1 / 28

Diophantine Approximation and Basis Reduction

Diophantine Approximation and Basis Reduction. By Shu Wang CAS 746 Presentation 6 th , Feb, 2006. Overview. Problem: Approximating real numbers by rational numbers of low denominator and finding a so-called reduced basis in a lattice Content

hallie
Download Presentation

Diophantine Approximation and Basis Reduction

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Diophantine Approximation and Basis Reduction By Shu Wang CAS 746 Presentation 6th, Feb, 2006

  2. Overview • Problem: Approximating real numbers by rational numbers of low denominator and finding a so-called reduced basis in a lattice • Content • The continued fraction method for approximating one real number • Lovász’s basis reduction method for lattices • Applications • Notations

  3. Dirichlet’s Theorem • Let be a real number and let Then there exist two integers p and q such that • Example.

  4. Proof of Dirichlet’s Theorem • Let we find two different integers i and j where • Consider the following series • Otherwise, according to pigeon-hole principle, … 0 1

  5. Proof of Dirichlet’s Theorem - continued • Exercises

  6. The Continued Fraction Method • Given a real number , we compute its rational approximation by following a series of steps as follows: • First we define • This sequence stops if becomes an integer • We define an sequences called convergents that approximate to the above • If becomes an integer then the last term of convergents equals to . We use to denote the term of the convergents of

  7. The Continued Fraction Method (2) • We can determine a sequence where so that it corresponds to the convergent series • Suppose the first two terms are as follows: What can we deduce from it? • If then . Contradiction exist.

  8. Proof

  9. The Continued Fraction Method (3) • Suppose we have found nonnegative integers such that • This implies why?

  10. The Continued Fraction Method (4) • We find the largest integer such that • We define • If then the sequence stop, otherwise we find the largest such that • We define and so on…… • We can repeat the iteration and find the sequence It turns out that this sequence is the same as the sequence of convergents of real number !

  11. Proof • We use to denote the term with respect to • First we prove when • Prove by induction • Then we prove • Prove by induction

  12. Some Properties of Sequence • Denominators are monotonically increasing • For any real numbers and with , one of the convergents satisfy the Dirichlet’s theorem • Proof: Let be the last convergent for which holds. Then • The sequence converge to • Proof by induction

  13. Algorithm of Continued Fraction Method • Initially . Suppose then we compute by using the following rule: • If k is even and , subtract times the second column of from the first column; • If k is odd and , subtract times the first column of from the second column; • The matrices is in the following form: • The found in this way are the same as in the convergents • Proved by induction

  14. Time complexity of Continued Fraction Method • Corollary. Given rational number , the continued fraction method finds integers and as described in Dirichelet’s theorem in time polynomially bounded by the size of • Proved similar to Euclidean algorithm • Theorem. Let be a real number, and let and be natural numbers with . Then occurs as convergent for • Corollary. There exist a polynomial algorithm which, for given rational number and natural number M, tests if there exists a rational number with . If so, finds this rational number.

  15. Summary • Given a real number , there exist a rational number with small that is close enough to • Continued fraction method compute a rational number that equals to if is a rational number. Otherwise converge to • The algorithm for continued fraction method is a polynomial Euclidean-like algorithm

  16. Basis Reduction in Lattices - Overview • Problem: Given a lattice (represented by its basis), finds a reduced “short” (nearly orthogonal) basis. • Applications: • Finding a short nonzero vector in a lattice • Simultaneous Diophantine approximation • Finding the Hermite normal form • Basis reduction has numerous applications in cryptanalysis of public-key encryption schemes: knapsack cryptosystems, RSA with particular settings, and so forth

  17. Basic Concepts Review • Lattice. Given a sequence of vectors , and a group we say generate if . We call a lattice and the basis of . In other words, a lattice can be seen as an integer linear combinations of its basis. It is a subset of the subspace generated by its basis. • A matrix can be seen as a sequence of column (row) vectors, therefore a lattice can be generated by columns (rows) of a matrix

  18. Basic Concepts Review - 2 • Let A and B both be a nonsingular matrix of order n, and whose column both generate the same lattice , then and this is called the det of lattice . In other words, det is independent to chose of basis • Proof: • Lemma 1: If B is obtained by interchanging two columns (rows) of A, then det B = -det A. • Proof: Complicated (component-wise) proof by induction • Lemma 2: If A has two identical columns (rows), then det A = 0. • Proof: Let A be a matrix with two identical rows, let B be a matrix constructed from A by interchanging these two column (rows). Then det B = det A because these two matrices are equal. However, from Lemma 1 we know that det B = -det A. So det B = det A = 0 • Lemma 3: The determinant of an nxn matrix can be computed by expansion of any row or column. • Also called Laplace Expansion Theorem, component-wisely proved by Laplace. • Lemma 4: If B is obtained by multiplying a column (row) of A by k, then det B = k det A. • Proof. We can calculate det B by expanding the same column (row) of B as that of A,which yields det B = k det A.

  19. Basic Concepts Review - 3 • Lemma 5: If A, B and C are identical except that the i-th column (row) of C is the sum of the i-th columns (rows) of A and B, then det C = det A + det B. • Proof. We can calculate det B by expanding the i-th column of C, then we can prove det C = det A + det B by using the distributivity of multiplication of matrices • Lemma 6: If B is obtained by adding a multiple of one column (row) i of A to another column (row) j, then det B = det A. • Proof. Let A’ be the matrix that constructed by replacing column (row) i of A to j, then det A’ = 0 because A’ has two identical columns. Matrix A, A’ and B satisfy Lemma 5 so that det B = det A + det A’ = det A • Lemma 7: If If B is obtained by elementary column operations from A, then |det B| = |det A|. • Proof. Directly from Lemma 1, 4 and 6. • From chapter 4, we know that if matrix A and B generate the same lattice then they have the same Hermite Normal Form by elementary column operations, therefore from Lemma 7 we have |det B| = |det A|.

  20. Geometric Meaning of Determinant • The determinant of corresponds to the volume of the parallelepiped Where is any basis for • Hadamard Inequality theorem: When are orthogonal to each other, the equality holds. • We now have the lower bound of , what about the upper bound? Hermite showed that Minkowski showed that Schnorr proved that for each fixed then there exist a polynomial algorithm finding a basis satisfying

  21. Basis Reduction Theorem • A matrix is called positive definite if • There exist a polynomial algorithm which, for given positive definite rational matrix D, finds a basis for the lattice satisfying ‖b1‖ ‖b2‖…‖bn‖≤ where ‖x‖ • We prove this theorem by showing the LLL algorithm

  22. The Lenstra, Lenstra and Lovász Algorithm • We construct a series of basis for as follows: • The first basis is the unit basis. • We construct the next basis inductively using the following steps: • 1. Denote as the matrix with columns , we calculate • 2. • 3. Choose, if possible, an index i such that ‖b2*‖2>2‖b*i+1‖2. Exchange bi and bi+1, and start with step 1 again. If no such i exists, the algorithm stops.

  23. The Lenstra, Lenstra and Lovász Algorithm - Continued • The LLL algorithm is an approximation of the Gram-Schmidt orthogonalization process which finds a orthogonal basis in a subspace of • The LLL algorithm terminates in polynomial time, with intermediate numbers polynomially bounded by the size of D • Complicated proof see p.68 – p.71

  24. Finding a Short Nonzero Vector in a Lattice • In 1891, Minkowski proved a classical result: any n-dimensional lattice contains a nonzero vector b with where denotes the volume of the n-dimensional unit ball. However, no polynomial algorithm finding such a vector b is known. • With the basis reduction method, by taking the shortest vector one can find a “longer short vector” in a lattice, which satisfy However, this vector is generally not the shortest one in the lattice • The CVP (Closest Vector Problem): “Given a lattice and vector a, find b with (any kind of) norm of b-a as small as possible” is proven to be NP-complete • The SVP (Shortest Nonzero Vector Problem): “Given a lattice, finding a vector in the lattice as small as possible” is even proven to be NP-hard to approximate within some constant [Dan 2001]

  25. Simultaneous Diophantine Approximation • Dirichlet showed that Let be real numbers with Then there exist two integers and q such that No polynomial method is known for this problem, unless when n=1, where we can use the continued fraction method • However, we can use basis reduction method to find a weaker approximation of the problem in polynomial time

  26. Finding the Hermite Normal Form • Given a matrix A, we can use basis reduction method to calculate vector and record it in such a way that it can be transform to Hermite Normal Form by elementary column operations • Some of the other applications • Lenstra’s Integer Linear Programming algorithm • Factoring polynomials (over rationals) in polynomial time • Breaking cryptographic codes • Disproving Mertens’ conjecture • Solving low density subset sum problems

  27. Summary • The continued fraction method for approximating one real number by rational numbers • Lovász’s basis reduction method for finding a short basis in a lattice • Applications

  28. Thank you 

More Related