Download continued fraction method - McMaster Computing and Software

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
Document related concepts

Addition wikipedia , lookup

List of important publications in mathematics wikipedia , lookup

Wiles's proof of Fermat's Last Theorem wikipedia , lookup

Georg Cantor's first set theory article wikipedia , lookup

Theorem wikipedia , lookup

Mathematical proof wikipedia , lookup

Bra–ket notation wikipedia , lookup

System of polynomial equations wikipedia , lookup

Factorization wikipedia , lookup

Elementary mathematics wikipedia , lookup

Vincent's theorem wikipedia , lookup

Strähle construction wikipedia , lookup

Karhunen–Loève theorem wikipedia , lookup

Factorization of polynomials over finite fields wikipedia , lookup

Birkhoff's representation theorem wikipedia , lookup

Mathematics of radio engineering wikipedia , lookup

Fundamental theorem of algebra wikipedia , lookup

Basis (linear algebra) wikipedia , lookup

Proofs of Fermat's little theorem wikipedia , lookup

Transcript 
Diophantine Approximation
and Basis Reduction
By Shu Wang
CAS 746 Presentation
6th, Feb, 2006
Overview


Problem: Approximating real numbers by
rational numbers of low denominator and
finding a so-called reduced basis in a lattice
Content




The continued fraction method for approximating
one real number
Lovász’s basis reduction method for lattices
Applications
Notations
  ,   , g.c.d,
W.O.L.G
Dirichlet’s Theorem

Let  be a real number and let 0    1
Then there exist two integers p and q such
that
p

   and 1  q   1
q
q

Example.
     0.2
p, q  ?
Answer: p  3 q  1
Proof of Dirichlet’s Theorem
0

1
M 1
…
M
M 1
1
1
Let M :   we find two different integers i and j where
0  i, j  M and {(i  j ) } 

2
M 1
1
M 1
Consider the following series {0 },{1 },{2 },{3 },...,{M  }
1

If (k | 0  k  M :{k } 
) then i : k , j : 0
M 1

Otherwise, according to pigeon-hole principle,
m
m 1
(k , l , m | (0  k , l  M )  (1  m  M ) :
 {k },{l } 
)
M 1
M 1
i : max(k , l ), j : min(k , l ) W.O.L.G Let i : l , j : k
{(i  j ) }  {l  j }  {l   {l }   k   {k }}  {l }  {k } 
1
M 1
Proof of Dirichlet’s Theorem continued
 Let q : i  j , p :  q  . Then
qa   q  {qa} {(i  j )a}
p
qa  p
 




q
q
q
q
1
Since M   
 
M 1   
So  

1
1

 

M 1
( M  1)q q
p 

q q
Exercises
q
1
( M  1)q
The Continued Fraction Method


Given a real number  , we compute its rational approximation by following a
series of steps as follows:
First we define
 1 : 
 2 : ( 1   1  )
1
 3 : ( 2   2  )
    1   1  
1
1
2
  1  
1
 2  
1

3
 4 : ( 3   3  ) 1


This sequence stops if  i becomes an integer
We define an sequences called convergents that approximate to the above
 1  ,  1  

1
 2 
,  1  
1
 2  
1
 3 
,
If  i becomes an integer then the last term of convergents equals to  . We
use ck ( ) to denote the k -th term of the convergents of 
The Continued Fraction Method (2)


We can determine a sequence
where i, g.c.d( pi , qi )  1 so that it corresponds
to the convergent series
Suppose the first two terms are as follows:
p3
p1
p2
,
,
,
q1
q2
q3
p1
p2
1
   ,
   +
q1
q2
(    ) 1 
What can we deduce from it?
p1
p2
q1 =1, p1    ,
 
, p2 q1  p1q2  1
q1
q2

If q1  1 then
g.c.d( pi , qi )  1 .
Contradiction exist.
Proof

p2
1
1
1
   +


+


+




 
 
q2
{a}1  {{ }1}
(    ) 1 
{ }1 
   +

1
   +{a}  
{a}1
p2 p1
1
1
    
   

1
q2 q1
(    ) 
(    ) 1 
q1q2
q2
p2 q1  p1q2 


(    ) 1  (    ) 1 


1
  k 1
1
1




p2  q2 (   
)

k

(



)

k

k
(

(



)

1)
  
  
  
  

(    ) 1 

p2 q1  p1q2  1
q2  k (    ) 1 
The Continued Fraction Method (3)

Suppose we have found nonnegative integers pk 1 , qk 1 , pk , qk
such that
pk 1
p
   k , pk qk 1  pk 1qk  1. Where k is even.
qk 1
qk

This implies g.c.d( pk 1 , qk 1 )  g.c.d( pk , qk )  1 why?
Suppose g.c.d.( pk , qk )  1
Let g.c.d.( pk , qk )  k  1, pk  ak , qk  bk , g.c.d.(a, b)  1
pk qk 1  pk 1qk  1 
akqk 1  pk 1bk  1 
k (aqk 1  bpk 1 )  1 
(k  1)  (aqk 1  bpk 1  1)
Contradiction exist
Similarly, we can prove g.c.d.( pk 1 , qk 1 )  1
The Continued Fraction Method (4)
pk 1  tpk

qk 1  tqk

We find the largest integer t such that

We define pk 1 : pk 1  tpk ; qk 1 : qk 1  tqk
pk qk 1  pk 1qk  pk (qk 1  tqk )  ( pk 1  tpk )qk  pk qk 1  pk 1qk  1

Which implies g.c.d(pk , qk )=1 !
If pk 1 / qk 1   then the sequence stop, otherwise we find the
largest



t such that
pk  upk 1
qk  uqk 1
We define pk 2 : pk  upk 1; qk 2 : qk  uqk 1 and so on……
We can repeat the iteration and find the sequence
p3
p1
p2
,
,
,
q1
q2
q3
It turns out that this sequence is the same as the sequence of
convergents of real number  !
Proof



We use
pi
( )
qi
to denote the i-th term with respect to 
First we prove when 0    1
 Prove by induction
Then we prove
ck ( ) 

pk
( )
qk
i  1
pi 1
q
( )  i 1 ( )
qi 
pi 1
Prove by induction
Some Properties of pi / qi Sequence




pk 1 pk
p q  pk qk 1
1
1

 k 1 k


qk 1 qk
qk qk 1
qk qk 1 qk qk 1
Denominators

monotonically increasing
pk
p
p
1
1
 k 1  k 
 2
qk
qk 1 qk
qk qk 1 qk
For any real numbers  and  with   0, 0    1 , one of the
convergents pi / qi satisfy the Dirichlet’s theorem


p


and 1  q   1
q
q
Proof: Let pk / qk be the last convergent for which qk   1holds. Then


q1 , q2 , q3 ,... are
pk
1



qk
qk qk 1 qk
The sequence pi / qi converge to 

Proof by induction
Algorithm of Continued Fraction
Method

Initially

A0 :  1
 0
1
0 
1 
. Suppose
 k
Ak :   k
  k
k 
 k 
 k 
then we compute Ak 1
by using the following rule:

If k is even and k  0, subtract k / k  times the second column of
Ak 1 from the first column;


If k is odd and  k  0, subtract  k / k  times the first column of
Ak 1 from the second column;
The matrices A0 , A1 , A2 ,... is in the following form:

1

 0


0  ,
1 
 1
 q
 1
  p1
1
0  ,
1 
 1
 q
 1
  p1
2 
q2  ,
p2 
 3
 q
 3
  p3
2 
q2  ,
p2 
 3
 q
 3
  p3
4 
q4 
p4 
The pk , qk found in this way are the same as pk , qk in the convergents

Proved by induction
Time complexity of Continued
Fraction Method

Corollary. Given rational number  , the continued fraction
method finds integers p and q as described in Dirichelet’s
theorem in time polynomially bounded by the size of 



Proved similar to Euclidean algorithm
Theorem. Let   0 be a real number, and let p and q be
natural numbers with   p / q  1/ 2q2. Then p / q occurs as
convergent for 
Corollary. There exist a polynomial algorithm which, for given
rational number  and natural number M, tests if there exists a
2
rational number p / q with   p / q  1/ 2M . If so, finds this
rational number.
Summary



Given a real number  , there exist a
rational number p / q with small q that
is close enough to 
Continued fraction method compute a
rational number p / q that equals to  if
 is a rational number. Otherwise p / q
converge to 
The algorithm for continued fraction
method is a polynomial Euclidean-like
algorithm
Basis Reduction in Lattices Overview


Problem: Given a lattice (represented by its
basis), finds a reduced “short” (nearly
orthogonal) basis.
Applications:




Finding a short nonzero vector in a lattice
Simultaneous Diophantine approximation
Finding the Hermite normal form
Basis reduction has numerous applications in
cryptanalysis of public-key encryption schemes:
knapsack cryptosystems, RSA with particular
settings, and so forth
Basic Concepts Review


Lattice. Given a sequence of vectors
a1 , a2 ,..., am
, and a group
we
a1 ,say
a2 ,..., am

generate  if   1a1  2 a2 ...  mam | 1,..., m  .
We call  a lattice and a1 , a2 ,..., am the basis
of  . In other words, a lattice can be seen as an
integer linear combinations of its basis. It is a
subset of the subspace generated by its basis.
A matrix can be seen as a sequence of column
(row) vectors, therefore a lattice can be
generated by columns (rows) of a matrix
Basic Concepts Review - 2



Let A and B both be a nonsingular matrix of order n, and whose column
both generate the same lattice  , then det A  det B and this is called the
det of lattice  . In other words, det  is independent to chose of basis
Proof:
Lemma 1: If B is obtained by interchanging two columns (rows) of A,
then det B = -det A.



Lemma 2: If A has two identical columns (rows), then det A = 0.

Proof: Let A be a matrix with two identical rows, let B be a matrix constructed
from A by interchanging these two column (rows). Then det B = det A because
these two matrices are equal. However, from Lemma 1 we know that det B = det A. So det B = det A = 0
Lemma 3: The determinant of an nxn matrix can be computed by
expansion of any row or column.


Proof: Complicated (component-wise) proof by induction
Also called Laplace Expansion Theorem, component-wisely proved by Laplace.
Lemma 4: If B is obtained by multiplying a column (row) of A by k, then
det B = k det A.

Proof. We can calculate det B by expanding the same column (row) of B as
that of A, which yields det B = k det A.
Basic Concepts Review - 3

Lemma 5: If A, B and C are identical except that the i-th
column (row) of C is the sum of the i-th columns (rows) of A
and B, then det C = det A + det B.
Proof. We can calculate det B by expanding the i-th column of C,
then we can prove det C = det A + det B by using the distributivity
of multiplication of matrices
Lemma 6: If B is obtained by adding a multiple of one column
(row) i of A to another column (row) j, then det B = det A.

Proof. Let A’ be the matrix that constructed by replacing column
(row) i of A to j, then det A’ = 0 because A’ has two identical
columns. Matrix A, A’ and B satisfy Lemma 5 so that det B = det A
+ det A’ = det A
Lemma 7: If If B is obtained by elementary column operations
from A, then |det B| = |det A|.

Proof. Directly from Lemma 1, 4 and 6.




From chapter 4, we know that if matrix A and B generate the
same lattice then they have the same Hermite Normal Form by
elementary column operations, therefore from Lemma 7 we
have |det B| = |det A|.
Geometric Meaning of Determinant


The determinant of  corresponds to the volume of the parallelepiped
1b1  2b2 ...  nbn | 0  i  1 for i  1,..., n
Where b1 ,...,bn is any basis for 
Hadamard Inequality theorem:
det   b1 b2
bn , where  denotes the Euclidean norm x 
When b1 ,...,bn are orthogonal to each other, the equality holds.

We now have the lower bound of b1 b2
bound?
Hermite showed that b1 b2
xT x
bn , what about the upper
bn  (4 / 3)n ( n1) / 4 det 
Minkowski showed that
b1 b2
bn  (2n / Vn ) det   (2n /  e)n / 2 det 
Schnorr proved that for each fixed   0 then there exist a polynomial
algorithm finding a basis satisfying
b1 b2
bn  (1   )n( n1) det 
Basis Reduction Theorem

A matrix is called positive definite if
for all x  0, xT Ax  0


There exist a polynomial algorithm which, for given
positive definite rational matrix D, finds a basis
b1 , b2 ,..., bn for the lattice n satisfying
2n ( n 1) / 4 det D
‖b1‖ ‖b2‖…‖bn‖≤
T
where ‖x‖ : x Dx
We prove this theorem by showing the LLL algorithm
The Lenstra, Lenstra and Lovász
Algorithm



We construct a series of basis for n as follows:
The first basis is the unit basis.
We construct the next basis inductively using the following steps:

1. Denote Bi as the matrix with columns b1 , b2 ,..., bn , we calculate
bi*  bi  Bi 1 ( BiT1DBi 1 ) 1 BiT1Dbi

2. for i  2,..., n
for j  i  1, i  2,...,1
bi  1 b1* 
 i 1bi*1  bi*
bi  bi   j  1/ 2  b j

3. Choose, if possible, an index i such that ‖b2*‖2>2‖b*i+1‖2.
Exchange bi and bi+1, and start with step 1 again. If no such i
exists, the algorithm stops.
The Lenstra, Lenstra and Lovász
Algorithm - Continued


The LLL algorithm is an approximation of the GramSchmidt orthogonalization process which finds a
orthogonal basis in a subspace of n
The LLL algorithm terminates in polynomial time,
with intermediate numbers polynomially bounded by
the size of D

Complicated proof see p.68 – p.71
Finding a Short Nonzero Vector in
a Lattice

In 1891, Minkowski proved a classical result: any n-dimensional lattice 
contains a nonzero vector b with
b  2(

det  1/ n
)
Vn
where Vn denotes the volume of the n-dimensional unit ball. However,
no polynomial algorithm finding such a vector b is known.
With the basis reduction method, by taking the shortest vector one can
find a “longer short vector” in a lattice, which satisfy
b  2n ( n1) / 4 (det D)1/ n
However, this vector is generally not the shortest one in the lattice


The CVP (Closest Vector Problem): “Given a lattice  and vector a, find
b with (any kind of) norm of b-a as small as possible” is proven to be
NP-complete
The SVP (Shortest Nonzero Vector Problem): “Given a lattice, finding a
vector in the lattice as small as possible” is even proven to be NP-hard
to approximate within some constant [Dan 2001]
Simultaneous Diophantine
Approximation

Dirichlet showed that Let 1 ,  2 ,...,  n ,  be real numbers with 0    1
Then there exist two integers p1 , p2 ,..., pn and q such that
i 
pi


for i  1,..., n and 1  q    n
q
q
No polynomial method is known for this problem, unless when n=1,
where we can use the continued fraction method

However, we can use basis reduction method to find a weaker
approximation of the problem in polynomial time
Finding the Hermite Normal Form


Given a matrix A, we can use basis reduction method to calculate
vector b1 , b2 ,..., bn and record it in such a way that it can be transform
to Hermite Normal Form by elementary column operations
Some of the other applications





Lenstra’s Integer Linear Programming algorithm
Factoring polynomials (over rationals) in polynomial time
Breaking cryptographic codes
Disproving Mertens’ conjecture
Solving low density subset sum problems
Summary



The continued fraction method for
approximating one real number by
rational numbers
Lovász’s basis reduction method for
finding a short basis in a lattice
Applications
Thank you 
Related documents
MATH42061/62061 Coursework 1
MATH42061/62061 Coursework 1
july 22
july 22
Differential Equations and Linear Algebra Test #2 Review
Differential Equations and Linear Algebra Test #2 Review
1. Let A = 3 2 −1 1 3 2 4 5 1 . The rank of A is (a) 2 (b) 3 (c) 0 (d) 4 (e
1. Let A = 3 2 −1 1 3 2 4 5 1 . The rank of A is (a) 2 (b) 3 (c) 0 (d) 4 (e
(PS) rules - kuas.edu.tw
(PS) rules - kuas.edu.tw
MATH 2243 — FALL 2007 FINAL EXAM DIFFERENTIAL
MATH 2243 — FALL 2007 FINAL EXAM DIFFERENTIAL
Lecture 3: Proof of Burton,Pemantle Theorem 3.1 Properties of
Lecture 3: Proof of Burton,Pemantle Theorem 3.1 Properties of
Math 285 Exam II 10-29-02 12:00 pm * 1:30 pm Show All Work
Math 285 Exam II 10-29-02 12:00 pm * 1:30 pm Show All Work
The Inverse of a matrix
The Inverse of a matrix
Structure from Motion
Structure from Motion
1._SomeBasicMathematics
1._SomeBasicMathematics
Formulas
Formulas