Improved Upper Bounds on the Hermite and KZ Constants
Jinming Wen, Xiao-Wen Chang, Jian Weng

TL;DR
This paper introduces improved upper bounds on the Hermite and KZ constants, which are crucial for understanding lattice properties in cryptography and communications, offering sharper estimates than previous results.
Contribution
The authors develop new linear upper bounds on the Hermite and KZ constants, improving upon recent bounds and enhancing lattice analysis tools.
Findings
Sharper upper bounds on Hermite constant
Enhanced bounds on KZ constant
Applications demonstrated with examples
Abstract
The Korkine-Zolotareff (KZ) reduction is a widely used lattice reduction strategy in communications and cryptography. The Hermite constant, which is a vital constant of lattice, has many applications, such as bounding the length of the shortest nonzero lattice vector and orthogonality defect of lattices. The KZ constant can be used in quantifying some useful properties of KZ reduced matrices. In this paper, we first develop a linear upper bound on the Hermite constant and then use the bound to develop an upper bound on the KZ constant. These upper bounds are sharper than those obtained recently by the first two authors. Some examples on the applications of the improved upper bounds are also presented.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
Topicsgraph theory and CDMA systems · Coding theory and cryptography · Advanced Wireless Communication Techniques
Improved Upper Bounds
on the Hermite and KZ Constants
Jinming Wen1 2, Xiao-Wen Chang3 and Jian Weng1 This work was partially supported by NSERC of Canada grant RGPIN-2017-05138, NNSFC (No. 11871248), and the Fundamental Research Funds for the Central Universities (No. 21618329). 1 College of Information Science and Technology and the College of Cyber Security, Jinan University,
Guangzhou, 510632, China (E-mail:[email protected], [email protected])
2State Key Laboratory of Information Security, Institute of Information Engineering,
Chinese Academy of Sciences, Beijing 100093
3School of Computer Science, McGill University, Montreal, H3A 0E9, Canada (E-mail: [email protected])
Abstract
The Korkine-Zolotareff (KZ) reduction is a widely used lattice reduction strategy in communications and cryptography. The Hermite constant, which is a vital constant of lattice, has many applications, such as bounding the length of the shortest nonzero lattice vector and orthogonality defect of lattices. The KZ constant can be used in quantifying some useful properties of KZ reduced matrices. In this paper, we first develop a linear upper bound on the Hermite constant and then use the bound to develop an upper bound on the KZ constant. These upper bounds are sharper than those obtained recently by the first two authors. Some examples on the applications of the improved upper bounds are also presented.
Index Terms:
KZ reduction, Hermite constant, KZ constant.
I Introduction
The lattice generated by a matrix with full-column rank is defined by
[TABLE]
The column vectors of and represent the basis and dimension of , respectively.
A matrix satisfying is said to be unimodular. For any unimodular , is the same lattice as . Lattice reduction is the process of finding a unimodular such that the column vectors of are short. There are a few types of lattice reduction strategies. The Lenstra-Lenstra-Lovász (LLL) reduction and the Korkine-Zolotareff (KZ) reduction are two of the most popular ones, and they have crucial applications in many domains including communications [1] and cryptography [2].
For efficiency, the LLL reduction is often used to preprocess the matrix when a closest vector problem (CVP), which is defined as
[TABLE]
needs to be solved. In some communications applications, a number of CVPs with the same matrix but different need to be solved. In this situation, for efficiency, instead of the LLL reduction, the KZ reduction is applied to preprocess . The reason is that although it is more time consuming to perform the KZ reduction than the LLL reduction, the reduced matrix of the KZ reduction has better properties than the one obtained by the LLL reduction, and hence the total computational time of solving these CVPs by using the KZ reduction may be less than that of using the LLL reduction. Furthermore, the KZ reduction finds applications in successive integer-forcing linear receiver design [3] and integer-forcing linear receiver design [4].
It is interesting to quantify the performance of the KZ reduction in terms of shortening the lengths of the lattice vectors and reducing the orthogonality defects of the basis matrices of lattices. The KZ constant, defined by Schnorr in [5], is a measure of the quality of KZ reduced matrices. It can be used to bound the lengths of the column vectors of KZ reduced matrices from above [6], [7]. In addition to this, the KZ constant has applications in bounding the decoding radius and the proximity factors of KZ-aided successive interference cancellation (SIC) decoders from below [7, 8, 9]. Although the KZ constant is an important quantity, there is no formula for it. Fortunately, it has several upper bounds [5], [10], [7]. The first main aim of this paper is to improve the sharpest existing upper bound presented in [7].
The Hermite constant can be used to quantify the length of the shortest nonzero vector of lattices. Since estimating the length of the shortest vector in a lattice is a NP-hard problem [11], this application of Hermite constant is of vital importance. It also has applications in bounding the KZ constant from above [5]. Furthermore, it can be used to derive lower bounds on the decoding radius of the LLL-aided SIC decoders [7, 9], and upper bounds on the orthogonality defect of KZ reduced matrices [6], [7], [12]. Although the Hermite constant is important, its exact values are known for dimension and only. Thus, its upper bound for arbitrary integer is needed. In the above applications, the Hermite constant’s linear upper bounds play crucial roles. Hence, in addition to the nonlinear upper bound [13], several linear upper bounds on the Hermite constant have been proposed in [6], [14], [15]. The second main aim of this paper is to improve the sharpest available linear upper bound provided in [7].
The reminder of the paper is organized as follows. Sections II and III develop a new linear upper bound on the Hermite constant and a new upper bound on the KZ constant, respectively. Finally, this paper is summarized in Section IV.
Notation. Let and be the spaces of the real matrices and integer matrices, respectively. Boldface lowercase letters denote column vectors and boldface uppercase letters denote matrices. For a matrix , we use to denote its entry. denotes the Gamma function.
II A sharper linear bound on the Hermite constant
This section develops a new linear upper bound on the Hermite constant. that is sharper than [7, Theorem 1] when .
We first introduce the definition of the Hermite constant. Denote the set of real matrices with full-column rank by . The Hermite constant is defined as
[TABLE]
where represents the length of a shortest nonzero vector of , i.e.,
[TABLE]
Although the Hermite constant is a vital important constant of lattices, the values of are known only for [16] and [17] (see also [7, Table 1]). Fortunately, there are some upper bounds on for any in the literature and the sharpest one is
[TABLE]
given by Blichfeldt [13].
As explained in Section I, linear upper bounds on are very useful. There are several linear upper bounds: (for ) [6]; (for ) [14, p.35] and (for ) [15]. The most recent linear upper bound on is
[TABLE]
given in [7, Theorem 1].
The following theorem gives a new linear upper bound on , which is sharper than (3) when .
Theorem 1**.**
For ,
[TABLE]
Proof.
By (2), to show (4), it suffices to show
[TABLE]
which is equivalent to
[TABLE]
Then, to show (4), it is equivalent to show that
[TABLE]
for .
By some direct calculations, one can show that
[TABLE]
Thus, to show (4), we only need to show that or is monotonically increasing when .
By some direct calculations, we have
[TABLE]
where is the digamma function, i.e., . Then, to show (4), we only need to show that when . To achieve this, we use the following inequality from [18, eq. (1.7) in Lemma 1.7]:
[TABLE]
where , which is referred to as Euler’s constant. Then, from the expression of given before, we have
[TABLE]
where
[TABLE]
Since
[TABLE]
and [19], when as
[TABLE]
Thus, for , we have
[TABLE]
where the third inequality follows form the fact that [19]. ∎
By some simple calculations, one can easily see that the upper bound (4) is sharper than the upper bound (3) when . When , (3) is sharper than (4), but their difference is small. By the Stirling’s approximation for Gamma function, the right-hand side of (2) is asymptotically . Thus, the linear bound given by (4) is very close to the nonlinear upper bound given by (2). To clearly show the improvement of (4) over (3) and how close (4) is to (2), in Figure 1 we plot the ratios of the two bounds to Blichfeldt’s bound given by (2):
[TABLE]
From Figure 1, one can see that the upper bound given by (4) is very close to the nonlinear upper bound given by (2), and (4) improves (3) for .
In the following, we give some remarks.
Remark 1**.**
The approach used by the proof for (4) is different from that for (3) used in [7]. To show (3), it suffices to show (cf. (5))
[TABLE]
The proof for (7) first gives an upper bound on and then shows the right-hand side of (7) is larger than this upper bound, while the proof for (5) here shows is a monotonically increasing function by using an upper bound on the digamma function (see (6)).
Remark 2**.**
The improved linear upper bound (4) on can be used to improve the lower bound on the decoding radius of the LLL-aided SIC decoder that was given in [7], which is an improvement of the one given in [9, Lemma 1]. Since the derivation for the new lower bound on the decoding radius is straightforward by following the proof of [9, Lemma 1] and using (4), we do not provide details.
Remark 3**.**
The improved linear upper bound (4) on can be used to improve the upper bound on the orthogonality defect of KZ reduced matrices that was presented in [7, Theorem 4]. Note that the orthogonality defect of a matrix is a good measure of the orthogonality of the matrix and hence it is often used in characterizing the quality of a LLL or KZ reduced matrix.
III A sharper bound on the KZ constant
In this section, we develop an upper bound on the KZ constant that is sharper than that given by [7, Theorem 2].
We first briefly introduce the definition of the KZ reduction. Suppose that in (1) has the following thin QR factorization (see, e.g., [20, Chap. 5]):
[TABLE]
where has orthonormal columns and is nonsingular upper triangular, and they are respectively referred to as ’s Q-factor and R-factor. If in (8) satisfies:
[TABLE]
then and are said to be KZ reduced. Given , the KZ reduction is the process of finding a unimodular matrix such that is KZ reduced.
Let denote the set of all KZ reduced matrices with full-column rank. The KZ constant is defined as [5]
[TABLE]
where denotes the length of the shortest nonzero vector of , and is the last diagonal entry of the R-factor of (see (8)).
As explained in Section I, the KZ constant is an important quantity for characterizing some properties of KZ reduced matrices. However, its exact value is unknown. Hence, it is useful to find a good upper bound on it. Schnorr in [5, Corollary 2.5] proved that
[TABLE]
Hanrot and Stehlé in [10, Theorem 4] showed that
[TABLE]
Based on the exact value of for and the upper bound on in (3) for , Wen and Chang in [7, Theorem 2] showed that
[TABLE]
In the following theorem we provide a new upper bound on for , which is sharper than that in (12) for . The new bound on is based on the new upper bound on the Hermite constant (4), which is sharper than that in (3) for .
Theorem 2**.**
The KZ constant satisfies
[TABLE]
To prove Theorem 2, we need to introduce two lemmas. The first one is from [7, Lemma 2].
Lemma 1**.**
For and
[TABLE]
The second lemma which is needed for proving Theorem 2 is as follows:
Lemma 2**.**
Suppose that satisfies for . Then
[TABLE]
Proof.
The left hand side of (15) is referred to as the midpoint rule for approximating the integral on the right hand side in numerical analysis. It is well known that
[TABLE]
for some . This formula can be easily proved as follows. By Taylor’s theorem,
[TABLE]
where depends on . Integrating both sides of the above equality over and using the Mean-Value-Theorem for Integrals immediately lead to (16). Then using the condition that for , we obtain (15). ∎
In the following, we give a proof for Theorem 2 by following the proof of [7, Theorem 2].
Proof.
According to the proof of [5, Cor. 2.5],
[TABLE]
By [7, (53)], we have
[TABLE]
By (3), we obtain
[TABLE]
In the following, we use Theorem 1 to bound from above. By Theorem 1, we obtain
[TABLE]
where (a) follows from Lemma 2 with and the fact that for , satisfies
[TABLE]
Now we bound the two factors on the right-hand side of (20) from above. By Lemma 1, we obtain
[TABLE]
By a direct calculation, we have
[TABLE]
Then combining (17)-(22) and (4), we obtain that for
[TABLE]
∎
Remark 4**.**
Note that although the proof of Theorem 2 is similar to the proof of [7, Theorem 2], there is some difference between them. The main difference between them is (a) in (20). Here, we use Lemma 2 to build (a), while the proof of [7, Theorem 2] uses the decreasing property of the integrand to get the inequality.
To clearly see the improvement of (13) over (12), we draw the ratio of the right-hand side of (13) to that of (12) for in Figure 2. The figure shows that (13) significantly outperforms (12), and the improvement becomes more significant as gets larger.
In the following we give remarks about some applications of Theorem 2.
Remark 5**.**
As in [7, Remark 2], we can use the improved upper bound (13) on to derive upper bounds on the proximity factors of the KZ-aided SIC decoder and these new bounds are sharper than those given in [7, Remark 2]. Since the derivations are straightforward, we omit its details.
Remark 6**.**
We can use (13) and follow the proof of [9, Lemma 1] to derive a lower bound on the decoding radius of the KZ-aided SIC decoder, which is tighter than that given in [7, Remark 3] when .
Remark 7**.**
By following the proof of [7, Theorem 3] and using (13), we can also develop new upper bounds on the lengths of the KZ reduced matrices, which are tighter than those given in [7, Theorem 3] when .
IV Summary
The KZ reduction is one of the most popular lattice reduction methods and has many important applications. The Hermite constant is a basic constant of lattice. In this paper, we first developed a new linear upper bound on the Hermite constant and then utilized the bound to develop a new upper bound on the KZ constant. These bounds are sharper than those developed in [7]. Some applications of the new sharper bounds on the Hermite and KZ constants were also discussed.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] E. Agrell, T. Eriksson, A. Vardy, and K. Zeger, “Closest point search in lattices,” IEEE Trans. Inf. Theory , vol. 48, no. 8, pp. 2201–2214, 2002.
- 2[2] D. Micciancio and O. Regev, Lattice-Based Cryptography . Bernstein, D. J. and Buchmann, J. (eds.), Berlin: Springer Verlagem, 2008.
- 3[3] O. Ordentlich, U. Erez, and B. Nazer, “Successive integer-forcing and its sum-rate optimality,” in 2013 51st Annual Allerton Conference on Communication, Control, and Computing (Allerton) . IEEE, 2013, pp. 282–292.
- 4[4] A. Sakzad, J. Harshan, and E. Viterbo, “Integer-forcing MIMO linear receivers based on lattice reduction,” IEEE Trans. Wireless Commun. , vol. 12, no. 10, pp. 4905–4915, 2013.
- 5[5] C. P. Schnorr, “A hierarchy of polynomial time lattice basis reduction algorithms,” Theoret. Comput. Sci. , vol. 53, pp. 201–224, 1987.
- 6[6] J. C. Lagarias, H. Lenstra, and C. P. Schnorr, “Korkin-zolotarev bases and successive minima of a lattice and its reciprocal lattice,” Combinatorica , vol. 10, no. 4, pp. 333–348, 1990.
- 7[7] J. Wen and X.-W. Chang, “On the KZ reduction,” IEEE Trans. Inf. Theory , vol. 65, no. 3, pp. 1921–1935, March 2019.
- 8[8] C. Ling, “On the proximity factors of lattice reduction-aided decoding,” IEEE Trans. Signal Process. , vol. 59, no. 6, pp. 2795–2808, 2011.
