Let F:A→ B be a function over a finite domain A.
Assume A has the property that, for any U∈ A, if R is a random element of A, then U+R is also a random element in A.
DEFN: F is linear if, for every pair U,W ∈ A,
DEFN: F is approximately linear if, for a random pair U,W ∈ A,
That is, for a random pair of points U and W, the "pairwise linearity test" F(U)+F(W) = F(U + W) holds with high probability.
SELF-CHECK ALGORITHM:
LEMMA: If F is linear, the SELF-CHECK algorithm outputs "pass". If F is not approximately linear, the SELF-CHECK algorithm outputs "fail" with probability
at least 50%.
PROOF: The first claim is clear. If F is not approximately linear, the probability that the 8 random pairs satisfy the pairwise linearity test
is at most (1-91/100)8 ≤ 1/2.
QED
Note that the SELF-CHECK algorithm checks F at only 24 places.
DEFN: F encodes a function G if, for all W∈ A, a random R∈ A satisfies
LEMMA:If F encodes a function G, then G is linear.
PROOF:
Fix any U,W ∈ A. We will show that G(U+W) = G(U)+G(W).
It suffices if, for some R,
LEMMA: If F is approximately linear, then F encodes exactly one function G.
PROOF SKETCH:
Fix any W∈ A. Let R and S be random elements in A. Then
SELF-CORRECT ALGORITHM(F,U):
LEMMA: If F is approximately linear, then, for any W∈ A, with probability at least 9/10, SELF-CORRECT(F,W) outputs G(W), where G is the linear function encoded by F.
PROOF:
That there is a unique linear function encoded by F follows from the lemmas above.
That F(U+R)-F(R) = G(W) with probability at least 9/10 follows also from the lemmas above.
QED
Let F:Z2n× n→ Z2. Here Z2 denotes the finite field {0,1} with arithmetic mod 2.
We think of X∈ Z2n× n as a doubly subscripted vector (ie. a matrix), and we denote its elements as Xij for 1≤ i, j≤ n.
If F is a linear function, then it can be written as
DEFN: F is a diagonal linear function if F can be written as
Note that any diagonal linear function is a linear function.
DEFN: F is an approximately diagonal linear function if F is approximately linear and the linear function that F encodes is a diagonal linear function.
ALGORITHM SELF-CHECK-DIAG(F):
LEMMA: If F is a diagonal linear function, then SELF-CHECK-DIAG(F) (above) passes.
If F is not an approximately diagonal linear function, then SELF-CHECK-DIAG(F) fails with probability at least 50%.
PROOF:
If F is diagonal linear, then SELF-CHECK-DIAG clearly passes.
Suppose F is not approximately diagonal linear. If F is not approximately linear, then the SELF-CHECK for linear functions fails with probability at least 50%. So assume F is approximately linear, and let G be the linear function encoded by F.
Since G is linear, G(X) = ∑ij Xij Cij for some C ∈ Z2n× n. By definition, G is diagonal iff C = bbT for some b∈ Z2n.
The condition rT C s = rT b bT r for some b is equivalent to G(rsT) = G(diag(r))G(diag(s)). (check) Note: here rsT denotes the matrix whose ij entry is ri sj.
This condition clearly holds if G is diagonal linear. On the other hand, If C ≠ bbT, then Pr[rT C s = rT b bT s] ≤ 1/4 for two random vectors r,s ∈ Z2n× n. (This is FreivaldsTrick, applied twice.) Thus, if G is not diagonal linear, then each of the last three checks made by the SELF-CHECK-DIAG algorithm will fail with probability at least 7/40 = (1-3/10)(1/4). (The (1-3/10) part is because, in evaluating G using the SELF-CORRECT subroutine, there is 1/10 chance that each evaluation fails to return the actual value of G(W).
Thus, if G is not diagonal linear, then the SELF-CHECK-DIAG will fail with probability at least 1-(1-7/40)3 > 1/2.
QED
Finally, note that SELF-CORRECTing an approximately diagonal linear function reduces trivially to SELF-CORRECTing a linear function.