List decoding

In coding theory, list decoding is an alternative to unique decoding of error-correcting codes for large error rates. The notion was proposed by Elias in the 1950s. The main idea behind list decoding is that the decoding algorithm instead of outputting a single possible message outputs a list of possibilities one of which is correct. This allows for handling a greater number of errors than that allowed by unique decoding.

The unique decoding model in coding theory, which is constrained to output a single valid codeword from the received word could not tolerate a greater fraction of errors. This resulted in a gap between the error-correction performance for stochastic noise models (proposed by Shannon) and the adversarial noise model (considered by Richard Hamming). Since the mid 90s, significant algorithmic progress by the coding theory community has bridged this gap. Much of this progress is based on a relaxed error-correction model called list decoding, wherein the decoder outputs a list of codewords for worst-case pathological error patterns where the actual transmitted codeword is included in the output list. In case of typical error patterns though, the decoder outputs a unique single codeword, given a received word, which is almost always the case (However, this is not known to be true for all codes). The improvement here is significant in that the error-correction performance doubles. This is because now the decoder is not confined by the half-the-minimum distance barrier. This model is very appealing because having a list of codewords is certainly better than just giving up. The notion of list-decoding has many interesting applications in complexity theory.

The way the channel noise is modeled plays a crucial role in that it governs the rate at which reliable communication is possible. There are two main schools of thought in modeling the channel behavior:
*Probabilistic noise model studied by Shannon in which the channel noise is modeled precisely in the sense that the probabilistic behavior of the channel is well known and the probability of occurrence of too many or too few errors is low
*Worst-case or adversarial noise model considered by Hamming in which the channel acts as an adversary that arbitrarily corrupts the codeword subject to a bound on the total number of errors.

The highlight of list-decoding is that even under adversarial noise conditions, it is possible to achieve the information-theoretic optimal trade-off between rate and fraction of errors that can be corrected. Hence, in a sense this is like improving the error-correction performance to that possible in case of a weaker, stochastic noise model.

Mathematical formulation

Let $\mathcal$ be a $(n,k,d)_q$ error-correcting code; in other words, $\mathcal$ is a code of length $n$, dimension $k$ and minimum distance $d$ over an alphabet $\Sigma$ of size $q$. The list-decoding problem can now be formulated as follows:

Input: Received word $x \in \Sigma^$, error bound $e$

Output: A list of all codewords $x_,x_,\ldots,x_ \in \mathcal$ whose hamming distance from $x$ is at most $e$.

Motivation for list decoding

Given a received word $y$, which is a noisy version of some transmitted codeword $c$, the decoder tries to output the transmitted codeword by placing its bet on a codeword that is “nearest” to the received word. The Hamming distance between two codewords is used as a metric in finding the nearest codeword, given the received word by the decoder. If $d$ is the minimum Hamming distance of a code $\mathcal$, then there exists two codewords $c_1$ and $c_2$ that differ in exactly $d$ positions. Now, in the case where the received word $y$ is equidistant from the codewords $c_1$ and $c_2$, unambiguous decoding becomes impossible as the decoder cannot decide which one of $c_1$ and $c_2$ to output as the original transmitted codeword. As a result, the half-the minimum distance acts as a combinatorial barrier beyond which unambiguous error-correction is impossible, if we only insist on unique decoding. However, received words such as $y$ considered above occur only in the worst-case and if one looks at the way Hamming balls are packed in high-dimensional space, even for error patterns $e$ beyond half-the minimum distance, there is only a single codeword $c$ within Hamming distance $e$ from the received word. This claim has been shown to hold with high probability for a random code picked from a natural ensemble and more so for the case of Reed–Solomon codes which is well studied and quite ubiquitous in the real world applications. In fact, Shannon's proof of the capacity theorem for ''q''-ary symmetric channels can be viewed in light of the above claim for random codes.

Under the mandate of list-decoding, for worst-case errors, the decoder is allowed to output a small list of codewords. With some context specific or side information, it may be possible to prune the list and recover the original transmitted codeword. Hence, in general, this seems to be a stronger error-recovery model than unique decoding.

List-decoding potential

For a polynomial-time list-decoding algorithm to exist, we need the combinatorial guarantee that any Hamming ball of radius $pn$ around a received word $r$ (where $p$ is the fraction of errors in terms of the block length $n$) has a small number of codewords. This is because the list size itself is clearly a lower bound on the running time of the algorithm. Hence, we require the list size to be a polynomial in the block length $n$ of the code. A combinatorial consequence of this requirement is that it imposes an upper bound on the rate of a code. List decoding promises to meet this upper bound. It has been shown non-constructively that codes of rate $R$ exist that can be list decoded up to a fraction of errors approaching $1-R$. The quantity $1-R$ is referred to in the literature as the list-decoding capacity. This is a substantial gain compared to the unique decoding model as we now have the potential to correct twice as many errors. Naturally, we need to have at least a fraction $R$ of the transmitted symbols to be correct in order to recover the message. This is an information-theoretic lower bound on the number of correct symbols required to perform decoding and with list decoding, we can potentially achieve this information-theoretic limit. However, to realize this potential, we need explicit codes (codes that can be constructed in polynomial time) and efficient algorithms to perform encoding and decoding.

(''p'', ''L'')-list-decodability

For any error fraction $0 \leqslant p \leqslant 1$ and an integer $L \geqslant 1$, a code $\mathcal \subseteq \Sigma^$ is said to be list decodable up to a fraction $p$ of errors with list size at most $L$ or $(p, L)$-list-decodable if for every $y \in \Sigma^$, the number of codewords $c \in C$ within Hamming distance $pn$ from $y$ is at most $L.$

Combinatorics of list decoding

The relation between list decodability of a code and other fundamental parameters such as minimum distance and rate have been fairly well studied. It has been shown that every code can be list decoded using small lists beyond half the minimum distance up to a bound called the Johnson radius. This is quite significant because it proves the existence of $(p, L)$-list-decodable codes of good rate with a list-decoding radius much larger than $\tfrac.$ In other words, the Johnson bound rules out the possibility of having a large number of codewords in a Hamming ball of radius slightly greater than $\tfrac$ which means that it is possible to correct far more errors with list decoding.

List-decoding capacity

:Theorem (List-Decoding Capacity). Let $q \geqslant 2, 0 \leqslant p \leqslant 1 - \tfrac$ and $\epsilon \geqslant 0.$ The following two statements hold for large enough block length $n$.
::i) If $R \leqslant 1 - H_q(p) - \epsilon$, then there exists a $(p, O(1 / \epsilon))$-list decodable code.
::ii) If $R \geqslant 1 - H_q(p) + \epsilon$, then every $(p, L)$-list-decodable code has $L = q^$.
:Where
::$H_q(p) = p\log_q(q - 1) - p\log_qp - (1 - p)\log_q (1 - p)$
:is the $q$-ary entropy function defined for $p \in (0,1)$ and extended by continuity to ,1

What this means is that for rates approaching the channel capacity, there exists list decodable codes with polynomial sized lists enabling efficient decoding algorithms whereas for rates exceeding the channel capacity, the list size becomes exponential which rules out the existence of efficient decoding algorithms.

The proof for list-decoding capacity is a significant one in that it exactly matches the capacity of a $q$-ary symmetric channel $qSC_$. In fact, the term "list-decoding capacity" should actually be read as the capacity of an adversarial channel under list decoding. Also, the proof for list-decoding capacity is an important result that pin points the optimal trade-off between rate of a code and the fraction of errors that can be corrected under list decoding.

Sketch of proof

The idea behind the proof is similar to that of Shannon's proof for capacity of the binary symmetric channel $BSC_p$ where a random code is picked and showing that it is $(p, L)$-list-decodable with high probability as long as the rate $R \leqslant 1 - H_q(p) - \tfrac.$ For rates exceeding the above quantity, it can be shown that the list size $L$ becomes super-polynomially large.

A "bad" event is defined as one in which, given a received word y \in n and $L+1$ messages m_0, \ldots, m_L \in k, it so happens that $\mathcal(m_i) \in B(y, pn)$, for every $0 \leqslant i \leqslant L$ where $p$ is the fraction of errors that we wish to correct and $B(y, pn)$ is the Hamming ball of radius $pn$ with the received word $y$ as the center.

Now, the probability that a codeword $\mathcal(m_i)$ associated with a fixed message m_i \in k lies in a Hamming ball $B(y, pn)$ is given by

: \Pr \left (m_i) \in B(y, pn) \right = \frac \leqslant q^,

where the quantity $Vol_q(y, pn)$ is the volume of a Hamming ball of radius $pn$ with the received word $y$ as the center. The inequality in the above relation follows from the upper bound on the volume of a Hamming ball. The quantity $q^$ gives a very good estimate on the volume of a Hamming ball of radius $p$ centered on any word in n. Put another way, the volume of a Hamming ball is translation invariant. To continue with the proof sketch, we conjure the union bound in probability theory which tells us that the probability of a bad event happening for a given $(y, m_0, \dots , m_L)$ is upper bounded by the quantity $q^$.

With the above in mind, the probability of "any" bad event happening can be shown to be less than $1$. To show this, we work our way over all possible received words y \in n and every possible subset of $L$ messages in k.

Now turning to the proof of part (ii), we need to show that there are super-polynomially many codewords around every y \in n when the rate exceeds the list-decoding capacity. We need to show that $, \mathcal \cap B(y, pn),$ is super-polynomially large if the rate $R \geqslant 1 - H_q(p) + \epsilon$. Fix a codeword $c \in \mathcal$. Now, for every y \in n picked at random, we have

: \Pr \in B(y, pn)= \Pr \in B(c, pn)/math>

since Hamming balls are translation invariant. From the definition of the volume of a Hamming ball and the fact that $y$ is chosen uniformly at random from n we also have

: \Pr \in B(y, pn)= \Pr \in B(c, pn)= \frac \geqslant q^

Let us now define an indicator variable $X_c$ such that

: $X_c = \begin 1 & c \in B(y, pn) \\ 0 & \text \end$

Taking the expectation of the volume of a Hamming ball we have

: \begin
E _c\ pt&_=_\sum___\Pr _c_=_1\\ pt&_\geqslant_\sum_q^_\\ pt&_=_\sum_q^_\\ pt&_\geqslant_q^
\end_

Therefore,_by_the_probabilistic_method,_we_have_shown_that_if_the_rate_exceeds_the_list-decoding_capacity,_then_the_list_size_becomes_super-polynomially_large._This_completes_the_proof_sketch_for_the_list-decoding_capacity.

_List-decoding_algorithms

In_the_period_from_1995_to_2007,_the_coding_theory_community__developed_progressively_more_efficient_list-decoding_algorithms._Algorithms_for__Reed–Solomon_codes_that_can_decode_up_to_the_Johnson_radius_which_is_$_1_-_\sqrt_$_exist_where_$_\delta_$_is_the_normalised_distance_or_relative_distance._However,_for_Reed-Solomon_codes,_$_\delta_=_1_-_R_$_which_means_a_fraction_$_1_-_\sqrt$_of_errors_can_be_corrected._Some_of_the_most_prominent_list-decoding_algorithms_are_the_following:

*_Sudan_'95_–_The_first_known_non-trivial_list-decoding_algorithm_for_Reed–Solomon_codes_that_achieved_efficient_list_decoding_up_to_$_1_-_\sqrt_$_errors_developed_by_Madhu_Sudan.
*_ Guruswami–Sudan_'98_–_An_improvement_on_the_above_algorithm_for_list_decoding_Reed–Solomon_codes_up_to_$1_-_\sqrt$_errors_by_Madhu_Sudan_and_his_then_doctoral_student_Venkatesan_Guruswami.
*_Parvaresh–Vardy_'05_–_In_a_breakthrough_paper,_Farzad_Parvaresh_and_Alexander_Vardy_presented_codes_that_can_be_list_decoded_beyond_the_$1_-_\sqrt{R}$_radius_for_low_rates_$R$._Their_codes_are_variants_of_Reed-Solomon_codes_which_are_obtained_by_evaluating_$m_\geqslant_1$_correlated_polynomials_instead_of_just_$1$_as_in_the_case_of_usual_Reed-Solomon_codes.
*_Guruswami–Rudra_'06_-_In_yet_another_breakthrough,_Venkatesan_Guruswami_an
Atri_Rudra
give_explicit_codes_that_achieve_list-decoding_capacity,_that_is,_they_can_be_list_decoded_up_to_the_radius_$1-R-\epsilon$_for_any_$\epsilon>0$._In_other_words,_this_is_error-correction_with_optimal_redundancy._This_answered_a_question_that_had_been_open_for_about_50_years._This_work_has_been_invited_to_the_Research_Highlights_section_of_the_Communications_of_the_ACM_(which_is_“devoted_to_the_most_important_research_results_published_in_Computer_Science_in_recent_years”)_and_was_mentioned_in_an_article_titled_“Coding_and_Computing_Join_Forces”_in_the_Sep_21,_2007_issue_of_the_Science_magazine._The_codes_that_they_are_given_are_called_ folded_Reed-Solomon_codes_which_are_nothing_but_plain_Reed-Solomon_codes_but_viewed_as_a_code_over_a_larger_alphabet_by_careful_bundling_of_codeword_symbols.

Because_of_their_ubiquity_and_the_nice_algebraic_properties_they_possess,_list-decoding_algorithms_for_Reed–Solomon_codes_were_a_main_focus_of_researchers._The_list-decoding_problem_for_Reed–Solomon_codes_can_be_formulated_as_follows:

Input:_For_an__ ,_k_+_1q__Reed-Solomon_code,_we_are_given_the_pair_$_(\alpha_i,_y_i)_$_for_$_1_\leq_i_\leq_n_$,_where_$_y_i_$_is_the_$i$th_bit_of_the_received_word_and_the_$\alpha_i_$'s_are_distinct_points_in_the_finite_field_$_F_q_$_and_an_error_parameter_$_e_=_n_-_t_$.

Output:_The_goal_is_to_find_all_the_polynomials__P(X)_\in_F_q _of_degree_at_most_$_k_$_which_is_the_message_length_such_that_$_p(\alpha_i)_=_y_i$_for_at_least_$_t_$_values_of_$_i_$._Here,_we_would_like_to_have_$_t_$_as_small_as_possible_so_that_greater_number_of_errors_can_be_tolerated.

With_the_above_formulation,_the_general_structure_of_list-decoding_algorithms_for_Reed-Solomon_codes_is_as_follows:

Step_1:_(Interpolation)_Find_a_non-zero_bivariate_polynomial_$Q(X,Y)$_such_that_$_Q(\alpha_i,_y_i)_=_0_$_for_$_1_\leq_i_\leq_n_$.

Step_2:_(Root_finding/Factorization)_Output_all_degree_$_k_$_polynomials_$_p(X)_$_such_that_$_Y_-_p(X)_$_is_a_factor_of_$Q(X,Y)$_i.e._$Q(X,p(X))_=_0$._For_each_of_these_polynomials,_check_if_$_p(\alpha_i)_=_y_i_$_for_at_least_$_t_$_values_of__i_\in_ ._If_so,_include_such_a_polynomial_$_p(X)_$_in_the_output_list.

Given_the_fact_that_bivariate_polynomials_can_be_factored_efficiently,_the_above_algorithm_runs_in_polynomial_time.

_Applications_in_complexity_theory_and_cryptography

Algorithms_developed_for_list_decoding_of_several_interesting_code_families_have_found_interesting_applications_in_computational_complexity__and_the_field_of_cryptography._Following_is_a_sample_list_of_applications_outside_of_coding_theory:

*_Construction_of_ hard-core_predicates_from_ one-way_permutations.
*_Predicting_witnesses_for_NP-search_problems.
*_Amplifying_hardness_of_Boolean_functions.
*_Average_case_hardness_of_permanent_of_random_matrices.
*_ Extractors_and_Pseudorandom_generators.
*_Efficient_traitor_tracing.

_External_links

A_Survey_on_list_decoding
by_Madhu_Sudan
Notes_from_a_course
taught_by_Madhu_Sudan
Notes_from_a_course
taught_by_Luca_Trevisan
Notes_from_a_course
taught_by_Venkatesan_Guruswami
Notes_from_a_course
taught_by_Atri_Rudra
*_P._Elias,_"List_decoding_for_noisy_channels,"_Technical_Report_335,_Research_Laboratory_of_Electronics,_MIT,_1957.
*_P._Elias,_"Error-correcting_codes_for_list_decoding,"_IEEE_Transactions_on_Information_Theory,_vol._37,_pp. 5–12,_1991.
*_J._M._Wozencraft,_"List_decoding,"_Quarterly_Progress_Report,_Research_Laboratory_of_Electronics,_MIT,_vol._48,_pp. 90–95,_1958.
*Venkatesan_Guruswami'
PhD_thesisAlgorithmic_Results_in_List_Decoding
*_Folded_Reed–Solomon_code

Coding_theory
Error_detection_and_correction
Computational_complexity_theoryhtml" ;"title="B(y, pn), ] & = \sum_ E _c\ pt& = \sum_ \Pr _c = 1\\ pt& \geqslant \sum q^ \\ pt& = \sum q^ \\ pt& \geqslant q^
\end

Therefore, by the probabilistic method, we have shown that if the rate exceeds the list-decoding capacity, then the list size becomes super-polynomially large. This completes the proof sketch for the list-decoding capacity.

List-decoding algorithms

In the period from 1995 to 2007, the coding theory community developed progressively more efficient list-decoding algorithms. Algorithms for Reed–Solomon codes that can decode up to the Johnson radius which is $1 - \sqrt$ exist where $\delta$ is the normalised distance or relative distance. However, for Reed-Solomon codes, $\delta = 1 - R$ which means a fraction $1 - \sqrt$ of errors can be corrected. Some of the most prominent list-decoding algorithms are the following:

* Sudan '95 – The first known non-trivial list-decoding algorithm for Reed–Solomon codes that achieved efficient list decoding up to $1 - \sqrt$ errors developed by Madhu Sudan.
* Guruswami–Sudan '98 – An improvement on the above algorithm for list decoding Reed–Solomon codes up to $1 - \sqrt$ errors by Madhu Sudan and his then doctoral student Venkatesan Guruswami.
* Parvaresh–Vardy '05 – In a breakthrough paper, Farzad Parvaresh and Alexander Vardy presented codes that can be list decoded beyond the $1 - \sqrt{R}$ radius for low rates $R$. Their codes are variants of Reed-Solomon codes which are obtained by evaluating $m \geqslant 1$ correlated polynomials instead of just $1$ as in the case of usual Reed-Solomon codes.
* Guruswami–Rudra '06 - In yet another breakthrough, Venkatesan Guruswami an
Atri Rudra
give explicit codes that achieve list-decoding capacity, that is, they can be list decoded up to the radius $1-R-\epsilon$ for any $\epsilon>0$. In other words, this is error-correction with optimal redundancy. This answered a question that had been open for about 50 years. This work has been invited to the Research Highlights section of the Communications of the ACM (which is “devoted to the most important research results published in Computer Science in recent years”) and was mentioned in an article titled “Coding and Computing Join Forces” in the Sep 21, 2007 issue of the Science magazine. The codes that they are given are called folded Reed-Solomon codes which are nothing but plain Reed-Solomon codes but viewed as a code over a larger alphabet by careful bundling of codeword symbols.

Because of their ubiquity and the nice algebraic properties they possess, list-decoding algorithms for Reed–Solomon codes were a main focus of researchers. The list-decoding problem for Reed–Solomon codes can be formulated as follows:

Input: For an , k + 1q Reed-Solomon code, we are given the pair $(\alpha_i, y_i)$ for $1 \leq i \leq n$, where $y_i$ is the $i$th bit of the received word and the $\alpha_i$'s are distinct points in the finite field $F_q$ and an error parameter $e = n - t$.

Output: The goal is to find all the polynomials P(X) \in F_q of degree at most $k$ which is the message length such that $p(\alpha_i) = y_i$ for at least $t$ values of $i$. Here, we would like to have $t$ as small as possible so that greater number of errors can be tolerated.

With the above formulation, the general structure of list-decoding algorithms for Reed-Solomon codes is as follows:

Step 1: (Interpolation) Find a non-zero bivariate polynomial $Q(X,Y)$ such that $Q(\alpha_i, y_i) = 0$ for $1 \leq i \leq n$.

Step 2: (Root finding/Factorization) Output all degree $k$ polynomials $p(X)$ such that $Y - p(X)$ is a factor of $Q(X,Y)$ i.e. $Q(X,p(X)) = 0$. For each of these polynomials, check if $p(\alpha_i) = y_i$ for at least $t$ values of i \in . If so, include such a polynomial $p(X)$ in the output list.

Given the fact that bivariate polynomials can be factored efficiently, the above algorithm runs in polynomial time.

Applications in complexity theory and cryptography

Algorithms developed for list decoding of several interesting code families have found interesting applications in computational complexity and the field of cryptography. Following is a sample list of applications outside of coding theory:

* Construction of hard-core predicates from one-way permutations.
* Predicting witnesses for NP-search problems.
* Amplifying hardness of Boolean functions.
* Average case hardness of permanent of random matrices.
* Extractors and Pseudorandom generators.
* Efficient traitor tracing.

External links

A Survey on list decoding
by Madhu Sudan
Notes from a course
taught by Madhu Sudan
Notes from a course
taught by Luca Trevisan
Notes from a course
taught by Venkatesan Guruswami
Notes from a course
taught by Atri Rudra
* P. Elias, "List decoding for noisy channels," Technical Report 335, Research Laboratory of Electronics, MIT, 1957.
* P. Elias, "Error-correcting codes for list decoding," IEEE Transactions on Information Theory, vol. 37, pp. 5–12, 1991.
* J. M. Wozencraft, "List decoding," Quarterly Progress Report, Research Laboratory of Electronics, MIT, vol. 48, pp. 90–95, 1958.
*Venkatesan Guruswami'
PhD thesisAlgorithmic Results in List Decoding
* Folded Reed–Solomon code

Coding theory
Error detection and correction
Computational complexity theory>B(y, pn), & = \sum_ E _c\ pt& = \sum_ \Pr _c = 1\\ pt& \geqslant \sum q^ \\ pt& = \sum q^ \\ pt& \geqslant q^
\end

Therefore, by the probabilistic method, we have shown that if the rate exceeds the list-decoding capacity, then the list size becomes super-polynomially large. This completes the proof sketch for the list-decoding capacity.

List-decoding algorithms

In the period from 1995 to 2007, the coding theory community developed progressively more efficient list-decoding algorithms. Algorithms for Reed–Solomon codes that can decode up to the Johnson radius which is $1 - \sqrt$ exist where $\delta$ is the normalised distance or relative distance. However, for Reed-Solomon codes, $\delta = 1 - R$ which means a fraction $1 - \sqrt$ of errors can be corrected. Some of the most prominent list-decoding algorithms are the following:

* Sudan '95 – The first known non-trivial list-decoding algorithm for Reed–Solomon codes that achieved efficient list decoding up to $1 - \sqrt$ errors developed by Madhu Sudan.
* Guruswami–Sudan '98 – An improvement on the above algorithm for list decoding Reed–Solomon codes up to $1 - \sqrt$ errors by Madhu Sudan and his then doctoral student Venkatesan Guruswami.
* Parvaresh–Vardy '05 – In a breakthrough paper, Farzad Parvaresh and Alexander Vardy presented codes that can be list decoded beyond the $1 - \sqrt{R}$ radius for low rates $R$. Their codes are variants of Reed-Solomon codes which are obtained by evaluating $m \geqslant 1$ correlated polynomials instead of just $1$ as in the case of usual Reed-Solomon codes.
* Guruswami–Rudra '06 - In yet another breakthrough, Venkatesan Guruswami an
Atri Rudra
give explicit codes that achieve list-decoding capacity, that is, they can be list decoded up to the radius $1-R-\epsilon$ for any $\epsilon>0$. In other words, this is error-correction with optimal redundancy. This answered a question that had been open for about 50 years. This work has been invited to the Research Highlights section of the Communications of the ACM (which is “devoted to the most important research results published in Computer Science in recent years”) and was mentioned in an article titled “Coding and Computing Join Forces” in the Sep 21, 2007 issue of the Science magazine. The codes that they are given are called folded Reed-Solomon codes which are nothing but plain Reed-Solomon codes but viewed as a code over a larger alphabet by careful bundling of codeword symbols.

Because of their ubiquity and the nice algebraic properties they possess, list-decoding algorithms for Reed–Solomon codes were a main focus of researchers. The list-decoding problem for Reed–Solomon codes can be formulated as follows:

Input: For an , k + 1q Reed-Solomon code, we are given the pair $(\alpha_i, y_i)$ for $1 \leq i \leq n$, where $y_i$ is the $i$th bit of the received word and the $\alpha_i$'s are distinct points in the finite field $F_q$ and an error parameter $e = n - t$.

Output: The goal is to find all the polynomials P(X) \in F_q of degree at most $k$ which is the message length such that $p(\alpha_i) = y_i$ for at least $t$ values of $i$. Here, we would like to have $t$ as small as possible so that greater number of errors can be tolerated.

With the above formulation, the general structure of list-decoding algorithms for Reed-Solomon codes is as follows:

Step 1: (Interpolation) Find a non-zero bivariate polynomial $Q(X,Y)$ such that $Q(\alpha_i, y_i) = 0$ for $1 \leq i \leq n$.

Step 2: (Root finding/Factorization) Output all degree $k$ polynomials $p(X)$ such that $Y - p(X)$ is a factor of $Q(X,Y)$ i.e. $Q(X,p(X)) = 0$. For each of these polynomials, check if $p(\alpha_i) = y_i$ for at least $t$ values of i \in . If so, include such a polynomial $p(X)$ in the output list.

Given the fact that bivariate polynomials can be factored efficiently, the above algorithm runs in polynomial time.

Applications in complexity theory and cryptography

Algorithms developed for list decoding of several interesting code families have found interesting applications in computational complexity and the field of cryptography. Following is a sample list of applications outside of coding theory:

* Construction of hard-core predicates from one-way permutations.
* Predicting witnesses for NP-search problems.
* Amplifying hardness of Boolean functions.
* Average case hardness of permanent of random matrices.
* Extractors and Pseudorandom generators.
* Efficient traitor tracing.

External links

A Survey on list decoding
by Madhu Sudan
Notes from a course
taught by Madhu Sudan
Notes from a course
taught by Luca Trevisan
Notes from a course
taught by Venkatesan Guruswami
Notes from a course
taught by Atri Rudra
* P. Elias, "List decoding for noisy channels," Technical Report 335, Research Laboratory of Electronics, MIT, 1957.
* P. Elias, "Error-correcting codes for list decoding," IEEE Transactions on Information Theory, vol. 37, pp. 5–12, 1991.
* J. M. Wozencraft, "List decoding," Quarterly Progress Report, Research Laboratory of Electronics, MIT, vol. 48, pp. 90–95, 1958.
*Venkatesan Guruswami'
PhD thesisAlgorithmic Results in List Decoding
* Folded Reed–Solomon code

Coding theory
Error detection and correction
Computational complexity theory