Minkowski's theorem

Template:Short description Template:More footnotes

A set in Template:Math satisfying the hypotheses of Minkowski's theorem.

In mathematics, Minkowski's theorem is the statement that every convex set in <math>\mathbb{R}^n</math> which is symmetric with respect to the origin and which has volume greater than <math>2^n</math> contains a non-zero integer point (meaning a point in <math>\Z^n</math> that is not the origin). The theorem was proved by Hermann Minkowski in 1889 and became the foundation of the branch of number theory called the geometry of numbers. It can be extended from the integers to any lattice <math>L</math> and to any symmetric convex set with volume greater than <math>2^n\,d(L)</math>, where <math>d(L)</math> denotes the covolume of the lattice (the absolute value of the determinant of any of its bases).

FormulationEdit

Suppose that Template:Math is a lattice of determinant Template:Math in the Template:Math-dimensional real vector space <math>\mathbb{R}^n</math> and Template:Math is a convex subset of <math>\mathbb{R}^n</math> that is symmetric with respect to the origin, meaning that if Template:Math is in Template:Math then Template:Math is also in Template:Math. Minkowski's theorem states that if the volume of Template:Math is strictly greater than Template:Math, then Template:Math must contain at least one lattice point other than the origin. (Since the set Template:Math is symmetric, it would then contain at least three lattice points: the origin 0 and a pair of points Template:Math, where Template:Math.)

ExampleEdit

The simplest example of a lattice is the integer lattice <math>\mathbb{Z}^n</math> of all points with integer coefficients; its determinant is 1. For Template:Math, the theorem claims that a convex figure in the Euclidean plane symmetric about the origin and with area greater than 4 encloses at least one lattice point in addition to the origin. The area bound is sharp: if Template:Math is the interior of the square with vertices Template:Math then Template:Math is symmetric and convex, and has area 4, but the only lattice point it contains is the origin. This example, showing that the bound of the theorem is sharp, generalizes to hypercubes in every dimension Template:Math.

ProofEdit

The following argument proves Minkowski's theorem for the specific case of <math>L = \mathbb{Z}^2.</math>

Proof of the <math display = "inline"> \mathbb{Z}^2 </math> case: Consider the map

<math>f: S \to \mathbb{R}^2/2L, \qquad (x,y) \mapsto (x \bmod 2, y \bmod 2)</math>

Intuitively, this map cuts the plane into 2 by 2 squares, then stacks the squares on top of each other. Clearly Template:Math has area less than or equal to 4, because this set lies within a 2 by 2 square. Assume for a contradiction that Template:Math could be injective, which means the pieces of Template:Math cut out by the squares stack up in a non-overlapping way. Because Template:Math is locally area-preserving, this non-overlapping property would make it area-preserving for all of Template:Math, so the area of Template:Math would be the same as that of Template:Math, which is greater than 4. That is not the case, so the assumption must be false: Template:Math is not injective, meaning that there exist at least two distinct points Template:Math in Template:Math that are mapped by Template:Math to the same point: Template:Math.

Because of the way Template:Math was defined, the only way that Template:Math can equal Template:Math is for Template:Math to equal Template:Math for some integers Template:Math and Template:Math, not both zero. That is, the coordinates of the two points differ by two even integers. Since Template:Math is symmetric about the origin, Template:Math is also a point in Template:Math. Since Template:Math is convex, the line segment between Template:Math and Template:Math lies entirely in Template:Math, and in particular the midpoint of that segment lies in Template:Math. In other words,

<math>\tfrac{1}{2}\left(-p_1 + p_2\right) = \tfrac{1}{2}\left(-p_1 + p_1 + (2i, 2j)\right) = (i, j)</math>

is a point in Template:Math. This point Template:Math is an integer point, and is not the origin since Template:Math and Template:Math are not both zero. Therefore, Template:Math contains a nonzero integer point.

Remarks:

The argument above proves the theorem that any set of volume <math display = "inline"> >\!\det(L)</math> contains two distinct points that differ by a lattice vector. This is a special case of Blichfeldt's theorem.<ref>Template:Cite book</ref>
The argument above highlights that the term <math display = "inline">2^n \det(L)</math> is the covolume of the lattice <math display = "inline">2L</math>.
To obtain a proof for general lattices, it suffices to prove Minkowski's theorem only for <math display = "inline">\mathbb{Z}^n</math>; this is because every full-rank lattice can be written as <math display = "inline">B\mathbb{Z}^n</math> for some linear transformation <math display = "inline">B</math>, and the properties of being convex and symmetric about the origin are preserved by linear transformations, while the covolume of <math display = "inline">B\mathbb{Z}^n</math> is <math display = "inline">|\!\det(B)|</math> and volume of a body scales by exactly <math display = "inline">\frac{1}{\det(B)}</math> under an application of <math display = "inline">B^{-1}</math>.

ApplicationsEdit

Bounding the shortest vectorEdit

Minkowski's theorem gives an upper bound for the length of the shortest nonzero vector. This result has applications in lattice cryptography and number theory.

Theorem (Minkowski's bound on the shortest vector): Let <math display="inline">L</math> be a lattice. Then there is a <math display="inline">x \in L \setminus \{0\}</math> with <math display="inline"> \|x\|_{\infty} \leq \left|\det(L)\right|^{1/n}</math>. In particular, by the standard comparison between <math display="inline">l_2</math> and <math display="inline">l_{\infty}</math> norms, <math display="inline"> \|x\|_2 \leq \sqrt{n}\, \left|\det(L)\right|^{1/n}</math>. Template:Math proof Remarks:

The constant in the <math display="inline">L^2</math> bound can be improved, for instance by taking the open ball of radius <math display="inline"> < l</math> as <math display="inline">C</math> in the above argument. The optimal constant is known as the Hermite constant.
The bound given by the theorem can be very loose, as can be seen by considering the lattice generated by <math display="inline">(1,0), (0,n)</math>. But it cannot be further improved in the sense that there exists a global constant <math>c</math> such that there exists an <math>n</math>-dimensional lattice <math>L</math> satisfying <math>\| x\|_2 \geq c {\sqrt{n}}\cdot \left|\det(L)\right|^{1/n}</math>for all <math>x \in L \setminus \{0\}</math>. Furthermore, such lattice can be self-dual. <ref>Template:Cite book</ref>
Even though Minkowski's theorem guarantees a short lattice vector within a certain magnitude bound, finding this vector is in general a hard computational problem. Finding the vector within a factor guaranteed by Minkowski's bound is referred to as Minkowski's Vector Problem (MVP), and it is known that approximation SVP reduces to it using transference properties of the dual lattice. The computational problem is also sometimes referred to as HermiteSVP.<ref name="Nguyen 2009 pp. 19–69">Template:Cite book</ref>
The LLL-basis reduction algorithm can be seen as a weak but efficiently algorithmic version of Minkowski's bound on the shortest vector. This is because a <math display="inline"> \delta </math>-LLL reduced basis <math display="inline"> b_1, \ldots, b_n </math> for <math display="inline"> L </math> has the property that <math display="inline"> \|b_1\| \leq \left(\frac{1}{ \delta - .25}\right)^{\frac{n-1}{4}} \det(L)^{1/n} </math>; see these lecture notes of Micciancio for more on this. As explained in,<ref name="Nguyen 2009 pp. 19–69"/> proofs of bounds on the Hermite constant contain some of the key ideas in the LLL-reduction algorithm.

Applications to number theoryEdit

Primes that are sums of two squaresEdit

The difficult implication in Fermat's theorem on sums of two squares can be proven using Minkowski's bound on the shortest vector.

Theorem: Every prime with <math display="inline">p \equiv 1 \mod 4</math> can be written as a sum of two squares.

Template:Math proof = 1~(\text{mod}~p)</math> (Euler's Criterion) there is a square root of <math display="inline">-1</math> in <math display="inline">\Z / p\Z</math>; choose one and call one representative in <math display="inline">\Z</math> for it <math display="inline">j</math>. Consider the lattice <math display="inline">L</math> defined by the vectors <math display="inline">(1, j), (0,p)</math>, and let <math display="inline">B</math> denote the associated matrix. The determinant of this lattice is <math display="inline">p</math>, whence Minkowski's bound tells us that there is a nonzero <math display="inline">x = (x_1, x_2) \in \mathbb{Z}^2</math> with <math display="inline">0 < \|Bx\|_2^2 < 2p</math>. We have <math display="inline">\|Bx\|^2 = \|(x_1, jx_1 + px_2)\|^2 = x_1^2 + (jx_1 + px_2)^2</math> and we define the integers <math display="inline">a = x_1, b = (jx_1 + px_2)</math>. Minkowski's bound tells us that <math display="inline">0 < a^2 + b^2 < 2p</math>, and simple modular arithmetic shows that <math display="inline">a^2 + b^2 = x_1^2 + (jx_1 + px_2)^2 = 0 \mod p</math>, and thus we conclude that <math display="inline">a^2 + b^2 = p</math>. Q.E.D.}}

Additionally, the lattice perspective gives a computationally efficient approach to Fermat's theorem on sums of squares: Template:Collapse top First, recall that finding any nonzero vector with norm less than <math display="inline">2p</math> in <math display="inline">L</math>, the lattice of the proof, gives a decomposition of <math display="inline">p</math> as a sum of two squares. Such vectors can be found efficiently, for instance using LLL-algorithm. In particular, if <math display="inline">b_1, b_2</math> is a <math display="inline"> 3/4 </math>-LLL reduced basis, then, by the property that <math display="inline">\|b_1\| \leq (\frac{1}{\delta - .25})^{\frac{n-1}{4}} \text{det}(B)^{1/n}</math>, <math display="inline">\|b_1\|^2 \leq \sqrt{2} p < 2p</math>. Thus, by running the LLL-lattice basis reduction algorithm with <math display="inline"> \delta = 3/4 </math>, we obtain a decomposition of <math display="inline">p</math> as a sum of squares. Note that because every vector in <math display="inline">L</math> has norm squared a multiple of <math display="inline">p</math>, the vector returned by the LLL-algorithm in this case is in fact a shortest vector. Template:Collapse bottom

Lagrange's four-square theoremEdit

Minkowski's theorem is also useful to prove Lagrange's four-square theorem, which states that every natural number can be written as the sum of the squares of four natural numbers.

Dirichlet's theorem on simultaneous rational approximationEdit

Minkowski's theorem can be used to prove Dirichlet's theorem on simultaneous rational approximation.

Algebraic number theoryEdit

Another application of Minkowski's theorem is the result that every class in the ideal class group of a number field Template:Math contains an integral ideal of norm not exceeding a certain bound, depending on Template:Math, called Minkowski's bound: the finiteness of the class number of an algebraic number field follows immediately.

Complexity theoryEdit

The complexity of finding the point guaranteed by Minkowski's theorem, or the closely related Blichfeldt's theorem, have been studied from the perspective of TFNP search problems. In particular, it is known that a computational analogue of Blichfeldt's theorem, a corollary of the proof of Minkowski's theorem, is PPP-complete.<ref name="Cryptology ePrint Archive: Report 2018/778 2018">{{#invoke:citation/CS1|citation |CitationClass=web }}</ref> It is also known that the computational analogue of Minkowski's theorem is in the class PPP, and it was conjectured to be PPP complete.<ref name="Information Processing Letters 2019 pp. 48–52">Template:Cite journal</ref>

ReferencesEdit

Template:Reflist