Constructions of locally decodable codes (LDCs) have one of two undesirable properties: low rate or high locality (polynomial in the length of the message). In settings where the encoder/decoder have already exchanged cryptographic keys and the channel is a probabilistic polynomial time (PPT) algorithm, it is possible to circumvent these barriers and design LDCs with constant rate and small locality. However, the assumption that the encoder/decoder have exchanged cryptographic keys is often prohibitive. We thus consider the problem of designing explicit and efficient LDCs in settings where the channel is slightly more constrained than the encoder/decoder with respect to some resource e.g., space or (sequential) time.Given an explicit function f that the channel cannot compute, we show how the encoder can transmit a random secret key to the local decoder using f (·) and a random oracle H(·). This allows bootstrap from the private key LDC construction of Ostrovsky, Pandey and Sahai (ICALP, 2007), thereby answering an open question posed by Guruswami and Smith (FOCS 2010) of whether such bootstrapping techniques may apply to LDCs in weaker channel models than just PPT algorithms. Specifically, in the random oracle model we show how to construct explicit constant rate LDCs with optimal locality of polylog in the security parameter against various resource constrained channels. √ log n log log n [KMRS17]. Our codes are robust against constant fraction of corruptions, and are non-adaptive i.e. all the queries made by the decoder are independent of each other, a property which may be desired when it is beneficial to submit all local decoding queries in a single batch.Our constructions stand at the intersection of coding theory and cryptography, using well-known tools and techniques from cryptography to provide notions of (information theoretic) randomness and security for communication protocols between sender/receiver. To prove the security of our constructions, we introduce a two-phase distinguisher hybrid argument, which may be of independent interest to apply to other coding theoretic problems in these resource bounded channel models.
Preliminaries
NotationWe use the notation [n] to represent the set {1, 2, . . . , n}. For any x, y ∈ Σ n , let HAM(x) denote the Hamming weight of x, i.e. the number of non-zero coordinates of x. Let HAM(x, y) = HAM(x − y) 1 Note that small alphabet sizes are attractive for practical channels designed to transmit bits efficiently. 2 In this paper we use the security parameter κ in an asymptotic sense e.g., for any attacker running in time poly(κ) there is a negligible function negl(κ) upper bounding the probability that the attacker succeeds. In particular, the function negl(κ) = 2 − log 1+ε κ) is negligible, but does not provide κ-bits of concrete security i.e., any attacker running in time t succeeds with probability at most t2 −κ .3 [OPS07] gives a construction with locality f (κ) = ω(log κ) "one-time" private LDCs, but the construction needs to be modified if we want security again...