Notes for UMich EECS 598 (2015): Lecture 1

Notes for UMich EECS 598 (2015) are for Lattices in Cryptography virtually instructed by Chris Peikert (i.e., I taught myself using resources made available by him). This entry is for lecture 1, mathematical background.

In this note, I write down proofs missing from his lecture note as well as my questions. Due to the nature of personal notes, I will not formally put references.

Definition 2.1. An $n -$ dimensional lattice $L$ is a discrete additive subgroup of $R^{n} .$

Proposition. Let $L$ be a subgroup of $R^{n},$ then TFAE:

For all $x \in L,$ there exists $ε > 0$ s.t. $L \cap B (x, ε) = {x} .$
There exists $ε > 0$ s.t. $L \cap B (0, ε) = {0} .$
There exists $ε > 0$ s.t. for all $x \in L,$ it holds that $L \cap B (x, ε) = {x} .$

Proof. We prove this by cycling around.

3 ⟹ 1 ⟹ 2. Trivial.
2 ⟹ 3. Take the $ε$ guaranteed by (2) as that for (3). For all $x, v \in L$ s.t. $v \in B (x, ε),$ we have $v - x \in L$ since $L$ is a subgroup and $v - x \in B (0, ε) .$ By the choice of $ε$ and (2), it follows that $v - x = 0 .$

Definition 2.3. The rank of lattice $L$ is $r = d i m s p a n L .$

Proposition. If $L \subseteq Q^{n},$ there exists $d \in N^{*}$ s.t. $d \cdot L \subseteq Z^{n} .$

Proof. This will be trivial once we show that a lattice always has a basis.

Definition 2.4. A basis $B = {b_{1}, \dots, b_{r}}$ of lattice $L$ is a linearly independent subset of it such that it generates $L$ (as an abelian group).

Proposition. Any (finite-dimensional) lattice has a basis.

Proof. Clearly $L$ is torsion-free, so by the fundamental theorem of finitely generated abelian groups, we only need to show that $L$ is finitely generated. Since $L \subseteq R^{n},$ it has a maximal linearly independent subset $S = {s_{1}, \dots, s_{r}} .$ For all $x \in L,$ there exists real coefficients $y_{1}, \dots, y_{r}$ s.t. $x = i = 1 \sum r y_{i} s_{i} .$ Let $v = = def x - \sum_{i = 1}^{r} ⌊ y_{i} ⌋ s_{i},$ then $v \in L$ and $∣ v ∣ \leq i = 1 \sum r ∣ s_{i} ∣ = = def R .$ This means the set $S \cup (L \cap B (0, R))$ generates $L .$ We’re done because this is a finite set — in particular, it contains at most $r + R^{n} / ε^{n}$ points, where $ε$ is the positive number guaranteed by (3) of a previous proposition.

Corollary 2.7. (Checking equivalence of lattices generated by two bases, generalized to rank-deficient case.) To check whether $B_{1}, B_{2} \in R^{n \times r}$ generate the same lattice:

Check whether $r = r a n k (B_{1}, B_{2}) .$ This ensures $c o l s p a n B_{1} = c o l s p a n B_{2} .$
Find an isometry (isomorphism between Euclidean spaces) $ρ : c o l s p a n B_{1} \to R^{r}$ and compute $C_{1} = ρ (B_{1}), C_{2} = ρ (B_{2}), C_{1}, C_{2} \in R^{r \times r} .$ Note that the $ρ$ can be found using Gram–Schmidt orthonormalisation (QR decomposition).
Check whether $C_{1}^{- 1} C_{2}$ is unimodular.

Definition 2.8. (Fundamental region, generalized to rank-deficient case.) A fundamental region $F \subseteq R^{n}$ of lattice $L$ is one such that it has exactly one representative for each coset in $(s p a n L) / L .$

Definition 2.9. The fundamental parallelepiped of a lattice basis $B \in R^{n \times r}$ is $B \cdot [\frac{- 1}{2}, \frac{1}{2})^{r} .$ Sometimes, one might opt for an alternative definition $B \cdot [0, 1)^{r} .$

Example. Voronoi cell of $L$ is the set $V (L) = = def {x \in s p a n L : \forall v \in L ∖ {0}, ∣ x ∣ < ∣ x - v ∣} .$ It is not a fundamental region, but its closure is the closure of a fundamental region.

Definition 2.11. The volume (determinant) of lattice $L$ is the volume of any of its fundamental region.

Claim 2.12. (Determinant from basis, generalized to rank-deficient case.) If $L$ has basis $B,$ it has determinant $det (B^{^{_{T}}} B) .$

Question. There need to be some extra conditions posed on the fundamental region to make the volume well-defined. Consider the lattice $Z,$ which has a fundamental region $V \cup (1 + [0, 1) ∖ V) .$ Here, $V$ is a Vitali set containing 0. This fundamental region is not measurable, so it makes no sense to talk about its volume. Another interesting question: is there a Banach–Tarski paradox for lattice fundamental regions?

The simplest way to fix this is to consider a region that contains at most one representative of each coset and whose closure contains at least one representative of each coset. This ensures the volume is well-defined (though I don’t know how to prove this).

Example of tiling with fundamental region (by Chris Peikert)

Definition 2.13. The minimum distance of lattice $L$ is $λ_{1} (L) = = def in f_{x \in L ∖ {0}} ∣ x ∣ .$

I haven’t carefully investigated Minkowski’s results — I will update if I find a question or comment.