Paper 2013/520

Locally Updatable and Locally Decodable Codes

Nishanth Chandran and Bhavana Kanukurthi and Rafail Ostrovsky

Abstract

We introduce the notion of locally updatable and locally decodable codes (LULDCs). While, intuitively, updatability and error-correction seem to be contrasting goals, we show that for a suitable, yet meaningful, metric (which we call the Prefix Hamming metric), one can construct such codes. Informally, the Prefix Hamming metric allows the adversary to corrupt an arbitrary (constant fraction of) bits of the codeword subject to the constraint that he does not corrupt more than a $\delta$ fraction of the $t$ ``most-recently changed" bits of the codeword (for all $1\leq t\leq n$, where $n$ is the length of the codeword). We first construct binary LULDCs for messages in $\{0,1\}^{k}$ with constant rate, update locality of $\bigo(\log^2 k)$, and read locality of $\bigo(k^\epsilon)$ for any constant $\epsilon<1$. Next, we consider the case where the encoder and decoder share a secret state and the adversary is computationally bounded. Here too, we obtain local decodability for the Prefix Hamming metric. Furthermore, we also ensure that the local decoding algorithm never outputs an incorrect message -- even when the adversary can corrupt an arbitrary number of bits of the codeword. We call such codes locally updatable locally decodable-detectable codes (LULDDCs) and obtain dramatic improvements in the parameters (over the information-theoretic setting) by constructing binary LULDDCs for messages in $\{0,1\}^{k}$. Our codes have constant rate, an update locality of $\bigo(\lambda\log k)$ and a read locality of $\bigo(\lambda \log ^2 k)$, where $\lambda$ is the security parameter. Finally, we show how our techniques apply to the setting of dynamic proofs of retrievability (DPoR) and show a construction of this primitive with better parameters than existing constructions. In particular, we construct a DPoR scheme with linear storage, $\bigo(\log k)$ write complexity, and $\bigo(\lambda \log k)$ read and audit complexity.