 that's not zero. That's the point we're looking for. I just need to prove for you it has the properties that we want. Okay, so this is a point in L, and now I'm going to observe. Here's the here's the trick. I have one half R1 minus one half R2. I actually I claim that this is actually in the region R, and this is where we use all those properties about R that we started. Well, most of them. Okay, so first I take one half R1 minus one half R2, and I very cleverly write it as one half R1 plus negative one half R2. Easy. Well, minus, remember, minus R2, well, minus R2 is in the region because R is symmetric. The region is symmetric. R2 is in the region minus R2 is in the region. Okay, so this point in parentheses here is in the region R. I'm sorry, that's not what I want to say. Minus R2 is in the region R. R1 is in the region R. And what I've done here is I've taken a linear combination of two points in the region R. I've taken one half of the first one plus one half of the second one. And this is where we use the convexity. If I give you two vectors and I say take one half of the first one plus one half of the second one, the point I end up with is the midpoint of the line segment. Okay? And I assumed that the region was convex, therefore the midpoint of that line segment is in R. And actually I, well, technically I didn't need to assume that, I just needed to assume that the midpoint of any line segments in the region. That's equivalent to convexity if you think about it. Anyway, these are nice regions. Okay, so this quantity under the big underbrace is in the region R. Now is this quantity, shoot, minus a half R1, I mean one half R1 minus a half R2 is in the region, in the region R. But it equals V1 minus V2, which is in L. And now you have to go back and remember what we're trying to prove. We're trying to find a non-zero vector, lattice vector in the region R. But that's it. This difference is in the region, so V1 minus V2 is in the region. And it's in L, because V1 and V2 are in L, and L is a group. And it's not zero because the R1 and R2 were distinct. And we're done. Question, yeah? That's true. Since we have regions, there would be lots and lots of... Basically, what I said, there exists a pair of points R1 and R2. You're right, there's lots of choices for R1 and R2. Odds are, they'll probably end up giving you the same V1 minus V2, because if this R1 and this R2 works, and I shift each of them a little tiny bit, they'll still work. If I shift in the same amount, but their difference will be the same lattice point. But you're right. There's a choice there. Yeah. And also, this proof isn't really effective, right? I don't think. Okay. Alright, so that did not prove, that lemma, but I wanted to prove this theorem. Oh, actually, it didn't even prove the whole thing. What am I doing for time? I'm going to run out of time. So I'm going to just say very quickly, we proved that if the volume of the region is strictly bigger than 2 to the n times the volume of the fundamental domain, then there is this nice lattice point in the region. That's a strict inequality. The statement of the theorem said, it's okay if they're equal. And for that, what we do is we kind of make the region a little bit bigger and find a sequence and use compactness. I haven't used the compactness of the region yet, okay? So I'm going to just quickly say, so if the region has exactly 2 to the n times the volume of the fundamental domain, we take a slightly larger region, you know, I expand it and find a sequence of points and then I use compactness. And that's actually a nice thing for you to fill in, if you want. But anyway, the details are in the notes. Okay, it's funny, yesterday I was really out of breath walking up and down the hills. And of course, I finally remembered that we're at 7,000 feet. Actually, lecturing is also tiring. Okay. So, this is the first part of Minkowski's theorem. Very beautiful. It magically says that every lattice, any lattice at all on the mentioned end, has a vector that's reasonably short. Okay? Well, has a non-zero vector that's reasonably short. And I put less than approximately there. You can get an exact formula that involves the volume of an end ball, which involves the gamma function. So this is just an approximation using Sterling's formula, which is nicer for a lecture. And here's how the proof goes. I put the whole thing up so if you want to skim ahead, but I'm going to do it line by line. Okay? So remember, our goal is to find a vector in the lattice that's pretty small. And what we'll do is we'll look at the balls of radius capital R in n-dimensional space. So this set, the set of x's in Rn, whose length, this is standard length, your Euclidean length is at most R. Solid ball. If n is reasonably large, what's its volume? Well, its volume is roughly 2 pi E over n to the n over 2 times R to the n. I mean, the growing like R to the n is clear, right? Because it's just a unit ball expanded by a factor of R, so the volume is R to the, it's R to the n times the volume of a unit ball in Rn. How many people have actually ever done the computation to compute the unit ball in R to the n? It's a very fun, multivariable calculus problem. And you end up with the beta function that you can express in terms of gamma function. If you haven't seen it, you should try it. Anyway, that formula, which is a hard calculus exercise combined with Sterling's formula for n factorial is, you know, n over e to the n approximately. You get that this is roughly the volume of a ball. Now, a ball is symmetric, right? V or minus V are both in it. It's convex. Certainly, you take two points in the ball, the line segments in the ball, and it's compact since I took less than or equal to R. I took the closed ball. So it's the perfect entity for applying that lemma of Minkowski's that we just spent a bunch of time proving. All I need is to make the volume of the ball big enough. I'm sorry, I'm going to try, I'll figure out how to stop it from doing that for next lecture, but I'll still try to. So here's the volume, and we need the volume of the ball to be bigger than 2 to the n times the volume of the lattice. So I simply set this quantity, this volume equal to 2 to the n times the volume of the lattice and solve for R. And turns out this is what R has to be. Square it at 2n over pi e times the nth root of the volume of the fundamental domain. So if I choose that to be R, then the volume of the ball is bigger than 2 to the n times the volume of the lattice. And therefore Minkowski's lemma says that the ball contains a non-zero lattice point. Well the points in the ball are the points of length at most R, and this is what R is. So I just proved there exists a non-zero lattice point whose length is at most this R value, or at the top of the page written with backslash frack instead, so it's easier to read. And that completes the proof that there is a reasonably short vector. Challenge, if I give you a two-dimensional lattice just by giving you two vectors to span it. Can you find a vector? Minkowski says there is a vector that satisfies this. Can you find it? Well the answer is yes. In two dimensions you can just draw a picture basically. In dimension 100 the answer is still yes we know how to do it but it's hard. And I'll talk about that next time. And in the dimension of 1000 the answer is no, basically. We really don't have an algorithm to find a vector. Minkowski tells us it exists, but we don't have an algorithm that in a practical amount of time will find such a vector. The best we can currently do, so this is kind of a preview for next time, is find a vector where this square root of n factor is replaced by something that's exponential in n. Which is still actually useful, maybe surprising. Things growing exponentially are big, but like in dimension 50 or 100 or 150, it's actually pretty useful. But we will see more of that. Okay, so in the last 10 minutes, I want to describe a heuristic that gets used a lot in cryptography and probably also in various areas of applied math. Pure mathematicians when they first see it tend to get upset about it, but it's actually really nice. And actually you can quantify this, but it's hard to prove things. But if I give you a random lattice, okay, so just imagine a random lattice in three space, and I sort of pluck a random target point out, how far would you expect it to be from the closest lattice point? Okay, and the words random there are, I put in quotes because there's a lot of ways to quantify that. I mean in n dimensional space, probably you just use Lebesgue measure for randomness, right? But to choose a random lattice you'd need to put a measure on the space of lattices, really on the space of bases for lattices. Okay, but anyway, we'll just do this intuitively. Imagine random vectors forming a lattice, random target point, and the Gaussian heuristic says that I should expect the answer, the distance to the closest lattice point, to be roughly square root of n over 2 pi e times the nth root of the volume of the lattice. That should look familiar. In fact, if you haven't seen it before, that probably looks exactly like the number from Minkowski's theorem. But it's not. The two in Minkowski's theorem is in the numerator, not the denominator. Okay, there's a slight difference. Not a huge difference. So why is this a reasonable thing to guess? Well, the justification, so I just repeated the statement at the top of the slide, the justification is again, if I take a ball centered, so now no longer centered at the origin, but I'm going to take my target point, I'm going to put a ball of radius r around it, and I'm going to expand that ball. And the question is, how big of a radius do I think I need before I hit a lattice point? Reasonable guess is I'll hit a lattice point where the volume of the ball is the same as the volume of the fundamental domain, right? Because the translated fundamental domains cover the whole space, and when I get the same volume, reasonable. I mean, you can construct lattices and target points where this is false. Remember, this is just sort of a random one average kind of thing. So what we do is we take a ball of radius r around the target point, look at its volume, which is just r to the n times the volume of the unit ball, which is roughly that. And then when that volume is the same as the volume of a fundamental domain, that's when I expect to hit my first lattice point. And quantifying that gives us Gaussian heuristic. This does not say that I have the, in high dimensions, that I have any idea how to actually find such a vector, but it gives me a theoretical idea of where it should be. And that's actually important in cryptography, as we will see, because we'll use the Gaussian heuristic to say, well, this cryptosystem, the security is based on the difficulty of solving the closest vector problem. How hard is that closest vector problem? Well, we expect the length you're looking for is about this. And then we'll go on to say, well, can we find vectors that are that close? Okay. And I believe, yeah. So, last slide, and last couple of minutes, I've been talking about finding closest vectors and shortest nonzero vectors. So, the shortest nonzero vector in a lattice, its length is called the first minimum. Okay? So, people often say the shortest vector problem is to find a vector whose length is lambda 1. Is the shortest possible? But then more generally, you can try to find a nice basis. So, you find the shortest vector, or a reasonably short vector. Okay? Then what's the second shortest vector? Well, it might be twice the one you already found. That's not interesting. I want something that's linearly independent. So, after we find a shortest vector, I look for the shortest vector that's linearly independent from that one I already found. And its length is the second minimum. And then, well, you can see inductively, third minimum, fourth minimum. So, the k's success of minimum is the length of, well, especially the shortest length so that the lattice has at least k linearly independent vectors about length. Okay? Or, I mean, this is probably a formal way to state it. The way I think of it is you do it inductively. You find the shortest vector, its length is lambda 1. You find the shortest vector that's linearly independent to it, its length is lambda 2. You find the shortest vector that's linearly independent of both the first two, its length is lambda 3 and so on. And then, you can state Minkowski's theorem. Well, as someone more general, I stated it when k was n. That the product, you can find these vectors whose product is length is less than this. But you can actually go all the way from k equals 1 to n. If you take k equals 1 in that formula that just disappeared, there it is. There's just the length of the shortest vector is less than this gamma to the one half. Gamma should be gamma sub n here. Okay? So, this gives it a possible way of proving, you know, Minkowski's theorem. I proved just the lambda 1 version. The k equals 1 version for you. And, you know, we might try to do it inductively. Although, it's a little tricky. Okay. So, that concludes today's lecture. Maybe a couple of minutes early. I've never in my life had an audience that objected to a lecture that ended a couple of minutes early. So, we have like a, yeah, are there questions? Well, I was going to get to that. I was going to say, yeah, I was going to ask for questions. Then we have a 10 minute break and then we reassemble in that big huge tent with the circular tables. And that's where the problem session will be. Yeah, so are there any questions? Yeah. Yeah. Yeah. Could you just really quickly go back to the previous slide? Yep. Okay. Yeah. Also, all of this expanded is in the notes, but yeah, sure. Yeah, the slides go very quickly. Any other quick questions? Yeah. The left hand side was like a determinant of the sum. Yeah, that's a good. The left hand side is actually the, well, it's the Hadamard quantity for the parallelogram spanned by the first k vectors. Right? Because it's the first k vectors. The right hand side is the actual volume of the fundamental domain, but scaled by k over n to get down to a k-dimensional thing. So, yeah, you can visualize it that way. It's saying that the k Hadamard product for these first k vectors is actually smaller than something that's an actual volume. Yeah, sort of scaled. Yeah. I think it's more clear than I use one. But how often does this, like, so if they use a k-up to add them to that k vector, is this what it's like to do? So they just do it a lot? Oh, no, that's not, not, not, so let me repeat the question. So how, when you do this, you'll end up with n linearly independent vectors. How often does that give you a basis for the lattice? It's a, not at all naive guys, it's a wonderful question. The answer is almost never. It's really, really interesting to try to say, you know, sort of on average how close to being a full basis is. And then it actually leads to another question, which is very good, which is instead of forming a basis like this inductively, one might say, well, what is the absolutely best basis I can find? And I might measure that best. How do you measure the goodness of a basis? Well, you could take the product of the length. You could, that's kind of the geometric mean. You could take some other, you could take the sum of the lengths, the L1 norm. You could take the L2 norm. People do all these things. And it's interesting to, to try to get accurate estimates as to how good those are. Yeah. Yeah, good question. Any more questions? Go ahead. Okay, good. So the question was Minkowski's theorem tells you there's a lattice point in this region R. And the question is, can you tell if it's one of the boundary or not? The answer is not really. If, if the region has exactly volume two to the n times the determinant of the lattice, then it may or may not end up on the boundary, I guess. But if you really want something in the interior, just take your region and expand it by a one plus epsilon and then, then you'll get something inside. Yeah. Okay. I think we probably are out of time because we, we have to get out and another group has to get in by 10 after. Maybe one last question? Yeah. Yeah. One last question. Is it easy to confuse this topic? I'm sorry, I can't hear. Is it easy to confuse this topic?