Notes for UMich EECS 598 (2015) are for Lattices in Cryptography virtually instructed by Chris Peikert (i.e., I taught myself using resources made available by him). This entry is for homework 1.

Update on 5 January 2020.I managed to give an ugly solution to the extra credit problem.

**Problem 1.** Given a generating set $B={b_{1},…,b_{m}}$ output the (positive) greatest common divisor of those elements. Euclidean algorithm for computing the GCD of two numbers runs in polynomial time, and the output is shorter than the input. Therefore, the total running time is polynomial.

**Problem 2.** Note that the two inequalities are equalities when $n=1$ For $n=2$ consider the basis
$B=(b_{1},b_{2})=(2_{6t}0 2_{2t}1 ),$
where $t$ is a positive integer.
The determinant bound is $2_{3t+1/2}$ and the shortest Gram–Schmidt vector has length 1.
We now consider any non-zero lattice point $x_{1}b_{1}+x_{2}b_{2}$

- When $x_{1}=0$ the smallest possible length is $2_{4t}+1 $ attained when $x_{2}=±1$
- When $x_{1} =0,∣x_{2}∣≤2_{3t}$ its length is at least $2_{6t}−2_{3t}2_{2t}=2_{5t}$
- When $∣x_{2}∣>2_{3t}$ its length is at least $2_{3t}$

The above covers all possible cases. Therefore, we have $2_{2t}≤λ_{1}(L)≤1+2_{2t}$

**Problem 3(a).** By definition, for any $x∈R_{n}$ there exists unique $v∈L$ s.t. $x∈(v+F)$ which means $x=v+f$ for some $f∈F$ This further translates into $f=x−v∈(x+L)$ Therefore, $(x+L)∩F$ is non-empty. Suppose $f_{′}∈(x+L)∩F$ then $f_{′}=x−v_{′}$ for some $v_{′}∈L$ This means $x∈(v_{′}+F)$ By the uniqueness of $v$ it follows that $v=v_{′}$ hence $f=f_{′}$ This completes the proof that the intersection is a singleton set.

**Problem 3(b).** Given $x$ find (using Gaussian elimination) real coefficients $y_{1},…,y_{n}$ s.t.
$x=i=1∑n y_{i}b_{i}.$
We then have
$x−i=1∑n ⌊y_{i}⌉b_{i} =i=1∑n (y_{i}−⌊y_{i}⌉)b_{i}∈B⋅[2−1 ,21 )_{n}. $

**Problem 3(c).**
We use QDU decomposition. Suppose $B=QDU$ and $B=QD$ where $Q$ is orthogonal, $D$ is positive diagonal, and $U$ is upper-unitriangular.
Let $F=B⋅[2−1 ,21 )_{n}$

First, we show $(x+F)∩(x_{′}+F) =∅$ only if $x=x_{′}$ for $x,x_{′}∈L$ Let $w$ be a vector in this intersection, then $w =Bz_{′}+Bv_{′}=QD(Uz+v)=Bz_{′}+Bv_{′}=QD(Uz_{′}+v_{′}) $ for some $z,z_{′}∈Z_{n},v,v_{′}∈[2−1 ,21 )_{n}$ s.t. $Bz=x,Bz_{′}=x_{′}$ Moving terms around and cancelling $QD$ we get $U(z−z_{′})=v_{′}−v$ Suppose for the sake of contradiction that $z−z_{′} =0$ and that its last non-zero entry were the one. Using the upper-unitriangularity, we would get $z[k]−z_{′}[k] =(U(z−z_{′}))[k]=v_{′}[k]−v[k]∈(−1,1). $ This is a contradiction because the left-hand side would be a non-zero integer. Therefore, $x=Bz=Bz_{′}=x_{′}$

Next, we show that its translations using lattice points cover $R_{n}$ algorithmically. This amounts to solving $z,v$ from $w=QD(Uz+v)$ where $w$ is any vector in $R_{n}$ and the other symbols inherit their meanings from the first part. We solve $Uz+v=D_{−1}Q_{−1}w$ from the last entry to the first. Suppose we have computed $z[k+1],…,z[n],v[k+1],…,v[n]$ we then set $tz[k] =(D_{−1}Q_{−1}w)[k]−i=k+1∑n U[k,i]z[i],=⌊t⌉,v[k]=t−⌊t⌉. $ This can be done efficiently and, by inspection, gives a correct solution.

**Problem 4.** The volume of an $n$dimensional $p$ball of radius $r$ is
$Γ(1+pn )(2r⋅Γ(1+p1 ))_{n} .$
(This formula is due to Xianfu Wang.)
Setting this to be at least $2_{n}$ we get (using Stirling’s formula)
$λ_{1}(L) ≤(Γ(1+n/p)detL)_{1/n}/Γ(1+1/p) =Θ_{p}(n_{1/p}(detL)_{1/n}). $

**Problem 5.** We first show that its translations by lattice points do not overlap. Suppose for the sake of contradiction that $z∈(y_{1}+V(L))∩(y_{2}+V(L))$ for $y_{1},y_{2}∈L$ but $y_{1} =y_{2}$
We would have
$∣x_{1}∣=∣z−y_{1}∣=∣x_{2}+(y_{2}−y_{1})∣<∣x_{2}∣,$
but $∣x_{2}∣<∣x_{1}∣$ by swapping the roles of $x_{1},x_{2}$ in the above argument.
Therefore, the translations of $V(L)$ by lattice points do not overlap.

Next, for all points whose closest lattice point is unique, it is easy to verify that it lies in the translate of $V(L)$ by the closest lattice point to it. If a point is closest to two distinct lattice points, it cannot be in a translate of $V(L)$ by any lattice point.

(Assume the lattice is full-rank by convention.) The points whose closest lattice points are not unique form a null set (set of measure 0, i.e., rare). To see this, consider enumerating non-singleton closest lattice point set $S$ The set of points that have the same lengths to all points in $S$ has measure zero, so the union of countably many of them still has measure zero.

**Extra Credit.**
~~I currently have no idea how to intrinsically extend Voronoi cell into a fundamental region.~~
One can pathologically extend Voronoi cell to a fundamental region, using the axiom of choice.
I still do not know how to do this non-pathologically.

Let $S$ be the family of supersets of $V$ s.t. its translations by lattice points do not overlap (i.e., a subset of a candidate fundamental region). Assign set-theoretic order to this family of sets.

For any chain $C⊆S$ take $T=⋃_{c∈C}c$ We now verify that $T∈S$ It is obvious that $V⊆T$ Moreover, if $x∈(T+u)∩(T+v)$ for lattice points $u,v$ we have $x=t_{1}+u=t_{2}+v$ for $t_{1},t_{2}∈T$ Suppose $t_{1}∈c_{1},t_{2}∈c_{2}$ for $c_{1},c_{2}∈C$ Since $C$ is a chain, WLoG we assume $c_{1}⊆c_{2}$ then $x∈(c_{2}+u)∩(c_{2}+v) =∅$ which implies $u=v$ by the definition of $S$ and the fact that $c_{2}∈C⊆S$ Therefore, we have $T∈S$ It clearly is an upper bound of $C$

By Zorn’s lemma, there exists a maximal element $F∈S$ We now verify that $F$ is a fundamental region. Since $F∈S$ its translations by lattice points do not overlap. Let $x∈R_{n}$ If $x∈F$ then $x∈(F+0)$ Otherwise, we have $F_{′}==defF∪{x}∈/ S$ due to the maximality of $F$ Clearly $V⊆F_{′}$ so there exists distinct lattice points $u,v$ s.t. $∅ =(F_{′}+u)∩(F_{′}+v)∋z$ Note that $(F+u)∩(F+v)=∅=({x}+u)∩({x}+v)$ therefore, WLoG we assume $z=x+u=f+v$ for some $f∈F$ giving us $x=f+(v−u)∈(F+(v−u))$ This completes the proof.

Note that the region can be made ‘prettier’ by restricting $S$ to contain only subsets of $V$ This way, the found fundamental region is bounded and measurable.

Please enable JavaScript to view the comments powered by Disqus.