An Algorithmist s Toolkit Lecture 18

Similar documents
COS 598D - Lattices. scribe: Srdjan Krstic

1: Introduction to Lattices

1 Shortest Vector Problem

Lattices and Hermite normal form

CSE 206A: Lattice Algorithms and Applications Winter The dual lattice. Instructor: Daniele Micciancio

Lattice-Based Cryptography: Mathematical and Computational Background. Chris Peikert Georgia Institute of Technology.

Fundamental Domains, Lattice Density, and Minkowski Theorems

How to Factor N 1 and N 2 When p 1 = p 2 mod 2 t

The Dual Lattice, Integer Linear Systems and Hermite Normal Form

An Algorithmist s Toolkit September 10, Lecture 1

Lecture 2: Lattices and Bases

MH1200 Final 2014/2015

CSE 206A: Lattice Algorithms and Applications Spring Minkowski s theorem. Instructor: Daniele Micciancio

Lattice Basis Reduction and the LLL Algorithm

An Algorithmist s Toolkit September 15, Lecture 2

Notes for Lecture 15

This lecture is a review for the exam. The majority of the exam is on what we ve learned about rectangular matrices.

Math 344 Lecture # Linear Systems

Additive Combinatorics Lecture 12

MATH 2210Q MIDTERM EXAM I PRACTICE PROBLEMS

CSE 206A: Lattice Algorithms and Applications Spring Basic Algorithms. Instructor: Daniele Micciancio

CSE 206A: Lattice Algorithms and Applications Spring Basis Reduction. Instructor: Daniele Micciancio

Determinants. Recall that the 2 2 matrix a b c d. is invertible if

Lecture Summaries for Linear Algebra M51A

1. What is the determinant of the following matrix? a 1 a 2 4a 3 2a 2 b 1 b 2 4b 3 2b c 1. = 4, then det

Chapter 3. Directions: For questions 1-11 mark each statement True or False. Justify each answer.

Warm-up. True or false? Baby proof. 2. The system of normal equations for A x = y has solutions iff A x = y has solutions

3. Linear Programming and Polyhedral Combinatorics

PROBLEMS ON LINEAR ALGEBRA

Discrete Math, Second Problem Set (June 24)

Final EXAM Preparation Sheet

2 b 3 b 4. c c 2 c 3 c 4

Discrete Optimization 23

An Algorithmist s Toolkit Nov. 10, Lecture 17

MATH 149, FALL 2008 DISCRETE GEOMETRY LECTURE NOTES

SUPPLEMENT TO CHAPTER 3

Computationally, diagonal matrices are the easiest to work with. With this idea in mind, we introduce similarity:

Definition 2.3. We define addition and multiplication of matrices as follows.

An overview of key ideas

MA 265 FINAL EXAM Fall 2012

An Algorithmist s Toolkit September 24, Lecture 5

MATH 304 Linear Algebra Lecture 33: Bases of eigenvectors. Diagonalization.

19. Basis and Dimension

Topics in Basis Reduction and Integer Programming

Lecture 12: Diagonalization

Gaussian Elimination and Back Substitution

MATH 323 Linear Algebra Lecture 12: Basis of a vector space (continued). Rank and nullity of a matrix.

3. Vector spaces 3.1 Linear dependence and independence 3.2 Basis and dimension. 5. Extreme points and basic feasible solutions

Lecture #21. c T x Ax b. maximize subject to

Background: Lattices and the Learning-with-Errors problem

Hermite normal form: Computation and applications

Matrix Operations: Determinant

Homework Set #8 Solutions

Math 4377/6308 Advanced Linear Algebra

CSC 2414 Lattices in Computer Science September 27, Lecture 4. An Efficient Algorithm for Integer Programming in constant dimensions

An algebraic perspective on integer sparse recovery

Math Camp Lecture 4: Linear Algebra. Xiao Yu Wang. Aug 2010 MIT. Xiao Yu Wang (MIT) Math Camp /10 1 / 88

Math 240 Calculus III

c c c c c c c c c c a 3x3 matrix C= has a determinant determined by

2018 Fall 2210Q Section 013 Midterm Exam II Solution

Hard Instances of Lattice Problems

EE/ACM Applications of Convex Optimization in Signal Processing and Communications Lecture 2

Primitive sets in a lattice

Final Examination 201-NYC-05 December and b =

Family Feud Review. Linear Algebra. October 22, 2013

Specral Graph Theory and its Applications September 7, Lecture 2 L G1,2 = 1 1.

5.6. PSEUDOINVERSES 101. A H w.

Linear Algebra II. 2 Matrices. Notes 2 21st October Matrix algebra

3. Linear Programming and Polyhedral Combinatorics

Matrix Factorization and Analysis

The Shortest Vector Problem (Lattice Reduction Algorithms)

ORIE 6300 Mathematical Programming I August 25, Recitation 1

MAT 2037 LINEAR ALGEBRA I web:

Math 54 Homework 3 Solutions 9/

Determinants. Beifang Chen

1 Last time: determinants

Algebraic Geometry Spring 2009

Problem # Max points possible Actual score Total 120

Chapter 4 - MATRIX ALGEBRA. ... a 2j... a 2n. a i1 a i2... a ij... a in

arxiv: v1 [cs.ds] 2 Nov 2013

Linear Algebra. Grinshpan

Chapters 5 & 6: Theory Review: Solutions Math 308 F Spring 2015

Lattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.

Lattice Basis Reduction Part 1: Concepts

Definition (T -invariant subspace) Example. Example

Lecture 1 and 2: Random Spanning Trees

GRE Subject test preparation Spring 2016 Topic: Abstract Algebra, Linear Algebra, Number Theory.

Math 18, Linear Algebra, Lecture C00, Spring 2017 Review and Practice Problems for Final Exam

Section 2.2: The Inverse of a Matrix

Modern Algebra Prof. Manindra Agrawal Department of Computer Science and Engineering Indian Institute of Technology, Kanpur

Review of Linear Algebra

5 Dedekind extensions

Solutions to Final Exam

6.854J / J Advanced Algorithms Fall 2008

18.06 Quiz 2 April 7, 2010 Professor Strang

Equality: Two matrices A and B are equal, i.e., A = B if A and B have the same order and the entries of A and B are the same.

D(f/g)(P ) = D(f)(P )g(p ) f(p )D(g)(P ). g 2 (P )

Material covered: Class numbers of quadratic fields, Valuations, Completions of fields.

IMPORTANT DEFINITIONS AND THEOREMS REFERENCE SHEET

det(ka) = k n det A.

Transcription:

18.409 An Algorithmist s Toolkit 2009-11-12 Lecture 18 Lecturer: Jonathan Kelner Scribe: Colin Jia Zheng 1 Lattice Definition. (Lattice) Given n linearly independent vectors b 1,, b n R m, the lattice generated by them is defined as L(b 1, b 2, b n ) = { x i b i x i Z}. We refer to b 1,, b n as a basis of the lattice. Equivalently, if we define B as the m n matrix whose columns are b 1,, b n, then the lattice generated by B is L(B) = L(b 1, b 2,, b n ) = {Bx x Z n }. We say that the rank of the lattice is n and its dimension is m. If n = m, the lattice is called a full-rank lattice. It is easy to see that, L is a lattice if and only if L is a discrete subgroup of (R n, +). Remark. We will mostly consider full-rank lattices, as the more general case is not substantially different. Example. The lattice generated by (1, 0) T and (0, 1) T is Z 2, the lattice of all integers points (see Figure 1(a)). This basis is not unique: for example, (1, 1) T and (2, 1) T also generate Z 2 (see Figure 1 (b)). Yet another basis of Z 2 is given by (2005, 1) T ; (2006, 1) T. On the other hand, (1, 1) T, (2, 0) T is not a basis of Z 2 : instead, it generates the lattice of all integer points whose coordinates sum to an even number (see Figure 1 (c)). All the examples so far were of full-rank lattices. An example of a lattice that is not full is L((2, 1) T ) (see Figure 1(d)). It is of dimension 2 and of rank 1. Finally, the lattice Z = L((1)) is a one-dimensional full-rank lattice. Figure 1: Lattices of R 2 Definition. For matrix B, P (B) = {Bx x [0, 1) n } is the fundamental parallelepiped of B. Examples of fundamental parallelepipeds are the gray areas in Figure 1. For a full rank lattice L(B), P (B) tiles R n in the pattern L(B), in the sense that R n = {P (B) + x : x L(B)}; see Figure 2. 18-1

Figure 2: P (B) tiles R n In Figure 1, we saw that not every set of n linearly independent vectors B in a rank n full-rank lattice Λ is a basis of Λ. The fundamental parallelepiped characterizes exactly when B is a basis: Lemma. Let Λ be a rank n full-rank lattice and B an invertible n n matrix. Then B is a basis (of Λ) if and only if P (B) Λ = {0}. Proof. is obvious: Λ only contains elements with integer coordinates under B, and 0 is the only element of P (B) with integer coordinates. For, need to show that any lattice point x = By satisfies y i Z. Note that By with y i = y i y i is a lattice point in P (B). By our assumption By = 0, ie y i Z. It is natural to ask when are two invertible matices A, B equivalent bases, ie bases of the same lattice. It turns out that this happens if and only if A, B are related by a unimodular matrix. Definition. A square matrix U is unimodular if all entries are integer and det(u) = ±1. Lemma. U is unimodular iff U 1 is unimodular. Proof. Suppose U is unimodular. Clearly U 1 has ±1 determinant. To see that U 1 has integer entries, note that they are simply signed minors of U divided by det(u). Lemma. Nonsingular matrices B 1, B 2 are equivalent bases if and only if B 2 = B 1 U for some unimodular matrix U. Proof. : Since each column of B 1 has integer coordinates under B 2, B 1 = B 2 U for some integer matrix U. Similarly B 2 = B 1 V for some integer matrix V. Hence B 1 = B 1 V U, ie V U = I. Since V, U are both integer matrices, this means that det(u) = ±1, as required. : Note that each column of B 2 is contained in L(B 1 ) and vice versa. Corollary. Nonsingular matrices B 1, B 2 are equivalent if and only if one can be obtained from the other by the following operations on columns: 1. b i b i + kb j for some k Z 2. b i b j 3. b i b i Now that it is clear that bases of a lattice have the same absolute determinant, we can proceed to define the determinant of lattice: Definition. (Determinant of lattice) Let L = L(B) be a lattice of rank n. We define the determinant of L, denoted det(l), as the n-dimensional volume of P (B), ie det(l) = det(b T B). In particular if L is a full rank lattice, det(l) = det(b). 18-2

1.1 Dual lattices Definition. The dual Λ of lattice Λ is {x R n : v Λ, x v Z}. Equivalently, the dual can be viewed as the set of linear functionals from Λ to Z. Figure 3: Dual lattice Definition. For matrix B, its the dual basis B is the unique basis that satisfies 1. span(b) = span(b ) 2. B T B = I Fact. (L(B)) = L(B ). Fact. (Λ ) = Λ. Fact. det(λ ) = det 1 (Λ). 2 Shortest vectors and successive minima One basic parameter of a lattice is the length of the shortest nonzero vector in the lattice, denoted λ 1. How about the second shortest? We are not interested in the second/third/etc shortest vectors which happen to be simply scaler multiples of the shortest vector. Instead, one requires that the next minimum increases the dimension of the space spanned: Definition. The ith successive minimum of lattice Λ, λ i (Λ), is defined to be inf{r dim(span(λ B (0, r)) i}. Figure 4: λ 1 (Λ) = 1, λ 2 Λ = 2.3 The following theorem, due to Blichfield, has various important consequences, and in particular can be used to bound λ 1. Theorem. (Blichfield) For any full-rank lattice Λ and (measurable) set S R n with vol(s) > det(λ), there exist distinct z 1, z 2 S such that z 1 z 2 Λ. 18-3

Proof. Let B be a basis of Λ. Define x + P (B) to be {x + y : y P (B)} and S x to be = S (x + P (B)) (see Figure 5). Since S = S x we conclude that vol(s) = x Λ x Λ vol(s x ). Let Sˆx denote {z x : z S x }. Then vol(sˆx) = vol(s x ), ie x Λ vol(sˆx) = vol(s) > vol(p (B)). Therefore, there must exist nondisjoint Sˆx and Ŝ y for x y. Consider any nonzero z Sˆx Ŝ y, then z + x, z + y S and x y = (z + x) (z + y) Λ, as required. Figure 5: Blichfield s theorem As a corollary of Blichfield s theorem, we obtain the following theorem due to Minkowski, which says that any large enough centrally-symmetric convex set contains a nonzero lattice point. A set S is centrallysymmetric if it is closed under negation. It is easy to see that the theorem is false if we drop either of the central-symmetry or the convexity requirement. Theorem. (Minkowski) Let Λ be a full-rank lattice of rank n. Any centrally-symmetric convex set S with vol(s) > 2 n det(λ) contains a nonzero lattice point. 18-4

MIT OpenCourseWare http://ocw.mit.edu 18.409 Topics in Theoretical Computer Science: An Algorithmist's Toolkit Fall 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback