Lattices from Totally Real Number Fields with
Large Regulator
Ong Soon Sheng
Nanyang Technological University(NTU), Singapore
(Joint work with Prof. Frédérique Oggier, NTU, Singapore)
April 18, 2013
WCC 2013: International Workshop on Coding and
Cryptography
Bergen, Norway
Outline
• Introduction
• Coding Strategy for the Wiretap Rayleigh Fading Channel
• Code Design Criterion
• Ideal Lattices
• Some Number fields with Prescribed Ramification
• Norms and Ramification
• Units and Regulator
• Conclusion
Introduction
Figure: Wiretap Channel
Introduction
Figure: Wiretap Channel
Goals of coding for a wiretap channel:
Introduction
Figure: Wiretap Channel
Goals of coding for a wiretap channel:
• to increase reliability for Bob
Introduction
Figure: Wiretap Channel
Goals of coding for a wiretap channel:
• to increase reliability for Bob
• to increase confidentiality for Bob
Coding Strategy for the Wiretap Rayleigh Fading Channel
Coset encoding:
Coding Strategy for the Wiretap Rayleigh Fading Channel
Coset encoding:a sublattice Λe of Λb and partition Λb into a union
of disjoint cosets of the form
Λe + c
where c = (c1 , c2 , ..., cn ) ∈ Λb ⊂ Rn .
Coding Strategy for the Wiretap Rayleigh Fading Channel
Coset encoding:a sublattice Λe of Λb and partition Λb into a union
of disjoint cosets of the form
Λe + c
where c = (c1 , c2 , ..., cn ) ∈ Λb ⊂ Rn .
The message intended for Bob, s is labelled by s 7→ Λe + c(s) .
Coding Strategy for the Wiretap Rayleigh Fading Channel
Coset encoding:a sublattice Λe of Λb and partition Λb into a union
of disjoint cosets of the form
Λe + c
where c = (c1 , c2 , ..., cn ) ∈ Λb ⊂ Rn .
The message intended for Bob, s is labelled by s 7→ Λe + c(s) .
Lattice encoding: The transmitted lattice point x ∈ Λe + c(s) ⊂ Λb
is chosen randomly.
Coding Strategy for the Wiretap Rayleigh Fading Channel
Coset encoding:a sublattice Λe of Λb and partition Λb into a union
of disjoint cosets of the form
Λe + c
where c = (c1 , c2 , ..., cn ) ∈ Λb ⊂ Rn .
The message intended for Bob, s is labelled by s 7→ Λe + c(s) .
Lattice encoding: The transmitted lattice point x ∈ Λe + c(s) ⊂ Λb
is chosen randomly.
x = r + c(s) ∈ Λe + c(s)
Coding Strategy for the Wiretap Rayleigh Fading Channel
Coset encoding:a sublattice Λe of Λb and partition Λb into a union
of disjoint cosets of the form
Λe + c
where c = (c1 , c2 , ..., cn ) ∈ Λb ⊂ Rn .
The message intended for Bob, s is labelled by s 7→ Λe + c(s) .
Lattice encoding: The transmitted lattice point x ∈ Λe + c(s) ⊂ Λb
is chosen randomly.
x = r + c(s) ∈ Λe + c(s) ⇔ random vector r ∈ Λe
Code Design Criterion
(J.C. Belfiore and F.Oggier, 2011)
P̄c,e ≈ (
1
γe n
) 2 Vol(Λb ) 3
dx
4
γ2
e
1
|xi |3
x∈Λe ,x6=0 x 6=0
X
Y
i
where
Λb (resp.Λe ) is the lattice intended for Bob (resp.Eve),
γe is Eve’s average Signal to Noise Ratio(SNR),
x = (x1 , x2 , ..., xn ),
Vol(Λb ) is the volume of Λb ,
dx = |{xi : xi 6= 0}| is the minimum diversity of x.
Code Design Criterion
(J.C. Belfiore and F.Oggier, 2011)
P̄c,e ≈ (
1
γe n
) 2 Vol(Λb ) 3
dx
4
γ2
e
1
|xi |3
x∈Λe ,x6=0 x 6=0
X
Y
i
where
Λb (resp.Λe ) is the lattice intended for Bob (resp.Eve),
γe is Eve’s average Signal to Noise Ratio(SNR),
x = (x1 , x2 , ..., xn ),
Vol(Λb ) is the volume of Λb ,
dx = |{xi : xi 6= 0}| is the minimum diversity of x.
Coding criterion:
To minimize
P
Q
x∈Λe ,x6=0 xi 6=0
1
|xi |3
Ideal Lattices
Let K be a totally real number field of degree n, with ring of
integers OK , and real embeddings σ1 , ..., σn .
Ideal Lattices
Let K be a totally real number field of degree n, with ring of
integers OK , and real embeddings σ1 , ..., σn .
If {ω1 , . . . , ωn } is a Z-basis of I, the generator matrix M of the
corresponding ideal lattice (I, qα ) = {x = uM |u ∈ Zn } is given by
 √

√
√
α1 σ1 (ω1 )
α2 σ2 (ω1 ) . . .
αn σn (ω1 )


..
..
..
M =

.
.
...
.
√
√
√
α1 σ1 (ωn )
α2 σ2 (ωn ) . . .
αn σn (ωn )
where αj = σj (α), for all j.
Ideal Lattices
√
√
x=P
(x1 , . . . , xn ) = ( α1 σ1 (x), . . . , αn σn (x)) for some
x = ni=1 ui ωi ∈ I ⊆ OK where (u1 , ..., un ) ∈ Zn .
Ideal Lattices
√
√
x=P
(x1 , . . . , xn ) = ( α1 σ1 (x), . . . , αn σn (x)) for some
x = ni=1 ui ωi ∈ I ⊆ OK where (u1 , ..., un ) ∈ Zn .
1
|xi |3
x∈Λe x 6=0
X Y
i
Ideal Lattices
√
√
x=P
(x1 , . . . , xn ) = ( α1 σ1 (x), . . . , αn σn (x)) for some
x = ni=1 ui ωi ∈ I ⊆ OK where (u1 , ..., un ) ∈ Zn .
1
|xi |3
x∈Λe x 6=0
X Y
i
=
n
X Y
x∈I,x6=0 i=1
1
√
( αi )3 |σi (x)|3
Ideal Lattices
√
√
x=P
(x1 , . . . , xn ) = ( α1 σ1 (x), . . . , αn σn (x)) for some
x = ni=1 ui ωi ∈ I ⊆ OK where (u1 , ..., un ) ∈ Zn .
1
|xi |3
x∈Λe x 6=0
X Y
=
n
X Y
x∈I,x6=0 i=1
i
=
1
√
( αi )3 |σi (x)|3
1
X
x∈I,x6=0
3
2
(NK/Q (α)) |NK/Q (x)|3
where αj = σj (α), for all j and NK/Q (β) =
n
Q
i=1
σi (β) for β ∈ K.
Ideal Lattices
In addition to K as a totally real number field,
Ideal Lattices
In addition to K as a totally real number field,
• K is a Galois extension.
• Class number of K is 1.
Ideal Lattices
In addition to K as a totally real number field,
• K is a Galois extension.
• Class number of K is 1.
Thus x0 ∈ I = (β)OK , NK/Q (x0 ) = NK/Q (β)NK/Q (x) for some
x ∈ OK .
Ideal Lattices
In addition to K as a totally real number field,
• K is a Galois extension.
• Class number of K is 1.
Thus x0 ∈ I = (β)OK , NK/Q (x0 ) = NK/Q (β)NK/Q (x) for some
x ∈ OK .
Hence,
X
x0 ∈I,x0 6=0
1
⇒
|NK/Q (x0 )|3
X
x∈OK ,x6=0
1
.
|NK/Q (x)|3
(1)
X
x∈OK ,x6=0
1
|NK/Q (x)|3
=
+
+
+
A1 A2
A2
A3
+ 3 + 22 3 + 32 3 + ...
13
2
(2 )
(2 )
A3
A2
A3
+ 23 3 + 33 3 + ...
3
3
(3 )
(3 )
A5
A2
A3
+ 25 3 + 35 3 + ...
53
(5 )
(5 )
A7
A2
A3
+ 27 3 + 37 3 + ...
3
7
(7 )
(7 )
where Ai refers to number of algebraic integers with a norm of ±i.
In practice, we consider finite constellation so that only finitely
many integers are considered in the sum.
In practice, we consider finite constellation so that only finitely
many integers are considered in the sum.
Instead we will consider in analysing the following
X
x∈OK ∩R,x6=0
1
|NK/Q (x)|3
where R decides the shape of the finite constellation.
Norms and Ramification
Norms and Ramification
P
Dominant terms in
x∈OK ∩R,x6=0
small norms and units.
1
|NK/Q (x)|3
are those integers with
Norms and Ramification
P
Dominant terms in
x∈OK ∩R,x6=0
1
|NK/Q (x)|3
small norms and units.
Integers with norms at least 2 depend on
are those integers with
Norms and Ramification
P
Dominant terms in
x∈OK ∩R,x6=0
1
|NK/Q (x)|3
small norms and units.
Integers with norms at least 2 depend on
• ramification in K
• the class number of K
• density of units
are those integers with
Norms and Ramification
Let p be a prime, then p ∈ pOK .
Norms and Ramification
Let p be a prime, then p ∈ pOK .
g
g
Y
Y
N (pOK ) = N ( pei i ) =
N (pi )ei = |NK/Q (p)| = pn
i=1
i=1
where all pi are distinct prime ideals and ei = e for all i.
Norms and Ramification
Let p be a prime, then p ∈ pOK .
g
g
Y
Y
N (pOK ) = N ( pei i ) =
N (pi )ei = |NK/Q (p)| = pn
i=1
i=1
where all pi are distinct prime ideals and ei = e for all i.
In particular, if p is totally ramified(g = 1 and e1 = n) or if p
totally splits(g = n and e = 1), then
Norms and Ramification
Let p be a prime, then p ∈ pOK .
g
g
Y
Y
N (pOK ) = N ( pei i ) =
N (pi )ei = |NK/Q (p)| = pn
i=1
i=1
where all pi are distinct prime ideals and ei = e for all i.
In particular, if p is totally ramified(g = 1 and e1 = n) or if p
totally splits(g = n and e = 1), then
n
n
N (p) = p , or
n
Y
i=1
N (pi ) = pn .
Norms and Ramification
Let p be a prime, then p ∈ pOK .
g
g
Y
Y
N (pOK ) = N ( pei i ) =
N (pi )ei = |NK/Q (p)| = pn
i=1
i=1
where all pi are distinct prime ideals and ei = e for all i.
In particular, if p is totally ramified(g = 1 and e1 = n) or if p
totally splits(g = n and e = 1), then
n
n
N (p) = p , or
n
Y
N (pi ) = pn .
i=1
This shows the existence of an ideal above p of norm p.
Norms and Ramification
Let p be a prime, then p ∈ pOK .
g
g
Y
Y
N (pOK ) = N ( pei i ) =
N (pi )ei = |NK/Q (p)| = pn
i=1
i=1
where all pi are distinct prime ideals and ei = e for all i.
In particular, if p is totally ramified(g = 1 and e1 = n) or if p
totally splits(g = n and e = 1), then
n
n
N (p) = p , or
n
Y
N (pi ) = pn .
i=1
This shows the existence of an ideal above p of norm p.
We can further identify a generator with norm p.
Norms and Ramification
Moreover, if we have e = g = 1, we will force the smallest norm
involving only the prime p to be at least pn .
Norms and Ramification
Moreover, if we have e = g = 1, we will force the smallest norm
involving only the prime p to be at least pn .
This kind of prime p, we call it inert prime and it is desirable to
have those smaller primes remain inert.
Norms and Ramification
Moreover, if we have e = g = 1, we will force the smallest norm
involving only the prime p to be at least pn .
This kind of prime p, we call it inert prime and it is desirable to
have those smaller primes remain inert.
Example
If 2 is inert prime, then x ∈ OK with N (x) = 2k for k ≥ n.
Figure: Cyclotomic Field and its Maximal Real Subfield
Theorem
(D.A.Marcus,1977)
Let q be a rational prime different from p, then q is unramified in
Q(ζp ) and in fact
(q)Z[ζp ] = q1 ...qg
with mutually distinct prime ideals qi and each of inertial degree
f = f (qi /q) equal to the order of q in (Z/p)× ,i.e., f is the least
natural number such that
qf ≡ 1
(mod p).
Consider the special case when p = 2p0 + 1, with p0 a prime.
Consider the special case when p = 2p0 + 1, with p0 a prime.
Lemma
Suppose that p = 2p0 + 1, where both p and p0 are prime (such a
prime p0 is called a Sophie Germain prime). Then the primes
smaller than p are inert in Q(ζp + ζp−1 ).
Consider the special case when p = 2p0 + 1, with p0 a prime.
Lemma
Suppose that p = 2p0 + 1, where both p and p0 are prime (such a
prime p0 is called a Sophie Germain prime). Then the primes
smaller than p are inert in Q(ζp + ζp−1 ).
Example
Consider Q(ζ23 ), with 23 = 2 · 11 + 1. The primes 2, 3, 5, 7, 11,
−1
13, 17, 19 are all inert in Q(ζ23 + ζ23
).
Units and Regulator
Let L be a number field of degree n and signature (r1 , r2 ). Set
r = r1 + r2 − 1. The density of units in K is related to its
regulator R.
Units and Regulator
Let L be a number field of degree n and signature (r1 , r2 ). Set
r = r1 + r2 − 1. The density of units in K is related to its
regulator R.
Definition
Given a basis e1 , . . . , er for the group of units modulo the group of
roots of unity. The regulator of K is
R = | det(log |σi (ej )|)1≤i,j≤r |,
where |σi (ej )| denotes the absolute value for the real embeddings,
and the square of the complex absolute value for the complex ones.
Theorem
(G.R.Everest, J.H.Loxton, 1993)
Let w be the number of roots of unity in L. The number of units
U (q) such that max1≤i≤d |σi (u)| < q in K is given by
U (q) =
w(r + 1)r
2/r −1
(log q)r + O((log q)r−1−(cR ) )
Rr!
as q → ∞ and c = 6 · 2 × 1012 d10 (1 + 2 log d).
Table: Some totally real number fields K of Cyclotomic Fields.
K ⊂ Q(ζp )
R
Q(ζ11 )
Q(ζ31 )
Q(ζ41 )
Q(ζ23 )
1.63
30.36
123.32
1014.31
Q(ζ67 )
330512.24
p(X)
5
primes
4
3
2
x + x − 4x − 3x + 3x + 1
x5 − 9x4 + 20x3 − 5x2 − 11x − 1
x5 − x4 − 16x3 − 5x2 + 21x + 9
x11 + x10 − 10x9 − 9x8 + 36x7 + 28x6
−56x5 − 35x4 + 35x3 + 15x2 − 6x − 1
x11 − x10 − 30x9 + 63x8 + 220x7 − 698x6
−101x5 + 1960x4 − 1758x3 + 35x2 + 243x + 29
11 ramifies
5 splits
3 splits
23 ramifies
29 splits
Table: Some totally real number fields K of Cyclotomic Fields.
K ⊂ Q(ζp )
R
Q(ζ11 )
Q(ζ31 )
Q(ζ41 )
Q(ζ23 )
1.63
30.36
123.32
1014.31
Q(ζ67 )
330512.24
p(X)
5
primes
4
3
2
x + x − 4x − 3x + 3x + 1
x5 − 9x4 + 20x3 − 5x2 − 11x − 1
x5 − x4 − 16x3 − 5x2 + 21x + 9
x11 + x10 − 10x9 − 9x8 + 36x7 + 28x6
−56x5 − 35x4 + 35x3 + 15x2 − 6x − 1
x11 − x10 − 30x9 + 63x8 + 220x7 − 698x6
−101x5 + 1960x4 − 1758x3 + 35x2 + 243x + 29
For the case of degree 5,
2 · 54
4!R
4
(log q)
=
625
12R
4
(log q)
yielding respectively
4
4
∼ 32(log q) , ∼ 0.4(log q)
for the smallest and biggest regulators shown in Table 1.
11 ramifies
5 splits
3 splits
23 ramifies
29 splits
Conclusion
• Code design criterion for fast fading channel is analysed in
designing the lattice code that provides confusion to the
eavedropper.
Conclusion
• Code design criterion for fast fading channel is analysed in
designing the lattice code that provides confusion to the
eavedropper.
• Identifying totally real number fields with prescribed
ramification and regulator provide some thought in the design
of wiretap codes for fast fading channels.
∼ Thank you for your attention! ∼