Cryptology ePrint Archive: Report 2013/520

Locally Updatable and Locally Decodable Codes

Nishanth Chandran and Bhavana Kanukurthi and Rafail Ostrovsky

Abstract: We introduce the notion of locally updatable and locally decodable codes (LULDCs). In addition to having low decode locality, such codes allow us to update a codeword (of a message) to a codeword of a different message, by rewriting just a few symbols. While, intuitively, updatability and error-correction seem to be contrasting goals, we show that for a suitable, yet meaningful, metric (which we call the Prefix Hamming metric), one can construct such codes. Informally, the Prefix Hamming metric allows the adversary to arbitrarily corrupt bits of the codeword subject to one constraint -- he does not corrupt more than a $\ldcdist$ fraction (for some constant $\delta$) of the $t$ ``most-recently changed" bits of the codeword (for all $1\leq t\leq n$, where $n$ is the length of the codeword).

Our results are as follows. First, we construct binary LULDCs for messages in ${0,1}^k$ with constant rate, update locality of $O(\log^2 k)$, and read locality of $O(k^\epsilon)$ for any constant $\epsilon<1$. Next, we consider the case where the encoder and decoder share a secret state and the adversary is computationally bounded. Here too, we obtain local updatability and decodability for the Prefix Hamming metric. Furthermore, we also ensure that the local decoding algorithm never outputs an incorrect message -- even when the adversary can corrupt an arbitrary number of bits of the codeword. We call such codes locally updatable locally decodable-detectable codes (LULDDCs) and obtain dramatic improvements in the parameters (over the information-theoretic setting). Our codes have constant rate, an update locality of $O(\log^2 k)$ and a read locality of $O(\lambda \log^2 k)$, where $\lambda$ is the security parameter.

Finally, we show how our techniques apply to the setting of dynamic proofs of retrievability (DPoR) and present a construction of this primitive with better parameters than existing constructions. In particular, we construct a DPoR scheme with linear storage, $O(\log^2 k)$ write complexity, and $O(\lambda \log k)$ read and audit complexity.

Category / Keywords: foundations /

Original Publication (with minor differences): IACR-TCC-2014

Date: received 21 Aug 2013, last revised 10 Mar 2014

Contact author: bhavanak at cs bu edu

Available format(s): PDF | BibTeX Citation

Note: There were minor errors in the parameters stated in the previous version.

Version: 20140310:203706 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]