## Abstract

Motivated by the quest for scalable and succinct zero knowledge arguments, we revisit worst-case-to-average-case reductions for linear spaces, raised by [Rothblum, Vadhan, Wigderson, STOC 2013]. The previous state of the art by [Ben-Sasson, Kopparty, Saraf, CCC 2018] showed that if some member of an affine space U is δ-far in relative Hamming distance from a linear code V – this is the worst-case assumption – then most elements of U are almost-δ-far from V – this is the average case. However, this result was known to hold only below the “double Johnson” function of the relative distance δV of the code V , i.e., only when δ < 1 − (1 − δV )^{1}/^{4}. First, we increase the soundness-bound to the “one-and-a-half Johnson” function of δV and show that the average distance of U from V is nearly δ for any worst-case distance δ smaller than 1 − (1 − δV )^{1}/^{3}. This bound is tight, which is somewhat surprising because the one-and-a-half Johnson function is unfamiliar in the literature on error correcting codes. To improve soundness further for Reed Solomon codes we sample outside the box. We suggest a new protocol in which the verifier samples a single point z outside the box D on which codewords are evaluated, and asks the prover for the value at z of the interpolating polynomial of a random element of U. Intuitively, the answer provided by the prover “forces” it to choose one codeword from a list of “pretenders” that are close to U. We call this technique Domain Extending for Eliminating Pretenders (DEEP). The DEEP method improves the soundness of the worst-case-to-average-case reduction for RS codes up their list decoding radius. This radius is bounded from below by the Johnson bound, implying average distance is approximately δ for all δ < 1 − (1 − δV )^{1}/^{2}. Under a plausible conjecture about the list decoding radius of Reed-Solomon codes, average distance from V is approximately δ for all δ. The DEEP technique can be generalized to all linear codes, giving improved reductions for capacity-achieving list-decodable codes. Finally, we use the DEEP technique to devise two new protocols: An Interactive Oracle Proof of Proximity (IOPP) for RS codes, called DEEP-FRI. The soundness of the protocol improves upon that of the FRI protocol of [Ben-Sasson et al., ICALP 2018] while retaining linear arithmetic proving complexity and logarithmic verifier arithmetic complexity. An Interactive Oracle Proof (IOP) for the Algebraic Linking IOP (ALI) protocol used to construct zero knowledge scalable transparent arguments of knowledge (ZK-STARKs) in [Ben-Sasson et al., eprint 2018]. The new protocol, called DEEP-ALI, improves soundness of this crucial step from a small constant < 1/8 to a constant arbitrarily close to 1.

Original language | English (US) |
---|---|

Title of host publication | 11th Innovations in Theoretical Computer Science Conference, ITCS 2020 |

Editors | Thomas Vidick |

Publisher | Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing |

ISBN (Electronic) | 9783959771344 |

DOIs | |

State | Published - Jan 2020 |

Event | 11th Innovations in Theoretical Computer Science Conference, ITCS 2020 - Seattle, United States Duration: Jan 12 2020 → Jan 14 2020 |

### Publication series

Name | Leibniz International Proceedings in Informatics, LIPIcs |
---|---|

Volume | 151 |

ISSN (Print) | 1868-8969 |

### Conference

Conference | 11th Innovations in Theoretical Computer Science Conference, ITCS 2020 |
---|---|

Country/Territory | United States |

City | Seattle |

Period | 1/12/20 → 1/14/20 |

## All Science Journal Classification (ASJC) codes

- Software

## Keywords

- Interactive oracle proofs of proximity
- Low degree testing
- STARK