 Okay? Just a change of basis by a two by two matrix with integer coefficients and determinant one to get from one to the other. And v1, v2 is a good basis in the sense that it's reasonably orthogonal. And w1, w2 gives you a big skinny fundamental domain, right? So suppose I try to use that bad basis with the algorithm on the earlier slide. In this case I chose a target point that's in the fundamental domain, right? So my algorithm would just say take the vertices and pick the closest vertex to the target vector, which is this one that just popped up, closest vertex. But you can see visually that's not the closest lattice point, right? That's the closest lattice point over here. Okay? So here we have an example of a problem, the closest vector problem that might be easy to, well, somewhat easy to solve if you have a good basis, but very hard to solve if you have a bad basis. Okay? Now for those who have seen a bit of cryptography, you've probably seen it in some sort of course, like RSA for example. Problems which are hard to solve with certain information but easy to solve with extra information are good candidates for building crypto systems. Okay? And that's what we will do eventually. However, I want to mention that lattices come up all through mathematics. I listed here they've been studied intensively for more than a hundred years. I'm not a mathematical historian. I expect you could you could push that way, way back. The first instances of when they actually appear, they have all kinds of applications in pure math, applied math, optimization problems. They come up in physics all over, chemistry, crystallography, and cryptography, and lots of other things. So the, this is probably not the right thing to say. It's not so much the theoretical study of lattices as number theorists who study lattices tend to call it the geometry of numbers because that's what Minkowski named it in a very influential book of his called Geometry of Numbers or Geometry of Integers. And that's our main topic for today. Okay? This is the same Minkowski who, you know, famous in physics. He was also a number theorist. So the practical process of actually finding a shortest or closest vector is called lattice reduction. And that's what I'll talk about tomorrow. And I'll talk about the best known algorithms. If you want to make a splash and can come up with a much faster algorithm to solve these problems, that would be really interesting. So that's what we'll talk about tomorrow. Okay. So this just sort of repeats what's at the top of this page, except specifically lattice reduction gets used a lot in number theory, computer algebra systems. For example, how many people have used a computer algebra system which computes we're called Grobner bases anyone knows? Yeah. The underlying algorithm for that is using lattice reduction, combinatorics and cryptography. Okay. So what distinguishes a good basis from a bad basis? Well, I kind of told you good bases, the vectors are kind of perpendicular, bad bases, they are make small angles, but let's quantify that a bit. So first, we have this upper bound for the volume of a fundamental domain. Remember the determinant of L is just the volume of that parallelogram or a higher dimensional parallelogram. And its volume is at most the product of the size of the length. And you get equality if and only if all of the vectors are perpendicular to one another. So you're getting a rectangular shaped box. And it's true, yeah, because a parallel, parallel pipette never has volume greater than the product of its size. There's a more, oh, by the way, in these lectures, I have a certain amount of time, the notes contain a lot more detail. So if there's something I've done that's a little quick, you can go look in the notes. You can also come ask me or the TA at question time. Okay, so it's an equality if and only if the vectors are perpendicular, the basis vectors. It is not true that every lattice has a basis consisting of vectors that are perpendicular to each other. I mean, kind of the one I had up at the beginning in with the parallelogram, it doesn't have any pair of vectors that are perpendicular to each other. Well, other than the zero vector. Okay, so we want to ask to what extent can we find vectors that are as perpendicular as possible. Okay, and there's a famous theorem of Minkowski's, Hermit also did some stuff with this, that says that every lattice does have a basis that's reasonably orthogonal where the amount of non-orthogonality is measured just by a function of the dimension. Okay, so let's see what that looks like in practice. So it says there's this constant that just depends on the dimension. So if you take any lattice of dimension n, any basis, you know, take a basis and take their z linear span, then first the shortest vector, non-zero vector in the lattice is always smaller than, well, this has the right dimension in terms of, you know, feet inches, square inches. This is a distance, the determinants of volume, you take the n through it, it's a distance. So there is a shortest vector less than the determinant to the one over n. And we're generally, there's actually a basis so that the product, remember this product is always bigger than the determinant, right, that was Hadamard's theorem on the previous slide, because it's the product of the sides of the parallel pipette is bigger than the volume. But there's always exists a basis so that the product of the sides is no more than this scaling factor that only depends on the dimension. However, it does depend on the dimension to the nth power, it's exponential in n. I guess it looks worse than that because I didn't tell you what gamma n is yet. But gamma n is sort of a bounded quantity as well, well, I'm sorry, not quite, almost bound. It's polynomial. So gamma n is called Hermit's constant. Again, I don't know the whole history, I'm not quite sure why it's not called Minkowski's constant. But anyway, one can show, there are upper and lower bounds, explicit ones in the literature if you ever need an explicit bound. But roughly speaking, it looks like a scalar multiple of square root of n and here's the upper bound, here's the lower bound. They only differ by one over root two, not much different. It's a major open problem to compute the exact value of gamma n. It's known for all n less than or equal to 8. I think I put out the values in the notes. And for n equals 24, why n equals 24? Two words, leach lattice. There's this very special lattice in dimension 24, which actually I think will come up in Henry Cohn's lectures at some point this week in a rather different context with sphere packing. Anyway, so what I want to spend much of the rest of the lecture today doing is sketching a proof of Minkowski's theorem. Not having been here, I actually didn't exactly know what these lectures were supposed to be like. I mean, I could just do a whole survey and you'd see a lot of interesting results with no proofs or I could introduce this on slide two and spent the whole hour doing all the technical details. So I kind of tried to split things. So having now introduced lattices and the hard problems and stuff, I thought I'd sketch the proof of part of at least part of Minkowski's theorem. And I want to mention there are a number of different ways to prove this. So I'm going to give a proof that I kind of like it's kind of a pigeonhole volume computation type thing. There's another proof, well it uses this lemma, which I'll get to in a second, which has many other uses. But there's another proof in the notes using what are called Voronoi cells, which are associated to lattices and are quite important and there are lots of really interesting theorems and open problems related to Voronoi cells. Anyway, so here's this lemma of Minkowski's, which looks a little technical. So I'm going to state it and I'll break it down bit by bit. So suppose we have a lattice in dimension N and again, if, well, if you're like my colleague Tom Banchov, you can imagine something in four dimensions, otherwise probably the best you can do, like me, maybe visualize a three-dimensional lattice. So a bunch of points in this room that are equally sort of spaced. And also a region, just a blob. Okay. But a fairly nice blob. So it's compact, so closed and bounded. So like a sphere, but a squished sphere with, you know, whatever. Convex, well what convex means is if you take two points in the blob, it'll come back on in a second. If you take two points in the blob, the entire line of segment connecting those two points is in the blob. That's what convexity means. Symmetric, just symmetric around the origin. If a vector is in the blob, then minus the vector is in the blob. Okay. So it really, the thing you should visualize as a squished ball, or in fact what we're going to use is a fundamental domain. A parallel piped, well if you take the closure of one of those parallel pipeds, it would be compact, convex, symmetric. Well, the one I drew is that you have to shift it to make it symmetric. And I want the blob to be fairly big. So it has volume, at least two to the n times the volume of a fundamental domain. Okay. So that's a lot of conditions, but we get a pretty nice conclusion out of it, mainly that it then contains a non-zero lattice point. So this is one of those magic theorems that you feed in some data, in this case about the size of the fundamental domain and the size of this nice blobby region, and it magically produces a point for you. Okay. So again, just to reiterate, because this is one of the problems with slide lectures. I like them in some sense, because I could get everything prepared ahead of time, but it'd be nice if this definition was in front of you. So compact is closed and bounded, convex means any two points in the region, the line segments in the region, and symmetric just means it's symmetric about the origin. Vector in the region, then minus vectors in the region. So that's what our region looks like. And we're also assuming that its volume is at least 2 to the n times the volume of a fundamental domain of the lattice. And our goal is to create a non-zero lattice point. That tends to be hard to create a point. So what we're going to do essentially is create two lattice points and show that they're different and their difference will be the thing we're looking for. All right. So here's where we start. We start with our basis for our lattice and the fundamental domain is the parallel piped that it spans. So this is all from previous slides. And for each element of the lattice, I'm going to translate that fundamental domain by the point in the lattice. So for each lattice point, I'll write F plus V to be, you just take the points in the fundamental domain in the parallel, I'm going to say parallelogram because parallel piped's too much of a mouthful, but in the parallelogram, and you translate it by this lattice vector V. And we saw pictures of that before. Sort of you have the parallelogram, you shift it up, you shift it over, you shift it up and over, and down to the left, down to the right, so on. And as V varies over the lattice, these shifted fundamental domains will cover all of Rn. Right? Because you take any point in Rn, well you have this fundamental domain. When you shift, right, they have a boundary side in common and you just shift and they fill up all of space. So this is key fact number one. The shifts of the fundamental domain by the points in the lattice cover Rn and in fact they cover it disjointly essentially, other than depending on the boundary on the edges. Okay? And the reason that's useful is remember I had that region that's sitting in Rn. That means the region is sitting in this union, so I can break it up into pieces. Oh, okay. So here's the picture. Right? Here's my initial fundamental domain. Shift it over, shift it up, over up, over down. Oh, I didn't draw the bottom of it. There's another one here and another one here and so on. It just covers all of space. Pretty much disjointly. So that means every point in the region or actually every point in space. Right? It's sitting in one of these translated fundamental domains. So it looks like a lattice vector V sub R plus a fundamental domain vector W, so R. And if you make the fundamental domains where you take sort of the bottom and the left sides to be closed and the top and the right sides to be open, it'll actually be unique. Okay? So we take R, we translate it by an element of the lattice until it lies in the fundamental domain. Good with that? So every point in the region has been decomposed as lattice vector plus fundamental domain vector. Now the trick which is very clever which I'm guessing was Minkowski's idea. Anyway, what we do is we shrink the region by a factor of two. So we multiply by a half. It was I just take every point in the region and I multiply it by a half and the region goes loop and it gets smaller. So imagine a squashed sphere a squashed ball, you know you get a squashed ball half the size or a parallelogram loop, it becomes half the size. And this will come up in a minute. I'm going to mention it now as a preview. So what's the volume of this squashed thing? In one dimension if you multiply a line segment by a half, it's half as long. In two space if you multiply something by a half every dimension shrinks by a half. So the volume goes down by a quarter. So here the volume will go down by two to the n. You may recall there was a two to the n in the statement of the theorem that's where this is coming from. Okay, so what we do is we shrink or dilate the region by a factor of two and then I look at the map that sends an element in the dilated region to, well remember I can write that point one half r as a lattice vector plus a fundamental domain vector and I'm just going to send it to its fundamental domain vector. And if you think about what we're doing this is essentially just going to be, well it's roughly a linear translate kind of thing. So this map is going to preserve volumes at least locally. If I take a little volume, if I take a little part a little region in real space, okay? And I map the points in that region to their WR points meaning I translate by a lattice point, okay? The volume of the region will be the volume of its image. Now this isn't a homeomorphism if you run over the boundary of a fundamental domain, your little piece of region will get broken up into maybe several different little regions but it'll be a finite number of them and their union will have the same volume, okay? Alright, so we're considering that map and as I already pointed out because it's important that I wanted to mention it twice the volume of the dilated region is 1 over 2 to the n times the original volume because you're in n dimensional space. So every direction has been cut by a half in their n independent directions. And I thought that 1 over 2 to the n times the volume of the region is strictly bigger than the volume of the fundamental domain and that's an easy claim to prove because this was the original assumption in the statement of the theorem except that the 2 to the n was on the other side of the inequality. Right? Our original assumption was that the region had volume bigger than 2 to the n times the determinant of the lattice which is the volume of the fundamental domain. And now this is our pigeonhole principle kind of thing but it's kind of I think of it as pigeonhole principle except it's really a volume overlap thing because it's, you know, it's not discreet but we have this region 1 half r we're mapping it by a volume preserving map to this fundamental domain and the thing we started with F has volume strictly bigger than the range where we're headed and the conclusion is there has to be two points in this dilated region, 1 half r, that go to the same point in F. Right? Because it's volume preserving, bigger volume to smaller volume that's locally volume preserving, bigger volume to smaller volume but we have two points that collide. Okay? Good. So that means there are two points in this dilated region that go to the same point in the fundamental domain. So when I write the first point 1 half r1 as the lattice point plus a fundamental domain point and the second 1 half r2 as the lattice point plus a fundamental domain point their fundamental domain points are the same. That's what all that work was to do to find two points in the dilated region that when you decompose them they hit the same fundamental domain point. Okay? So we have these two decompositions V1 and V2 are lattice points W is a fundamental domain point and it's in both of them. Obvious math to do if you have two equations and they have a common quantity in them, you subtract them. So if we take the difference of 1 half r1 minus 1 half r2 we get V1 minus V2 that's in the lattice. Right? And it's not the zero lattice point. That was all our work. Yeah, when I say find two points two distinct points r1 and r2 are different. Right? So that's not zero.