Jun 25, 2000 - We also use polynomial reverse unfaithful random reduc- tions (RUR-reductions). Given a security parameter s, these probabilistic algorithms ...
lSlT 2000, Sorrento, Italy, June 25-30,2000
Hardness of Approximating the Minimum Distance of a Linear Code Daniele Micciancio Dept. of Computer Science and Engineering University of California a t San Diego La Jolla, CA 92093-0114,USA
Ilya Dumer’ College of Engineering University of California at Riverside Riverside, CA 92521,USA
Abstract - We show that the minimum distance d of a linear code is not approximable to within any constant factor in random polynomial time ( R P ) , unless NP’equals R P . In the process we show that it is hard to find the nearest codeword even if the number of errors exceeds d / 2 by an arbitrarily small fraction Ed.
I. INTRODUCTION Consider a linear code A[n, k,d], with generator matrix A E We study complexity of the following problems: 0 Approximate the Minimum Distance d of a linear code A; 0 Find the Nearest Codeword y for the received vector x. Vardy [5] proved that it is NP-hard to compute d ezplicitly. The (second) Nearest Codeword Problem (NCP) was proven to be NP-hard in [3]. More generally, we can consider decoding complexity given relatively low error weight. For real p, this gives the Relatively Near Codeword Problem R N d P ) : Given a generator matrix A E q X n - o f a linear code A of minimum distance d, an integer t with the promise that t < p . d, and a received word x E q ,find a codeword within distance t from x. (The algorithm may fail if the promise is violated, or if no such codeword exists.) In particular, p = 112 in the “Bounded distance decoding problem”. Till recently, not much was known about R N d P ) for constants p < CO, let alone p = 1/2. Now we show that RNC(”) is NP-hard (under random reductions) for every p > 112. This result brings us closer to an eventual (negative?) resolution of the bounded distance decoding problem. We also show that the minimum distance is hard t o approximate within any constant factor, unless N P = R P (i.e., every problem in NP has a polynomial time probabilistic algorithm that always rejects NO instances and accepts YES instances with high probability). In our work, we adapt the proofs of results for integer lattices obtained in [2] and [4], by using linear codes that surpass random codes.
Gxn.
Definition 2 (Nearest Codeword Problem) An instance of GAPNCP,,, is a triple (A, v, t ) , such that: (A, v , t ) is a YES instance if d(v,A) 5 t ; (A, v,t) is a NO instance if d(v,A) > y . t . Definition 3 (Relatively Near Codeword Problem) An instance of G A P R N C is ~ ~a triple ( A , v , t ) , such that: t < p.d(A); (A, v, t ) is a YES instance if d(v,A) 5 t ; (A, v, t ) is a NO instance if d(v,A) > y t . Our reduction uses the promise problem GAPNCP,,, that is proved t o be NP-hard [l] for every constant y 2 1. It is also hard [l] t o approximate d(v,A) t o within a factor of 210g(’-‘) for-any E > 0, unless N P C Q P (deterministic quasipolynomial time). We also use polynomial reverse unfaithful random reductions (RUR-reductions). Given a security parameter s, these probabilistic algorithms require poly( s) time t o necessarily map N o instances t o N o instances and YES instances t o YES instances with high probability 1 - q-’.
Theorem 4 For any p > 1/2, y 2 1 and any finite field lFq : GAPRNC?; is NP-hard under polynomial RUR-reductions; GAPDIST,,, is NP-hard under polynomial RUR-reductions; GAPDIST,,, is NP-hard under quasi-polynomial RURreductions f o r ~ ( n=)210g(’-‘) n . For further details, see [6]
11. APPROXIMATION PROBLEMS A promise problem is a generalization of decision problem when some strings are not required t o be either a YES or a NO instance. However, given a string with the promise that it is either a YES or N o instance, one has to decide which of the two sets it belongs to. Below we use A E v E q, and t E Z+. Also, q is a prime power, y 2 1, and p > 0.
Cxn,
Definition 1 (Minimum Distance Problem) An instance of GAPDIST,,~is a pair (A,d), such that: ( A , d) is a YES instance if d(A) 5 d; ( A , d ) is a NO instance if d(A) > y . d. ‘This work was supported by the NSF grant NCR-9703844. 2This work was supported by a Sloan Foundation Fellowship, an MIT-NEC Research Initiation Grant and NSF Career Award CCR-9875511.
0-7803-5857-O/OO/%l O.OO 0 2 0 0 0 IEEE.
Madhu Sudan2 Dept. of Electrical Engineering and Computer Science Massachusetts Institute of Technology Cambridge, MA 02139,USA
252
REFERENCES S. Arora, L. Babai, J. Stern, Z. Sweedyk, “The Hardness of Approximate Optima in Lattices, Codes, and Systems of Linear Equations”, J . of Comp. and System Sci., Vol. 54, 1997,
pp. 317-331. M. Ajtai, “The Shortest Vector Problem is NP-Hard for Randomized Reductions”, Proc. 30th Symposium on Theory of Computing, 1998, pp. 10-19. E.R. Berlekamp, R.J. McEliece, H.C.A. van Tilborg, “On the Inherent Intractability of Certain Coding Problems”, ZEEE Zhns. Inform. Theory, Vol. 24, 1978, pp. 384-386. D. Micciancio, “The Shortest Vector in a Lattice is Hard to Approximate to within Some Constant”, in Proc. 39th Symp. Foundations of Comp. Sci. 1998, pp. 92-98. A. Vardy, “The Intractability of Computing the Minimum Distance of a Code,” IEEE ’Zhns. Inform. Theory, Vol. 43, 1997, pp. 1757-1766. 1. Dumer., D. Micciancio, M. Sudan, “Hardness of approximating the minimum distance of a linear code,” ECCC Technical Report TR99-029 (available from http:\\vvv.eccc.uni-trier.de/eccc), 1999.
