random ensembles of lattices with multiplicative structure · wireless communication, york 2016...

Antonio Campello (Télécom ParisTech**)

Random Ensembles of Lattices with Multiplicative

Structure

Workshop Interactions Between Number Theory and Wireless Communication, York 2016

based on joint work with C. Ling (Imperial College London) and J.-C. Belfiore (Huawei Technologies France)

**jointly with University of Campinas, supported by The São Paulo Research Foundation

Workshop Interactions Between Number Theory and Wireless Communication, York, 2016

Brief History• [1975] De Buda – Lattice codes for the Gaussian channel

• [1996] Loeliger - Averaging Bounds for Lattices

• [1998] Urbanke-Rimoldi - Capacity Achieving in the Gaussian Channel

• ([1996] Boutros-Viterbo-Rastello-Belfiore Lattices for Rayleigh Fading Channels (algebraic structure))

• [2005 - ] Erez-Litsyn-Zamir – Lattices Which Are Good for (Almost) Everything (AWGN Coding, Quantization, Packing, Covering)

• [Recently - ] Codes for MIMO, Codes for Security, etc.. • … not to mention Cryptography.

Reference: R. Zamir: Lattices are everywhere, ITA 2009


Outline

• Lattices The MH Theorem

• The Gaussian Channel

• Generalized Constructions from Codes

• Lattices for the (Compound) Fading Channel

• (Lattices for the (Compound) MIMO Channel)

MONA (Museum of Old and New Art), Hobart, Australia


• Fast operations (reduced complexity) using polynomials

• Calculating arithmetic operations (+, -, x) of codewords.

• Channels in the presence of fading and multiple antennas.

• Homomorphic encryption

Why Multiplication


• Discrete subset of the Euclidean space such that

• Closed under addition and subtraction.

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

(0,0)

(1,1)

(1,2)

(2,3)

Lattices

x, y 2 ⇤ =) x+ y and � x 2 ⇤

⇤

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

⨯

(0,0)

(1,1)

(1,2)


• Discrete subset of the Euclidean space such that

• Generator matrix such that

• Volume

• Minimum norm

Lattices

x, y 2 ⇤ =) x+ y and � x 2 ⇤

⇤

✓1 012

p32

◆

V (⇤) = | detB|

B 2 Rm⇥n

⇤ = {uB : u 2 Zm}

�(⇤) = minx2⇤\{0}

kxk


Lattices: The Sphere-Packing Problem

• Sphere-Packing Problem: Packing density where is the packing radius

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

â

✓1 01/4 3/2

◆ ✓1 0

1/2p3/2

◆

�(⇤) =

vol B2(⇢)

V (⇤)

⇢

� = 0.52� = 0.91


Lattices: The Sphere-Packing Problem

• Sphere-Packings (large dimensions)

• In terms of log-density: Best upper bound: KL

Theorem (« Minkoswki-Hlawka »): For any , there exists an dimensional lattice with packing density

n � 1n

� � 1

2n�1

1

nlog� � �1

1

nlog� �0.59


A random ensemble (of lattices) is a collection of lattices in , along with a measure on its elements.

If is a ball of radius and , then the packing radius , and therefore

Random Ensembles

Theorem Let be a Jordan-measurable set. There exists a random ensemble of lattices of volume such that

Rn

K ⇢ Rn

EL [#(K \ ⇤\ {0})] = vol K

V

L

V

K r#(K \ ⇤\ {0}) vol K

V< 2

� � 1

2n�1

⇢ > r/2


Random Ensembles of Lattices (à la Loeliger)

• A -ary error correcting code is a vector subspace of with dimension .

• Generator matrix:

• The associated -ary lattice is

C ⇢ Fnpp

Fnp k

A 2 Fk⇥np

p

⇤p(C) = {x 2 Zn: x ⌘ c (mod p) for some c 2 C}

= pZn + C=

�x 2 Zn

: x ⌘ uA (mod p) for some u 2 Fkp

• « Construction A »


•

• Pick a code (uniformly) at random

lim

p!1ELn,k,p [#(K \ ⇤\ {0})] = vol K

↵

[Loeliger ’96]

Random Ensembles of Lattices (à la Loeliger)

⇤p(C)

= pZn + C

Ln,k,p =

⇢✓↵1/n

p1�kn

◆⇤p(C) : C is an (n, k)p code

�


Lattices: The Gaussian Channel Problem

• Given a lattice and a point , a « receiver » sees: where each entry - « Error » if is closest to a distinct

⇤ ⇢ Rnx 2 ⇤

y = x+ z

zi ⇠ N (0,�2)

yx̂ 2 ⇤

What is the minimum volume that guarantees a given probability of error?


•

• [Loeliger ’96] This sequence can be constructed from -ary lattices (and is a consequence of the MH theorem)

• [Poltyrev ’94] There is a sequence of const. such that the probability of error vanishes and Conversely, any sequence with smaller normalized log-volume has non-vanishing probability of error

Lattice: The Gaussian Channel Problem

⇤n ⇢ Rn

p

1

nlog V (⇤) ! 1

2

log(2⇡e�2)


Lattices and the (Compound) Fading Channel

• Given a lattice and a point

• A « receiver » sees

• Error if there is such that is closer to than .

x 2 ⇤⇤ ⇢ RnT

X =

0

BBB@

x1 xn+1 · · · x(T�1)n+1

x2 xn+2 · · · x(T�1)n+2...

.... . .

...xn x2n · · · xnT

1

CCCA=

�x1 . . . xn

�.

Y = HX+ Z, where H =

0

BBB@

h1 0 . . . 00 h2 . . . 0...

.... . .

...0 0 . . . hn

1

CCCA

HX̂X̂ 6= X, X̂ 2 ⇤Y HX



• For vanishing probability of error .

• Universal code: Probability of error vanishes for all realizations, fixed

• « Compound » model D = |h1 . . . hn|1/n

1

nTlog V (H⇤)+ >

1

2

log(2⇡e�2)

1

nTlog V (⇤) + logD >

1

2

log(2⇡e�2)

H =

n

H 2 Rn⇥n: H is diagonal and |h1 . . . hn|1/n = D

o

.


Lattices for the Fading Channel

• is bad.

• Probability that is outside the box is

• Now consider realization such that

⇤p(C)

y

� P (|z1| � |h1|p/2)

h1 = O(1/p2)


Other Constructions

• Classical proofs: Rogers, Siegel, Cassels, Gruber,…

• Constructions with algebraic structure [Ebeling ’94] Cyclotomic Fields [Vehkalati, Kositwattanarerk, Oggier ’14] Galois Number Fields and Division Algebras [Kositwattanarerk, Ong, and Oggier ’15] Applications to Wiretap Channel [Huang, Narayanan, Wang ’15] Quadratic Fields - Compute-and-Forward

• General Formulation (?)


General Reductions

• Let be a rank- lattice.

• Let be a surjective homomorphism. Given a code , its associated lattice via Construction is

• It is indeed a lattice, And it has rank

⇤ m

�p : ⇤ ! Fnp

⇤�p(C) = ��1p (C)

C ⇢ Fnp �

m

⇤/⇤p ' Fnp

⇤p ⇢ ⇤�p(C) ⇢ ⇤

ker(�p) = ⇤�p({0}) , ⇤p


Random Ensembles (revisited)

•

Theorem: Let be an infinite sequence of primes and suppose that there are reductions

Suppose that the minimum norm of satisfies for some constants . Then

p1, p2, . . .

Ln,k,�p =

⇢↵1/m

(pn�kdet⇤)

1/m⇤�p(C) : C is an (n, k)p code

�

�pj : ⇤ ! Fnpj , 8j

⇤p

�(⇤pj ) � cpn�km +↵

j

c,↵ > 0

lim

p!1ELn,k,�p

[#(K \ ⇤\ {0})] = vol K

↵

Seminário de Segurança e Criptografia - IC, UNICAMP - 24/06/2016

Number Fields• Field extensions of the rationals with finite degree.

• E.x.: the field is the smallest field that contains the rationals and . It is a field extension of degree 2 with rational basis

• Number Field of degree 4

Q(p2) =

n

a+ bp2 : a, b 2 Q

o

p2

n

1,p2o

Q(p2,p3) =

n

a1 + a2p2 + a3

p3 + a4

p6 : ai 2 Q

o


Number Fields

• Ring of integers: - elements in which are root of a monic polynomial with integer coefficients.

• Ex: Ring of integers of is

• Consider the conjugation The set is a two-dimensional lattice.

OK K

Q(p5)

Z"1 +

p5

2

#=

(a+ b

(1 +p5)

2: a, b 2 Z

)

�(a+ bp5) = a� b

p5.

⇤ =

((x,�(x)) : x 2 Z

"1 +

p5

2

#)


Number Fields

• Given a number field with degree , there are homomorphisms from to that fix . If the image of these homomorphism is in , then we say that the number field is totally real. Then is an -dimensional lattice.

n �1, . . . ,�n

K C QR

n

⇤ = {(�1(x), . . . ,�n(x)) : x 2 OK}


Lattices with Algebraic Structure from Codes

• Given a number field, is a ring. We can thus consider prime ideals . We say that a prime splits if

• We can do coding! Consider

• The set of conjugates is a lattice in

OK

p ⇢ Ok

• Claim: The quotient for any above idealsOk/p ⇠ Fp

⇤

OK(C) = {x 2 On

K : x ⌘ c (mod p) for some c 2 C}

⇤Kp (C)

(�1(⇤OK (C)), . . . ,�m(⇤OK (C)))

pOK = p1 . . . pn


Lattices with Algebraic Structure from Codes

• In terms of generalized reductions Kernel . Minimum norm

• It yields good ensembles.

�(OK)T ! OTK!(OK/p)T ! FT

p

⇤p = �(pT )

�1(�(pT )) � cp1/n = cpT/nT � cp(T�k)/nT



• Given a lattice and a point

• A « receiver » sees

• Error if there is such that is closer to than .

x 2 ⇤⇤ ⇢ RnT

X =

0

BBB@

x1 xn+1 · · · x(T�1)n+1

x2 xn+2 · · · x(T�1)n+2...

.... . .

...xn x2n · · · xnT

1

CCCA=

�x1 . . . xn

�.

Y = HX+ Z, where H =

0

BBB@

h1 0 . . . 00 h2 . . . 0...

.... . .

...0 0 . . . hn

1

CCCA

HX̂X̂ 6= X, X̂ 2 ⇤Y HX



• For vanishing probability of error .

• Universal code: Probability of error vanishes for all realizations, fixed

• « Compound » model D = |h1 . . . hn|1/n

1

nTlog V (H⇤)+ >

1

2

log(2⇡e�2)

1


1

2

log(2⇡e�2)

H =

n

H 2 Rn⇥n: H is diagonal and |h1 . . . hn|1/n = D

o

.



• is good.

• No multiple of canonical vector (« full-diversity »).

• Realization has to be bad in « both » coordinates

⇤Kp (C)

P (hpHx, zi) � hpHx, pHxi2

(0,0)

(1,0)

(-1,0)(0,1)

(0,-1)

(1,1)(-1,1)

(1,-1)

(-1,-1)

-5 5

-5

5


• [Campello, Ling, Belfiore ’16] There is an universal sequence of algebraic lattices such that the probability of error vanishes for where

Lattices for the Fading Channel

⇤n ⇢ Rn

D = (|h1 . . . hn|)1/n

1

nTlog V (⇤) + logD ! 1

2

log(2⇡e�2) as T ! 1


Magic: Dirichlet’s Unit Theorem

• Let be a totally real number field. There exist « fundamental units » , such that any can be written as where is a root of unit and are integers. (in other words, the group of units is a product of a finite group and a free group of rank )

u1, . . . , un�1

Ku 2 O⇤

K

u = ⇣n�1Y

i=1

ukii

⇣ ki

n� 1


Lattices and the Gaussian Channel

• Magic: Group of Units of Number fields. For any channel realization there exists a decomposition,such that and norm of is bounded. [Luzzi, Othman, Belfiore ’08]

H = DEU

U⇤K(C) = ⇤K(C) E

U =

0

BBB@

�1(u) 0 . . . 00 �2(u) . . . 0...

.... . .

...0 0 . . . �n(u)

1

CCCA


Generalizations• Reductions (ring of matrix alphabet)

• Division algebras

• « Ring » version of the MH theorem

• Universal codes for MIMO (non-diagonal) channel

�p : ⇤ ! (Fm⇥mp )n

1


1

2

log(2⇡e�2)

D = det(Hij)1/n


Wrap up

• Lattices from Algebraic Number Theory: Advantages over unstructured ensembles;

• Random and with algebraic structure

• Algebraic Construction A: other applications?

• Groups of Units: other applications?

• Shaping: The Lattice Gaussian Distribution [C. Ling’s talk - Thu]

Thank You!

random ensembles of lattices with multiplicative structure · wireless communication, york 2016...

Documents