# Lewko's blog

## The Eberhard-Green-Manners Sum-free Subset Theorem, and What is Sum-free(13)?’

Posted in math.CO, Open Problem by Mark Lewko on February 19, 2013

The first research level math problem I seriously worked on (without much success) was the sum-free subset problem. A sum-free set (in an additive group) is a set that contains no solution to the equation $x+y=z$.  The sum-free subset problem concerns the following theorem of Erdős, which is one of the early applications of the probabilistic method.

Theorem: (Erdős, 1965) Let A be a finite set of natural numbers. There exists a sum-free subset $S \subseteq A$ such that $|S| \geq \frac{1}{3}|A| + \frac{1}{3}$.

The natural problem here is to determine how much one can improve on this result. Given the simplicity of the proof, it seems that one should be able to better. However, the best result to date is $\frac{|A|}{3}+ \frac{2}{3}$ (for $|A|>2$) due to Bourgain (1995) using Fourier analysis. It seems likely that there is a function $f(n) \rightarrow \infty$ such that one may take $|S| \geq \frac{|A|}{3}+ f(|A|)$ in the above theorem, however proving this seems to be quite challenging.  On the other hand proving a good upper bound also was a longstanding open problem, namely deciding if the constant $\frac{1}{3}$ could be replaced by a larger constant. This problem, in fact, has received a fair amount of attention over the years. In his 1965 paper Erdos states that Hinton proved that the constant is at most $\frac{7}{15} \approx .467$ and that Klarner improved this to $\frac{3}{7}$. In 1990 Alon and Kleitman improved this further to $\frac{12}{29} \approx 0.414$, and Malouf in her thesis (as well as Furedi) improved this further to $\frac{2}{5} = .4$. A couple years ago I improved this to $\frac{11}{28} \approx .393$ (I recently learned that Erdős claimed the same bound without a proof in a handwritten letter from 1992). More recently, Alon improved this to $\frac{11}{28} - 10^{-50000}$ (according to Eberhard, Green and Manners, Alon’s paper doesn’t appear to be electronically available. UPDATE: Alon’s paper can be found here). All of these results (with the exception of Alon’s) proceed simply be constructing a set and proving its largest sum-free subset is at most a certain size (then an elementary argument can be used to construct arbitrarily large sets with the same constant: see this blog post of Eberhard). On the other hand, it is obvious from the statement of the theorem above that one can’t have a set whose largest sum-free subset is exactly $\frac{|A|}{3}$, thus a simple proof by example is hopeless. The futile industry of constructing examples aside,  I spent a lot of effort thinking about this problem and never got very far.

About a month ago Sean Eberhard, Ben Green and Freddie Manners solved this problem, showing that $\frac{1}{3}$ is indeed the optimal constant!  I don’t yet fully understand their proof, and will refer the reader to their introduction for a summary of their ideas.  However, having learned the problem’s difficulty firsthand, I am very pleased to see it solved.

In the wake of this breakthrough on the upper bound problem, I thought I’d take this opportunity to highlight a toy case of the lower bound problem.

Definition: For a natural number $n$ define the sum-free subset number Sum-free$(n)$ to be the largest number such that every set of $n$ natural numbers is guaranteed to contain a sum-free subset of size at least Sum-free$(n)$.

Thus by Bourgain’s theorem we have that Sum-free$(n) \geq \frac{n+2}{3}$ (and the Eberhard-Green-Manners theorem states Sum-free$(n)=\frac{n}{3}+o(1)$). It turns out that Bourgain’s result is sharp for sets of size $12$ and smaller. However, Bourgain’s theorem only tells us that a set of size $13$ must contain a sum-free subset of size $5$ while it seems likely (from computer calculations) that every set of size $13$ must in fact contain a sum-free subset of size $6$. Indeed, I’ll even

Conjecture: Sum-free$(13)=6$.

While the asymptotic lower bound problem (showing that there $f(|A|) \rightarrow \infty$) seems very hard and is connected with subtle questions in harmonic analysis (such as the now solved Littewood conjecture on exponential sums), this problem is probably amenable to elementary combinatorics (although, it certainly does not seem easy!). Below is a chart showing what I know about the first $15$ sum-free subset numbers.

 $n$ Bourgain’s lower bound on Sum-free$(n)$ Best known upper bound on Sum-free$(n)$ Upper bound set example 1 1 1 $\{1\}$ 2 1 1 $\{1,2\}$ 3 2 2 $\{1,2,3\}$ 4 3 3 $\{1,2,3,4\}$ 5 3 3 $\{1,2,3,4,5\}$ 6 3 3 $\{1,2,3,4,5,6\}$ 7 3 3 $\{1,2,3,4,5,6,8\}$ 8 4 4 $\{1,2,3,4,5,6,7,9\}$ 9 4 4 $\{1,2,3,4,5,6,7,8,10\}$ 10 4 4 $\{1,2,3,4,5,6,8,9,10,18\}$ 11 5 5 $\{1,2,3,4,6,10,20,70,140,210,420\}$ 12 5 5 $\{1,2,3,4,5,6,7,8,9,10,14,18\}$ 13 5 6 $\{1,2,3,4,6,10,20,35,70,105,140,210,420\}$ 14 6 6 $\{1,2,3,4,5,6,7,10,12,14,30,35,60,70\}$ 15 6 7 $\{1,2,3,4,6,10,20,30,35,60,70,105,140,210,420\}$

## An Exact Asymptotic for the Square Variation of Partial Sum Processes

Posted in math.PR, Paper by Mark Lewko on June 6, 2011

Allison and I just arxiv’ed our paper An Exact Asymptotic for the Square Variation of Partial Sum Processes.

Let $\{X_{i}\}$ be a sequence of independent, identically distributed random variables with mean $\mu < \infty$ . The strong law of large numbers asserts that

$\sum_{i=1}^{N}X_{i} \sim N\mu$

almost surely. Without loss of generality, one can assume that $X_{i}$ are mean-zero by defining $Y_{i}=X_{i}-\mu$. If we further assume a finite variance, that is $\mathbb{E}\left[|X_{i}|^2 \right] = \sigma^2 < \infty$, the Hartman-Wintner  law of the iterated logarithm gives an exact error estimate for the strong law of large numbers. More precisely,

$\left|\sum_{i=1}^{N} X_{i} \right|^2\leq (2+o(1))\sigma^2 N \ln\ln (N)$

where the constant $2$ can not be replaced by a smaller constant. That is, the quantity $\sum_{i=1}^{N}X_{i}$ gets as large/small as $\pm \sqrt{ (2-\epsilon) \sigma N \ln\ln (N)}$ infinitely often. The purpose of our current work is to prove a more delicate variational asymptotic that refines the law of the iterated logarithm and captures more subtle information about the oscillations of a sums of i.i.d random variables about its expected value. More precisely,

Theorem Let $\{X_{i}\}$ be a sequence of independent, identically distributed mean zero random variables with variance $\sigma$ and satisfying $\mathbb{E}\left[|X_{i}|^{2+\delta}\right] < \infty$.  If we let $\mathcal{P}_{N}$ denote the set of all possible partitions of the interval $[N]$ into subintervals, then we have almost surely:

$\max_{\pi \in \mathcal{P}_{N}} \sum_{I \in \pi } | \sum_{i\in I} X_{i}|^2 \sim 2 \sigma^2N \ln \ln(N)$.

Choosing the partition $\pi$, to contain a single interval  $J=[1,N]$ immediately recovers  the upper bound in the law of the iterated logarithm. This result also strengthens earlier work of J. Qian.

An interesting problem left by this work is deciding if the moment condition $\mathbb{E}\left[|X_{i}|^{2+\delta}\right] < \infty$ can be removed.  Without an auxiliary moment condition we are able to establish the following weaker in probability’ result.

Theorem Let $\{X_i\}$ be a sequence of independent, identically distributed mean zero random variables with finite variance $\sigma$. We then have that

$\frac{\max_{\pi \in \mathcal{P}_{N}} \sum_{I \in \pi } | \sum_{i\in I} X_{i}|^2}{2 \sigma^2 N \ln \ln(N)} \xrightarrow{p} 1$

## The millennium problems and football

Posted in humor by Mark Lewko on February 4, 2011

## How to leak on key updates

Posted in Cryptography, Paper by Mark Lewko on February 3, 2011

Leakage resilient cryptography is an exciting area of cryptography that aims to build cryptosystems that provide security against side channel attacks. In this post I will give a nontechnical description of a common leakage resilient security model, as well as describe a recent paper in the area with Allison Lewko and Brent Waters, titled “How to Leak on Key Updates”.

Review of Public Key Encryption

Let us (informally) recall the definition of a public key cryptography system. Alice would like to send Bob a private message $M$ over an unsecured channel. Alice and Bob have never met before and we assume they do not share any secret information. Ideally, we would like a procedure where 1) Alice and Bob engage in a series of communications resulting in Bob learning the message $M$ 2) an eavesdropper, Eve, who intercepts all of the communications sent between Alice and Bob, should not learn any (nontrivial) information about the message $M$. As stated, the problem is information theoretically impossible. However, this problem is classically solved under the heading of public key cryptography if we further assume that:

1) Eve has limited computational resources,
2) certain computational problems (such as factoring large integers or computing discrete logarithms in a finite group) are not efficiently solvable, and
3) we allow Alice and Bob to use randomization (and permit security to fail with very small probability).

More specifically, a public key protocol works as follows: Bob generates a private and public key, say $SK$ and $PK$ respectively. As indicated by the names, $PK$ is publicly known but Bob retains $SK$ as secret information. When Alice wishes to send a message $M$ to Bob she generates an encrypted ciphertext $C$ using the message $M$, Bob’s public key $PK$ and some randomness. She then sends this ciphertext to Bob via the public channel. When Bob receives the ciphertext he decrypts it using his secret key $SK$ and recovers $M$. While Eve has access to the ciphertext $C$ and the secret key $SK$, she is unable to learn any nontrivial information about the message $M$ (assuming our assumptions are sound). In fact, we require a bit more: even if this is repeated many times (with fixed keys), Eve’s ability to decrypt the ciphertext does not meaningfully improve.

Leakage Resilient Cryptography and our work

In practice, however, Eve may be able to learn information in addition to what she intercepts over Alice and Bob’s public communications via side channel attacks. Such attacks might include measuring the amount of time or energy Bob uses to carry out computations. The field of leakage resilient cryptography aims to incorporate protection against such attacks into the the security model. In this model, in addition to the ciphertext and public key, we let Eve select a (efficiently computable) function $F:\{0,1\}^{\ell}\rightarrow\{0,1\}^{\mu \ell}$ where $\ell$ is the bit length of $SK$ and $0<\mu<1$ is a constant. We now assume, in addition to $C$ and $PK$, Eve  also gets to see $F(SK)$. In other words, Eve gains a fair amount of information about the secret key, but not enough to fully determine it.

Moreover, we allow Eve to specify a different function $F$ every time Alice sends Bob a message. There is an obvious problem now, however. If the secret key $SK$ remained static, then Eve could start by choosing $F$ to output the first $\mu \ell$ bits, the second time she could choose $F$ to give the next $\mu \ell$ bits, and if she carries on like this, after $1/\mu$ messages she would have recovered the entire secret key. To compensate for this we allow Bob to update his secret key between messages. The public key will remain the same.

There has been a lot of interesting work on this problem. In the works of Brakerski, Kalai, Katz, and Vaikuntanathan and Dodis, Haralambiev, Lopez-Alt, and Wichs many schemes are presented that are provably secure against continual leakage. In these schemes, however, information about the secret key is permitted to be leaked between updates, but only a tiny amount is allowed to be leaked during the update process itself.

In our current work, we offer the first scheme that allows a constant fraction of the information used in the update to be leaked. The proof is based on subgroup decision assumptions in composite order bilinear groups.

## Adam Smith on mathematicians (circa 1759)

Posted in Uncategorized by Mark Lewko on January 29, 2011

I recently came across the following passage regarding the mathematical profession from Adam Smith’s  influential work The Theory of Moral Sentiments that I thought others might find interesting:

Mathematicians, on the contrary, who may have the most perfect assurance, both of the truth and of the importance of their discoveries, are frequently very indifferent about the reception which they may meet with from the public. The two greatest mathematicians that I ever have had the honour to be known to, and, I believe, the two greatest that have lived in my time, Dr Robert Simpson of Glasgow, and Dr Matthew Stewart of Edinburgh, never seemed to feel even the slightest uneasiness from the neglect with which the ignorance of the public received some of their most valuable works. The great work of Sir Isaac Newton, his Mathematical Principles of Natural Philosophy, I have been told, was for several years neglected by the public. The tranquillity of that great man, it is probable, never suffered, upon that account, the interruption of a single quarter of an hour. Natural philosophers, in their independency upon the public opinion, approach nearly to mathematicians, and, in their judgments concerning the merit of their own discoveries and observations, enjoy some degree of the same security and tranquillity.

The morals of those different classes of men of letters are, perhaps, sometimes somewhat affected by this very great difference in their situation with regard to the public.

Mathematicians and natural philosophers, from their independency upon the public opinion, have little temptation to form themselves into factions and cabals, either for the support of their own reputation, or for the depression of that of their rivals. They are almost always men of the most amiable simplicity of manners, who live in good harmony with one another, are the friends of one another’s reputation, enter into no intrigue in order to secure the public applause, but are pleased when their works are approved of, without being either much vexed or very angry when they are neglected.

The entire text is available here.

## Restriction estimates for the paraboloid over finite fields

Posted in Fourier Analysis, math.CA, Paper by Mark Lewko on September 19, 2010

Allison and I recently completed a paper titled Restriction estimates for the paraboloid over finite fields. In this note we obtain some endpoint restriction estimates for the paraboloid over finite fields.

Let $S$ denote a hypersurface in $\mathbb{R}^{n}$ with surface measure $d\sigma$. The restriction problem for $S$ is to determine for which pairs of $(p,q)$ does there exist an inequality of the form

$\displaystyle ||\hat{f}||_{L^{p'}(S,d\sigma)} \leq C ||f||_{L^{q'}(\mathbb{R}^n)}.$

We note that the left-hand side is not necessarily well-defined since we have restricted the function $\hat{f}$ to the hypersurface $S$, a set of measure zero in  $\mathbb{R}^{n}$. However, if we can establish this inequality for all Schwartz functions $f$, then the operator that restricts $\hat{f}$ to $S$ (denoted by $\hat{f}|_{S}$), can be defined whenever $f \in L^{q}$. In the Euclidean setting, the restriction problem has been extensively studied when $S$ is a sphere, paraboloid, and cone. In particular, it has been observed that restriction estimates are intimately connected to questions about certain partial differential equations as well as problems in geometric measure theory such as the Kakeya conjecture. The restriction conjecture states sufficient conditions on $(p,q)$ for the above inequality to hold. In the case of the sphere and paraboloid, the question is open in dimensions three and higher.

In 2002 Mockenhaupt and Tao initiated the study of the restriction phenomena in the finite field setting. Let us introduce some notation to formally define the problem in this setting. We let $F$ denote a finite field of characteristic $p >2$. We let $S^{1}$ denote the unit circle in $\mathbb{C}$ and define $e: F \rightarrow S^1$ to be a non-principal character of $F$. For example, when $F = \mathbb{Z}/p \mathbb{Z}$, we can set $e(x) := e^{2\pi i x/p}$. We will be considering the vector space $F^n$ and its dual space $F_*^n$. We can think of $F^n$ as endowed with the counting measure $dx$ which assigns mass 1 to each point and $F_*^n$ as endowed with the normalized counting measure $d\xi$ which assigns mass $|F|^{-n}$ to each point (where $|F|$ denotes the size of $F$, so the total mass is equal to 1 here).

For a complex-valued function $f$ on $F^n$, we define its Fourier transform $\hat{f}$ on $F_*^n$ by:

$\displaystyle \hat{f}(\xi) := \sum_{x \in F^n} f(x) e(-x \cdot \xi).$

For a complex-valued function $g$ on $F_*^n$, we define its inverse Fourier transform $g^{\vee}$ on $F^n$ by:

$\displaystyle g^{\vee}(x) := \frac{1}{|F|^n} \sum_{\xi \in F_*^n} g(\xi) e(x\cdot \xi).$

It is easy to verify that $(\hat{f})^\vee = f$ and $\widehat{(g^{\vee})} = g$.

We define the paraboloid $\mathcal{P} \subset F_*^n$ as: $\mathcal{P} := \{(\gamma, \gamma \cdot \gamma): \gamma \in F_*^{n-1}\}$. This is endowed with the normalized “surface measure” $d\sigma$ which assigns mass $|\mathcal{P}|^{-1}$ to each point in $\mathcal{P}$. We note that $|\mathcal{P}| = |F|^{n-1}$.
For a function $f: \mathcal{P} \rightarrow \mathbb{C}$, we define the function $(f d\sigma)^\vee: F^n \rightarrow \mathbb{C}$ as follows:

$\displaystyle (f d\sigma)^\vee (x) := \frac{1}{|\mathcal{P}|} \sum_{\xi \in \mathcal{P}} f(\xi) e(x \cdot \xi).$

For a complex-valued function $f$ on $F^n$ and $q \in [1, \infty)$, we define

$\displaystyle ||f||_{L^q(F^n, dx)} := \left( \sum_{x \in F^n} |f(x)|^q \right)^{\frac{1}{q}}.$

For a complex-valued function $f$ on $\mathcal{P}$, we similarly define

$\displaystyle ||f||_{L^q(\mathcal{P},d\sigma)} := \left( \frac{1}{|\mathcal{P}|} \sum_{\xi \in \mathcal{P}} |f(\xi)|^q \right)^{\frac{1}{q}}.$

Now we define a restriction inequality to be an inequality of the form

$\displaystyle ||\hat{f}||_{L^{p'}(S,d\sigma)} \leq \mathcal{R}(p\rightarrow q) ||f||_{L^{q'}(\mathbb{R}^n)},$

where $\mathcal{R}(p\rightarrow q)$ denotes the best constant such that the above inequality holds. By duality, this is equivalent to the following extension estimate:

$||(f d\sigma)^\vee||_{L^q(F^n, dx)} \leq \mathcal{R}(p\rightarrow q) ||f||_{L^p(\mathcal{P},d\sigma)}.$

We will use the notation $X \ll Y$ to denote that quantity $X$ is at most a constant times quantity $Y$, where this constant may depend on the dimension $n$ but not on the field size, $|F|$. For a finite field $F$, the constant $\mathcal{R}(p\rightarrow q)$ will always be finite. The restriction problem in this setting is to determine for which $(p,q)$ can we upper bound $\mathcal{R}(p\rightarrow q)$ independently of $|F|$ (i.e. for which $(p,q)$ does $\mathcal{R}(p \rightarrow q) \ll 1$ hold).

Mockenhaupt and Tao solved this problem for the paraboloid in two dimensions.  In three dimensions, we require $-1$ not be a square in $F$ (without this restriction the parabaloid will contain non-trivial subspaces which lead to trivial counterexamples, but we will not elaborate on this here). For such $F$, they showed that $\mathcal{R}(8/5+\epsilon \rightarrow 4) \ll 1$ and $\mathcal{R}(2 \rightarrow \frac{18}{5}+\epsilon) \ll 1$ for every $\epsilon>0$. When $\epsilon=0$, their bounds were polylogarithmic in $|F|$. Mockenhaupt and Tao’s argument for the $\mathcal{R}(8/5 \rightarrow 4)$ estimate proceeded by first establishing the estimate for characteristic functions. Here one can expand the $L^4$ norm and reduce the problem to combinatorial estimates. A well-known dyadic pigeonhole argument then allows one to pass back to general functions at the expense of a logarithmic power of $|F|$. Following a similar approach (but requiring much more delicate Gauss sum estimates), Iosevich and Koh proved that $\mathcal{R}(\frac{4n}{3n-2}+ \epsilon \rightarrow 4) \ll 1$ and $\mathcal{R}(2 \rightarrow \frac{2n^2}{n^2-2n+2} + \epsilon) \ll 1$ in higher dimensions (in odd dimensions some additional restrictions on $F$ are required). Again, however, this argument incurred a logarithmic loss at the endpoints from the dyadic pigeonhole argument.

In this note we remove the logarithmic losses mentioned above. Our argument begins by rewriting the $L^4$ norm as $||(fd\sigma)^{\vee}||_{L^4}=||(fd\sigma)^{\vee}(fd\sigma)^{\vee}||_{L^2}^{1/2}$. We then adapt the arguments of the prior papers to the bilinear variant $||(fd\sigma)^{\vee}(gd\sigma)^{\vee}||_{L^2}^{1/2}$ in the case that $f$ and $g$ are characteristic functions.

To obtain estimates for arbitrary functions $f$, we can assume that $f$ is non-negative real-valued and decompose $f$ as a linear combination of characteristic functions, where the coefficients are negative powers of two (we can do this without loss of generality by adjusting only the constant of our bound). We can then employ the triangle inequality to upper bound $||(fd\sigma)^{\vee}||_{L^4}$ by a double sum of terms like $||(\chi_j d\sigma)^{\vee}(\chi_k d\sigma)^{\vee}||_{L^2}^{1/2}$, where $\chi_i$ and $\chi_j$ are characteristic functions, weighted by negative powers of two. We then apply our bilinear estimate for characteristic functions to these inner terms and use standard bounds on sums to obtain the final estimates.

Our method yields the following theorems:

Theorem For the paraboloid in $3$ dimensions with $-1$ not a square, we have $\mathcal{R}(8/5 \rightarrow 4) \ll 1$ and $\mathcal{R}(2 \rightarrow \frac{18}{5}) \ll 1$.
Theorem For the paraboloid in $n$ dimensions when $n \geq 4$ is even or when $n$ is odd and $|F| = q^m$ for a prime $q$ congruent to 3 modulo 4 such that $m(n-1)$ is not a multiple of 4, we have $\mathcal{R}(\frac{4n}{3n-2} \rightarrow 4) \ll 1$ and $\mathcal{R}(2 \rightarrow \frac{2n^2}{n^2-2n+2}) \ll 1$.

We recently learned that in unpublished work Bennett, Carbery, Garrigos, and Wright have also obtained the results in the $3$-dimensional case. Their argument proceeds rather differently than ours and it is unclear (at least to me) if their argument can be extended to the higher dimensional settings.

Tagged with: ,

## An improved upper bound for the sum-free subset constant

Posted in math.CO, Paper, Uncategorized by Mark Lewko on August 27, 2010

I recently arXiv’ed a short note titled An Improved Upper Bound for the Sum-free Subset Constant. In this post I will briefly describe the result.

We say a set of natural numbers $A$ is sum-free if there is no solution to the equation $x+y=z$ with $x,y,z \in A$. The following is a well-known theorem of Erdős.

Theorem Let $A$ be a finite set of natural numbers. There exists a sum-free subset $S \subseteq A$ such that $|S| \geq \frac{1}{3}|A|$.

The proof of this theorem is a common example of the probabilistic method and appears in many textbooks. Alon and Kleitman have observed that Erdős’ argument essentially gives the theorem with the slightly stronger conclusion $|S| \geq \frac{|A|+1}{3}$. Bourgain  has improved this further, showing that the conclusion can be strengthened to $|S| \geq \frac{|A| + 2}{3}$. Bourgain’s estimate is sharp for small sets, and improving it for larger sets seems to be a difficult problem. There has also been interest in establishing upper bounds for the problem. It seems likely that the constant $1/3$ cannot be replaced by a larger constant, however this is an open problem. In Erdős’ 1965 paper, he showed that the constant $\frac{1}{3}$ could not be replaced by a number greater than $3/7 \approx .429$ by considering the set $\{2,3,4,5,6,8,10\}$. In 1990, Alon and Kleitman improved this to $12/29 \approx .414$. In a recent survey of open problems in combinatorics, it is reported that Malouf has shown the constant cannot be greater than $4/10 = .4$.  While we have not seen Malouf’s proof, we note that this can be established by considering the set $\{1,2,3,4,5,6,8,9,10,18\}$. In this note we further improve on these results by showing that the optimal constant cannot be greater than $11/28 \approx .393$.

Tagged with: ,

## Sets of large doubling and a question of Rudin

Posted in Fourier Analysis, math.CA, math.CO, Paper by Mark Lewko on April 2, 2010

Update (May 2, 2010): After posting this preprint, Stefan Neuwirth informed us that Rudin’s question had been previously answered by Y. Meyers in 1968. It appears that Meyers’ construction doesn’t, however, say anything about the anti-Freiman problem. Indeed Meyers’ set (and all of its subsets) contains a $B_{2}[2]$ set of density $1/4$. Hence, the construction of a $\Lambda(4)$ set that doesn’t contain a large $B_{2}[2]$ set still appears to be new. A revised version of the paper has been posted reflecting this information.  Most notably, we have changed the title to “On the Structure of Sets of Large Doubling”.

Allison Lewko and I recently arXiv’ed our paper “Sets of Large Doubling and a Question of Rudin“. The paper (1) answers a question of Rudin regarding the structure of ${\Lambda(4)}$ sets (2) negatively answers a question of O’Bryant about the existence of a certain “anti-Freiman” theorem (3) establishes a variant of the (solved) Erdös-Newman conjecture. I’ll briefly describe each of these results below.

— Structure of ${\Lambda(4)}$ sets —

Before describing the problem we will need some notation. Let ${S \subset {\mathbb Z}^d}$ and define ${R_{h}(n)}$ to be the number of unordered solutions to the equation ${x_{1}+\ldots + x_{h}=n}$ with ${x_{1},\ldots,x_{h} \in S}$. We say that ${S}$ is a ${B_{h}[G]}$ set if ${R_{h}(n) \leq G}$ for all ${n \in Z^d}$. There is a similar concept with sums replaced by differences. Since this concept is harder to describe we will only introduce it in the case ${h=2}$. For ${S \subset Z^{d}}$ we define ${R_{2}^{\circ}(n)}$ to be the number of solutions to the equation ${x_{1}-x_{2} = n}$ with ${x_{1},x_{2}\in S}$. If ${R_{2}^{\circ}(n)\leq G}$ for all nonzero ${n}$ we say that ${S}$ is a ${B_{2}^{\circ}[G]}$ set.

Let ${S}$ be a subset of the integers ${{\mathbb Z}^{d}}$, and call ${f : \mathbb{T}^{d} \rightarrow {\mathbb C}}$ an ${S}$-polynomial if it is a trigonometric polynomial whose Fourier coefficients are supported on ${S}$ (i.e. ${\hat{f}(n) = 0}$ if ${n \in {\mathbb Z^{d}} \setminus S}$). We say that ${S}$ is a ${\Lambda(p)}$ set (for ${p>2}$) if

$\displaystyle ||f||_{L^p} \leq K_{p}(S) ||f||_{L^{2}} \ \ \ \ \ (1)$

holds for all ${S}$-polynomials where the constant ${K_{p}(S)}$ only depends on ${S}$ and ${p}$. If ${p}$ is an even integer, we can expand out the ${L^{p}}$ norm in 1. This quickly leads to the following observation: If ${S}$ is a ${B_{h}[G]}$ set then ${S}$ is also an ${\Lambda(2h)}$ set (${h>1}$, ${h \in Z}$). One can also easily show using the triangle inequality that the union of two ${\Lambda(p)}$ sets is also a ${\Lambda(p)}$ set. It follows that the finite union of ${B_{h}[G]}$ sets is a ${\Lambda(2h)}$ set. In 1960 Rudin asked the following natural question: Is every ${\Lambda(2h)}$ set is a finite union of ${B_{h}[G]}$ sets?

In this paper we show that the answer is no in the case of ${\Lambda(4)}$ sets. In fact, we show a bit more than this. One can easily show that a ${B_{2}^{\circ}[G]}$ set is also a ${\Lambda(4)}$ set. Our first counterexample to Rudin’s question proceeded (essentially) by constructing a ${B_{2}^{\circ}[2]}$ set which wasn’t the finite union of ${B_{2}[G]}$ sets. This however raised the following variant of Rudin’s question: Is every ${\Lambda(4)}$ set the mixed finite union of ${B_{2}[G]}$ and ${B_{2}^{\circ}[G]}$ sets? We show that the answer to this question is no as well. To do this we construct a ${B_{2}[G]}$ set, A, which isn’t a finite union of ${B_{2}^{\circ}[G]}$ sets, and a ${B_{2}^{\circ}[G]}$ set, ${B}$, which isn’t the finite union of ${B_{2}[G]}$ sets. We then consider the product set ${S= A \times B \subset Z^{2}}$ which one can prove is a ${\Lambda(4)}$ subset of ${Z^{2}}$. It isn’t hard to deduce from this that ${S}$ is a ${\Lambda(4)}$ subset of ${Z^2}$ that isn’t a mixed finite union of ${B_{2}[G]}$ and ${B_{2}^{\circ}[G]}$ sets. Moreover, one can (essentially) map this example back to ${Z}$ while preserving all of the properties stated above. Generalizing this further, we show that there exists a ${\Lambda(4)}$ set that doesn’t contain (in a sense that can be made precise) a large ${B_{2}[G]}$ or ${B_{2}^{\circ}[G]}$. This should be compared with a related theorem of Pisier which states that every Sidon set contains a large independent set (it is conjectured that a Sidon set is a finite union of independent sets, however this is open).

We have been unable to extend these results to ${\Lambda(2h)}$ sets for ${h>2}$. Very generally, part of the issue arises from the fact that the current constructions hinges on the existence of arbitrary large binary codes which can correct strictly more than a ${1/2}$ fraction of errors. To modify this construction (at least in a direct manner) to address the problem for, say, ${\Lambda(6)}$ sets it appears one would need arbitrary large binary codes that can correct strictly more than a ${2/3}$ fraction of errors. However, one can show that such objects do not exist.

— Is there an anti-Freiman theorem? —

Let ${A}$ be a finite set of integers and denote the sumset of ${A}$ as ${A+A = \{a+b : a,b \in A\}}$. A trivial inequality is the following

$\displaystyle 2|A|-1 \leq |A+A| \leq {|A| \choose 2}.$

In fact, it isn’t hard to show that equality only occurs on the left if ${A}$ is an arithmetic progression and only occurs on the right if ${A}$ is a ${B_{2}[1]}$ set. A celebrated theorem of Freiman states that if ${|A+A| \approx |A|}$ then ${A}$ is approximately an arithmetic progression. More precisely, if ${A}$ is a finite set ${A \subseteq {\mathbb Z}}$ satisfying ${|A+A| \leq \delta |A|}$ for some constant ${\delta}$, then ${A}$ is contained in a generalized arithmetic progression of dimension ${d}$ and size ${c |A|}$ where ${c}$ and ${d}$ depend only on ${\delta}$ and not on ${|A|}$.

It is natural to ask about the opposite extreme: if ${|A+A| \geq \delta |A|^2}$, what can one say about the structure of ${A}$ as a function only of ${\delta}$? A first attempt might be to guess that if ${|A+A|\geq \delta |A|^2}$ for some positive constant ${\delta}$, then ${A}$ can be decomposed into a union of ${k}$ ${B_2[G]}$ sets where ${k}$ and ${G}$ depend only on ${\delta}$. This is easily shown to be false. For example, one can start with a ${B_2[1]}$ of ${n}$ elements contained in the interval ${[n+1,\infty)}$ and take its union with the arithmetic progression ${[1,n]}$. It is easy to see that ${|A+A| \geq \frac{1}{10} |A|^2}$ regardless of ${n}$. However, the interval ${[1,n]}$ cannot be decomposed as the union of ${k}$ ${B_2[G]}$ sets with ${k}$ and ${G}$ independent of ${n}$.

There are two ways one might try to fix this problem: first, we might ask only that ${A}$ contains a ${B_2[G]}$ set of size ${\delta' |A|}$, where ${\delta'}$ and ${G}$ depend only on ${\delta}$. (This formulation was posed as an open problem by O’Bryant here). Second, we might ask that ${|A'+A'|\geq \delta |A'|^2}$ hold for all subsets ${A' \subseteq A}$ for the same value of ${\delta}$. Either of these changes would rule out the trivial counterexample given above. In this paper we show that even applying both of these modifications simultaneously is not enough to make the statement true. We provide a sequence of sets ${A \subseteq {\mathbb Z}}$ where ${|A'+A'|\geq \delta |A'|^2}$ holds for all of their subsets for the same value of ${\delta}$, but if we try to locate a ${B_2[G]}$ set, ${B}$, of density ${1/k}$ in ${A}$ then ${k}$ must tend to infinity with the size of ${A}$. As above, our initial construction of such a sequence of ${A}$‘s turned out to be ${B^\circ_2[2]}$ sets. This leads us to the even weaker anti-Freiman conjecture:

(Weak Anti-Freiman) Suppose that ${A \subseteq {\mathbb Z}}$ satisfies ${|A'+A'|\geq \delta |A'|^2}$ and ${|A'-A'|\geq \delta |A'|^2}$ for all subsets ${A' \subseteq A}$. Then ${A}$ contains either a ${B_2[G]}$ set or a ${B^\circ_2[G]}$ set of size ${\geq \delta' |A|}$, where ${G}$ and ${\delta'}$ depend only on ${\delta}$.

We conclude by showing that even this weaker conjecture fails. The constructions are the same as those used in the ${\Lambda(4)}$ results above. The two problems are connected by the elementary observation that if ${A'}$ is a subset of a ${\Lambda(4)}$ set ${A}$ then ${|A'+A'|\geq \delta |A'|^2}$ holds where ${\delta}$ only depends on the ${\Lambda(4)}$ constant ${K_{4}(A)}$ of the set ${A}$.

— A variant of the Erdös-Newman conjecture —

In the early 1980’s Erdös and Newman independently made the following conjecture: For every ${G}$ there exists a ${B_{2}[G]}$ that isn’t a finite union of ${B_{2}[G']}$ sets for any ${G'\leq G-1}$. This conjecture was later confirmed by Erdös for certain values of ${G}$ using Ramsey theory, and finally resolved completely by Nešetřil and Rödl using Ramsey graphs. One further application of our technique is the following theorem which can be viewed as an analog of the Erdös-Newman problem with the roles of the union size and ${G}$ reversed.

Theorem 1 For every ${k >1}$ there exists a union of $k$ ${B_{2}[1]}$ sets that isn’t a finite union of ${k'\leq k-1}$ ${B_{2}[G]}$ sets for any ${G}$.

## The dense model theorem

Posted in expository, math.IT, math.NT by Mark Lewko on December 14, 2009

A key component in the work of Green, Tao, and Ziegler on arithmetic and polynomial progressions in the primes is the dense model theorem. Roughly speaking this theorem allows one to model a dense subset of a sparse pseudorandom set by dense subset of the the ambient space. In the work of Green, Tao, and Zeigler this enabled them to model (essentially) the characteristic function of the set of primes with (essentially) the characteristic function of a set of integers with greater density. They then were able to obtain the existence of certain structures in the model set via Szemerédi’s theorem and its generalizations.

More recently, simplified proofs of the dense model theorem have been obtained independently by Gowers and Reingold, Trevisan, Tulsiani and Vadhan. In addition, the latter group has found applications of these ideas in theoretical computer science. In this post we give an expository proof of the dense model theorem, substantially following the paper of Reingold, Trevisan, Tulsiani and Vadhan.

With the exception of the min-max theorem from game theory (which can be replaced by (or proved by) the Hahn-Banach theorem, as in Gowers’ approach) the presentation is self-contained.

(We note that the the theorem, as presented below, isn’t explictly stated in the Green-Tao paper. Roughly speaking, these ideas can be used to simplify/replace sections 7 and 8 of that paper.) (more…)