On a recursive decoding algorithm for lattices Annika Meyer - - PowerPoint PPT Presentation

On a recursive decoding algorithm for lattices

Annika Meyer

Workshop on lattices, codes and modular forms Aachen, 27.09.2011

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 1 / 14

Overview

1

Introduction

2

Iterative lattice decoding

3

Upper bounds on the number of lattice points in a small sphere

4

Examples

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 2 / 14

Introduction

Lattice Decoding: The Closest Vector Problem (CVP)

r Given a lattice L in Rn and x ∈ Rn, the CVP consists in finding ℓ ∈ L such that |x − ℓ| = min

ℓ′∈L |x − ℓ′|,

where | · | denotes the usual Euclidian length.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 3 / 14

Introduction

Lattice Decoding: The Closest Vector Problem (CVP)

r Given a lattice L in Rn and x ∈ Rn, the CVP consists in finding ℓ ∈ L such that |x − ℓ| = min

ℓ′∈L |x − ℓ′|,

where | · | denotes the usual Euclidian length. r The CVP is NP hard in its exact version.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 3 / 14

Introduction

Lattice Decoding: The Closest Vector Problem (CVP)

r Given a lattice L in Rn and x ∈ Rn, the CVP consists in finding ℓ ∈ L such that |x − ℓ| = min

ℓ′∈L |x − ℓ′|,

where | · | denotes the usual Euclidian length. r The CVP is NP hard in its exact version. r Solving the CVP with approximation factor δ ≥ 1 ∈ R means finding ℓ ∈ L such that, for all ℓ′ ∈ L, |x − ℓ| ≤ δ · |x − ℓ′|.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 3 / 14

Introduction

Lattice Decoding: The Closest Vector Problem (CVP)

r Given a lattice L in Rn and x ∈ Rn, the CVP consists in finding ℓ ∈ L such that |x − ℓ| = min

ℓ′∈L |x − ℓ′|,

where | · | denotes the usual Euclidian length. r The CVP is NP hard in its exact version. r Solving the CVP with approximation factor δ ≥ 1 ∈ R means finding ℓ ∈ L such that, for all ℓ′ ∈ L, |x − ℓ| ≤ δ · |x − ℓ′|. r The best known approximation factor for a deterministic polynomial time algorithm to solve the CVP approximately is 2n(log log n)2/2 log n (Schnorr 1985).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 3 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L. An approximation factor 2n/2 is achieved if B is LLL reduced.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L. An approximation factor 2n/2 is achieved if B is LLL reduced. (1) Let L′ = b1, . . . , bn−1Z, then L = ∪z∈Zz · b1 + L′.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L. An approximation factor 2n/2 is achieved if B is LLL reduced. (1) Let L′ = b1, . . . , bn−1Z, then L = ∪z∈Zz · b1 + L′. (2) Choose H = zb2 + L′ ⊗ R closest to x and h ∈ H closest to x.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L. An approximation factor 2n/2 is achieved if B is LLL reduced. (1) Let L′ = b1, . . . , bn−1Z, then L = ∪z∈Zz · b1 + L′. (2) Choose H = zb2 + L′ ⊗ R closest to x and h ∈ H closest to x. (3) Iteratively, find an approximation y′ of h − zb2 in L′.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L. An approximation factor 2n/2 is achieved if B is LLL reduced. (1) Let L′ = b1, . . . , bn−1Z, then L = ∪z∈Zz · b1 + L′. (2) Choose H = zb2 + L′ ⊗ R closest to x and h ∈ H closest to x. (3) Iteratively, find an approximation y′ of h − zb2 in L′. (4) Output the approximation y = y′ + zb2.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

Babai’s Nearest Plane Procedure (BNPP)

Given a basis B = (b1, . . . , bn) of L and x ∈ Rn, BNPP approximates x in L. An approximation factor 2n/2 is achieved if B is LLL reduced. (1) Let L′ = b1, . . . , bn−1Z, then L = ∪z∈Zz · b1 + L′. (2) Choose H = zb2 + L′ ⊗ R closest to x and h ∈ H closest to x. (3) Iteratively, find an approximation y′ of h − zb2 in L′. (4) Output the approximation y = y′ + zb2.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 4 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write    ϕ(bn) . . . ϕ(b1)    =    α1,1 . . . α1,n ... . . . αn,n    .

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write    ϕ(bn) . . . ϕ(b1)    =    α1,1 . . . α1,n ... . . . αn,n    . With ϕ(x) = (u1, . . . , un), BNPP is the following:

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write    ϕ(bn) . . . ϕ(b1)    =    α1,1 . . . α1,n ... . . . αn,n    . With ϕ(x) = (u1, . . . , un), BNPP is the following: (1) Find the optimal approximation ℓ1 = zα1,1 of u1 in Z α1,1.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write    ϕ(bn) . . . ϕ(b1)    =    α1,1 . . . α1,n ... . . . αn,n    . With ϕ(x) = (u1, . . . , un), BNPP is the following: (1) Find the optimal approximation ℓ1 = zα1,1 of u1 in Z α1,1. (2) Iteratively, approximate (u2 − zα1,2, . . . , un − zα1,n) ∈ Rn−1 in L′ = ϕ(b2), . . . , ϕ(bn)Z with ℓ′.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write    ϕ(bn) . . . ϕ(b1)    =    α1,1 . . . α1,n ... . . . αn,n    . With ϕ(x) = (u1, . . . , un), BNPP is the following: (1) Find the optimal approximation ℓ1 = zα1,1 of u1 in Z α1,1. (2) Iteratively, approximate (u2 − zα1,2, . . . , un − zα1,n) ∈ Rn−1 in L′ = ϕ(b2), . . . , ϕ(bn)Z with ℓ′. (3) Form ℓ = ℓ′ + z(α1,1, . . . , α1,n).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

BNPP as an iterative decoding algorithm

Let B′ = (b′

1, . . . , b′ n) be the Gram Schmidt orthonormalisation of B and define

an isometry ϕ : b′

i → en−i+1, where (e1, . . . , en) is the standard basis of Rn.

Write    ϕ(bn) . . . ϕ(b1)    =    α1,1 . . . α1,n ... . . . αn,n    . With ϕ(x) = (u1, . . . , un), BNPP is the following: (1) Find the optimal approximation ℓ1 = zα1,1 of u1 in Z α1,1. (2) Iteratively, approximate (u2 − zα1,2, . . . , un − zα1,n) ∈ Rn−1 in L′ = ϕ(b2), . . . , ϕ(bn)Z with ℓ′. (3) Form ℓ = ℓ′ + z(α1,1, . . . , α1,n). Idea: Generalise BNPP , changing from lattices α Z to higher dimensional latti- ces.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 5 / 14

Iterative lattice decoding

Iterative lattice decoding

r Let Wi be lattices of dimension ni, i ∈ {1, . . . , t}, and let fi : Rn1+···+ni → Rni+1 linear maps, for i ∈ {1, . . . , t − 1}.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 6 / 14

Iterative lattice decoding

Iterative lattice decoding

r Let Wi be lattices of dimension ni, i ∈ {1, . . . , t}, and let fi : Rn1+···+ni → Rni+1 linear maps, for i ∈ {1, . . . , t − 1}. r Form a lattice L = L(W1, . . . , Wt, f2, . . . , ft) of dimension n = n1 + · · · + nt by L = {(ℓ1, . . . , ℓt) ∈ Rn | ℓ1 ∈ W1, ℓi −fi−1(ℓ1, . . . , ℓi−1) ∈ Wi, i ∈ {1, . . . , t})}.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 6 / 14

Iterative lattice decoding

Iterative lattice decoding

r Let Wi be lattices of dimension ni, i ∈ {1, . . . , t}, and let fi : Rn1+···+ni → Rni+1 linear maps, for i ∈ {1, . . . , t − 1}. r Form a lattice L = L(W1, . . . , Wt, f2, . . . , ft) of dimension n = n1 + · · · + nt by L = {(ℓ1, . . . , ℓt) ∈ Rn | ℓ1 ∈ W1, ℓi −fi−1(ℓ1, . . . , ℓi−1) ∈ Wi, i ∈ {1, . . . , t})}. r Decoding algorithm A for L: Let x = (x1, . . . , xt) ∈ Rn.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 6 / 14

Iterative lattice decoding

Iterative lattice decoding

r Let Wi be lattices of dimension ni, i ∈ {1, . . . , t}, and let fi : Rn1+···+ni → Rni+1 linear maps, for i ∈ {1, . . . , t − 1}. r Form a lattice L = L(W1, . . . , Wt, f2, . . . , ft) of dimension n = n1 + · · · + nt by L = {(ℓ1, . . . , ℓt) ∈ Rn | ℓ1 ∈ W1, ℓi −fi−1(ℓ1, . . . , ℓi−1) ∈ Wi, i ∈ {1, . . . , t})}. r Decoding algorithm A for L: Let x = (x1, . . . , xt) ∈ Rn.

(1) Let ℓ1 ∈ W1 be the lattice point closest to x1.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 6 / 14

Iterative lattice decoding

Iterative lattice decoding

r Let Wi be lattices of dimension ni, i ∈ {1, . . . , t}, and let fi : Rn1+···+ni → Rni+1 linear maps, for i ∈ {1, . . . , t − 1}. r Form a lattice L = L(W1, . . . , Wt, f2, . . . , ft) of dimension n = n1 + · · · + nt by L = {(ℓ1, . . . , ℓt) ∈ Rn | ℓ1 ∈ W1, ℓi −fi−1(ℓ1, . . . , ℓi−1) ∈ Wi, i ∈ {1, . . . , t})}. r Decoding algorithm A for L: Let x = (x1, . . . , xt) ∈ Rn.

(1) Let ℓ1 ∈ W1 be the lattice point closest to x1. (2) For 2 ≤ i ≤ t, approximate xi − fi−1(ℓ1, . . . , ℓi−1) by wi ∈ Wi and put ℓi := wi + fi−1(ℓ1, . . . , ℓi−1).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 6 / 14

Iterative lattice decoding

Iterative lattice decoding

r Let Wi be lattices of dimension ni, i ∈ {1, . . . , t}, and let fi : Rn1+···+ni → Rni+1 linear maps, for i ∈ {1, . . . , t − 1}. r Form a lattice L = L(W1, . . . , Wt, f2, . . . , ft) of dimension n = n1 + · · · + nt by L = {(ℓ1, . . . , ℓt) ∈ Rn | ℓ1 ∈ W1, ℓi −fi−1(ℓ1, . . . , ℓi−1) ∈ Wi, i ∈ {1, . . . , t})}. r Decoding algorithm A for L: Let x = (x1, . . . , xt) ∈ Rn.

(1) Let ℓ1 ∈ W1 be the lattice point closest to x1. (2) For 2 ≤ i ≤ t, approximate xi − fi−1(ℓ1, . . . , ℓi−1) by wi ∈ Wi and put ℓi := wi + fi−1(ℓ1, . . . , ℓi−1). (3) Output the approximation ℓ = (ℓ1, . . . , ℓt) ∈ L.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 6 / 14

Iterative lattice decoding

Algorithm A′ - some questions and remarks

r Algorithm A′ depends on the chosen lattice basis.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 7 / 14

Iterative lattice decoding

Algorithm A′ - some questions and remarks

r Algorithm A′ depends on the chosen lattice basis. r For every isometry class of lattices, there are many ways to give an upper triangular (block) basis matrix for a representative.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 7 / 14

Iterative lattice decoding

Algorithm A′ - some questions and remarks

r Algorithm A′ depends on the chosen lattice basis. r For every isometry class of lattices, there are many ways to give an upper triangular (block) basis matrix for a representative. r There should exist good decoding algorithms for W1, . . . , Wt

(specific decoding algorithms exist for many well known lattices).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 7 / 14

Iterative lattice decoding

Algorithm A′ - some questions and remarks

r Algorithm A′ depends on the chosen lattice basis. r For every isometry class of lattices, there are many ways to give an upper triangular (block) basis matrix for a representative. r There should exist good decoding algorithms for W1, . . . , Wt

(specific decoding algorithms exist for many well known lattices).

r When do we obtain a good approximation?

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 7 / 14

Iterative lattice decoding

Algorithm A′ - some questions and remarks

r Algorithm A′ depends on the chosen lattice basis. r For every isometry class of lattices, there are many ways to give an upper triangular (block) basis matrix for a representative. r There should exist good decoding algorithms for W1, . . . , Wt

(specific decoding algorithms exist for many well known lattices).

r When do we obtain a good approximation? r What do we gain when if we consider all the elements of Br(x1) ∩ W1 = {w ∈ W1 | |w − x1| ≤ r} in the first step of Algorithm A′?

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 7 / 14

Iterative lattice decoding

Algorithm A′ - some questions and remarks

r Algorithm A′ depends on the chosen lattice basis. r For every isometry class of lattices, there are many ways to give an upper triangular (block) basis matrix for a representative. r There should exist good decoding algorithms for W1, . . . , Wt

(specific decoding algorithms exist for many well known lattices).

r When do we obtain a good approximation? r What do we gain when if we consider all the elements of Br(x1) ∩ W1 = {w ∈ W1 | |w − x1| ≤ r} in the first step of Algorithm A′? r Sphere decoding (Fincke, Pohst) can be used to compute Br(x1) ∩ W1.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 7 / 14

Iterative lattice decoding

Approximation factors for Algorithm A′

Definition

The packing radius of a lattice L in Rn is ρL := 1

2

• min(L), where

min(L) := min0=ℓ∈L |ℓ|2. The covering radius of L is γL :=

• µ(L), where

µ(L) = maxv∈Rn minℓ∈L |v − ℓ|2.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 8 / 14

Iterative lattice decoding

Approximation factors for Algorithm A′

Definition

The packing radius of a lattice L in Rn is ρL := 1

2

• min(L), where

min(L) := min0=ℓ∈L |ℓ|2. The covering radius of L is γL :=

• µ(L), where

µ(L) = maxv∈Rn minℓ∈L |v − ℓ|2.

Theorem

Algorithm A′ achieves an approximation factor √δt, definded recursively by δ1 = 4 µ(Wt) min(Wt), δj = max{4 t

i=t−j+1 µ(Wi)

min(Wt−j+1) , δj−1 + 1}, j = 2, . . . , t.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 8 / 14

Iterative lattice decoding

Approximation factors for Algorithm A′

Definition

The packing radius of a lattice L in Rn is ρL := 1

2

• min(L), where

min(L) := min0=ℓ∈L |ℓ|2. The covering radius of L is γL :=

• µ(L), where

µ(L) = maxv∈Rn minℓ∈L |v − ℓ|2.

Theorem

Algorithm A′ achieves an approximation factor √δt, definded recursively by δ1 = 4 µ(Wt) min(Wt), δj = max{4 t

i=t−j+1 µ(Wi)

min(Wt−j+1) , δj−1 + 1}, j = 2, . . . , t.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 8 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A:

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A: Let L = L(W1, . . . , Wt, f2, . . . , ft−1), x = (x1, . . . , xt) ∈ Rn and r > 0.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A: Let L = L(W1, . . . , Wt, f2, . . . , ft−1), x = (x1, . . . , xt) ∈ Rn and r > 0. r Use sphere decoding to find all the points in W1 ∩ Br(x1).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A: Let L = L(W1, . . . , Wt, f2, . . . , ft−1), x = (x1, . . . , xt) ∈ Rn and r > 0. r Use sphere decoding to find all the points in W1 ∩ Br(x1). r For every point found in step 1, perform steps 2 and 3 of Algorithm A′.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A: Let L = L(W1, . . . , Wt, f2, . . . , ft−1), x = (x1, . . . , xt) ∈ Rn and r > 0. r Use sphere decoding to find all the points in W1 ∩ Br(x1). r For every point found in step 1, perform steps 2 and 3 of Algorithm A′. r Among all the approximations found, choose the best one.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A: Let L = L(W1, . . . , Wt, f2, . . . , ft−1), x = (x1, . . . , xt) ∈ Rn and r > 0. r Use sphere decoding to find all the points in W1 ∩ Br(x1). r For every point found in step 1, perform steps 2 and 3 of Algorithm A′. r Among all the approximations found, choose the best one.

Theorem

With δ1, . . . , δt−1 as above, Algorithm A achieves an approximation factor of max{1 + δt−1, r −1

t

• i=1

µ(Wi)}

1 2 . Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Iterative lattice decoding

A modification of Algorithm A′

Algorithm A: Let L = L(W1, . . . , Wt, f2, . . . , ft−1), x = (x1, . . . , xt) ∈ Rn and r > 0. r Use sphere decoding to find all the points in W1 ∩ Br(x1). r For every point found in step 1, perform steps 2 and 3 of Algorithm A′. r Among all the approximations found, choose the best one.

Theorem

With δ1, . . . , δt−1 as above, Algorithm A achieves an approximation factor of max{1 + δt−1, r −1

t

• i=1

µ(Wi)}

1 2 .

Question: Can we upper bound |Br(x1) ∩ W1|?

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 9 / 14

Upper bounds on the number of lattice points in a small sphere

Bounds on |Br(x) ∩ W| via spherical codes

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 10 / 14

Upper bounds on the number of lattice points in a small sphere

Bounds on |Br(x) ∩ W| via spherical codes

Definition

A spherical code in Rs is a set C of vectors of length 1. The minimum angle of C is αmin(C) := minc=c′∈C ∠(c, c′).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 10 / 14

Upper bounds on the number of lattice points in a small sphere

Bounds on |Br(x) ∩ W| via spherical codes

Definition

A spherical code in Rs is a set C of vectors of length 1. The minimum angle of C is αmin(C) := minc=c′∈C ∠(c, c′). If C is a spherical code at a positive minimum angle, then |C| < ∞.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 10 / 14

Upper bounds on the number of lattice points in a small sphere

Bounds on |Br(x) ∩ W| via spherical codes

Definition

A spherical code in Rs is a set C of vectors of length 1. The minimum angle of C is αmin(C) := minc=c′∈C ∠(c, c′). If C is a spherical code at a positive minimum angle, then |C| < ∞. In this case, good upper bounds on |C| can be derived using linear programs, whose variables are the coefficients of the weight distribution

• f C (Kabatiansky, Levenshtein).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 10 / 14

Upper bounds on the number of lattice points in a small sphere

Bounds on |Br(x) ∩ W| via spherical codes

Definition

A spherical code in Rs is a set C of vectors of length 1. The minimum angle of C is αmin(C) := minc=c′∈C ∠(c, c′). If C is a spherical code at a positive minimum angle, then |C| < ∞. In this case, good upper bounds on |C| can be derived using linear programs, whose variables are the coefficients of the weight distribution

• f C (Kabatiansky, Levenshtein).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 10 / 14

Upper bounds on the number of lattice points in a small sphere

Lattices and spherical codes

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 11 / 14

Upper bounds on the number of lattice points in a small sphere

Lattices and spherical codes

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 11 / 14

Upper bounds on the number of lattice points in a small sphere

Lattices and spherical codes

Theorem

Let L be a lattice in Rs. If r is a real number with 0 < r ≤ 2ρL then the set {|x − z|−1 (x − z) | z ∈ Br(x) ∩ L} is a spherical code with minimum angle α = cos−1(1 − ρL

r ), for every x ∈ Rs.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 11 / 14

Upper bounds on the number of lattice points in a small sphere

Examples: Bounds obtained for An, En, Λ24, r = γL

Type n θ A(n, θ) Gaussian bound for deep holes A 2

2 3π

3 3 3 3

π 2

6 7 6 4 cos−1( 1

6)

10 12 10 5 cos−1( 1

3)

≤ 24 26 20 6 cos−1( 5

12)

≤ 54 47 35 7

π 3

≤ 140 99 70 8

• 188

126 9

• 391

252 E 6 cos−1( 1

4)

27 37 27 7 cos−1( 1

3)

56 84 56 8

π 2

16 77 16 Leech 24

π 2

48 974 48

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 12 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24:

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

r Algorithm A′: Decoding (x1, x2, x3) ∈⊥3

i=1 R24 in Λ72 with approximation

factor √ 14:

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

r Algorithm A′: Decoding (x1, x2, x3) ∈⊥3

i=1 R24 in Λ72 with approximation

factor √ 14:

(1) Approximate x1 with y1 ∈ Λ24.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

r Algorithm A′: Decoding (x1, x2, x3) ∈⊥3

i=1 R24 in Λ72 with approximation

factor √ 14:

(1) Approximate x1 with y1 ∈ Λ24. (2) Approximate x2 − y1 with y2 ∈ β(Λ24).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

r Algorithm A′: Decoding (x1, x2, x3) ∈⊥3

i=1 R24 in Λ72 with approximation

factor √ 14:

(1) Approximate x1 with y1 ∈ Λ24. (2) Approximate x2 − y1 with y2 ∈ β(Λ24). (3) Approximate x3 − α(y1) − y2 with y3 ∈ 2Λ24.

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

r Algorithm A′: Decoding (x1, x2, x3) ∈⊥3

i=1 R24 in Λ72 with approximation

factor √ 14:

(1) Approximate x1 with y1 ∈ Λ24. (2) Approximate x2 − y1 with y2 ∈ β(Λ24). (3) Approximate x3 − α(y1) − y2 with y3 ∈ 2Λ24. (4) Output the approximation (ℓ1, ℓ2, ℓ3) = (y1, y1 + y2, α(y1) + y2 + y3)

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Example: Nebe’s extremal even unimodular lattice Λ72

r Λ72 is obtained from a polarisation (α(Λ24), β(Λ24)) of the Leech lattice Λ24, where α, β ∈ End(Λ24) such that α2 − α + 2 = 0, β = 1 − α and (α(x), y) = (x, β(y)) for all x, y ∈ R24: Λ72 = {(ℓ1, ℓ2, ℓ3) ∈⊥3

i=1 Λ24 | ℓ1 − ℓ2 ∈ β(Λ24), ℓ2 − β(ℓ1) − ℓ3 ∈ 2Λ24)}

r Algorithm A′: Decoding (x1, x2, x3) ∈⊥3

i=1 R24 in Λ72 with approximation

factor √ 14:

(1) Approximate x1 with y1 ∈ Λ24. (2) Approximate x2 − y1 with y2 ∈ β(Λ24). (3) Approximate x3 − α(y1) − y2 with y3 ∈ 2Λ24. (4) Output the approximation (ℓ1, ℓ2, ℓ3) = (y1, y1 + y2, α(y1) + y2 + y3)

r Algorithm A: time increased by at most |B√

2(x1) ∩ Λ24| ≤ 48,

approximation factor of √ 7, using sphere decoding with r = √ 2 =

• µ(Λ24).

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 13 / 14

Examples

Thank you very much for your attention!

Annika Meyer ( Workshop on lattices, codes and modular forms Aachen, 27.09.2011) On a recursive decoding algorithm for lattices 14 / 14