 So remember that any mathematical problem that is very hard to solve unless you have one crucial piece of information could be used as the basis for a cryptographic system. And with lattice systems, with lattices, we have two very hard problems that are very closely related. And given any lattice with whatever basis we have in any arbitrary vector, we have the two following problems. The closest vector problem to find a lattice vector that minimizes the distance between the given point and the lattice point. And the smallest or shortest vector problem to find the non-zero lattice vector that minimizes the magnitude. And obviously these two are very similar, the only difference between the two is the smallest vector problem is the closest vector problem where we're trying to find the zero vector as our target. And so how do we solve these? Well, the natural inclination is to use something that's called Babay's closest vector algorithm. Now this is what you would expect to do, but this is pretty much the solution that any normal person would expect to find. So why does Babay get his name associated with it? Well he does a further analysis of this algorithm in terms of its efficiency and whether or not it will work under the right conditions. So before we go into that, let's consider this. Let's take some set of vectors and let them be reasonably orthogonal. This is Babay's contribution to the algorithm. So as they are reasonably orthogonal and we'll see why that's important later on. I'm going to find a set of AIs. I'm going to find a linear combination that solves linear combination equal to our given vector. Now note that these are, the coefficients are going to be drawn from the set of real numbers, not the set of integers. So w is not in general a lattice point, but it's close. It is going to be, we can express it as a linear combination of our lattice points where the coefficients might not be integers. Well for each I define bi to be the integer nearest to the corresponding ai. So remember that the lattice itself consists of linear combinations of our basis vectors where the coefficients are integers. So I'll do the obvious thing. I'll pick the integer closest to each of these coefficients, and I'll find the lattice point that corresponds to the AIs, and this lattice point is an approximate solution to my closest vector problem. Alright, so let's try it out. So let's take a lattice that's spanned by these two vectors, 5, 1, and negative 2, 8. Let's find the vector closest to the point 27, 8. Well, do a quick check here. If I look at the angle between our two vectors, well that will be found by the dot product. I'll find that, and it turns out that the cosine of the angle between the two of them is negative point 0, 5, which means that the vectors are pretty close to being orthogonal. So this satisfies our reasonable orthogonality. And I'll solve my equation. This vector has a linear combination of these other two vectors, and that gives me some nice system of vectors, some nice system of two variables and two unknowns. I'll solve it. A1 is 232 over 42. A2 is 13 over 42. And what I'm going to do is I'm going to round these to the nearest integer. B1 is 6. B2 is 0. So this point 6, 5, 1, 0, negative 2, 8, 36 is a vector that is close to 27, 8. Well, why do we need that reasonably orthogonality? Well, let's take a look at another basis for the same lattice. So earlier we determined that 37, 41, 103, 113 is another basis for the same set of lattice points. And I want to find the closest vector to 27, 8. Well, I'll go ahead and solve that equation. 27, 8 is some linear combination of our two basis vectors. And I get solutions negative 53 and 19. But when I try to find where I am with negative 53 and 19, I end up at negative 4, 26. And this is not reasonably close to where I want to be. I want to be at 27, 8. This linear combination puts me at negative 4, negative 26. Now, you may be suspicious that maybe we can't get closer to 27, 8. Well, because I know the lattice point 36 is close by, that's from our previous work, I can actually solve linear combination equal to the nearby lattice point. It turns out that there is a nice solution to that, negative 66, 24. And in fact, if I had not found this solution, 53, 19, but instead found this solution, negative 66, 24, I would have gotten a much closer point to where I want it. Instead, I found something very far away. And that means if you're thinking cryptographically, this is something that has potential for a cryptographic system. Because there is a hard problem. Find the closest vector to 27, 8. There's an easy solution. If I know the reasonably orthogonal basis, I get this point. But if I don't know the reasonably orthogonal basis, if I instead know a different basis for the vector space, then when I try to find the closest vector, I get the wrong value. So here's a hard problem that if I know something additionally becomes an easy problem. And so we have the basis for a cryptographic system, which we'll take a look at next time.