Minkowski's theorem: Difference between revisions

A set in ℝ² satisfying the hypotheses of Minkowski's theorem.

In mathematics, Minkowski's theorem is the statement that every convex set in ${\displaystyle \mathbb {R} ^{n}}$ which is symmetric with respect to the origin and which has volume greater than ${\displaystyle 2^{n}}$ contains a non-zero integer point. The theorem was proved by Hermann Minkowski in 1889 and became the foundation of the branch of number theory called the geometry of numbers. It can be extended from the integers to any lattice ${\displaystyle L}$ and to any symmetric convex set with volume greater than ${\displaystyle 2^{n}\,d(L)}$, where ${\displaystyle d(L)}$ denotes the covolume of the lattice (the absolute value of the determinant of any of its bases).

Formulation

Suppose that L is a lattice of determinant d(L) in the n-dimensional real vector space ℝⁿ and S is a convex subset of ℝⁿ that is symmetric with respect to the origin, meaning that if x is in S then −x is also in S. Minkowski's theorem states that if the volume of S is strictly greater than 2ⁿ d(L), then S must contain at least one lattice point other than the origin. (Since the set S is symmetric, it would then contain at least three lattice points: the origin 0 and a pair of points ±x, where x ∈ L \ 0.)

Example

The simplest example of a lattice is the integer lattice ℤⁿ of all points with integer coefficients; its determinant is 1. For n = 2, the theorem claims that a convex figure in the Euclidean plane symmetric about the origin and with area greater than 4 encloses at least one lattice point in addition to the origin. The area bound is sharp: if S is the interior of the square with vertices (±1, ±1) then S is symmetric and convex, and has area 4, but the only lattice point it contains is the origin. This example, showing that the bound of the theorem is sharp, generalizes to hypercubes in every dimension n.

Proof

The following argument proves Minkowski's theorem for the specific case of L = ℤ².

Proof of the ${\textstyle \mathbb {Z} ^{2}}$ case: Consider the map

${\displaystyle f:S\to \mathbb {R} ^{2}/2L,\qquad (x,y)\mapsto (x{\bmod {2}},y{\bmod {2}})}$

Intuitively, this map cuts the plane into 2 by 2 squares, then stacks the squares on top of each other. Clearly f(S) has area less than or equal to 4, because this set lies within a 2 by 2 square. Assume for a contradiction that f could be injective, which means the pieces of S cut out by the squares stack up in a non-overlapping way. Because f is locally area-preserving, this non-overlapping property would make it area-preserving for all of S, so the area of f(S) would be the same as that of S, which is greater than 4. That is not the case, so the assumption must be false: f is not injective, meaning that there exist at least two distinct points p₁, p₂ in S that are mapped by f to the same point: f(p₁) = f(p₂).

Because of the way f was defined, the only way that f(p₁) can equal f(p₂) is for p₂ to equal p₁ + (2i, 2j) for some integers i and j, not both zero. That is, the coordinates of the two points differ by two even integers. Since S is symmetric about the origin, −p₁ is also a point in S. Since S is convex, the line segment between −p₁ and p₂ lies entirely in S, and in particular the midpoint of that segment lies in S. In other words,

${\displaystyle {\tfrac {1}{2}}\left(-p_{1}+p_{2}\right)={\tfrac {1}{2}}\left(-p_{1}+p_{1}+(2i,2j)\right)=(i,j)}$

is a point in S. But this point (i,j) is an integer point, and is not the origin since i and j are not both zero. Therefore, S contains a nonzero integer point.

Remarks:

• The argument above proves the theorem that any set of volume ${\textstyle >\det(L)}$ contains two distinct points that differ by a lattice vector. This is known as Blichfeld's theorem^{[citation needed]}.
• The argument above highlights that the term ${\textstyle 2^{n}{\text{det}}(L)}$ is the covolume of the lattice ${\textstyle 2L}$.
• To obtain a proof for general lattices, it suffices to prove Minkowski's theorem only for ${\textstyle \mathbb {Z} ^{n}}$; this is because every full-rank lattice can be written as ${\textstyle B\mathbb {Z} ^{n}}$ for some linear transformation ${\textstyle B}$, and the properties of being convex and symmetric around the origin are preserved by linear transformations, while the covolume of ${\textstyle B\mathbb {Z} ^{n}}$ is ${\textstyle |{\text{det}}(B)|}$ and volume of a body scales by exactly ${\textstyle {\frac {1}{{\text{det}}(B)}}}$ under an application of ${\textstyle B^{-1}}$.

Applications

Bounding the Shortest Vector

Minkowski's theorem implies gives an upper bound for the length of the shortest nonzero vector. This result has applications in lattice cryptography and number theory.

Theorem (Minkowski's bound on the shortest vector): Let ${\textstyle L}$ be a lattice. Then there is a ${\textstyle x\in L\setminus \{0\}}$ with ${\textstyle ||x||_{\infty }\leq |\det(L)|^{1/n}}$. In particular, by the standard comparison between ${\textstyle l_{2}}$ and ${\textstyle l_{\infty }}$ norms, ${\textstyle ||x||_{2}\leq {\sqrt {n}}|\det(L)|^{1/n}}$.

Proof: Let ${\textstyle l=\min\{||x||_{\infty }:x\in L\setminus \{0\}\}}$, and set ${\textstyle C=\{y:||y||_{\infty }<l\}}$. Then ${\textstyle {\text{vol}}(C)=(2l)^{n}}$. If ${\textstyle (2l)^{n}>2^{n}|d(L)|}$, then ${\textstyle C}$ contains a non-zero lattice point, which is a contradiction. Thus ${\textstyle l\leq |d(L)|^{1/n}}$. QED

Remarks:

• The constant in the ${\textstyle L^{2}}$ bound can be improved ^{[citation needed]}; for instance by taking the open ball of radius ${\textstyle <l}$ as ${\textstyle C}$ in the above argument. Additionally, the bound can be very loose, as can be seen by considering the lattice generated by ${\textstyle (1,0),(0,n)}$. It is known that, up to a constant, this bound is tight in the sense that in every dimension there is a lattice whose shortest vector matches it.^[1]

• Even though Minkowski's theorem guarantees a short lattice vector within a certain magnitude bound, finding this vector is in general a hard computational problem. Finding the vector within a factor guaranteed by Minkowski's bound is referred to as Minkowski's Vector Problem (MVP), and it is known that approximation SVP reduces to it using transference properties of the dual lattice. The computational problem is also sometimes referred to as HermiteSVP.^[1]

• The LLL-basis reduction algorithm can be seen as a weak but efficiently algorithmic version of Minkowski's bound on the shortest vector. This is because a ${\textstyle \delta }$-LLL reduced basis ${\textstyle b_{1},\ldots ,b_{n}}$ for ${\textstyle L}$ has the property that ${\textstyle ||b_{1}||\leq ({\frac {1}{\delta -.25}})^{\frac {n-1}{4}}{\text{det}}(L)^{1/n}}$. See these lecture notes of Micciancio for more on this.

Applications to number theory

Primes that are Sums of Two Squares

We prove the following result, which is the difficult implication in Fermat's theorem on the sum of two squares, using Minkowski's bound on the shortest vector.

Theorem: Every prime with ${\textstyle p-1=0\mod 4}$ can be written as a sum of two squares.

Proof: Since ${\textstyle 4|p-1}$, there is a square root of ${\textstyle -1}$ in ${\textstyle \mathbb {Z} /p\mathbb {Z} }$; choose one and call one representative in ${\textstyle \mathbb {Z} }$ for it ${\textstyle j}$. Consider the lattice ${\textstyle L}$ defined by the vectors ${\textstyle (1,j),(0,p)}$, and let ${\textstyle B}$ denote the associated matrix. The determinant of this lattice is ${\textstyle p}$, whence Minkowski's bound tells us that there is a nonzero ${\textstyle x=(x_{1},x_{2})\in \mathbb {Z} ^{2}}$ with ${\textstyle 0<||Bx||_{2}^{2}<2p}$. We have ${\textstyle ||Bx||^{2}=||(x_{1},jx_{1}+px_{2})||^{2}=x_{1}^{2}+(jx_{1}+px_{2})^{2}}$ and we define the integers ${\textstyle a=x_{1},b=(jx_{1}+px_{2})}$. Minkowski's bound tells us that ${\textstyle 0<a^{2}+b^{2}<2p}$, and simple modular arithmetic shows that ${\textstyle a^{2}+b^{2}=x_{1}^{2}+(jx_{1}+px_{2})^{2}=0\mod p}$, and thus we conclude that ${\textstyle a^{2}+b^{2}=p}$. QED

Remarks:

• We note that the lattice perspective gives a computational efficient approach to Fermat's theorem on sums of squares. First, recall that finding any nonzero vector with norm less than ${\textstyle 2p}$ in ${\textstyle L}$, the lattice of the proof, gives a decomposition of ${\textstyle p}$ as a sum of two squares. Such vectors can be found efficiently, for instance using LLL-algorithm. In particular, if ${\textstyle b_{1},b_{2}}$ is a ${\textstyle 3/4}$-LLL reduced basis, then, by the property that ${\textstyle ||b_{1}||\leq ({\frac {1}{\delta -.25}})^{\frac {n-1}{4}}{\text{det}}(B)^{1/n}}$, ${\textstyle ||b_{1}||^{2}\leq {\sqrt {2}}p<2p}$. Thus, by running the LLL-lattice basis reduction algorithm with ${\textstyle \delta =3/4}$, we obtain a decomposition of ${\textstyle p}$ as a sum of squares. Note that because every vector in ${\textstyle L}$ has norm squared a multiple of ${\textstyle p}$, the vector returned by the LLL-algorithm in this case is in fact a shortest vector.

Lagrange's Four-Square Theorem

Minkowski's theorem is also useful to prove Lagrange's four-square theorem, which states that every natural number can be written as the sum of the squares of four natural numbers.

Dirichlet's Theorem on Simultaneous Rational Approximation

Minkowski's theorem can be used to prove Dirichlet's theorem on simultaneous rational approximation.

Algebraic Number Theory

Another application of Minkowski's theorem is the result that every class in the ideal class group of a number field K contains an integral ideal of norm not exceeding a certain bound, depending on K, called Minkowski's bound: the finiteness of the class number of an algebraic number field follows immediately.

Complexity Theory

The complexity of finding the point guaranteed by Minkowski's theorem, or the closely related Blitchfields theorem, have been studied from the perspective of TFNP search problems. In particular, it is known that a computational analogue of Blichfeldt's theorem, a corollary of the proof of Minkowski's theorem, is PPP-complete^[2]. It is also known that the computational analogue of Minkowski's theorem is in the class PPP, and it was conjectured to be PPP complete ^[3].

See also

• Danzer set
• Pick's theorem
• Dirichlet's unit theorem
• Minkowski's second theorem

Further reading

• Bombieri, Enrico; Gubler, Walter (2006). Heights in Diophantine Geometry. Cambridge University Press. ISBN 9780521712293.
• Cassels, J.W.S. (2012) [1959]. An Introduction to the Geometry of Numbers. Classics in Mathematics. Springer. ISBN 978-3-642-62035-5.
• Conway, John; Sloane, Neil J. A. (29 June 2013) [1998]. Sphere Packings, Lattices and Groups (3rd ed.). Springer. ISBN 978-1-4757-6568-7.
• Hancock, Harris (2005) [1939]. Development of the Minkowski Geometry of Numbers. Dover Publications. ISBN 9780486446400.
• Hlawka, Edmund; Schoißengeier, Johannes; Taschner, Rudolf (2012) [1991]. Geometric and Analytic Number Theory. Springer. ISBN 978-3-642-75306-0.
• Lekkerkerker, C.G. (2014) [1969]. Geometry of Numbers. Elsevier. ISBN 978-1-4832-5927-7.
• Schmidt, Wolfgang M. (1980). Diophantine approximation. Lecture Notes in Mathematics. Vol. 785. Springer. doi:10.1007/978-3-540-38645-2. ISBN 978-3-540-38645-2. ([1996 with minor corrections])
• Wolfgang M. Schmidt.Diophantine approximations and Diophantine equations, Lecture Notes in Mathematics, Springer Verlag 2000.
• Siegel, Carl Ludwig (2013) [1989]. Lectures on the Geometry of Numbers. Springer-Verlag. ISBN 9783662082874.
• Schneider, Rolf (1993). Convex Bodies: The Brunn-Minkowski Theory. Cambridge University Press. ISBN 978-0-521-35220-8.

External links

• "Minkowski's theorem". PlanetMath.
• Stevenhagen, Peter. Number Rings.
• Malyshev, A.V. (2001) [1994], "Minkowski theorem", Encyclopedia of Mathematics, EMS Press
• "Geometry of numbers", Encyclopedia of Mathematics, EMS Press, 2001 [1994]

References

1. Nguyen, Phong Q. (2009). "Hermite's Constant and Lattice Algorithms". The LLL Algorithm. Berlin, Heidelberg: Springer Berlin Heidelberg. pp. 19–69. doi:10.1007/978-3-642-02295-1_2. ISBN 978-3-642-02294-4. ISSN 1619-7100.
2. "PPP-Completeness with Connections to Cryptography". Cryptology ePrint Archive: Report 2018/778. 2018-08-15. Retrieved 2020-09-13.
3. "Reductions in PPP". Information Processing Letters. 145: 48–52. 2019-05-01. doi:10.1016/j.ipl.2018.12.009. ISSN 0020-0190. Retrieved 2020-09-13.