Large scale distributed computing faces several modern challenges, in particular, to provide resiliency against stragglers, robustness against computing errors, security against Byzantine and eavesdropping adversaries, privacy of sensitive information, and to efficiently handle repetitive computation [1, 2, 3, 4, 5, 6, 7]. Coded computing is an emerging field that resolves these issues by introducing and developing new coding theoretic concepts, started focusing on straggler mitigation [8, 9, 10], then later extended to secure and private computation [11, 12, 6, 13, 14, 7].
Coding for straggler mitigation is first studied in  for linear computation, where classical linear codes can be directly applied to achieve same performances. For computation beyond linear functions, new classes of coding designs are needed to achieve optimality. In , we studied matrix-by-matrix multiplication and introduced the polynomial coded computing (PCC) framework. The main coding idea is to jointly encode the input variables into single variate polynomials where the coefficients are functions of the inputs. By assigning each worker evaluations of these polynomials as coded variables, they essentially evaluate a new polynomial composed by each worker’s computation and the encoding functions at the same point. As long as the needed final results can be recovered from the coefficients of the composed polynomial, the master can decode the final output when sufficiently many workers complete their computation. PCC significantly reduces the design problem of coded computation to finding polynomials satisfying the above decodability constraint while minimizing the degree of the decomposed polynomial. It has been shown that PCC achieves a great success in providing exact optimal coding constructions for large classes of computation tasks including: pairwise product , convolution [10, 15], inner product [16, 15], element-wise product , and general batch multivariate-polynomial evaluation .
An important problem in distributed matrix multiplication is to consider the case where the inputs are encoded and multiplied in a block-wise manner. This setup generalizes the problem formulated in  to enable a more flexible tradeoff between resources such as storage, computation and communication, and has been studied in [15, 16, 17, 18, 19, 20, 21]. For straggler mitigation, the state of the art is achieved by two versions of the entangled polynomial code, both first presented in , which characterizes the optimum recovery threshold within a factor of . For brevity, we refer the collection of them as entangled polynomial codes. One significance of entangled polynomial codes is that it maps non-straggler-mitigating linear coded computing schemes to bilinear-complexity decompositions, which bridges the areas of fast matrix multiplication and coded computation, enables utilizing techniques developed in the rich literature (e.g., [22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41]). Moreover, this connection reduces block-wise matrix multiplication to computing element-wise products, for which we developed the optimal strategy for straggler mitigation. The coding gain achieve by entangled polynomial codes extended to fault-tolerant computing  and it is shown in  that security against Byzantine adversaries can also be provided the same way.
The goal of this paper is to extend entangled polynomial codes to three main problems: secure, private, and batch distributed matrix multiplication. In secure distributed matrix multiplication [11, 12, 43, 44, 19, 17, 13, 45, 14, 46, 47, 48, 49, 18, 50], the goal is to compute a single matrix product while preserving the privacy of input matrices against eavesdropping adversaries; in private distributed matrix multiplication [13, 14, 18, 51], the goal is to multiply a single pair from two lists of matrices while keeping the request (indices) private; batch distributed matrix multiplication [48, 20, 21] considers a scenario where more than one pair of matrices are to be multiplied.
There are recent works on each of these problems that considered general block-wise partitioning of input matrices [17, 18, 19, 20, 21]. However, all results presented in prior works are limited by a “cubic” barrier. Explicitly, when the input matrices to be multiplied are partitioned into -by- and -by- subblocks, all state of the arts require the workers computing at least products of coded submatrices per each multiplication task.
We demonstrate how entangled polynomial codes can be extended to break the cubic barrier in all three problems. We show that the coding ideas of entangled polynomial codes and PCC can be applied to provide unified solutions with needed security and privacy, as well as efficiently handling batch evaluation. Moreover, we achieve order-wise improvements upon state of the arts with explicit coding constructions.
For block-partitioned coded matrix multiplication, the goal is to distributedly multiply matrices with sizes of and , for a sufficiently large field , with a set of workers each can multiply a pair of possibly coded matrices with sizes and .
Explicitly, in a basic setting, given a pair of input matrices , , each worker is assigned a pair of possibly coded matrices and , which are encoded based on some (possibly random) functions of the input matrices respectively. The workers can each compute and return them to the master. The master tries to recover the final product based on results from possibly a subset of workers using some decoding functions. We say a coded computing scheme achieves a recovery threshold of , if the master can correctly decode the final output given the computing results from any subset of workers.
The state of the art for straggler mitigation is entangled polynomial codes, which achieves a recovery threshold of . Here denotes the bilinear complexity  for multiplying two matrices of sizes -by- and -by-. It is well know that is subcubic, i.e, when , , and are large. Hence, it order-wise outperforms other block-partitioning based schemes in related works for straggler mitigation (e.g., ).
Note that even for cases where is not yet know, one can still obtain explicit coding constructions by swapping in any upper bound constructions (e.g, [23, 24, 25, 27, 28, 29, 30, 31, 32, 34, 35, 36, 38, 39, 40]). Subcubic recovery thresholds can still be achieved for any sufficiently large , , and even one only applies the well known Strassen’s construction . Hence, for simplicity, in this work we present all results in terms of , and explicit subcubic constructions can be obtained in the same way.
We focus on linear codes, defined similarly as in [42, 6], which guarantees linear coding complexities w.r.t. the sizes of input matrices, and are dimension independent. Precisely, in a linear coding design, the input matrix (or each input for more general settings) is partitioned into -by-
subblocks of equals sizes (and possibly padded with a list of i.i.d. uniformly random matrices of same sizes, referred to as random keys).111To make sure the setting is well defined, we assume is finite whenever data-security or privacy is taken into account. Matrix (or matrices) are partitioned similarly. Each worker is then assigned a pair of linear combinations of these two lists of submatrices as coded inputs. Moreover, the master uses decoding functions that computes linear combinations of received computing results.222Note that by relaxing certain assumptions made in the paper, such as allowing the decoder to access inputs and random keys and allowing extra computational cost at workers or master, one can further reduce the recovery threshold (e.g., see discussions in [48, 53]).
All results presented in this paper for distributed matrix multiplication directly extends to general codes with possibly non-linear constructions, by swapping any upper bound of into the number workers required by any computing scheme, as we illustrated in .
Iii Main Results
We show that entangled polynomial codes can be adapted to the settings of secure, private and batch distributed matrix multiplication, achieving order-wise improvement with subcubic recovery thresholds while meeting the systems’ requirements. To demonstrate the coding gain, we focus on applying the second version of the entangled polynomial code, the one that achieves a recovery thrshold of for straggler mitigation.
Iii-a Secure Distributed Matrix Multiplication
Secure distributed matrix multiplication follows a similar setup discussed in Section II, where the goal to multiply a single pair of matrices, with additional constraints that either one or both of the input matrices are information-theoretic private to the workers, even if up to a certain number of them can collude. In particular, we say an encoding scheme is one-sided -secure, if
for any subset with size of at most , where is generated uniformly at random. Similarly, we say an encoding scheme is fully -secure, if instead
is satisfied for any , for uniformly randomly generated and .
Secure distributed matrix multiplication has been studied in [11, 12, 43, 44, 19, 17, 13, 45, 14, 46, 47, 48, 49, 18, 50]. In particular, [17, 18, 19] presented coded computing designs for general block-wise partitioning of the input matrices, all requiring at least workers’ computation.333In addition, at least extra workers are needed per each input matrix required to be stored securely. Entangled polynomial codes achieves subcubic recovery thresholds for both one-sided and fully secure settings, formally stated in the following theorem.
For secure distributed matrix multiplication, there are one-sided -secure linear coding schemes that achieves a recovery threshold of , and fully -secure linear coding schemes that achieves a recovery threshold of .
Entangled polynomial codes order-wise improves the state of the arts for general block-wise partitioning [17, 18, 19], by providing explicit constructions that require subcubic number of workers. Moreover, entangled polynomial codes simultaneously handles data security and straggler issues by tolerating arbitrarily many stragglers while maintaining the same recovery threshold and privacy level.
Iii-B Private Distributed Matrix Multiplication
Private distributed matrix multiplication has been studied in [13, 14, 18, 51], where the goal is to instead multiply a matrix by one of the matrices from while keeping the request private to the workers. In particular, the master send a (possibly random) query to each worker based the request . Then the matrices are encoded by each worker into a coded submatrix based on . The matrix is encoded the same as the basic setting, and each worker computes the product of their coded matrices.
The index should be kept private to any single worker in the sense that444Note that a stronger privacy condition can still be achieved, if one use the scheme for private and secure distributed matrix multiplication presented later in this paper.
for any , where are sampled uniformly at random. The master can decode the final output based on the returned results, the request and query ’s.
for any if is sampled uniformly random. This setting is referred to as private and secure distributed matrix multiplication.
The state of the art for private and secure distributed matrix multiplication with general block-partitioning based designs was proposed in , which requires at least number of workers. Entangled polynomial codes achieves subcubic recovery thresholds, formally stated in the following theorem.
For private coded matrix multiplication, there are linear coding schemes that achieve a recovery threshold of . For private and secure distributed matrix multiplication, linear coding schemes can achieve a recovery threshold of .
Entangled polynomial codes order-wise improves the state of the arts for general block-wise partitioning , by providing explicit constructions that achieves subcubic recovery thresholds, while simultaneously provides straggler-resiliency, data-security and privacy.
Similar to the discussion in Remark 1, one can show that any linear code requires at least workers for private coded matrix multiplication and workers for private and secure distributed matrix multiplication, even if one ignore the privacy requirement. This indicates a factor-of- optimality of entangled polynomial codes for both settings.
Entangled polynomial codes also applies to a more general scenario where the encoding functions for both input matrices are assigned to the workers, which we refer to as fully private coded matrix multiplication and formulate as follows. In fully private coded matrix multiplication, we have two lists of input matrices and , and the master aims to compute given an index . We assume , because otherwise the privacy requirement is trivial.
We aim to find computation designs such that is private against any single workers. Explicitly, the master send a (possibly random) query to each worker based on the demand . Then worker encodes both and based on . We require the requests to be private in the sense that
for any , where are sampled uniformly at random. We summarize the performance of entangled polynomial codes for fully private coded matrix multiplication as follows.
For fully private coded matrix multiplication, there are linear coding schemes that achieve a recovery threshold of .
Similar to earlier discussions, entangled polynomial codes provides coding constructions for fully private coded matrix multiplication with subcubic recovery thresholds. One can prove that any fully private linear code requires at least workers. Hence, the factor-of- optimality of entangled polynomial codes also holds true for fully private coded matrix multiplication.
Iii-C Batch Distributed Matrix Multiplication
The authors of [48, 20, 21] considered a scenario where the goal is to compute copies of the matrix multiplication task in one round of communication. Formally, a basic setting for batch distributed matrix multiplication is that we have two lists of input matrices and , and the master aims to compute their element-wise product . Given partitioning parameters and , each worker still computes a single multiplication of coded submatrices with sizes and .
For general block-partitioning based schemes, the state of the art design is provided in [20, 21], where the focus is to reduce the recovery threshold and no security or privacy is required. All known coding constructions presented for batch distributed matrix multiplication requires cubic number of workers per each multiplication task even no straggler presents (i.e., requiring at least workers in total).
We show that entangled polynomial codes offer a unified coding framework for batch matrix multiplication, achieving subcubic recovery thresholds while simultaneously handling all security and privacy requirements that are discussed earlier in this section. We present this result in the following theorem.555Similar to , in the most basic scenario with no requirements on resiliency, security, and privacy (i.e., requiring a recovery threshold of , with and ), one can directly apply any upper bound construction of bilinear complexity for batch matrix multiplication to further reduce the number of workers by a factor of . However, here we focus on demonstrating the coding gain and present the results for general scenarios. The proofs and detailed formulations can be found in Section VI.
For coded distributed batch matrix multiplication with parameters and , there are linear coding schemes that achieve a recovery threshold of . Moreover, for extended settings in batch matrix multiplication, linear coding schemes achieve the following recovery thresholds:
One sided -security: ,
Fully -security: ,
Privacy of request: ,
Security and Privacy: ,
Full Privacy: .
Note that batch-multiplying pairs of matrices is still computing a bilinear function, one can simply use similar bilinear decomposition bounds for this operation as in , and all earlier achievability and converse results extended to batch computation. However, to better demonstrate the achievability of subcubic recovery thresolds, we present our results based on a subadditivity upper bound.666Specifically, let denote the bilinear complexity of batch multiplying pairs of -by- and -by- matrices. We have . One can similarly prove the factor-of- optimalities for the general entangled polynomial codes framework for all settings we presented for batch matrix multiplication.
Iv Achievability Schemes for Secure Distributed Matrix Multiplication
In this section, we present coding schemes for the simple scenario where the only additional requirement for distributed matrix multiplication is to maintain the security of input matrices. This provides a proof for Theorem 1.
Given parameters , , and , we denote the partitioned uncoded input matrices by and . The encoding consists of two steps.
In Step 1, given any upper bound construction of (e.g., Strassen’s construction) with rank
and tensor tuples, , and , we pre-encode the inputs each into a list of coded submatrices.777For detailed definitions of bilinear complexity and upper bound constructions, see .
As we have explained in , this pre-encoding essentially provides a linear coding scheme with workers that does not provide straggler-resiliency and data-security, of which we need to take into account in the second part of the encoding.
In Step 2, note that it suffice to recover the element-wise products . We can build upon optimal coding constructions for element-wise multiplication, first presented in  for straggler mitigation and then extended in  to also provide data-privacy.
We first pad the two vectorsand with uniformly random keys. If matrix needs to be stored securely against up to colluding workers, we pad the pre-coded matrices of with uniformly random matrices . Explicitly, we define
if needs to be stored securely; otherwise, we define
Similarly, we define vector for matrix in the same way. For brevity, we denote the lengths of and by and .
Then we arbitrarily select distinct elements from , denoted , and distinct elements from , denoted . We encode the inputs for each worker as follows.
According to the PCC framework, we have encoded the input matrices using polynomials with degrees of and , where each worker is assigned their evaluations at . Hence, after the workers multiply their coded matrices, they obtain evaluations of the multiplicative product of these polynomials, which has degree . Note that evaluations of this composed polynomial at
recovers the needed element-wise products. The decodability requirement of PCC is satisfied. Consequently, the master can recover the final output by interpolating the composed polynomial after sufficiently many results from the workers are received, achieving a recovery threshold of.
Recall that for one-sided -secure setting, we have and ; then for fully -secure setting, we have . Hence, we have obtained linear coding schemes with recovery thresholds of and for both settings respectively given any upper bound constructions of with rank . Fundamentally, there exists constructions that exactly achieves the rank , which proves the existance of coding schemes stated in Theorem 1.
The coding scheme we presented for computing element-wise product with one-sided privacy naturally extends to provide optimal codes for the scenario of batch computation of multilinear functions where each of the input entries are coded to satisfy possibly different security requirements.
V Achievability Schemes for Private Distributed Matrix Multiplication
Similar to Section IV, we first pre-encode the input matrices into lists of vectors of length , given any upper bound construction of with rank and tensor tuples , , and . In particular, given parameters , , and , we denote the partitioned uncoded input matrices by and . We define
for each and . Then given any request , it suffices to compute the element-wise product while keeping private.
The second part of the encoding scheme is motivated by coding ideas developed in [15, 13] and earlier sections. In particular, we first pad the pre-encoded vector of with random keys for security. We define
if needs to be stored securely, where is a random key sampled from
with a uniform distribution; otherwise,
For brevity, we denote the length of by .
We arbitrarily select distinct elements from , denoted , and encode matrix by defining the following Lagrange polynomial,
We then arbitrarily select a finite subset of with at least elements, and let the master uniformly randomly generate distinct elements from , denoted . The master send to each worker , which satisfied the security of when required.
Given a request , we similarly define
and is a quantity to be specified later. If the encoding can be designed such that each worker essentially computes , then we can achieve the recovery thresholds stated in Theorem 2.
To construct a private computing scheme where is equivalent to , we divide by a scalar999Note that here we are exploiting the fact that each worker computes a function that is multilinear. For more general scenarios (e.g., general polynomial evaluations we considered in ), scaling the coded variables could affect decodability.
so that the result can be expressed as the unweighted sum of and with function defined as follows
We let the master generate i.i.d. uniformly random variablesfrom independent of ’s. The master send a query to each worker with for and for . Because each appears uniformly random to worker , the presented coding scheme satisfies the privacy requirement.
We let each worker encode by computing . Consequently, each encoded variable can be re-expressed as
with independent of .
After the workers multiply the coded matrices, each worker essentially returns . Because is available at the decoder, the master can decode given each worker ’s returned result by computing . Hence, by receiving results from sufficiently workers, the master can recovery the needed element-wise product by Lagrange interpolating the polynomial , and proceed to compute the final output.
Because the degree of equals , the presented coding scheme achieves a recovery threshold of . Note that when no security is required and when is stored securely. We have obtained linear coding schemes with recovery thresholds of for private coded matrix multiplication, and for private and secure distributed matrix multiplication for any upperbound construction of , which completes the proof for Theorem 2.
This coding scheme naturally extends to the scenario where the encoding of is required to be -secure. A recovery threshold of can be achieved, which is optimal within a factor of .
We now present the coding scheme for the fully private setting. The matrices are pre-encoded the same way and we denote the corresponding matrices by . To recover the final output, it suffices to compute .
We arbitrarily select distinct elements from , denoted , and define the following functions
We then arbitrarily select a finite subset of with at least elements. Let the master uniformly randomly generate distinct elements from , denoted , and i.i.d. uniformly random variables from independent of ’s. The master send a query to each worker with for , and for . This query is fully private, because for each worker , appears i.i.d. uniformly random in .
Each worker encodes the input matrices as follows
After the computation result is received from any worker , by multiplying a scalar factor with function defined in equation (17), the master recovers the evaluation of the product of two Lagrange polynomials of degree at point . By interpolating this polynomial and re-evaluating it at ’s, the master can recover all needed element-wise products. This provides a coding scheme that proves Theorem 3.
Vi Achievability Schemes for Batch Distributed Matrix Multiplication
In this section, we present the coding scheme for proving Theorem 4. We start with the basic setting where no security or privacy is required. As mentioned in Section III-C, one can directly decompose the tensor characterizing the -batch matrix multiplication, and all earlier results as well as Theorem 3 in  extends to batch distributed matrix multiplication. However, we instead present one certain class of upper bounds based on subadditivity of tensor rank.
Explicitly, we denote the partitioned uncoded input matrices by and . Given any upper bound construction of with rank and tensor tuples , , and , we define
for each and . Note that the batch product can be recovered from the element-wise product . One can directly apply the optimal coding scheme presented in , which encodes the pre-encoded vectors using Lagrange polynomials. According to Corollary 1 in , the resulting scheme achieves a recovery threshold of , which proves the based scenario for Theorem 4.
In , Lagrange encoding is also applied to compute inner product (sum of element-wise products) to achieve the same recovery threshold. Remarkably,  pointed out that the encoding can be made systematic as Lagrange polynomials passes through all uncoded inputs, as stated in . It is mentioned in  that the main benefits of using systematic encoding designs is to enable recovery from results of a certain smaller subset of “systematic” workers, which provides backward-compatibility and potentially reduces computation and decoding latency. Based on this observation, the entangled polynomial codes can be adapted to a “systematic” version that goes beyond inner product and handles generalized block-wise partitioned matrices by choosing the same evaluation points as in , so that a subset of workers computes all needed “uncoded” products of the pre-encoded matrices, and all major benefits of systematic encoding are provided. This construction gives a practical solution to an open problem stated in , in the sense of achieving all major benefits of systematic encoding, and improving recovery thresholds for any sufficiently large values of , , and .
Now we formally state the settings with security and privacy requirements. Similar to Section III, for batch matrix multiplication with security requirement, the formulation is the same as the basic setup for batch distributed matrix multiplication, except that the inputs needs to be stored information-theoretic privately even if up to workers collude. We say a coding scheme is one-sided -secure, if
for any subset with size of at most , where is generated uniformly at random. We say an encoding scheme is fully -secure, if instead
is satisfied for any , for uniformly randomly generated and .
When privacy is taken into account, the goal is to instead batch multiply a list of matrices by one unknown subset of matrices from a set while keeping the request private to the workers. The master send a query and a coded version of with size to each worker, then each worker encodes matrices into a coded submatrix of size based on the query, the same as in private distributed matrix multiplication. We say a computing scheme for batch matrix multiplication is private, if
for any , where are sampled uniformly at random. Furthermore, we say the computing scheme is private and secure, if we also have
for any when is sampled uniformly random.
Finally, for fully private batch matrix multiplication, the goal is to batch multiply pairs of matrices given two lists of inputs and . The master aims to compute given an index , while keeping private. The rest of the computation follows similarly to the fully private and the batch distributed matrix multiplication frameworks. Explicitly, we require that
for any , where are sampled uniformly at random and denotes the query the master send to worker .
The achievability schemes for all these settings can be built based on coding ideas we presented earlier in this paper. In particular, by first pre-encoding each of the input matrices using any upper bound construction of , the task of batch-multiplying matrices is reduced to computing element-wise product of two vectors of lengths at most . Then observe that in the second parts of all coding schemes we presented in earlier sections for non-batch matrix multiplication, we essentially provided linear codes that compute element-wise products of vectors of any sizes. By directly applying those proposed designs to the extended pre-coded vectors for batch multiplication, we obtain the needed computing schemes for proving Theorem 4 where the achieved recovery threshold upper bounds are stated by swapping into .
-  J. Dean and L. A. Barroso, “The tail at scale,” Communications of the ACM, vol. 56, no. 2, pp. 74–80, 2013.
-  R. D. Schlichting and F. B. Schneider, “Fail-stop processors: An approach to designing fault-tolerant computing systems,” ACM Trans. Comput. Syst., vol. 1, p. 222–238, Aug. 1983.
-  L. Lamport, R. Shostak, and M. Pease, “The byzantine generals problem,” ACM Trans. Program. Lang. Syst., vol. 4, p. 382–401, July 1982.
-  M. Zhou, R. Zhang, W. Xie, W. Qian, and A. Zhou, “Security and privacy in cloud computing: A survey,” in 2010 Sixth International Conference on Semantics, Knowledge and Grids, pp. 105–112, Nov 2010.
P. Mohassel and Y. Zhang, “Secureml: A system for scalable privacy-preserving machine learning,” in2017 IEEE Symposium on Security and Privacy (SP), vol. 00, pp. 19–38, May 2017.
-  Q. Yu, S. Li, N. Raviv, S. M. M. Kalan, M. Soltanolkotabi, and S. A. Avestimehr, “Lagrange coded computing: Optimal design for resiliency, security, and privacy,” in Proceedings of Machine Learning Research (K. Chaudhuri and M. Sugiyama, eds.), vol. 89 of Proceedings of Machine Learning Research, pp. 1215–1225, PMLR, 16–18 Apr 2019, arXiv:1806.00939, 2018.
-  J. So, B. Guler, A. S. Avestimehr, and P. Mohassel, “Codedprivateml: A fast and privacy-preserving framework for distributed machine learning,” arXiv preprint arXiv:1902.00641, 2019.
-  K. Lee, M. Lam, R. Pedarsani, D. Papailiopoulos, and K. Ramchandran, “Speeding up distributed machine learning using codes,” e-print arXiv:1512.02673, 2015.
S. Dutta, V. Cadambe, and P. Grover, “Short-dot: Computing large linear transforms distributedly using coded short dot products,” inAdvances In Neural Information Processing Systems, pp. 2092–2100, 2016.
-  Q. Yu, M. Maddah-Ali, and S. Avestimehr, “Polynomial codes: an optimal design for high-dimensional coded matrix multiplication,” in Advances in Neural Information Processing Systems 30, pp. 4406–4416, Curran Associates, Inc., 2017, arXiv:1705.10464, 2017.
-  W.-T. Chang and R. Tandon, “On the capacity of secure distributed matrix multiplication,” arXiv preprint arXiv:1806.00469, 2018.
-  H. Yang and J. Lee, “Secure distributed computing with straggling servers using polynomial codes,” IEEE Transactions on Information Forensics and Security, vol. 14, pp. 141–150, Jan 2019.
-  M. Kim and J. Lee, “Private secure coded computation,” arXiv preprint arXiv:1902.00167, 2019.
-  W.-T. Chang and R. Tandon, “On the upload versus download cost for secure and private matrix multiplication,” arXiv preprint arXiv:1906.10684, 2019.
-  Q. Yu, M. A. Maddah-Ali, and A. S. Avestimehr, “Straggler mitigation in distributed matrix multiplication: Fundamental limits and optimal coding,” in 2018 IEEE International Symposium on Information Theory (ISIT), pp. 2022–2026, June 2018, arXiv:1801.07487v1, 2018.
-  M. Fahim, H. Jeong, F. Haddadpour, S. Dutta, V. Cadambe, and P. Grover, “On the optimal recovery threshold of coded matrix multiplication,” in 2017 55th Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 1264–1270, Oct 2017.
-  M. Aliasgari, O. Simeone, and J. Kliewer, “Distributed and private coded matrix computation with flexible communication load,” arXiv preprint arXiv:1901.07705, 2019.
-  M. Aliasgari, O. Simeone, and J. Kliewer, “Private and secure distributed matrix multiplication with flexible communication load,” arXiv preprint arXiv:1909.00407, 2019.
-  H. A. Nodehi, S. R. H. Najarkolaei, and M. A. Maddah-Ali, “Entangled polynomial coding in limited-sharing multi-party computation,” in 2018 IEEE Information Theory Workshop (ITW), pp. 1–5, Nov 2018.
-  Z. Jia and S. A. Jafar, “Cross subspace alignment codes for coded distributed batch matrix multiplication,” arXiv preprint arXiv:1909.13873, 2019.
-  Z. Jia and S. A. Jafar, “Generalized cross subspace alignment codes for coded distributed batch matrix multiplication,” 2019.
-  V. Strassen, “Gaussian elimination is not optimal,” Numerische Mathematik, vol. 13, pp. 354–356, Aug 1969.
-  V. Y. Pan, “Strassen’s algorithm is not optimal trilinear technique of aggregating, uniting and canceling for constructing fast algorithms for matrix operations,” in 19th Annual Symposium on Foundations of Computer Science (sfcs 1978), pp. 166–176, Oct 1978.
-  J. Hopcroft and L. Kerr, “On minimizing the number of multiplications necessary for matrix multiplication,” SIAM Journal on Applied Mathematics, vol. 20, no. 1, pp. 30–36, 1971.
-  J. D. Laderman, “A noncommutative algorithm for multiplying 3 3 matrices using 23 multiplications,” Bulletin of the American Mathematical Society, vol. 82, no. 1, pp. 126–128, 1976.
-  S. Winograd, “On multiplication of 2 2 matrices,” Linear Algebra and its Applications, vol. 4, no. 4, pp. 381 – 388, 1971.
-  D. Bini, “Relations between exact and approximate bilinear algorithms. applications,” CALCOLO, vol. 17, pp. 87–97, Jan 1980.
-  A. Schönhage, “Partial and total matrix multiplication,” SIAM Journal on Computing, vol. 10, pp. 434–455, aug 1981.
-  F. Romani, “Some properties of disjoint sums of tensors related to matrix multiplication,” SIAM Journal on Computing, vol. 11, no. 2, pp. 263–267, 1982.
-  D. Coppersmith and S. Winograd, “On the asymptotic complexity of matrix multiplication,” in Proceedings of the 22Nd Annual Symposium on Foundations of Computer Science, SFCS ’81, (Washington, DC, USA), pp. 82–90, IEEE Computer Society, 1981.
-  V. Strassen, “The asymptotic spectrum of tensors and the exponent of matrix multiplication,” in Proceedings of the 27th Annual Symposium on Foundations of Computer Science, SFCS ’86, (Washington, DC, USA), pp. 49–54, IEEE Computer Society, 1986.
-  D. Coppersmith and S. Winograd, “Matrix multiplication via arithmetic progressions,” Journal of Symbolic Computation, vol. 9, no. 3, pp. 251 – 280, 1990. Computational algebraic complexity editorial.
-  J. Landsberg, “The border rank of the multiplication of 2 2 matrices is seven,” Journal of the American Mathematical Society, vol. 19, no. 2, pp. 447–459, 2006.
-  A. J. Stothers, On the complexity of matrix multiplication. PhD thesis, University of Edinburgh, 2010.
-  C.-E. Drevet, M. Nazrul Islam, and E. Schost, “Optimization techniques for small matrix multiplication,” Theoretical Computer Science, vol. 412, no. 22, pp. 2219–2236, 2011.
V. V. Williams, “Multiplying matrices faster than coppersmith-winograd,” in
In Proc. 44th ACM Symposium on Theory of Computation, pp. 887–898, 2012.
-  P. Bürgisser, M. Clausen, and M. A. Shokrollahi, Algebraic complexity theory, vol. 315. Springer Science & Business Media, 2013.
-  A. V. Smirnov, “The bilinear complexity and practical algorithms for matrix multiplication,” Computational Mathematics and Mathematical Physics, vol. 53, pp. 1781–1795, Dec 2013.
-  A. Sedoglavic, “A non-commutative algorithm for multiplying 55 matrices using 99 multiplications,” arXiv preprint arXiv:1707.06860, 2017.
-  A. Sedoglavic, “A non-commutative algorithm for multiplying (7 7) matrices using 250 multiplications,” arXiv preprint arXiv:1712.07935, 2017.
-  F. Le Gall, “Complexity of matrix multiplication and bilinear problems,”
-  Q. Yu, M. Ali, and A. S. Avestimehr, “Straggler mitigation in distributed matrix multiplication: Fundamental limits and optimal coding,” IEEE Transactions on Information Theory, 2020.
-  J. Kakar, S. Ebadifar, and A. Sezgin, “Rate-efficiency and straggler-robustness through partition in distributed two-sided secure matrix computation,” arXiv preprint arXiv:1810.13006, 2018.
-  R. G. L. D’Oliveira, S. El Rouayheb, and D. Karpuk, “Gasp codes for secure distributed matrix multiplication,” in 2019 IEEE International Symposium on Information Theory (ISIT), pp. 1107–1111, July 2019.
-  J. Kakar, S. Ebadifar, and A. Sezgin, “On the capacity and straggler-robustness of distributed secure matrix multiplication,” IEEE Access, vol. 7, pp. 45783–45799, 2019.
-  S. Ebadifar, J. Kakar, and A. Sezgin, “The need for alignment in rate-efficient distributed two-sided secure matrix computation,” in ICC 2019 - 2019 IEEE International Conference on Communications (ICC), pp. 1–6, May 2019.
-  H. A. Nodehi and M. A. Maddah-Ali, “Secure coded multi-party computation for massive matrix operations,” arXiv preprint arXiv:1908.04255, 2019.
-  Z. Jia and S. A. Jafar, “On the capacity of secure distributed matrix multiplication,” arXiv preprint arXiv:1908.06957, 2019.
-  J. Kakar, A. Khristoforov, S. Ebadifar, and A. Sezgin, “Uplink-downlink tradeoff in secure distributed matrix multiplication,” arXiv preprint arXiv:1910.13849, 2019.
-  R. G. D’Oliveira, S. El Rouayheb, D. Heinlein, and D. Karpuk, “Degree tables for secure distributed matrix multiplication,” 2019.
-  M. Kim, H. Yang, and J. Lee, “Private coded matrix multiplication,” IEEE Transactions on Information Forensics and Security, pp. 1–1, 2019.
-  M. Bläser, Fast Matrix Multiplication. No. 5 in Graduate Surveys, Theory of Computing Library, 2013.
-  Q. Yu and A. S. Avestimehr, “Harmonic coding: An optimal linear code for privacy-preserving gradient-type computation,” in 2019 IEEE International Symposium on Information Theory (ISIT), pp. 1102–1106, July 2019.
-  M. Ben-Or, S. Goldwasser, and A. Wigderson, “Completeness theorems for non-cryptographic fault-tolerant distributed computation,” in Proceedings of the Twentieth Annual ACM Symposium on Theory of Computing, STOC ’88, (New York, NY, USA), p. 1–10, Association for Computing Machinery, 1988.
-  S. Dutta, M. Fahim, F. Haddadpour, H. Jeong, V. Cadambe, and P. Grover, “On the optimal recovery threshold of coded matrix multiplication,” IEEE Transactions on Information Theory, vol. 66, pp. 278–301, Jan 2020, arXiv:1801.10292, 2018.
-  I. Tamo and A. Barg, “A family of optimal locally recoverable codes,” IEEE Transactions on Information Theory, vol. 60, pp. 4661–4676, Aug 2014.
-  H. Jeong, Y. Yang, and P. Grover, “Systematic matrix multiplication codes,” in 2019 IEEE International Symposium on Information Theory (ISIT), pp. 1–5, July 2019.