PreprintPDF Available

Non-commutative error correcting codes and proper subgroup testing

Authors:
Preprints and early-stage research may not have been peer reviewed yet.

Abstract

Property testing has been a major area of research in computer science in the last three decades. By property testing we refer to an ensemble of problems, results and algorithms which enable to deduce global information about some data by only reading small random parts of it. In recent years, this theory found its way into group theory, mainly via group stability. In this paper, we study the following problem: Devise a randomized algorithm that given a subgroup H of G, decides whether H is the whole group or a proper subgroup, by checking whether a single (random) element of G is in H. The search for such an algorithm boils down to the following purely group theoretic problem: For G of rank k, find a small as possible test subset AGA\subseteq G such that for every proper subgroup H, HA(1δ)A|H\cap A|\leq (1-\delta)|A| for some absolute constant δ>0\delta>0, which we call the detection probability of A. It turns out that the search for sets A of size linear in k and constant detection probability is a non-commutative analogue of the classical search for families of good error correcting codes. This paper is devoted to proving that such test subsets exist, which implies good universal error correcting codes exist -- providing a far reaching generalization of the classical result of Shannon. In addition, we study this problem in certain subclasses of groups -- such as abelian, nilpotent, and finite solvable groups -- providing different constructions of test subsets for these subclasses with various qualities. Finally, this generalized theory of non-commutative error correcting codes suggests a plethora of interesting problems and research directions.
arXiv:2406.17372v1 [math.GR] 25 Jun 2024
NON-COMMUTATIVE ERROR CORRECTING CODES
AND PROPER SUBGROUP TESTING
MICHAEL CHAPMAN, IRIT DINUR, AND ALEXANDER LUBOTZKY
Abstract. Property testing has been a major area of research in computer science in the last three decades.
By property testing we refer to an ensemble of problems, results and algorithms which enable to deduce global
information about some data by only reading small random parts of it. In recent years, this theory found its way
into group theory (see [BLM23,CL23,BCLV24] and the references therein), mainly via group stability.
In this paper, we study the following problem: Devise a randomized algorithm that given a subgroup Hof G,
decides whether His the whole group or a proper subgroup, by checking whether a single (random) element of G
is in H. The search for such an algorithm boils down to the following purely group theoretic problem: For Gof
rank k, find a small as possible test subset AGsuch that for every proper subgroup H,|HA| (1 δ)|A|for
some absolute constant δ > 0, which we call the detection probability of A. It turns out that the search for sets Aof
size linear in kand constant detection probability is a non-commutative analogue of the classical search for families
of good error correcting codes. This paper is devoted to proving that such test subsets exist, which implies good
universal error correcting codes exist providing a far reaching generalization of the classical result of Shannon
[Sha48]. In addition, we study this problem in certain subclasses of groups such as abelian, nilpotent, and finite
solvable groups providing different constructions of test subsets for these subclasses with various qualities. Finally,
this generalized theory of non-commutative error correcting codes suggests a plethora of interesting problems and
research directions.
Contents
1. Introduction 1
2. Proper subgroup testing and Error correcting codes 6
3. Universal codes 8
4. Abelian codes 17
5. Profinite groups with polynomial maximal subgroup growth 20
6. Running time and lower bounds on the length 22
7. Open Problems 22
Appendix A. Existence of lossless expanders 23
References 24
1. Introduction
Let Gbe a group of rank k, and Aa finite (multi-)subset1of G. The detection probability of Ais
(1.1) δ(A;G) = inf1|AH|
|A|HG.2
1By a multi-subset, we mean a subset which is a multi-set, namely a finite unordered collection of elements of Gwhich may include
repetitions.
2Note that the same quantity is calculated by running only over Hwhich are maximal subgroups of G.
1
2 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
The theme of this paper is finding small subsets with large detection probability for various classes of groups.
The main result of this paper is:
Theorem 1.1 (Main Theorem).There exist absolute constants δ0>0and C0>1, such that every group Gof
rank khas a (multi-)subset Awith
|A| C0·kand δ(A;G)δ0.
The search for small subsets with large detection probability, and in particular Theorem 1.1, is interesting from
three different perspectives: Robust generation of groups; Property testing in group theory; Non-commutative
error correcting codes.
I. Robust generation. Note that if the subgroup generated by Ais proper, then the detection probability
δ(A;G) = 0. Hence, for δ(A;G) to be positive, Aneeds to be a generating set. Actually, this is a special kind
of generating set every 1δ(A;G) portion of the elements of Agenerate G. Hence, we seek generating sets
not much larger than a minimal one, such that every large enough subset of them is still generating.
II. Proper Subgroup Testing. A property tester is a randomized algorithm that aims to distinguish between
objects that satisfy a certain property, and objects that are far from elements satisfying the property, by querying
the object at a few random positions.3In our context, the tester Tgets as input a group G4of rank kand
access to a black box function h:G {0,1}. The function his guaranteed to be the indicator of some subgroup
HG. The goal of the tester is to distinguish between the case when His the whole group G, and when His
a proper subgroup of it.5
Sets Aas in Theorem 1.1 suggest the following 1-query6tester for this problem:7Tchooses a word wA
uniformly at random and checks the value of hat w; if h(w) = 0, namely w /H, it concludes that His a
proper subgroup”; otherwise h(w) = 1, namely wH, in which case Tdid not find a sign that His proper and
concludes His the whole group”. It is straightforward to see that
P[Tconcludes H=G] = |AH|
|A|.
Thus, when H=G, the tester never errs. On the other hand, when HG, the tester detects it with probability
of at least δ(A;G), which is why this quantity is called the detection probability.8The size of Ais comparable
to the amount of random bits Tuses, which is considered a scarce resource, further motivating making Asmall
without hindering the detection probability.
As this is a computational problem, we care about various other aspects of the tester and the test subset:
What is the running time of T? Is the test subset Aconstructed explicitly or using probabilistic methods? How
long are the elements of Aas words in the generators of G? etc. This motivates the following notion which will
be used throughout the paper:
3For a thorough introduction to property testing, see [Gol17]. For a somewhat general property testing framework, specifically
aimed at mathematicians, see Section 2 of [CL23].
4Encoded, for example, as a finitely presented group with generators and relations i.e., a pair consisting of a positive integer k
(in binary) which encodes the number of generators, and a finite list of words in the free group Fkwith basis B={x1, ..., xk}that
represents the relations.
5This problem may seem a bit out of context. It arises naturally in the computational model of Subgroup Tests suggested in
[BCLV24], specifically in the design of PCPs within the model.
6This is the term for how many evaluation points of the black box function hdoes the tester uses when it runs. The general case
of q-queries for constant qor some qgrowing with k is also interesting.
7Since the tester Tis associated with A, we often refer to such sets Aas test subsets.
8The parameter 1 δ(A;G) is often called the soundness parameter, when viewing this as a decision problem.
NON-COMMUTATIVE ERROR CORRECTING CODES 3
Definition 1.2. Let Gbe a group and Sa generating set of size k. The length L(A) = LG,S (A) of a finite subset
AGwith respect to Sis the smallest such that every element in Acan be written as a word of length at
most in SS1.
III. Non-commutative error correcting codes. Let us observe what our Main Theorem says about the group
Fk
p, the k-dimensional vector space over the field of order p, where pis a prime integer. Let A={α1, ..., αn}
be the subset of Fk
pguaranteed by Theorem 1.1, namely nC0·kand δ(A;Fk
p)δ0. Define a linear map
enc:Fk
pFn
pby letting
vFk
p:enc(v) = (hv, αii)n
i=1
where hv, αi=Pk
i=1 viαiis a fixed bilinear form, and let C= Im(enc)Fn
pbe the image subspace. As δ(A;Fk
p)
δ0>0, Ais generating Fk
p. Hence, enc is injective and dim(C) = k. Moreover, as v={αFk
p| hv, αi= 0}is a
co-dimension 1 subspace of Fk
pfor every ~
06=vFk
p, and Av={αiA| hv, αii= 0}, we can deduce that
δ01|Av|
|A|=|{αiA| hv, αii 6= 0}|
n=wH(enc(v))
n,
where wH(u) = |{i[n]|ui6= 0}| is the Hamming weight of the vector uFn
p. All in all, Cis a k-dimensional
subspace of Fn
psuch that every non-zero vector u C satisfies wH(u)δ0·n.
Subspaces of Fn
pof dimension kwith minimal non-zero Hamming weight dare called linear [n, k, d]p-codes.
The quantity k
/nis referred to as the rate of the code, while d
/nis its normalized distance. In his seminal paper
[Sha48], Shannon defined a good code to be an infinite family of [n, k, d]p-codes (where n and) with constant
rate and normalized distance, and showed that a random code is good,9laying the foundations to the theory of
error correcting codes. As the analysis shows, the codes Cconstructed using Theorem 1.1 are good codes with
rate of at least 1
/C0and normalized distance of at least δ0.
Our Main Theorem can thus be seen as a vast generalization of Shannon’s Theorem, from the family G=
{Fk
p}kNto the family Uof all groups, which includes (in particular) all infinite groups this point is of special
interest, as there is no natural random choice of a finite test subset Afor an infinite group G. Borrowing the
notations from classical codes, we define:
Definition 1.3 (G-codes).Let Gbe a class of groups. An [n, k, d]G-code is an assignment that associates with
every GGof rank ka multi-subset Aof Gof size nsuch that δ(A;G)d
/n. If Uis the class of all groups, we
call an [n, k, d]U-code a universal code. We often use the term G-code for an [n, k, d]G-code without specifying
the parameters n, k, d. Such a code is called good if the quantities k
/nand d
/nare bounded from below by some
positive constants independent of k.
Corollary 1.4. In this language, Theorem 1.1 shows the existence of good universal codes.
This perspective on the search for small test subsets with large detection probability suggests studying the
optimal tradeoff between these quantities. Recall that using an elementary sphere packing argument, every
[n, k, d]p-code satisfies k/n+Hp(d
/n)1 + o(1), where Hpis the p-ary entropy function. Gilbert [Gil52] and
Varshamov [Var57] showed that a randomly chosen linear code matches this upper bound, namely achieves
k
/n+Hp(d
/n)1o(1), and thus this bound is called the GV-bound. The constants C0and δ0we provide in
Theorem 1.1 are far from achieving the GV-bound. It would be very interesting to find a universal code that
achieves the GV-bound, or alternatively find a stricter upper bound for universal codes.
9More on that in the beginning of Section 3.2.
4 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
Remark 1.5.Due to the connection to classical error correcting codes described above, our constructions of
universal codes (and G-codes for other classes G) are all inspired by various constructions and techniques from
the classical theory of error correction.
Our results. A priori, it is not clear that there exists a constant δ0>0 such that every finitely generated group
Ghas a subset Awith δ(A;G)δ0, without any assumptions on the size of Aexcept it being finite. Resolving
this is our first result.
Theorem 1.6 (Universal Hadamard code).Let Gbe a group of rank k. Then, there exists an explicit set AG
such that |A|= 2k,L(A) = kand δ(A;G)1
/2.
Our construction in Theorem 1.6 can be seen as a non-commutative analogue of the Hadamard code. It gives
words of length linear in k, which is optimal (up to the specific constant) as Proposition 6.1 shows. By applying
careful random sampling on this construction, combined with code composition techniques, we deduce our second
result.
Theorem 1.7. Every group of rank khas a subset Awith |A|=O(klog13 k),L(A) = O(klog klog log k)and
δ(A;G)1
/32.
In fact, this is one of an infinite sequence of results that depend on the number of code composition iterations
one applies for the above, we compose twice. In each such iteration, the (asymptotic) size of Agets better,
while both the detection probability and the constants involved in the bounds on Aget worse. For the exact
result, see Section 3.3.
By using the iterative encoding technique of [Spi95], we provide in Section 3.4 good universal codes, which
proves our Main Theorem 1.1:
Theorem 1.8 (Main Theorem: Existence of good universal codes).There are explicit good universal codes with
polynomial word length. Namely, every group Gof rank khas an explicit subset Awith |A| 8k,L(A) = poly(k)
and δ(A;G) = Ω(1).
As in [Spi95], the above construction uses almost optimal unique neighbor expanders (which can be derived
from lossless expanders) as infrastructure. Such (explicit) families were constructed in [AC02,CRVW02], and
later also in [AD23,CRTS23,HMMP23,Gol24]. Regarding the involved constants, even if one is willing to drop
explicitness, the probabilistic method argument (which we include in Appendix A) gives rise to δ(A;G)2130,
which is not a constant to be proud of, and the maximal length of the words in Ais O(k10) in this case. In
principle, one can extract the appropriate detection constant from the above explicit constructions of lossless
expanders, as well as an explicit bound on the degree of the polynomial bounding the length of the words, but
they will be worse than the 2130 and 10 cited above. We hope that the future will bring better methods, which
will lead to reasonable detection constants. It also leaves open the following problem: Are there test sets Awith
L(A) = O(k),|A|=O(k) and δ(A;G) = Ω(1)? We show in Proposition 6.1 that L(A) = Ω(δ(A;G)k), so this
would be optimal.
Remark 1.9.The observation driving Theorems 1.6,1.7 and 1.8 is quite straightforward: If wis a word with
letters drawn from B={x1, ..., xt} G, and all letters in w=Q
j=1 xεj
ij(ij[t], εj 1}) are in HG
except for exactly one namely, there is an index 1 rsuch that xijHfor every j6=rand xir/H
then w /H.
NON-COMMUTATIVE ERROR CORRECTING CODES 5
Remark 1.10.In Theorems 1.6,1.7 and 1.8 we actually prove something slightly stronger. Note that the detection
probability and size10 of Aare preserved by quotients (Fact 2.1). We construct an appropriate set Afor the free
group, and as all rank kgroups are quotients of it, this construction is uniform in the following sense: Regardless
of the specific G, as long as it is of rank kand a set of kgenerators is provided, our construction is some fixed
collection of words in these generators. One set of words to rule all rank kgroups.
Though Theorem 1.8 already provides a good universal code, we provide additional constructions of good
codes for some sub-classes of groups using different methods. In Section 4, a construction is provided for the
class of abelian groups.
Theorem 1.11 (Good abelian codes).Every abelian group Gof rank khas an explicit subset Awith |A|=O(k),
with constant detection probability δ(A;G) = Ω(1) and with at most exponential length L(A)2O(k).
This construction uses Tanner codes with underlying unique neighbor expanders, and thus the specific con-
stants depend again on the choice of these expanders. For concreteness, allowing a probabilistic argument using
(for example) Lemma 1.9 from [HLW06], one can attain |A|= 4kand δ(A;G)1
/320. Any result on abelian
groups holds automatically also for nilpotent groups, as Corollary 4.6 demonstrates.
Remark 1.12.Similar to the content of Remark 1.10, Theorem 1.11 is resolved by a construction over free abelian
groups. For every k, our construction provides an encoding matrix with integer coefficients, that induces good
codes over all primes psimultaneously. We do not know of previous works studying this property.
In Section 5, we prove the following:
Theorem 1.13 (Good nite solvable codes).Every finite solvable group Gof rank khas a subset Awith |A| 85k
and with detection probability of at least 1
/10.
In fact, we prove something much more general regarding classes of finite groups with restrictions on their
sections. This proof is again probabilistic, and we cannot even bound the lengths of the elements in Aas words
in the given generators. On the other hand, as the theorem suggests, we get effective bounds on the size of A
and its detection probability.
Let us summarize the results appearing in this paper in the following table:
Class of groups |A|=n(k)δ(A;G) = δ L(A) Explicit? GV bound? Where proved
Finite abelian groups O(k) Ω(1) O(k) No Yes Section 2.3
All groups 2k1
/2kYes No Theorem 3.3
All groups O(klog13 k)1
/32 O(klog klog log k) No No Corollary 3.14
All groups 4kΩ(1) poly(k) Yes No Corollary 3.19
Abelian groups O(k) Ω(1) exp(k) Yes No Proposition 4.2
Finite solvable groups 85k1
/10 Unbounded No No Theorem 5.1
We did not try to optimize our parameters. Some improvements are probably possible. What is really interesting
is to understand the tradeoff between |A|,δ(A;G) and L(A) specifically, as we mentioned before, are there
universal codes that achieve the Gilbert–Varshamov bound, or is there an obstruction in the non-commutative
case (or even the general abelian case) that does not exist in the classical theory? More on this (and other
problems) in the open problem section, Section 7.
10Here it is important that we treat Aas a multi-set and not just a set, so its size is preserved by quotients.
6 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
Structure of the paper. Section 2provides basic observations and analysis of test subsets. Specifically, it
relates it to the theory of error correcting codes. Section 3is devoted to the construction of universal codes, and
includes the proofs of Theorems 1.6,1.7 and 1.8. Section 4is devoted to (infinite) abelian codes and contains
the proof of Theorem 1.11. In Section 5we study codes over certain classes of profinite groups with restricted
maximal subgroup growth, which in turn proves Theorem 1.13. A discussion on running time appears in Section
6, while open problems and further research directions appear in Section 7.
Acknowledgements. We would like to thank Lewis Bowen, Oded Goldreich, Noam Kolodner, Sandro Mattarei,
Carlo Pagano, Doron Puder, Thomas Vidick and Avi Wigderson for helpful discussions along the preparation
of this work. We also want to thank the Midrasha on Groups in Weizmann institute for its role in forming this
collaboration.
Michael Chapman acknowledges with gratitude the Simons Society of Fellows and is supported by a grant
from the Simons Foundation (N. 965535). Irit Dinur is supported by ERC grant 772839, and ISF grant 2073/21.
Alex Lubotzky is supported by the European Research Council (ERC) under the European Union’s Horizon 2020
(N. 882751), and by a research grant from the Center for New Scientists at the Weizmann Institute of Science.
2. Proper subgroup testing and Error correcting codes
2.1. Analysis. Let Gbe a finitely generated group. The rank of G,k= rank(G), is the minimal size of a
generating set of it.11 Let Abe a finite multi-set of elements of a group G. As was defined in the introduction
(1.1), the detection probability of Ais
δ(A;G) = inf1|AH|
|A|HG.
Note that 1 |AH|
|A|=|AH|
|A|, where AH={aA|a /H}is the set difference.
Fact 2.1. Let Gbe a group and Aa finite multi-subset of G.
(1) The detection probability δ(A;G)is positive if and only if Agenerates G.
(2) If π:GGis an epimporphism, then π(A)has detection probability which is at least as good as A,
namely δ(π(A); G)δ(A;G).
(3) An epimporphism π:GGis called a Frattini extension if its kernel is contained in the Frattini
subgroup of G. Equivalently, every maximal subgroup of Gcontains ker π. For Frattini extensions, we
have δ(π(A); G) = δ(A;G).
Proof sketch.
(1) Note that hAiis a subgroup of G.
(2) By the correspondence theorem (fourth isomorphism theorem), for every HGthere is a ker πHG
such that π(H) = H. Furthermore, as we use multi-sets, |A|=|π(A)|and |AH|=|π(AH)|
|π(A)H|. Since this goes over all subgroups of G(but not necessarily all subgroups of G), we get the
conclusion.
11It is common to denote the rank of Gby d(G). But, because of the connections to error correcting codes, we prefer to keep d
for the Hamming metric and distance of codes, and choose kfor the rank.
NON-COMMUTATIVE ERROR CORRECTING CODES 7
(3) Note again by the correspondence theorem, that if MGis a maximal subgroup, and ker πM, then
π(M)G. Also, as ker πM,π(AM) = π(A)π(M). This provides the reverse inequality.
Remark 2.2.
(1) Fact 2.1 shows why constructing linearly sized test sets with constant detection probability for free groups
would imply the existence of such sets for all groups.
(2) The free group Fkis a quotient of Fsfor every sk. So, by Fact 2.1, it is enough to construct
linearly sized test sets with constant detection probability for dense enough collections of kN, and not
necessarily to all of them.
2.2. Error correction. Let pbe a prime number, and let Fp={0,1, ..., p 1}be the field with pelements.
Given two vectors u, v Fn
p, the Hamming distance between them is dH(u, v) = |{i[n]|ui6=vi}|. The
Hamming weight wH(v) of a vector vFn
pis its distance to the all 0’s vector ~
0. A (linear) [n, k, d]p-code Cis a
k-dimensional linear subspace of Fn
p, such that the Hamming distance between any two vectors in the code is at
least d. The parameter nis the length of the code. The parameter kis the dimension of the code, while k/nis
the rate of the code. Lastly, the parameter dis the distance of the code, while d
/nis its normalized distance. A
family of codes is called good if they have a uniform lower bound on their normalized distance and rate.
Let enc:Fk
pFn
pbe a linear embedding such that Im(enc) = C.Let πi:Fn
pFpbe the projection on the
ith coordinate, and define enci:Fk
pFpto be the composition πienc.Define a bilinear product
v, w Fk
p:hv, wi=
k
X
i=1
viwi.
Given αFk
p,define the functional ϕα:Fk
pFpby ϕα(v) = hα, vi,and let α= kerϕα.Also, for every
functional ϕ:Fk
pFp, there exists an αFk
psuch that ϕ=ϕα.Since {enci}i[n]are functionals, there exists a
collection {vi}inFk
psuch that enci=ϕvi.
Assume A Fkis the set guaranteed by Theorem 1.1, where Fkis the free group on basis B={x1, ..., xk},
and recall that δ0is the lower bound on its detection probability. By applying on Fkabelianization mod p,
Φp:FkFk
p, the (multi-)set Z= Φ(A) satisfies both |Z|=|A| C0·kand δ(Z;Fk
p)δ0(by Fact 2.1). As we
remarked when defining the detection probability (1.1), we may assume the proper linear subspace His maximal,
i.e., it is of co-dimension 1. Let αFk
pbe a vector such that H=α. I.e., if his the indicator function of H,
then h(v) = 1 if and only if hα, vi= 0. Therefore, the fact the detection probability of Zis bounded from below
by δ0is equivalent to the condition
~
06=αFk
p:|{vZ| hα, vi 6= 0}| δ0|Z|.
Let |Z|=n,enc:Fk
pFn
pbe enc(α) = (hα, vi)vZ, and C= Im(enc). Then Cis an [n, k, δ0n]p-code. Thus:
Corollary 2.3. A collection of sets as in Theorem 1.1 induces, in a uniform way, a collection of good codes on
Fk
pfor every p.
The observation of Corollary 2.3 is the key to most of our results we use constructions and methods from
the theory of error correcting codes as inspiration to try to resolve the opposite direction, i.e., to build test
8 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
subsets out of codes, or phrased differently universal codes using classical coding theory techniques.
If the above perspective on our problem as non-commutative error correction was not motivating enough, we
provide the test case of finite abelian groups, where the connection between the problems is quite tight (Section
4resolves the general infinite abelian groups case).
2.3. Finite abelian groups. As we have shown above, if we want to find a subset Aof Fk
pof size nwith
detection probability δ > 0, then it is equivalent to finding an error correcting code [n, k, δn]p. In particular, we
can use the Gilbert–Varshamov (lower) bound, and find sets of size nk
1Hp(δ)with detection probability δ > 0,
where Hpis the p-ary entropy function Hp(x) = xlogp(p1) xlogpx(1 x) logp(1 x).
Let Gbe a finite abelian group. Every such group is isomorphic to a (finite) product of cyclic groups of prime
power order Z
/pkZ. The Frattini subgroup in this case is pZ
/pkZ. Hence, by item (3) of Fact 2.1, we can assume
Gis a (finite) product of finite vector spaces Fr(G,p)
p.
Now, let Gand Gbe two finite abelian groups such that gcd(|G|,|G|) = 1, and let A={a1, ..., an} G, B =
{b1, ..., bn} Gbe ordered (multi-)subsets the same size with detection probability δ. Let CG×Gbe the
diagonal (multi-)subset associated with Aand B,
i[n] : ci= (ai, bi)C.
Then, Chas detection probability δ. This is because for every maximal subgroup HG×G,G×G
/His a group
of prime order, which is either co-prime to |G|or to |G|. Therefore, either {Id} × Gor G× {Id}is contained in
H. This in turn implies that either πG(H) is a maximal subgroup of G, or that πG(H) is a maximal subgroup
of G, where πG(respectively πG) is the projection to the left (respectively right) coordinate. All in all, either
|CH|=|AπG(H)| (1 δ)|A|= (1 δ)|C|, or |CH|=|BπG(H)| (1 δ)|B|= (1 δ)|C|.
Combining the above observations, we deduce a Gilbert–Varshamov type bound for nite abeilan groups:
Corollary 2.4. Let Gbe a finite abelian group. Modulo its Frattini subgroup, Gis a product of vector spaces
Fr(G,p)
p. Then, for every 0< δ < 11
min{p|r(G,p)6=0}, we can find a subset of Gof size (approximately)
max
pprime
r(G, p)
1Hp(δ)and detection probability δ. Since the rank of Gis k= max(r(G, p)), and for every 0< δ < 1
/2
we have H2(δ)Hp(δ),Ghas a subset of size (approximately) k
1H2(δ)with detection probability δ.
3. Universal codes
As mentioned in Remark 1.9 in the Introduction, the following observation is repeatedly used in this section:
Observation 3.1. Let B={x1, ..., xt}be a subset of G, and let w=Q
j=1 xεj
ijbe a word in B, namely ij[t]
and εj 1}for every 1j. Let Hbe a subgroup of G. Assume there is an 1rsuch that xir/H
while xijHfor every j6=r. Then w /H.
Remark 3.2.We often want to think of finite multi-sets Aof Gboth as sets (which allows us to take intersections
of them with other subsets) and with a certain order (which makes them into tuples). This creates situations
where we use notations as ~g Hfor a tuple of elements from Gand a subgroup H. By this we mean that we
forget about the order of ~g, which leaves us with a finite multi-set Aof elements in G, and then the intersection
is the multi-set of all elements from Athat are also in H.
NON-COMMUTATIVE ERROR CORRECTING CODES 9
3.1. An exponential relaxation. At first glance, it may not be clear that there are finite sets of Fkwith
detection probability bounded by δ > 0 which is independent of k. It turns out that sets of size exponential in
ksuffice.
Theorem 3.3. There is a set A Fkof size |A|= 2k,such that δ(A;Fk)1
2.
Remark 3.4.The following construction is a non-commutative version of the Hadamard code. Namely, if you run
the sets constructed in the following proof through the process described in Section 2, you get (classical) codes;
choosing p= 2 will result with the Hadamard code.
Proof of Theorem 3.3.Let B={x1, ..., xk}be a basis for Fk. For every subset SB, let sbe its indicator
function, and let
(3.1) xS=xs(x1)
1·xs(x2)
2·... ·xs(xk)
k.
Namely, for every subset Sof Bwe take xSto be the product of the elements in Saccording to the order defined
by their index. Now, let A={xS}SB.Clearly |A|= 2k.Let Hbe a proper subgroup of Fk. Let xibe the
generator with the smallest index not belonging to H, namely xi/Hbut xjHfor every j < i. For every
subset Sof Bnot containing xi,let S=S {xi}. Then, at most one of xSand xScan be in H. This is because
xSx1
Sis a conjugate of xi/Hby an element of H the product xs(x1)
1·... ·xs(xi1)
i1is in Hregardless of what
Sis and in particular cannot be in H(this is a simple version of Observation 3.1). Since SSis a perfect
matching of the subsets of B, we deduce that |AH|
2k1
2, and thus δ(A;Fk)1
2.
Remark 3.5.Avi Wigderson has mentioned to us that the technique used in Theorem 3.3 namely, ordering the
generators and taking subwords in this order was utilized in various works, and specifically in the following
two influential papers by Babai–Szemer´edi [BS84] and Alon–Roichman [AR94].
3.2. A randomized construction. In the theory of classical error correcting codes, one of the first observations
is that random codes are good12. We spell out the main proof ideas of this fact for the case of F2: If we sample a
vector in Fk
2uniformly at random, it has a probability of 1
2to be out of a given co-dimension 1 subspace HFk
2.
Hence, by standard concentration of measure techniques (see Lemma 3.7), if we sample nvectors from Fk
2, the
probability that less than 1
/4of them are not in Hdecreases exponentially in n. Since there are only 2k1
different co-dimension 1 subspaces, one can apply a union bound to deduce that a collection of n=O(k) random
vectors will provide an encoding map enc :Fk
2Fn
2, as in Section 2.2, whose image is a code with normalized
distance of at least 1
/4almost surely.
One can hope to mimic the above argument by sampling O(k) elements of the set e
B={xS}SBfrom Theorem
3.3 to produce the required universal codes a la Definition 1.3. The issue with this approach is in the last step
of the analysis: While Fk
2has 2k1 maximal subgroups, Fkhas infinitely many. We overcome this problem by
clustering subgroups of Fkinto finitely many bins, actually, 2k1 many bins. This clustering of subgroups is
according to their syndrome in the basis of the free group. The resulting clusters are amenable to a probabilistic
argument, though not with respect to the uniform distribution over e
B, as is explained soon.
Let us spell out the above plan with more details, beginning with our clustering mechanism. For every
subgroup Hand set B={x1, ..., xk} G, the syndrome of Hin Bis
(3.2) Synd(H;B) = BH={xiB|xi/H}.
12This was mentioned both in the Introduction as Shannon’s theorem, as well as in Section 2.2 as the Gilbert–Varshamov lower
bound.
10 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
The syndrome with respect to the basis Bof Fkdistributes its infinitely many subgroups into finitely many bins:
For every CB, let
(3.3) ΣC=[
Synd(H;B)=C
H.
Now, for every HFk, we have Synd(H;B)6=, and thus every proper subgroup is in some ΣCfor 6=CB.
There are only 2k1 such non-trivial syndromes, and thus we are back to familiar grounds if we are able to
find an Asuch that for every 6=CB, a constant fraction of Aavoids ΣC, then we are done.
To that end, we need the following observation: As in (3.1), for every subset SBwith characteristic function
s, let xS=Qxs(xi)
ie
B. Note that
(3.4) |SSynd(H;B)|= 1 =xS/H,
which is another special case of Observation 3.1. Therefore, one seeks a sampling procedure on subsets Sof B
with a high chance that the resulting subset intersects a specific syndrome Cexactly once, and thus xS/ΣC.
This leads us to the final key observation: Let Hbe a proper subgroup with syndrome C, and let σ=|C|>0.
Let 0 < p < 1. If we sample SBsuch that each xiis included in Swith probability pindependently of the
others, then
(3.5) P[|SC|= 1] = σp(1 p)σ1.
In particular, if p=1
σ, then σp(1 p)σ1e1. This calculation is actually quite robust, namely, even for
1
2σp2
σwe get a constant lower bound on P[|SC|= 1]. Therefore, we sample in the following way: For
every log k, we sample O(k) many subsets SBof size 2uniformly and independently. That way, for
every 6=CBthere exists an such that a constant fraction of the sampled sets Sof size 2that were
sampled satisfy |SC|= 1. Thus, the detection probability of this sampled set is Ω(1
/log k). This is the content
of Theorem 3.8. But the goal is to have a constant detection probability. To resolve that, in Proposition 3.10,
we provide an amplification trick that replaces the guaranteed Awith a not much larger A, with the benefit
that δ(A;Fk) is Ω(1). This amplification trick is analogous to composing the random code defined in Theorem
3.8 with the Hadamard code of Theorem 3.3. In Section 3.3, we show that more iterations of code compositions
lead to somewhat better parameters, from which we deduce Theorem 1.7.
Remark 3.6.Our sampling scheme may resonate with a reader which is familiar with the proof of Bourgain’s
embedding theorem [Bou85].
To be able to leverage the above analysis into a construction, we need to recall the Chernoff [Che52] (Hoeffding
[Hoe63]) bound.
Lemma 3.7 (Chernoff bound, cf. Theorem 3.3 in [O’D13] or Theorems 4.4 and 4.5 in [MU17]).Let nbe a
positive integer. Let {Xi}n
i=1 be a collection of independent and identically distributed random variables, where
0Xi1and E[Xi] = µ. Then, for every 0ε1, we have
PhXXi>(1 + ε)ieε2nµ/3,(3.6)
PhXXi> εnµi2eε2nµ/3.(3.7)
Theorem 3.8. There is a set Ain Fkof size |A|= 432klog k, such that for every subset 6=CB,
(3.8) |AΣC|
|A|11
12 log k.
NON-COMMUTATIVE ERROR CORRECTING CODES 11
Remark 3.9.
(1) Since every HFkis contained in ΣSynd(H;B), (3.8) implies δ(A;Fk)1
12 log k.
(2) The parameter δ=1
12 log kis actually not that bad for applications. By allowing the tester to query
the black box indicator function hat poly(log k) many positions instead of 1, which keeps the query
complexity efficient, one can leverage this to a constant detection probability. But, as we prove in
Proposition 3.10 and Corollary 3.11, there are constructions that resolve the problem without increasing
the query complexity.
(3) As Ais a subset of e
B, its length is at most k.
Proof of Theorem 3.8.The proof idea is as follows: We choose for every log ka collection of O(k) random
words from e
B={xS}SBof length 2. Since each such word has a constant chance of being out of ΣCfor every
2 |C| 2+1, we apply Chernoff and a union bounds to deduce what is needed.
For every 1 log k, sample subsets {S(ℓ, j)}432k
j=1 of Bindependently as follows: Each xiBbelongs
to S(ℓ, j) with probability 1
2, independently of the other elements of B. Recall the notation from (3.1) and let
A={xS(ℓ,j)|1j432k}and A=SA. Let 6=CB, σ =|C|and =log(σ). Then, by using
(3.3),(3.4) and (3.5), for every 1 j432k, we have
P[xS(ℓ,j)/ΣC]P[|S(ℓ, j)C|= 1]
=σ
2
|{z}
1
/2
11
2
|{z }
11
σ
σ1
1
/2e.
Let Xjbe the characteristic random variable of the event xS(ℓ,j)ΣC. Then, µ=E[Xj]11
2e<5
6, and also
|AΣC|=PXj. Now, if we choose ε > 0 such that (1 + ε)µ=11
/12, then
ε > εµ > 11
/12 10
/12 =1
/12.
Therefore, by applying Lemma 3.7, we can deduce that
P|AΣC| 11
12 ·432ke432
3·122k=ek,
and
P∃∅ 6=CB:|AΣC| 11
12 ·432k<2k·ek<1.
Hence, there is a choice of Asuch that for every 6=CBwe have
|AΣC|
|A|1|AΣC|
432klog k11
12 log k,
and the proof is nished.
12 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
The next proposition allows us to amplify the detection probability of certain constructions to a constant
without enlarging the test subset Atoo much (It will be applied on the outcome of Theorem 3.8 with parameter
δ=1
/12 log k).
Proposition 3.10 (Amplification to constant by sub-sampling).Let Abe a set in Fksuch that for every
6=CB, we have |AΣC| (1 δ)|A|. Then, there is a set Asatisfying |A|= 61k·2dwith δ(A;Fk)1
8,
where d=1
/δ.
Proof. We first spell out the main ideas: If one samples a set of size 1
δfrom A, then there is a constant probability
of it not being contained in a specific ΣC. By repeating this O(k)-times, we get a collection of sets such that for
every syndrome C, a constant proportion of them are not contained in ΣC. We then replace each of these sets
by the exponential construction from Theorem 3.3. Thus, every subgroup Havoids half of all the sets that were
not contained in ΣSynd(H;B), which is a constant amount.
Sample a set Yof size d=1
δin Auniformly at random. Then, for 6=CB, we have
P[YΣC](1 δ)1
/δ1
/e.
Replace Y={a1, ..., ad}by e
Y={aS=Qas(ai)
i|SY}, as was done in Theorem 3.3 for the basis B. If
Y6⊆ ΣC, then by the same argument as in Theorem 3.3, for every HFkwith Synd(H;B) = C, we have
that |He
Y| |
e
Y|
/2. Let us sample independently a collection of subsets Y(j)A, each of size d=1
δ, for
1j61k. By Lemma 3.7,
P|{j[61k]|Y(j)ΣC}| 122k
ee61k/3e3< ek.
By applying a union bound over the collection of possible syndromes 6=CB, we get
P∃∅ 6=CB:|{j[61k]|Y(j)ΣC}| 122k
e<2kek<1,
which in turn implies that there is a collection of 61ksubsets Y(j), each of size dsuch that every ΣCcontains
at most a 2
e-fraction of them. By letting A=Se
Y(j), we get a set of 61k·2delements which satisfies
HFk:|AH|
|A|11
2(1 2
e)11
8.
Corollary 3.11. By taking the Athat was guaranteed by Theorem 3.8, we get a set that satisfies the conditions
of Proposition 3.10 with δ=1
/12 log k. Thus, by applying 3.10 on it, we get a set Aof size 61k13 with detection
probability 1
/8.
Remark 3.12.In the theory of error correcting codes, composition of codes is a standard technique. Corollary
3.11 can be seen as a non-abelian version of code composition.
Note also that the resulting set in Corollary 3.11 is no longer a subset of e
B. It consists of words of length
at most d=1
δ 12 log kin the words in Y(j), which are themselves words of length at most k. Hence, the
resulting Aconsists of words of length at most 12klog kin the original generators Bof Fk.
NON-COMMUTATIVE ERROR CORRECTING CODES 13
3.3. Iterative composition. We now suggest a more gradual amplification, which allows us to find smaller
test subsets (which are not yet linear in k) with constant detection probability. The idea is similar to the code
composition used in the proof of Proposition 3.10, but instead of using a different code as the smaller one, we
use the scaled down version of the same code. The benefit from this is exactly that the construction of Theorem
3.8 depends only on the syndromes, which will allow us to iterate it more than once and gain smaller sized A’s,
while mildly worsening the detection probability δ.
To that end, we need to recall definitions, fix notations and observe some facts. Let B={x1, ..., xk}be a
basis of Fk. Any word w Fkcan be written as w=Q
j=1 xε(j)
α(j), where α: [][k] and ε: [] 1}. Thus,
winduces on every group Gaword map w:GkGin the following way
(3.9) w(g1, ..., gk) =
Y
j=1
gε(j)
α(j).
Therefore, an ordered multi-set A={w1, ..., wn} Fk(namely, a tuple of words) induces a set word map
A:GkGnby mapping ~g = (g1, ..., gk) to (w1(~g), ..., wn(~g)). The detection probability of Ain Fktranslates to
the following property: If HGand ~g Gkare such that ~g H6=~g (using the notation from Remark 3.2), by
which we mean that there are elements in the tuple ~g which are not in H, then |A(~g)H| (1δ(A;Fk))|A(~g)|=
(1 δ)n. Furthermore, for every CDGwe can denote by ΣD
C(G) the union of all HGsuch that
Synd(H;D) = C. Then, ΣCfrom before was ΣB
C(Fk) where Bis a basis of Fk. Now, if A Fksatisfied that
|AΣC| (1 δ)|A|for every 6=CB, then |A(~g)Σ~g
C(G)| (1 δ)|A(~g)|for every ~g Gkand 6=C~g.
Through this point of view, Theorem 3.8 defines a sequence of set word maps, one for each k, such that
given an ordered subset of size kin a group G, it outputs an ordered subset of size 432klog kin Gwith certain
properties. Let us denote this map by Λ note that Λ first chceks what is the size of its input, interpret it as
k, and then applies the kth set word map defined by the theorem. Similarly, in Theorem 3.3, we constructed a
set word map for each kthat takes ordered sets of size kand produces an ordered set of size 2k. This process
was denoted before by Y7→ e
Y, but let us denote this map by Ψ from now on again, Ψ acts depending on the
size of its input. Thus, in Theorem 3.8, Theorem 3.3 and Proposition 3.10 we proved the following:13
Corollary 3.13. For every ordered subset ~g of a group G
(1) |Λ(~g)|= 432|~g|log |~g|.
(2) If 6=C~g, then |Σ~g
C(G)Λ(~g)| (1 1
12 log |~g|)|Λ(~g)|.
(3) There is a collection {Y(j)}of 61|~g|subsets of Λ(~g)of size 12 log |~g|each, satisfying
∀∅ 6=C~g :P
j[Y(j)Σ~g
C(G)] 2
/e.
(4) |Ψ(~g)|= 2|~g|.
(5) If Synd(H;~g)6=, then |HΨ(~g)| |Ψ(~g)|
2.
(6) Denote by L(~g) = max{(w)|w~g}the maximal length of a word in ~g with respect to some prefixed
generating set of G. Then,
L(Ψ(~g)), L(Λ(~g )) |~g|L(~g).
13Note that we use log |A|as if it is an integer. We actually mean log |A|⌉, but omit the rounding from the notation.
14 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
Corollary 3.13 defines a map ~g 7→ {Y(j)|j61|~g|}. Applying this operation on each Y(j) outputs a collection
{Y(j, j)|j61|~g|, j61|Y(j)|= 61 ·12 log |~g|}. Applying this operation again on each Y(j, j) provides sets
Y(j, j, j ) and we can keep going. After tsteps, we have sets labeled by Y(j, j, ..., j(t1) ). Each of these sets is
of size
12 log(12 log(12 log ...12(log |~g|)...))
|{z }
ttimes
,
and there are
61|~g| × (61 ·12 log |~g|)×(61 ·12 log(12 log |~g|))... = 61t·12t1·
t1
Y
j=0
log(12 log(12 log ...12(log |~g|)...))
|{z }
jtimes
many of them. By construction, if ~g is a generating set of G, then for every HGits syndrome in at least (12
e)t
of the Y(j, j, ..., j(t1) ) is non-trivial. Hence, if we construct Ψ(Y(j, j, ..., j (t1))), then Havoids 1
2·(1 2
e)tof
the words in A=SΨ(Y(j, j, ..., j(t1))), while
|A| =
61t·12t2
t2
Y
j=0
log(12 log(12 log ...12(log |~g|)...))
|{z }
jtimes
×2
ttimes
z}| {
12 log(12 log(12 log ...12(log |~g|)...)).
Now, if we begin with ~g =Bthe basis of the free group Fk, then |~g|=kand
|A| =Ot(k·log k·log log k·... ·(log log ... log k
|{z }
t1 times
)13).
The construction used in Corollary 3.11 is exactly this one with t= 1. If we apply this construction with bigger
t’s, then the δparameter deteriorates exponentially in t, while the sets (asymptotically) shrink by a factor of
(
t1 times
z}| {
log log ... log k / log log ... log k
|{z }
t2 times
)13.
Corollary 3.14. By applying the operation above with t= 2, the obtained set Ais of size O(klog13 k)and has
a constant detection probability 1
/32, proving Theorem 1.7. In this case, L(A)is O(klog klog log k).
3.4. Good universal codes via iterative encoding. In this section we prove our main result, Theorem 1.8
(which implies Theorem 1.1). To that end, we use Spielman’s ‘simple’ construction of error-reduction codes
from [Spi95, Section 4] as a blueprint. In the spirit of the partial solution from the previous section, we view
constructions of sets with high detection probability as functions from ordered subsets of the free group to ordered
subsets of the free group via their set word map (3.9).
Let us first use a bipartite graph to define a tuple of words, and thus a set word map. Given Γ = (L, R, E)
with L={x1, ..., xk}and R={b1, ..., bn}being ordered sets, we can associate with each vertex bon the right
side of Γ a word w=wbas follows: If N(b) is the collection of neighbors of bin L, then we define wb=QxN(b)x,
where the ordering of the product is induced by the order on Litself. This means that every bipartite graph
defines a set word map ΥΓ:GkGn, induced by the words wb, on every group G.
Lemma 3.15 (Existence of unique neighbor expanders).For every rational 0< β 1and 0< ε < 1
/2, there
are large enough d, n0Nand a small enough α > 0, such that for every nn0such that βn is natural, there
is a bipartite graph with nvertices on the left side L,βn vertices on the right side R, which is left d-regular, and
NON-COMMUTATIVE ERROR CORRECTING CODES 15
such that every set SLof size at most αn has at least (1 ε)d|S|many neighbors in R. In particular, every
such Shas at least (1 2ε)d|S|many unique neighbors.
We call such graphs (d, β, α, 12ε)unique neighbor expanders.14
Remark 3.16.Explicit constructions that prove the above Lemma appear in [CRVW02,AC02,Gol24]. We provide
a non-constructive proof of Lemma 3.15 in Appendix A. This proof is very standard, and versions of it can be
traced back to [Pin73] and even [KB67]. We used the proof appearing in Lemma 1.9 of [HLW06] as a blueprint.
A slightly more involved (yet still non-constructive) proof, with an essentially optimal εparameter, can be found
in Appendix II of [SS96].
Remark 3.17.In this section, we use unique neighbor expanders with β=1
/2and ε=1
/4. By Lemma 3.15, there
are (explicit computable) constants d, n0, α such that for every even nthere is a (explicit) (d, 1/2, α, 1/2)-unique
neighbor expander. Specifically, we can assume d16.
The reader who wants concrete numbers and is willing to give up explicitness of the construction, can use the
proof of the above Lemma appearing in Appendix A, and take d= 16, α= 2128 and n0= 2128.
Fix for every sufficiently large even na (d, 1
/2, α, 1
/2)-unique neighbor expander and denote it by Γn.
Lemma 3.18. Assume that there is a subset A Fkof size 4k, with δ(A;Fk)δfor 0< δ α
/4and kn0.
Then, there is a subset A F2kof size 8kwith δ(A;Fk)δ.
Proof. Let Γ2kand Γ4kbe the (d, 1
/2, α, 1
/2)-unique neighbor expanders of sizes 2kand 4krespectively promised
by Remark 3.17. Define the following set A. Start with the standard basis Bof F2k. Apply the set word map
ΥΓ2kon Bto get D, and note that |D|=k. Then, apply the set word map Aon D, to get E, and note that
|E|= 4k. Finally, apply the set word map ΥΓ4kon Eto get F, and note that |F|= 2k. For A, take the union
(of ordered multi-sets) BEF, and note that |A|= 8k. See Figure ?? for visualisation.
Let HF2kbe a proper subgroup. If |Synd(H;B)| 8δk, then since Acontains Bwe deduce that
1|HA|
/8kδ. Otherwise, as 8δk α·2k, by the fact Γ2kis a unique neighbor expander with 1 2ε=1
/2,
there are at least |Synd(H;B)| · d
/2>0 many words in D= ΥΓ2k(B) that contain exactly one of the elements of
Synd(H;B) in their defining product, and thus are not in H this is our recurring argument, see Observation
3.1 or (3.4). By the assumption on A, if Synd(H;D) = Synd(H hDi;D)6=, then
|Synd(H;A(D))|=|Synd(H hDi;A(D))| δ|D|=δk,
and A(D) = EA. If |Synd(H;E)| 8δk, then we are done as before. Otherwise,
δk |Synd(H;E)| 8δk α·4k.
So, since Γ4kis a unique neighbor expander with 1 2ε=1
/2, there are at least δk ·d
/2words in F= ΥΓ2(E)
with exactly one element out of Hin the product defining them, and they are thus not in H(Observation 3.1).
Namely, |Synd(H;F)| δk ·d
/28δk in this case, as d16. All in all, in every possible case we deduced that
Synd(H;A)8δk, and as |A|= 8k, we get δ(A;Fk)δas needed.
Corollary 3.19. Good universal codes exist.
14They are usually called (d, α, ε)-lossless expanders. But, as we want to emphasize the size of the unique neighbors set and the
relative sizes of the two sides of the graph, we chose our terminology.
16 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
The set BThe set DThe set EThe set F
x1
x2
.
.
.
x2k1
x2k
w1
w2
.
.
.
wk1
wk
The graph Γ2k
v1
v2
.
.
.
v4k1
v4k
The set word map A
y1
y2
.
.
.
y2k1
y2k
The graph Γ4k
Figure 3.1. This is a visualisation of Athat is constructed in Lemma 3.18. The set B=
{x1, ..., x2k}is the standard basis of F2k. The wi’s play both the role of right side vertices in
Γ2kas well as the words wi(B) induced by the set word map ΥΓ2k, which constitute the set
D. The vi’s are the image of the set word map Aapplied on the tuple D= (wi(B))k
i=1, which
constitutes E. Finally, the set E= (vi)4k
i=1 plays the role of the left side of Γ4kas well, and the
yi’s are the right hand side as well as the images of ΥΓ4k, namely F= (yi(E))2k
i=1. All in all,
A=BEF={x1, ..., x2k, v1, ..., v4k, y1, ..., y2k}. Note that Γ2kand Γ4kare supposed to be
d-left regular, as oppose to the Figure which only illustrates 3-regularity.
Proof. Choose k0to be the smallest positive integer such that δ=1
/k0min{1
/n0,α
/4}. Take A0to be 4 copies
of the basis of Fk0. Then, A0satisfies the conditions of Lemma 3.18, as its detection probability is 1
/k0=δα
/4
and k0n0. Also the output Aof Lemma 3.18 satisfies its conditions given that the input satisfied them.
Hence, applying the Lemma repeatedly on A0proves the corollary.
NON-COMMUTATIVE ERROR CORRECTING CODES 17
Combining Corollary 3.19 with item (2) of Remark 2.2, resolves Theorem 1.8 and thus Theorem 1.1. Note
that in Theorem 1.8 we used the bound |A| 8kwhile Corollary 3.19 provides |A|= 4k. This is because of
the density issue Corollary 3.19 works only for k’s which are large enough powers of 2 times k0 and the
appropriate application of item (2) of Remark 2.2 results in a multiplicative factor 2 loss. Note that the lengths
of the words in Aare DD·L(A), where Dis the maximal right degree of Γ2kand Dis the maximal right
degree of Γ4k. By choosing unique neighbor expanders that are bi-regular (e.g., those from [SS96, Apendix II]),
the right regularity is d
/β= 2d, which means the length of this construction is polynomial in kwith exponent
log(4d2).
4. Abelian codes
As discussed in the introduction, we can study G-codes for more restricted classes of groups G. In this section,
we prove Theorem 1.11, namely find a test subset of linear size with constant detection probability in free abelian
groups, and hence for every abelian group. Viewing this problem from the point of view of error-correcting
codes, we are looking for a single generating matrix with integer coefficients, such that it is a good code mod m
simultaneously for all mN. In particular, we construct one generating matrix that works simultaneously over
all finite fields Fp.
Similarly to the previous section, here as well the methods are inspired by error correcting codes. This time,
these are Tanner codes with respect to unique neighbor expanders. As explicit constructions of unique neigbor
expanders exist (Remark 3.16), it allows us to provide an explicit construction.
Let us recall what we are looking for: There exist constants C1 and δ > 0, such that for every kN, there
is a subset AZksatisfying
|A| Ck;(4.1)
H Zk:|AH|
|A|1δ.(4.2)
Remark 4.1.In Theorem 1.11 we stated that we can find Asuch that C4 and δ1
/320. But, in this Section
we describe a general way of constructing these A’s, and the exact parameters are postponed to the end.
Let Ebe an n×kmatrix with integer coefficients. Then, it defines a homomorphism enc:ZkZn, and, as
in Section 2, we are interested in the image C(E) = C= Im(enc) which is a subgroup of Zn. Note that Cis the
subgroup generated by the columns of E. Furthermore,
(4.3) enc(v) = E · v= (ha, vi)aRows(E).
We abuse notation and keep using Φpas the mod poperation on all coordinates. Then Φp(C) is a linear subspace
of Fn
p, and we can study its properties as an error correcting code. To prove Theorem 1.11, we first reduce it to
the following proposition.
Proposition 4.2. There exist constants C1and δ > 0, such that for every kN, there is a matrix Ewith
integer coefficients of size n×ksatisfying the following:
(1) nCk.
(2) For every prime number p, the linear subspace Φp(C(E)) is an [n, k, δn]p-code.
18 M. CHAPMAN, I. DINUR, AND A. LUBOTZKY
Remark 4.3.By applying the methods of Section 2.2, a solution to Theorem 1.11 automatically implies a solution
to Proposition 4.2. The main take away from the following proof is that resolving Proposition 4.2 is also sufficient
with the same constants Cand δ. Also, as in Remark 1.12, this construction works uniformly to all prime fields.
But, as opposed to our solution in Section 2.3, it is the same encoding matrix regardless of the alphabet.
Proof of Theorem 1.11 assuming Proposition 4.2.Let C01, δ0>0 be the constants, and Ethe matrix of size
n×k, guaranteed by Proposition 4.2. Let A= Rows(Ek) be the rows of the matrix E. Since |A|=nC0k,
clause (4.1) is satisfied with C=C0.
Now, let us prove that clause (4.2) is satisfied. As before, we can assume His a maximal proper subgroup
of Zk.Since every subgroup of Zkis normal, His the kernel of a non-trivial homomorphism f:ZkG, where
Gis a simple group. Since Gis also the image of an abelian group, it must be cyclic of prime order. Namely,
f:ZkFpfor some prime number p. For every such f, ker Φp= (pZ)kis contained in kerf=H, which in
turn implies that ffactors through Fk
p. Hence, there is a correspondence between maximal subgroups of Zkand
non-trivial functionals ϕ:Fk
pFp, when pruns over all primes.15 Let ~
06=αFk
pbe the vector, as in Section 2,
for which ϕ=ϕα, i.e., ϕα(v) = hv, αi=Pk
i=1 viαi. Then
AH={aA|f(a) = 0}
={aΦp(A)|ϕα(a) = 0}
={aRows(E)| ha, αi= 0}.
By (4.3), {aRows(E)| ha, αi= 0}is the number of coordinates in enc(α) = E · αthat are zero. But, clause
(2) of Proposition