follows we often write to denote Let denote the ring Consider a natural one to one correspondence between subsets of and polynomials
It is easy to see that for all sets and all
Let be a family of subsets of It is straightforward to verify that a set has even intersections with every element of if and only if belongs to where is the linear subspace of spanned by Combining the last observation with formula (26) we conclude that a set is algebraically nice if and only if there exists a set of odd size such that the ideal generated by polynomials is a proper ideal of Note that polynomials generate a proper ideal if an only if polynomials generate a proper ideal in Also note that a family of polynomials generates a proper ideal in if and only if it generates a proper ideal in Now an application of Hilbert’s Nullstellensatz [7, p. 168] implies that a set is algebraically nice if and only if there is a set of odd size such that the polynomials and have a common root in
Let where is prime. Suppose contains a nonempty algebraically nice subset; then there exist such that
Proof: Assume is nonempty and algebraically nice. The discussion above implies that there exists of odd size such that all polynomials vanish at some Fix an arbitrary and note that is closed under multiplication. Thus,