Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Block Circulant Codes with Application to Decentralized Systems

Birenjith Sasidharan, Emanuele Viterbo, Son Hoang Dau

TL;DR

This work introduces block circulant codes built from a modular topological design, enabling distributed erasure decoding and scalable minimum-distance growth for high-rate regimes. By instantiating a block circulant topology with RS-based local codes, the authors show a distance $d=\lambda\rho+1$ (in particular $d=2\rho+1$ for $\lambda=2$) and provide a two-phase, parallelizable erasure decoder that supports distributed recovery. The construction is commitment-friendly and compatible with cryptographic proofs (e.g., KZG), making these codes well-suited for data availability protocols in decentralized systems and blockchain networks. Compared to 2D RS codes, BC codes offer higher relative distance at similar rates and reduce per-node complexity and commitment overhead, enabling more efficient light-node DA sampling. Overall, BC codes present a practical, scalable alternative for guaranteeing safety and liveness in data-sharing protocols across untrusted networks.

Abstract

In this paper, we design a family of $[n,k,d]$ block circulant codes that consist of many $[n_0 \ll n,k_0 \ll k,d_0]$ local codes and that satisfy three properties: (1) the code supports distributed erasure decoding, (2) $d$ can be scaled above $d_0$ by a given parameter, and (3) it is amenable to low complexity verification of code symbols using a cryptographic commitment scheme. These properties make the code ideal for use in protocols that address the data availability problem in blockchain networks. Moreover, the code outperforms the currently used 2D Reed-Solomon (RS) code with a larger relative minimum distance $(d/n)$, as desired in the protocol, for a given rate $(k/n)$ in the high-rate regime. The code is designed in two steps. First, we develop the topology, i.e., the structure of linear dependence relations among code symbols, and define it as the block circulant topology $T_{[μ,λ,ω]}(ρ)$. In this topology, there are $μ$ local codes, each constrained by $ρ$ parity checks. The set of symbols of a local code intersects with another in a uniform pattern, determined by two parameters, namely the overlap factor $λ$ and the overlap width $ω$. Next, we instantiate the topology, i.e., to specify the coefficients of linear dependence relations, to construct the block circulant codes ${\cal C}_{\text{BC}}[μ,λ,ω,ρ]$. Every local code is a $[λω+ρ,λω,ρ+1]$ generalized RS code. The block circulant code has $n=μ(ρ+ω)$, $k=μω$ and we show that $d=λρ+1$ under certain conditions. For $λ=2$, we prove that $d=2ρ+1$ always, and provide an efficient, parallelizable erasure-correcting decoder that fully recovers the codeword when there are $\leq 2ρ$ erasures. The decoder uses a novel decoding mechanism that iteratively recovers erasures from pairs of local codes.

Block Circulant Codes with Application to Decentralized Systems

TL;DR

This work introduces block circulant codes built from a modular topological design, enabling distributed erasure decoding and scalable minimum-distance growth for high-rate regimes. By instantiating a block circulant topology with RS-based local codes, the authors show a distance (in particular for ) and provide a two-phase, parallelizable erasure decoder that supports distributed recovery. The construction is commitment-friendly and compatible with cryptographic proofs (e.g., KZG), making these codes well-suited for data availability protocols in decentralized systems and blockchain networks. Compared to 2D RS codes, BC codes offer higher relative distance at similar rates and reduce per-node complexity and commitment overhead, enabling more efficient light-node DA sampling. Overall, BC codes present a practical, scalable alternative for guaranteeing safety and liveness in data-sharing protocols across untrusted networks.

Abstract

In this paper, we design a family of block circulant codes that consist of many local codes and that satisfy three properties: (1) the code supports distributed erasure decoding, (2) can be scaled above by a given parameter, and (3) it is amenable to low complexity verification of code symbols using a cryptographic commitment scheme. These properties make the code ideal for use in protocols that address the data availability problem in blockchain networks. Moreover, the code outperforms the currently used 2D Reed-Solomon (RS) code with a larger relative minimum distance , as desired in the protocol, for a given rate in the high-rate regime. The code is designed in two steps. First, we develop the topology, i.e., the structure of linear dependence relations among code symbols, and define it as the block circulant topology . In this topology, there are local codes, each constrained by parity checks. The set of symbols of a local code intersects with another in a uniform pattern, determined by two parameters, namely the overlap factor and the overlap width . Next, we instantiate the topology, i.e., to specify the coefficients of linear dependence relations, to construct the block circulant codes . Every local code is a generalized RS code. The block circulant code has , and we show that under certain conditions. For , we prove that always, and provide an efficient, parallelizable erasure-correcting decoder that fully recovers the codeword when there are erasures. The decoder uses a novel decoding mechanism that iteratively recovers erasures from pairs of local codes.
Paper Structure (19 sections, 3 theorems, 37 equations, 6 figures, 2 tables, 1 algorithm)

This paper contains 19 sections, 3 theorems, 37 equations, 6 figures, 2 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. The Block Circulant Topology
  3. Construction of Block Circulant Codes for Overlap Factor $\lambda=2$
  4. A Review of Generalized Reed-Solomon Codes
  5. The Construction of ${\cal C}_{\text{BC}}[\mu,2,\omega,\rho]$
  6. Systematic Encoding of ${\cal C}_{\text{BC}}[\mu,2,\omega,\rho]$
  7. An Erasure Correcting Decoder for ${\cal C}_{\text{BC}}[\mu,2,\omega,\rho]$
  8. Distributed Decoding of Erasures
  9. The Minimum Distance of ${\cal C}_{\text{BC}}[\mu,2,\omega,\rho]$
  10. Construction for Every Overlap Factor
  11. An Application in Decentralized Systems
  12. The Data Availability Problem
  13. Data Availability Sampling with Erasure Code and Performance Criteria
  14. Light Node Protocol Using 2D Reed-Solomon Code
  15. Two Variants of Commitement Schemes
  16. ...and 4 more sections

Key Result

Theorem 3.1

Let ${\bf c} =(c_0,c_1,\ldots, c_{n-1}) \in {\cal C}_{\text{BC}}[\mu,2,\omega,\rho]$ and ${\bf r} =(r_0,r_1,\ldots, r_{n-1}) \in (\mathbb{F}_q \cup \{ \textsc{e} \})^n$ be a vector obtained by replacing certain entries of ${\bf c}$ with $\textsc{e}$. Suppose that $\textsc{DEC}_{{\cal C}_{\text{BC}}[

Figures (6)

  • Figure 1: Illustration of the square product and the block circulant topologies. It may be viewed that we start with information symbols of the unshaded region and extend with parity symbols of the shaded region resulting in the final arrangement. The groupings of symbols depicted by closed curves indicate local codes.
  • Figure 2: The structure of parity check matrix in block circulant topology $T_{[\mu,\lambda,\omega]}(\rho)$ when $\mu=6, \lambda=3,\omega=3,\rho=2$.
  • Figure 3: The parity check marix of ${\cal C}_{\text{BC}}[\mu,2,\omega,\rho]$ that instantiates $T_{[\mu,2,\omega]}(\rho)$. We have $\mu=\lambda\nu=2\nu$. The submatrix $W_{ij}=V_jM_{ij}$ where $V_j$'s are Vandermonde matrices and $M_{ij}$'s are diagonal matrices.
  • Figure 4: Illustration of Example 1. We decode a pattern of $8$ erasures in the $[16,8]$ BC code ${\cal C}_{\text{BC}}[4,2,2,2]$ over $\mathbb{F}_{11}$. The BC code has four $[6,4,3]$ GRS local codes ${\cal C}_{\text{BC},i}, i=1,2,3,4$, out of which ${\cal C}_{\text{BC},i}={\cal D}^{(1)}_{{[}2,2,2,{]}}$ for $i=1,3$ and ${\cal C}_{\text{BC},i}={\cal D}^{(2)}_{{[}2,2,2,{]}}$ for $i=2,4$. A symbol with $\times$ indicates an erasure, whereas with $\checkmark$, a correct recovery from erasure. The auxiliary code ${\cal D}_{{[}2,2,2{]}}^{(1 \cup 2)}$ is an $[8,4,5]$ GRS code defined in \ref{['eq:jointcode2']}.
  • Figure 5: Illustration of the light node protocol (see Sec. \ref{['sec:prot']}) based on 2D RS code, KZG commitments, and data availability sampling. Full nodes store transaction data ${\bf tx}=[\text{tx}_i,i=1,\ldots,k]$ as $[c_i,i=1,\ldots,n]$ obtained by encoding ${\bf tx}$ by a $[n,k]$ 2D RS code. Block header includes KZG digests of every row/column codeword $\{\textsl{com}^{(r)}_i, \textsl{com}^{(c)}_i\}$, and KZG proofs $\{\pi^{(r)}_{ij}, \pi^{(c)}_{ij} \}$ of every symbol. Every light node queries fixed number of random symbols to decide whether to accept/reject a block header. Missing symbols can be decoded by a subset of light nodes (marked by $\triangle$) in a distributed manner.
  • ...and 1 more figures

Theorems & Definitions (8)

  • Definition 1
  • Definition 2
  • Theorem 3.1
  • proof
  • Theorem 3.2
  • proof
  • Theorem 4.1
  • proof