1

Lemma: Let $\mathbf{A}\in\mathbb{Z}_q^{n\times m}$ be a uniformly random matrix and $\Lambda^\perp(\mathbf{A})=\lbrace x\in\mathbb{Z}^{m} : \mathbf{A}^Tx\equiv\mathbf{0}\ (\text{mod }q)\rbrace$ be a lattice. Then $\text{det}(\Lambda^\perp(\mathbf{A})) = q^n$ with high probability.

I have found this proof: If $m$ is large enough then rows of $\mathbf{A}$ are linearly independant over $\mathbb{Z}_q$ with high probability. Therefore there are $q^{m-n}$ vector of $\mathbf{Z}_q^{m}$ belonging to $\Lambda^\perp(\mathbf{A})$ since the kernel of $\mathbf{A}$ has dimension $m-n$. From this follows that $\text{vol}(\Lambda^\perp(\mathbf{A})) = \text{det}(\Lambda^\perp(\mathbf{A}))=q^n$.

Question 1 Can anybody please elaborate more on the last implication?

Question 2 How to estimate the probability that a matrix $\mathbf{A}\in\mathbb{Z}_q^{n\times m}$ (where $m> n$) picked uniformly at random has linearly independant rows?

Edit Thanks to the comments Question 2 is no longer a problem.

gorte
  • 23
  • 1
    On the second question, see https://math.stackexchange.com/questions/2717363, https://math.stackexchange.com/questions/71288 and https://math.stackexchange.com/questions/54246. – joriki Mar 31 '20 at 12:44
  • An observation: $\Lambda^\perp(q\mathbf A)$ is the dual lattice to $\Lambda(\mathbf A)$ – Ben Grossmann Mar 31 '20 at 15:17

1 Answers1

1

I believe that the following argument can be made.

There are $q^{m-n}$ elements of $\Lambda^\perp(\mathbf A)$ modulo $q$. Equivalently, if we take $R$ to be the hypercube $$ R = \{x \in \Bbb R^m : 0 < x_i < q \text{ for } i=1,\dots,m\}, $$ then the set $\Lambda^\perp(\mathbf A) \cap R$ contains $q^{m-n}$ elements. It follows (this is the step I'm not sure about) that the volume of $R$ is equal to the volume of $q^{m-n}$ fundamental parallelograms of $\Lambda^\perp(\mathbf A)$. It follows that $$ \det \Lambda^\perp(\mathbf A) \cdot q^{m-n} = q^m \implies \det \Lambda^\perp(\mathbf A) = q^n. $$

Ben Grossmann
  • 234,171
  • 12
  • 184
  • 355
  • Thanks for your answer! I have two questions: why is the volume of $R$ equal to $q^m$? And second If you could a bit explain the step that the volume of $R$ si equal to the volume of $q^{m−n}$ fundamental parallelograms of $\Lambda^\perp(\mathbf{A})$. Thanks – gorte Apr 01 '20 at 07:58
  • I googled and I think I have found a proof which might put a light on the step you are not sure about (i.e. that the volume of $R$ is equal to the volume of $q^{m−n}$ fundamental parallelograms of $\Lambda^\perp(\mathbf{A})$. Lemma 4 (2) in https://homepages.cwi.nl/~dadush/teaching/lattices-2018/notes/lecture-2.pdf could be used in our case – gorte Apr 01 '20 at 08:59
  • ...if the volume of span$(\Lambda^\perp(\mathbf{A}))$ is $q^m$ which I am not sure how to show – gorte Apr 01 '20 at 09:12
  • To your first comment: $R$ is an $m$ dimensional cube, so its volume is just the $m$th power of its side-length. Alternatively, $R$ is the parallelpiped associated with $qI$, where $I$ is the identity matrix. – Ben Grossmann Apr 01 '20 at 15:34
  • $\operatorname{span}(\Lambda^\perp(\mathbf A))$ is a linear subspace, so it doesn't make much sense to say that it has a finite, non-zero volume. What exactly do you mean by "the volume of $\operatorname{span}(\Lambda^\perp(\mathbf A))$ is $q^m$"? – Ben Grossmann Apr 01 '20 at 15:38
  • ad 1) isn't the side length $q-1$? If you define $R'$ as parallelpiped associated with $qI$ then I understand that the volume is $q^m$ but I don't see that $R=R'$ – gorte Apr 01 '20 at 17:25
  • ad 2) I was wrong, let me re-phrase. I think that the lemma from the link says that the $\operatorname{span}(\Lambda^\perp(\mathbf A))$ is divided into tiles of volume $det(\Lambda^\perp(\mathbf A))$. As $|\Lambda^\perp(\mathbf A) \cap R|=q^{m-n}$ then $R$ contains $q^{m-n}$ tiles of volume $det(\Lambda^\perp(\mathbf A))$. Since volume of R is q^m then $det(\Lambda^\perp(\mathbf A))=q^n$ – gorte Apr 01 '20 at 17:39
  • @gorte you're right; I've made a slight change which hopefully fixes things – Ben Grossmann Apr 01 '20 at 18:45
  • For your second comment: I guess the point I'm having trouble with is jumping from "$R$ contains $q^{m-n}$ points of the lattice to "$R$ contains $q^{m-n}$ parallelopiped tiles". – Ben Grossmann Apr 01 '20 at 18:48
  • Lemma from the link: $\forall x \in \text{span}(\Lambda^\perp(\mathbf A)) \exists! y\in \Lambda^\perp(\mathbf A)$ s.t. $x\in y + P(\mathbf{B})$ where $P(\mathbf{B})$ is a parallelpiped defined by a basis $\mathbf{B}$. This tell us that the intersection of parallelopiped tiles is empty, doesn't it? And therefore there is $q^{m-n}$ parallelopiped tiles – gorte Apr 01 '20 at 20:27
  • @gorte right, because each point in the latice is the corner of exactly one tile! Yes, I think that will work just fine. – Ben Grossmann Apr 01 '20 at 20:41
  • Exactly! Thanks for your help, I wouldn't manage without you – gorte Apr 01 '20 at 20:52