satisfying ( i ; j ) = ij Here ij = if i = j and 0 otherwise The idea to use lattices is the following Suppose we are given a lattice L and a point ~x

Similar documents
and the polynomial-time Turing p reduction from approximate CVP to SVP given in [10], the present authors obtained a n=2-approximation algorithm that

ON FREE PLANES IN LATTICE BALL PACKINGS ABSTRACT. 1. Introduction

CSE 206A: Lattice Algorithms and Applications Spring Basis Reduction. Instructor: Daniele Micciancio

Block Korkin{Zolotarev Bases. and Successive Minima. C.P. Schnorr TR September Abstract

Lecture 5: CVP and Babai s Algorithm

Some Sieving Algorithms for Lattice Problems

Note on shortest and nearest lattice vectors

The Shortest Vector Problem (Lattice Reduction Algorithms)

47-831: Advanced Integer Programming Lecturer: Amitabh Basu Lecture 2 Date: 03/18/2010

Dimension-Preserving Reductions Between Lattice Problems

Finding the closest lattice vector when it's unusually close

New Conjectures in the Geometry of Numbers

Reduction of Smith Normal Form Transformation Matrices

Hard Instances of Lattice Problems

1 Shortest Vector Problem

Worst case complexity of the optimal LLL algorithm

Shortest Vector Problem (1982; Lenstra, Lenstra, Lovasz)

On Approximating the Covering Radius and Finding Dense Lattice Subspaces

BOUNDS FOR SOLID ANGLES OF LATTICES OF RANK THREE

Linear Algebra, 4th day, Thursday 7/1/04 REU Info:

A Lattice Basis Reduction Algorithm

A Disaggregation Approach for Solving Linear Diophantine Equations 1

On Nearly Orthogonal Lattice Bases

CSC 2414 Lattices in Computer Science September 27, Lecture 4. An Efficient Algorithm for Integer Programming in constant dimensions

Math 413/513 Chapter 6 (from Friedberg, Insel, & Spence)

Lattice Basis Reduction Part 1: Concepts

How to Factor N 1 and N 2 When p 1 = p 2 mod 2 t

12 CHAPTER 1. PRELIMINARIES Lemma 1.3 (Cauchy-Schwarz inequality) Let (; ) be an inner product in < n. Then for all x; y 2 < n we have j(x; y)j (x; x)

Basis Reduction, and the Complexity of Branch-and-Bound

The Euclidean Distortion of Flat Tori

Non-standard approaches to integer programming

Elementary 2-Group Character Codes. Abstract. In this correspondence we describe a class of codes over GF (q),

Richard DiSalvo. Dr. Elmer. Mathematical Foundations of Economics. Fall/Spring,

Vector Space Basics. 1 Abstract Vector Spaces. 1. (commutativity of vector addition) u + v = v + u. 2. (associativity of vector addition)

Lattice Basis Reduction and the LLL Algorithm

Author copy. for some integers a i, b i. b i

Techinical Proofs for Nonlinear Learning using Local Coordinate Coding

Exercise Solutions to Functional Analysis

Hardness of the Covering Radius Problem on Lattices

MATH 31BH Homework 1 Solutions

Linear Algebra (part 1) : Vector Spaces (by Evan Dummit, 2017, v. 1.07) 1.1 The Formal Denition of a Vector Space

Lecture 7 Limits on inapproximability

The cocycle lattice of binary matroids

The subject of this paper is nding small sample spaces for joint distributions of

COS 598D - Lattices. scribe: Srdjan Krstic

Lattice Reduction of Modular, Convolution, and NTRU Lattices

SIMPLE AND POSITIVE ROOTS

APPROXIMATING THE COMPLEXITY MEASURE OF. Levent Tuncel. November 10, C&O Research Report: 98{51. Abstract

Best simultaneous Diophantine approximations and multidimensional continued fraction expansions

arxiv: v1 [math.nt] 20 Nov 2017

BMO Round 2 Problem 3 Generalisation and Bounds

Covering an ellipsoid with equal balls

Chapter 1. Preliminaries. The purpose of this chapter is to provide some basic background information. Linear Space. Hilbert Space.

Lattices Part II Dual Lattices, Fourier Transform, Smoothing Parameter, Public Key Encryption

Complexity of the Havas, Majewski, Matthews LLL. Mathematisch Instituut, Universiteit Utrecht. P.O. Box

Chapter 3 Least Squares Solution of y = A x 3.1 Introduction We turn to a problem that is dual to the overconstrained estimation problems considered s

THE LARGEST INTERSECTION LATTICE OF A CHRISTOS A. ATHANASIADIS. Abstract. We prove a conjecture of Bayer and Brandt [J. Alg. Combin.

ADDENDUM B: CONSTRUCTION OF R AND THE COMPLETION OF A METRIC SPACE

CSE 206A: Lattice Algorithms and Applications Spring Basic Algorithms. Instructor: Daniele Micciancio

Near convexity, metric convexity, and convexity

(1.) For any subset P S we denote by L(P ) the abelian group of integral relations between elements of P, i.e. L(P ) := ker Z P! span Z P S S : For ea

New Practical Algorithms for the Approximate Shortest Lattice Vector

Linear Algebra. Preliminary Lecture Notes

The idea is that if we restrict our attention to any k positions in x, no matter how many times we

Solving All Lattice Problems in Deterministic Single Exponential Time

Problem Set 9 Due: In class Tuesday, Nov. 27 Late papers will be accepted until 12:00 on Thursday (at the beginning of class).

CSE 206A: Lattice Algorithms and Applications Winter The dual lattice. Instructor: Daniele Micciancio

Note An example of a computable absolutely normal number

Countable subgroups of Euclidean space

New concepts: Span of a vector set, matrix column space (range) Linearly dependent set of vectors Matrix null space

Lattice-Based Cryptography: Mathematical and Computational Background. Chris Peikert Georgia Institute of Technology.

Topics in Basis Reduction and Integer Programming

From the Shortest Vector Problem to the Dihedral Hidden Subgroup Problem

A Fast Phase-Based Enumeration Algorithm for SVP Challenge through y-sparse Representations of Short Lattice Vectors

Math 61CM - Solutions to homework 6

Lecture 1: Basic Concepts

Upper and Lower Bounds on the Number of Faults. a System Can Withstand Without Repairs. Cambridge, MA 02139

Lecture 2: Review of Prerequisites. Table of contents

From Satisfiability to Linear Algebra

CSE 206A: Lattice Algorithms and Applications Spring Minkowski s theorem. Instructor: Daniele Micciancio

IBM Almaden Research Center, 650 Harry Road, School of Mathematical Sciences, Tel Aviv University, TelAviv, Israel

SELECTIVELY BALANCING UNIT VECTORS AART BLOKHUIS AND HAO CHEN

On the complexity of approximate multivariate integration

Irreducible Polynomials over Finite Fields

SUBSPACES OF COMPUTABLE VECTOR SPACES

Classication of Quadratic Forms

2 cryptology was immediately understood, and they were used to break schemes based on the knapsack problem (see [99, 23]), which were early alternativ

INTEGRAL ORTHOGONAL BASES OF SMALL HEIGHT FOR REAL POLYNOMIAL SPACES

Closest Point Search in Lattices

Math 1180, Notes, 14 1 C. v 1 v n v 2. C A ; w n. A and w = v i w i : v w = i=1

MATH 51H Section 4. October 16, Recall what it means for a function between metric spaces to be continuous:

8 The Gelfond-Schneider Theorem and Some Related Results

A Note on the Density of the Multiple Subset Sum Problems

On Riesz-Fischer sequences and lower frame bounds

Introduction to Real Analysis

1: Introduction to Lattices

if <v;w>=0. The length of a vector v is kvk, its distance from 0. If kvk =1,then v is said to be a unit vector. When V is a real vector space, then on

Locally Dense Codes. Daniele Micciancio. August 26, 2013

ADJOINTS, ABSOLUTE VALUES AND POLAR DECOMPOSITIONS

4.3 - Linear Combinations and Independence of Vectors

Transcription:

Dual Vectors and Lower Bounds for the Nearest Lattice Point Problem Johan Hastad* MIT Abstract: We prove that given a point ~z outside a given lattice L then there is a dual vector which gives a fairly good estimate for how far from the lattice the vector is To be more precise, there is a set of translated hyperplanes H i such that L S i H i and S d(~z; i H i) 6n 2 d(~z; L) + Warning: Essentially this paper has been published in Combinatorica and is hence subject to copyright restrictions It is for personal use only Introduction Let fg denote the fractional part of a real number dened in such a way that jfgj is the distance to the closest integer A classical theorem by Kronecker says that if is an irrational number and x any real number, then for every > 0 there is an integer a such that jfa? xgj Furthermore it is possible to estimate the size of the smallest a satisfying the inequality in terms of and how well can be approximated by rational numbers Khinchin [Kh] studied the following generalization of the problem Given real numbers ( ij ) m;n j;i= ; ( j) m j= and a positive number, when is it possible to solve jfp n i= ija i? j gj ; j = ; : : : ; m with integers a i If there is a solution for any > 0, then if c j are integers such that P m f j= c j ij g = 0 for all i then P m j= c j j must necessarily be an integer When this condition is satised Khinchin bounds the size of the numbers a i in terms of using the two quantities max P m i jf j= c j ij gj and P m jf j= c j j gj This question and related questions can be phrased very nicely using the concept of a lattice and its dual A lattice is dened to be a set of vectors in R n dened as f~y j ~y = P k i= a i i ; a i 2 Zg where the vectors i are linearly independent over R We will denote a typical lattice by L and ( i ) k i= is called a basis for the lattice The dual lattice L is dened to be the set of vectors in the linear span of L which have an integer inner product with all elements of L L is also a lattice and to every basis ( i ) k i= of L there is a dual basis ( i )k i= of L * Supported by an IBM fellowship

satisfying ( i ; j ) = ij Here ij = if i = j and 0 otherwise The idea to use lattices is the following Suppose we are given a lattice L and a point ~x which is not in L Suppose further that ~v is a vector in L such that (~x; ~v) is not an integer This will give a lower bound for the distance from ~x to L as follows We know that for any vector ~y 2 L, (~y; ~v) is an integer Hence j(~x? ~y; ~v)j jf(~v; ~x)gj for any ~y 2 L From this it follows that d(~x; L) jf(~x;~v)gj Khinchin's result follows from establishing a k~vk weaker converse of the above inequality, namely max ~v2l jf(~x;~v)gj c k~vk n d(~x; L) To see why this is the case consider the lattice L t, dened by the following basis = ( ; 2 ; 3 : : : ; m ; t ; 0; 0 : : : ; 0) 2 = ( 2 ; 22 ; 23 : : : ; 2m ;0; t ; 0 : : : ; 0) 3 = ( 3 ; 32 ; 33 : : : ; 3m ;0; 0; t : : : ; 0) n = ( n ; n2 ; n3 : : : ; nm ; 0; 0; 0: : : ; t ) n+i = ~e i ; i m where t is a parameter which should be thought of as a large number We can view the approximation problem as nding a vector ~y 2 L t which is close to ~ = ( ; 2 ; : : : ; m ; 0; : : : ; 0) The dual lattice of L t has basis: = (0; 0; 0;: : : ;0; t; 0; 0; : : : ; 0) 2 = (0; 0; 0;: : : ;0; 0; t; 0; : : : ; 0) 3 = (0; 0; 0;: : : ;0; 0; 0; t; : : : ; 0) n = (0; 0; 0;: : : ;0; 0; 0; 0; : : : ; t) n+ = (; 0; 0;: : : ;0;?t ;?t 2 ;?t 3 : : : ;?t n ) n+2 = (0; ; 0;: : : ;0;?t 2 ;?t 22 ;?t 32 : : : ;?t n2 ) n+3 = (0; 0; ;: : : ;0;?t 3 ;?t 23 ;?t 33 : : : ;?t n3 ) n+m = (0; 0; 0;: : : ;;?t m ;?t 2m ;?t 3m : : : ;?t nm ) Thus for a vector ~v = P n+m j= c j j we have that (~v; ~) = P m j= c j+n j and clearly k~vk t( P n fp m i= j= j ij g 2 ) 2 The results by Khinchin now follows from max ~v2l jf(~;~v)gj k~vk 2

c n d(~; L) In this paper we are interested in the best possible value of the constant c n Khinchin did not explicitly calculate his lower bound for c n, Cassels [C] got the bound c n (n!)?2 which was improved by Babai to c n We prove that c n 6n Examples show that 2 + c n c n The question whether c n could be chosen to be of the form for a polynomial p(n) p(n) was posed as an open problem by Lovasz [L] Taking the view of complexity theory we are studying the following computational problem Given a lattice L Q n and a point ~x 2 Q n what is the distance from ~x to L (ie min ~y2l k~x? ~yk) This problem is NP-complete [E] To make it be in NP we have to make it into a decision problem by asking: Is d(~x; L) K? A \yes" answer to this question can easily be veried by giving a vector ~y 2 L such that k~x? ~yk K The only nontrivial part to check, before concluding that the problem is in NP, is that ~y 2 L can be checked in polynomial time This is however not hard A \no" answer to the above question can probably not be veried in polynomial time since a NP-complete problem is not in co-np unless co-np=np However by our result (and previous results) the problem is in an approximate version of co-np By this we mean that if d(~x; L) = K then it is possible to prove that d(~x; L) K 6n 2 + by displaying a suitable vector ~v 2 L The best known solution to this approximate lower bounds was given by Lagarias, Lenstra and Schnorr [LLS] By showing the existence of a nice basis for any lattice L they show by using this basis it is possible to produce a vector ~y 2 L and a certicate that d(~x; L) cn? 3 2 k~x? ~yk Our existential proof is nonconstructive and we know of no subexponential time algorithm that nds the vector ~v We would like to point out that Babai [B] using Lovasz' lattice reduction algorithm (from [LLL]) has given a polynomial time algorithm that nds a vector ~v that satises jf(~x;~v)gj k~vk 2 Preliminaries and Notation 9?n d(~x; L) Let L be a lattice with basis ( i ) n i= In general we will work with several dierent bases for the same lattice We will in general not change notation Let L be the dual lattice of L with basis ( i )n i= satisfying ( i ; j ) = ij For i = ; 2; : : : ; n, let the ith successive minima i be the radius of the smallest sphere around the origin containing i linearly independent points of L We let i 3 be the

corresponding numbers for the dual lattice We will let k~xk denote the euclidean length of a vector ~x For a basis ( i ) n i= let ~ i be the projection of i onto the space orthogonal to ; : : : i? A Korkine-Zolotarev (in future KZ) basis is dened recursively as follows () is one of the shortest vectors in L (2) i is one of the vectors giving a minimal k ~ i k Ties are resolved in any arbitrary way Interesting to note is that such a basis can be found in exponential time by an algorithm by Kannan [Ka] This type of basis has some useful properties Lemma : For any vector ~z in the linear span of of L there is a vector ~y 2 L such that k~z? ~yk 2 (P n i= k~ i k 2 ) 2 Proof: The ~ i are clearly mutually orthogonal and i can be written in the form i = P i? j= ij ~ j + ~ i Write ~z = P n i= i ~ i and we will now nd a ~y = P n i= c i ~ i = P n i= a i i such that jc i? i j This can be done be making the unique choice for a 2 i starting with i = n and going towards lower indices This clearly proves Lemma Observe that the procedure is completely eective once the basis is given By applying the above procedure to the basis vectors we can assume that j ij j 2 the following lemma Lemma 2: We can nd a KZ-basis such that k ~ P b i k 2 i? j= k~ 4 j k 2 + k ~ i k 2 3 Main Theorem Having done away with the preliminaries we can now state and prove our main theorem and thus we have Theorem: Given a lattice L in R n For every ~z 2 R n there is a vector ~v 2 L such that jf(~v; ~z)gj k~vk d(~z; L) 6n 2 + Loosely speaking for every vector which is far from the lattice there is a reasonable onedimensional reason for this Proof: Suppose that jf(~z; ~v)gj k~vk for all ~v 2 L We have to prove that ~z is close to L We will quite explicitly construct a vector in the lattice that is close to ~z For all short vectors ~v 2 L it is true that (~v; ~z) is very close to an integer The idea of the proof is to 4

pick the vector in the lattice which has the same inner products rounded to integers with all short vectors We have to prove that this vector is well dened Let i ; i = ; 2; : : : n be a KZ basis of L which are as short as described by Lemma 2 Let r be the largest integer such that k ~ i k for 2n 2 i = ; 2 : : : r We will keep this value of r xed from now on Observe that this in particular implies that k i k 2 for i = ; 2 : : : ; r For a real number x let [x] denote the closest integer to x and let ~z be a vector in L satisfying (~z; i ) = [(~z; i )] i = ; : : : r such a ~z always exist and is unique if r = n We will now prove the following lemma: Lemma 3: For any vector ~v 2 L in the linear span of ; 2 : : : r, with k~vk true that (~z; ~v) = [(~z; ~v)] For the proof of Lemma 3 we will need some machinery 6 it is Denition: A ( i )r i= -walk be a sequence of points ~u i; i = ; 2; : : : ; s such that for each i, there exits a j(i) such that ~u i? ~u i? = b j(i) Using this notation let us prove the following lemma Lemma 4: Given ~v 2 L in the linear span of b i, i = ; 2; : : : ; r there exist a ( i )r i= -walk from 0 to ~v never leaving the ball of radius k~vk + 3 2 (P r i= k i k2 ) 2 Proof: We will dene the walk recursively from ~v to 0 Make ~u = ~v and suppose ~u j = P r i= cj ~ i i Find the smallest i such that jc j i j and dene u j+ = u j? sign(c i ) i We need to verify that we eventually get to 0 and that we stay within a relatively small ball on the way Let us rst prove that we eventually reach 0 Dene d j = P r i= jcj i j2i Fact: d j+ d j? Proof: If i is the chosen index in the denition of ~u j+ then jc j+ i j = jc j i j? while c j+ k = c j k for k > i and jcj+ k j jc j k j + for k < i 2 Using this fact, to prove that we eventually get to 0 we only have to prove that if ~u j is nonzero then there exist an i such that jc j i j This follows from the observation that for the largest i such that c j i is nonzero cj i is an integer To get the estimate for how far from the origin ~u j can be we need only observe that jc j i j max( 3 ; 2 c i ) The proof of Lemma 4 is complete Let us return to the proof of Lemma 3 By Lemma 4 there exist a walk (~u i ) from 0 to ~v by the vectors i which stays inside the ball of radius 3 We prove that (~z; ~u i) = [(~z; ~u i )] 5

by induction over i Number the walk such that 0 = ~u and ~v = ~u s Clearly the induction hypothesis holds for i = For the induction step use ~u i = ~u i? j giving [(~z; ~u i )]? (~z; ~u i ) = [(~z? ~z; ~u i? j )] Using the induction hypothesis and k~u i? k 3 we get j(~z? ~z; ~u i?)j 3 and j(~z? ~z; j )j is bounded by since k 2 j k 2 and [(~z? ~z; j )] = 0 by the denition of ~z Thus [(~z? ~z; ~u i? + j )] = 0 and this completes the proof of Lemma 3 Remark: We feel that apart from being of use in the present proof Lemma 4 is of interest of its own Finally we return to the proof of the theorem Dene M r to be the r-dimensional subspace spanned by ; 2 ; : : : ; r We are going to decompose ~z? ~z in two components z () + z (2) where z () 2 M r and z (2) is orthogonal to M r We will prove that z () is short and that z (2) can be approximated well by a vector in L orthogonal to M r Lemma 5: kz () k 2 Proof: For any ~v in M r T L with k~vk 6 we know that k~vk jf(~z?~z; ~v)gj = j(z() ; ~v)j Suppose that kz () k 2, then for any such ~v, the (acute) angle between z () and ~v must be at least 60 Thus points of L are excluded from the shaded region in Figure Figure : Ball of radius 6 in M r Observe that the region contains a ball of radius 8 and by Lemma and the choice of r there is always a point of L in every ball of radius 24 This is a contradiction and we have proved the lemma Next we proceed to nd a lattice point which is close to z (2) Let L 0 be the n? r dimensional sublattice of L which is orthogonal to M r We have Lemma 6: There is a ~z 0 2 L 0 such that kz (2)? z 0 k 6n 2 6

Proof: Let the dual of L 0 be L 0 Observe that L 0 is L projected onto the orthogonal complement of M r By the denition of r and of KZ basis there is no vector in L 0 which is shorter than 2n 2 Let ; 2 : : : n?r be a KZ basis for L 0 Then we know by [LLS] that k ~ i k n 0 2n 3 2 : Thus by Lemma any vector can be approximated within 6n 2 and the proof is complete Theorem now clearly follows from Lemmas 5 and 6 Observe that if is small enough we do not get any component z (2) and hence we can drop the factor n?2 in the theorem Acknowledgment: I thank Je Lagarias for many fruitful discussions about lattices References [B] Babai L \On Lovasz' lattice reduction and the nearest lattice point problem", Combinatorica 6, (986), -3 [C] Cassels JWS \An Introduction to the Geometry of Numbers" Springer Verlag, Heidelberg 97 [E] van Emde Boas P \Another NP-complete problem and the complexity of computing short vectors in a lattice", Math Dept Report 8-04 Univ of Amsterdam, April 98 [Ka] Kannan R \Minkowski's convex body theorem and integer programming", to appear in Mathematics of Operations Research [Kh] Khinchin AI \A quantitative formulation of Kronecker's theory of approximation" Inv Aked Nauk SSSR (ser Mat) 2, 3-22 (in russian) [KZ] Korkine A and Zolotarev G \Sur les formes quadratiques" Mathematiche Annalen 6 (873) pp 366-389 [LLS] Lagarias JC, Lenstra HW, and Schnorr CP, \Korkine-Zolotarev bases and the successive minima of a lattice and its reciprocal lattice", to appear in Combinatorica [LLL] Lenstra AK, Lenstra HW and Lovasz L, \Factoring polynomials with rational coecients", Math Ann26, (982), 55-534 7

[L] Lovasz L personal communication 8

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback