An Introduction to Lattices

and their
Applications in
Communications
Frank R. Kschischang
Chen Feng
University of Toronto, Canada

2014 Australian School of

Information Theory
University of South Australia
Institute for Telecommunications Research
Adelaide, Australia

November 13, 2014

Outline

1 Fundamentals
2 Packing, Covering, Quantization, Modulation

3 Lattices and Linear Codes

4 Asymptopia

5 Communications Applications

2
Notation

• C: the complex numbers (a field)

• R: the real numbers (a field)
• Z: the integers (a ring)
• X n : the n-fold Cartesian product of set X with itself;
X n = {(x1, . . . , xn) : x1 ∈ X , x2 ∈ X , . . . , xn ∈ X }. If X
is a field, then the elements of X n are row vectors.
• X m × n : the m × n matrices with entries from X .
• If (G, +) is a group with identity 0, then G ∗� G \ {0} denotes
the nonzero elements of G .

4
Euclidean Space
Lattices are discrete subgroups (under vector addition) of
finite-dimensional Euclidean spaces such as Rn. x d(x
• ,y
)
In R we have
n
•y
n i (0,
• an inner product: (x, y) xi yi

l xl
✓ =1 1) l
• a �norm: l x l � (x, ly
•
• x)a metric: d (x, y) � lx − 0
(1,
yl 0)
• Vectors x and y are orthogonal if (x, y) = 0.
• A ball centered at the origin in Rn is the set

B r = {x ∈ Rn : l x l ≤ r }.

• If R is any subset of Rn, the translation of R by x is, for any

x ∈ Rn, the set x + R = {x + y : y ∈ R} .
5
Lattices

Definition
Given m linearly independent (row) vectors g1, . . . , gm ∈ Rn, the
lattice Λ generated by them is defined as the set of all integer linear
combinations of the gi ’s:
m
Λ(g1, . . . , gm) � ci gi : c1 ∈ Z, c2 ∈ Z, . . . , cm ∈ Z
.
i =1
• g1, g2, . . . , gm: the generators of Λ
• n: the dimension of Λ
• m: the rank of Λ
• We will focus only on full-rank lattices (m = n) in this tutorial

6
Example: Λ( ( 112 , 32 , , − 23
2(

−3g2
3g1 + g2

g1
0

g2

7
Example: Λ( ( 32 ,23 , (1,
0)

+g
2
3g1

g1
−3g2 0
g2

8
Generator Matrix

Definition
A generator matrix GΛ for a lattice Λ ⊆ Rn is a matrix whose rows
generate Λ:
 
g1
GΛ=  .. ∈ R n×n and Λ = {cGΛ : c ∈ Z n }.
gn

Example:
l l
1/2 2/3 3/2 2/3
G1= and G2=
1/2 −2/3 1
0
generate the previous examples.
By definition, a generator matrix is full rank.

9
When do G and Gt Generate the Same Lattice?

Recall that a matrix U ∈ Zn×n is said to be unimodular if

det(U) ∈ {1, −1}. If U is unimodular, then U−1 ∈ Zn×n and U−1 is
also unimodular. (U is unimodular ↔ det(U) is a unit.)
Theorem
Two generator matrices G, Gt ∈ Rn×n generate the same lattice if
and only if there exists a unimodular matrix U ∈ Zn×n such that
Gt = UG.
(In any commutative ring R, for any matrix A ∈ Rn×n , we have

A adj(A) = det(A)In , where adj(A), the adjugate of A is given by

[adj(A)]i,j = (−1)i +j M j , i where M j , i is the minor of A obtained by deleting the
jth row and i th column of A. Note that adj(A) ∈ Rn×n . The matrix A is
invertible (in R n×n ) if and only if det(A) is an invertible element (a unit) of R, in
which case A−1 = (det(A))−1 adj(A). cf. Cramer’s rule.)

10
Proof
For “⇒”: Assume that G and Gt generate the same lattice. Then
there are integer matrices V and Vt such that
Gt = VG and G = VtGt.
Hence,
Gt = VVtGt = (VVt)Gt,
from which it follows that VVt is the identity matrix. However, since
det(V) and det(Vt) are integers and the determinant function is
multiplicative, we have det(V) det(Vt) = 1. Thus det(V) is a unit
in Z and so V is unimodular.
For “⇐”: Assume that Gt = UG for a unimodular matrix U, let Λ
be generated by G and let Λt be generated by Gt. An element
λt ∈ Λt can be written, for some c ∈ Zn as
λt = cGt = cUG = ctG ∈ Λ, which shows, since ct = cU ∈ Zn, that
Λt ⊆ Λ. On the other hand, we have G = U−1Gt and a similar
argument shows that Λ ⊆ Λt. 11
Lattice Determinant

Definition
The determinant, det(Λ), of a full-rank lattice Λ is given as

det(Λ) = |

det(GΛ)| where GΛ is any generator matrix

for Λ.

• Note that, in view of the previous theorem, this is an invariant

of the lattice Λ, i.e., the determinant of Λ is independent of the
choice of GΛ.
• As we will now see, this invariant has a geometric significance.

12
Fundamental Region

Definition
A set R ⊆ Rn is called a fundamental region of a lattice Λ ⊆ Rn if
the following conditions are satisfied:
u
1 R n= λ ∈Λ(λ + R).
2 For every λ1 , λ2 ∈ Λ with λ1 /= λ2 , (λ1 + R ) ∩ (λ2 + R ) = ∅.
In other words, the translates of a fundamental region R by lattice
points form a disjoint covering (or tiling) of Rn.
• A fundamental region R cannot contain two points x1 and x2
whose difference is a nonzero lattice point, since if
x1 − x2 = λ ∈ Λ, λ /= 0, for x1, x2 ∈ R, we would have
x1 ∈ 0 + R and x1 = x2 + λ ∈ λ + R, contradicting
Property 2.
• Algebraically, the points of a fundamental region form a
complete system of coset representatives of the cosets of Λ in
R n. 13
Fundamental Regions for Λ((1/2, 2/3), (1/2, −2/3))

• Each shaded fundamental region serves as a tile; the union of

translates of a tile by all lattice points forms a disjoint covering
of R2.
• Fundamental regions need not be connected sets.

14
Fundamental Parallelepiped

Definition
The fundamental parallelepiped of a generating set
g1, . . . , gn ∈ Rn for a lattice Λ is the set
n
n
P(g1 , . . . , gn) ai gi : (a1, . . . , an) ∈ [0,
� i =1
1)
g1 .
g1
0
0
g2 g2
(( 1 ( (( 3 2
P 2 ,2
1 3
, − 23 P 2 ,3 , (1,
, 2 0)

15
Their Volume = det(Λ)

Proposition
Given a lattice Λ, the fundamental parallelepiped of every generating
set for Λ has the same volume, namely det(Λ).

Proof: Let g1, . . . , gn form the rows of a generator matrix G. Then,

by change of variables,

Vol(P(g1, . . . , gn)) = Vol({aG : a ∈ [0, 1)n})

= Vol([0, 1)n) · | det(G)|
= | det(G)|
= det(Λ)

16
All Fundamental Regions Have the Same Volume

Proposition
More generally, every fundamental region R of Λ has the same
volume, namely det(Λ).

Proof (by picture): Proof (by mapping): translate each point of R

by some lattice vector to a unique point of P.
Partition R into “pieces” R 1 , R 2 , . . .
translated by the same vector. If the pieces
well-defined
each have a volume, then
Vol(R) = i Vol(Ri ), and the result
follows
since volume is translation invariant and the
union of the translated pieces is P.

17
Voronoi Region

Definition
Given a lattice Λ ⊆ Rn and a point λ ∈ Λ, a Voronoi region of λ is
defined as

V(λ) = {x ∈ Rn : ∀λt ∈ Λ, λt /= λ, lx − λ l ≤ lx − λ t l},

where ties are broken systematically.

The Voronoi region of 0 is often

called the Voronoi region of the
lattice and it is denoted by
V(Λ).

18
Nearest-Neighbor Quantizer
Definition
(NN)
A nearest neighbor quantizer QΛ : Rn → Λ associated with a
lattice Λ maps a vector to the closest lattice
point
(NN)
QΛ (x) = arg min lx −
λ ∈Λ
λl ,
where ties are broken systematically.

• The inverse image

(NN )
[Q Λ ]−1 (λ) is a
Voronoi
region of λ.
• QΛ (x) may be difficult to
compute for arbitrary x ∈ Rn.

19
Minimum Distance

Definition
The minimum distance of a lattice Λ ⊆ Rn is defined as

dmin(Λ) = min l λ l .
λ∈Λ∗

Fact:
) Λ
in (

dmin(Λ) > 0
m
d

Proof: exercise.

20
Successive Minima
Recall that B r denotes the n-dimensional ball of radius r centered at
the origin: Br � {x ∈ Rn : l x l ≤
r }.
Definition
For a lattice Λ ⊂ Rn, let

L i (Λ) � min{r : Br contains at least i linearly indep. lattice vectors}.

Then L1 ≤ L2 ≤ . . . ≤ Ln are the successive minima of Λ.

• We have L1(Λ) = dmin(Λ).
Here L 2> L
• Note that Ln(Λ) contains n linearly 1
independent lattice vectors by definition,
but these may not generate Λ! (Example:
2Z5 ∪ (1, 1, 1, 1, 1) + 2Z5 has
L1 = · · · = L5 = 2, but the 5 linearly
independent vectors in B2 generate only
2Z5.) 21
A Quick Recap

As subgroups of Rn, lattices have both algebraic and geometric

properties.
• Algebra: closed under subtraction (forms a subgroup)
• Geometry: fundamental regions (fundamental parallelepiped,
Voronoi region), (positive) minimum distance, successive
minima
• Because lattices have positive minimum distance, they are
discrete subgroups of Rn, i.e., surrounding the origin is an
open ball containing just one lattice point (the origin itself).
• The converse is also true: a discrete subgroup of Rn is
necessarily a lattice.

22
Dual Lattice
Definition
The dual of a full-rank lattice Λ ⊂ Rn is the set

Λ⊥ = {x ∈ Rn : ∀λ ∈ Λ, (x, λ) ∈ Z},

i.e., the set of vectors in Rn having integral inner-product with every

lattice vector.
Fact
If Λ has generator matrix G ∈ Rn×n, then Λ⊥ has generator matrix
(G−1)T , where the inverse is taken in Rn×n.

Theorem
det(Λ) · det(Λ⊥) = 1.
Proof: follows from the fact that det(G−1) = (det G)−1.
Remark: the generator matrix for Λ⊥ serves as a parity-check
23
Nested Lattices
Definition
A sublattice Λt of Λ is a subset of Λ, which itself is a lattice. A pair
of lattices (Λ, Λt) is called nested if Λt is a sublattice of Λ.

Λ is called the fine lattice

while Λt is called the
coarse lattice.
Λt ⊆ Λ

24
Nested Lattices: Nesting Matrix

Let Λ and Λt have generator matrices GΛ and GΛI , respectively. If

Λt ⊆ Λ, every vector of Λt is generated as some integer linear
combination of the rows of GΛ.
Definition
In particular, the generator matrices GΛI and GΛ must satisfy

GΛI = JGΛ,

for some matrix J ∈ Zn×n, called a nesting matrix.

• Given GΛ and GΛI , J is unique.

• | det(J)| is an invariant: det(Λt) = | det(J)| det(Λ)

25
Nested Lattices: Diagonal Nesting

Theorem
Let Λt ⊂ Λ be a nested lattice pair. Then there exist generator
matrices GΛ and GΛI for Λ and Λt, respectively, such that

GΛI = diag(c1, . . . , cn)GΛ

with c1|c2| · · · |cn.

Here c1, . . . , cn are the invariant factors of the nesting

matrix.

26
Smith Normal Form

The Smith normal form is a canonical form for matrices with entries
in a principal ideal domain (PID).
Definition
Let A be a nonzero m × n matrix over a PID. There exist invertible
m × m and n × n matrices P, Q such that the product

PAQ = diag(r1, . . . , rk ), k = min{m, n}

and the diagonal elements {ri } satisfy ri | ri +1 for 1 ≤ i < k. This

product is the Smith normal form of A.

The elements {ri } are unique up to multiplication by a unit and are

called the invariant factors of A.

27
Diagonal Nesting Follows from Smith Normal Form

For some J ∈ Zn×n, let

GΛI = JGΛ.
Then, for some n × n unimodular matrices U and V, we have

UJV = D = diag(c1, c2, . . . , cn),

or, equivalently,
J = U−1DV−1.
Thus
GΛI = JGΛ = U−1DV−1GΛ
or
(UGΛI ) = D(V−1GΛ).

28
Nested Lattices: Labels and Enumeration
With a diagonal nesting in which GΛI = JGΛ with
J = diag(c1, c2, . . . , cn), we get a useful labelling scheme for
lattice vectors in the fundamental parallelepiped of Λt: each such
point is of the form
(a1, a2, . . . , an)GΛ
where
0 ≤ a1 < c1, 0 ≤ a2 < c2, . . . , 0 ≤ an < cn.

GΛI = diag(2, 4)GΛ

(0, 3) (1, 3)
(0, 2) (1, 2)
(0, 1) (1, 1)
(0, 0) (1, 0)

IT ni
Note that there are det(J) = =1 ci labelled points. 29
Nested Lattices: Linear Labelling
If we periodically extend the labels to all the lattice vectors, then
the labels are linear in Zc1 × Zc2 × · · · × Zcn , i.e.,

(λ1 + λ2 ) = (λ1 ) + (λ2).

(0, 1) (1, 1) (0, 1) (1, 1) (0, 1) (1, 1)
(0, 0) (1, 0) (0, 0) (1, 0) (0, 0) (1, 0)
(0, 3) (1, 3) (0, 3) (1, 3) (0, 3) (1, 3)
(0, 2) (1, 2) (0, 2) (1, 2) (0, 2) (1, 2)
(0, 1) (1, 1) (0, 1) (1, 1) (0, 1) (1, 1)
(0, 0) (1, 0) (0, 0) (1, 0) (0, 0) (1, 0)
(0, 3) (1, 3) (0, 3) (1, 3) (0, 3) (1, 3)
(0, 2) (1, 2) (0, 2) (1, 2) (0, 2) (1, 2)
Stated more algebraically,

Λ/Λ t ,.. Zc1 × Zc2 × · · · × Zcn .

30
Complex Lattices
The theory of lattices extends to Cn, where we have many choices
for what is meant by “integer.” Generally we take the ring R of
integers as a subring of C forming a principal ideal domain.
Examples:
• R = {a + bi : a, b ∈ Z} (Gaussian integers)
• R = {a + be2πi/3 : a, b ∈ Z} (Eisenstein integers)

Definition
Given m linearly independent (row) vectors g1, . . . , gm ∈ Cn, the
complex lattice Λ generated by them is defined as the set of all
R-linear combinations of the gi ’s:
m
Λ(g1, . . . , gm) � ci gi : c1 ∈ R, c2 ∈ R, . . . , cm ∈ R .
i =1

(In engineering applications, complex lattices are suited for QAM

modulation.)
31
 Part 2:
Packing, Covering,
Quantization,
Modulation

32
Balls in High Dimensions

Recall that B r = {x ∈ Rn : l x l ≤ r } is the n-dimensional ball of

radius r centered at the origin.
• B1 is the unit-radius ball
• Br = r B1 = {r x : x ∈ B 1 }
• Vol(Br ) = rn Vol(B1) � r n V n , where V n is the volume of B1
• Easy to show that V 1= 2, V = 4
2 π, V = π 3
3
n/2
• In general, Vn = π
, where the
(n/2)!
factorial (n/2)! for odd n is
( n √ 13
(n/ 2)! = Γ 1 + = π ···
n
2 22
.
2 2/n
• In fact, V n ≈ (2πe/n)n/2 and limn→∞ nVn
= 2πe.

33
Sphere Packing
Definition
A lattice Λ ⊂ Rn is said to pack B r if

λ1 , λ2 ∈ Λ, λ1 /= λ2 → (λ1 + Br ) ∩ (λ2 + Br ) = ∅.

The packing radius of Λ is

rpack(Λ) � sup{r : Λ packs Br }.

34
Effective Radius

Definition
The effective radius of a lattice Λ is the radius of a ball of volume
det(Λ):
( )
det(Λ) 1/n
reff(Λ) = .
Vn

ff
re
rp
ac
k

Clearly, reff(Λ) ≥ rpack(Λ), with equality if and only if the Voronoi

region itself is a ball.

35
Packing Efficiency

Definition
The packing efficiency of a lattice Λ is defined as
rpack(Λ)
ρpack (Λ) =
. reff(Λ)

• Clearly, 0 < ρpack(Λ) ≤ 1.

• ρpack(Λ) is invariant to scaling, i.e., ρpack(αΛ) = ρpack(Λ) for
all α /= 0. (
Vol B rpack
(Λ)
Vol(V(Λ))
)
= ρpack
n

(Λ)
• the packing density =

36
Packing Efficiency (Cont’d)

• The densest 2-dime nsional lattice is the hexagonal lattice

with
J
√
• efficiency π/2 3J≈ 0.9523
The densest 3-dimensional lattice is the face-centered cubic
√
lattice with efficiency π/3 2 ≈ 0.9047
3

• The densest lattices are known for all dimensions up to eight,

but are still unknown for most higher dimensions.
• The Minkowski-Hlawka Theorem guarantees that in each
dimension there exists a lattice whose packing efficiency is at
least 1/2:
max ρpack(Λ) ≥ 1/2
Λ⊂Rn

37
Sphere Covering
Definition
A lattice Λ ⊂ Rn is said to cover Rn with Br if
n
(λ + Br ) =
λ∈ΛR .

The covering radius of Λ is

rcov(Λ) � min{r : Λ covers Rn with

Br }.

38
Covering Efficiency
It is easy to see that rcov(Λ) is the outer radius of the Voronoi region
V(Λ), i.e., the radius of the smallest (closed) ball containing V.

ff
re
r co
v
Definition
The covering efficiency of a lattice Λ is
rcov(Λ)
ρcov (Λ) = .
reff(Λ)
• Clearly, ρcov(Λ) ≥ 1.
• ρcov(Λ) is invariant to scaling.
39
Covering Efficiency (Cont’d)

• The best 2-dimensional covering lattice is the hexagonal lattice

with ρcov(Λ) ≈ 1.0996.
• The best 3-dimensional covering lattice is not the densest one:
it is the body-centered cubic lattice with ρcov(Λ) ≈ 1.1353.
• A result of Rogers shows that there exists a sequence of lattices
Λn of increasing dimension n such that ρcov(Λ) → 1, as n →
∞.

40
Quantization

Definition
A lattice quantizer is a map Q Λ : Rn → Λ for some lattice Λ ⊂ Rn.
(NN)
• If we use the nearest-neighbor quantizer Q Λ , then
(NN )
the
quantization error x e � x − QΛ (x) ∈ V(Λ).
• Suppose that xe is uniformly distributed over the Voronoi region
V(Λ), then the second moment per dimension is given as
1 1 1
σ2(Λ) = E xel 2] = lx el 2dx .
n V(Λ)
[l e
n
det(Λ)
• Clearly, the smaller is σ2(Λ), the better is the quantizer.

41
Quantization: Figure of Merit

Definition
A figure of merit of the nearest-neighbor lattice quantizer is the
normalized second moment, given as
σ2(Λ)
G (Λ) = .
det(Λ)2/n

• G (Λ) is invariant to scaling.

• Let Gn denote the minimum possible value of G (Λ) over all
lattices in Rn. Then, since G (Zn) = 1/12, we have Gn ≤ 1/12.

42
Quantization: Figure of Merit (Cont’d)

Q: What is a lower bound on Gn?

A: An n-dimensional ball of a given volume minimizes the second
moment. The corresponding quantity Gn∗is monotonically
decreasing with n, and approaches 2π1 as n → ∞.
Hence e
1 1
≥ Gn ≥ Gn∗ > .
12
2πe
• There exists a sequence of lattices Λn of increasing dimension n
1
such that G (Λn ) → 2π , as n → ∞.
e

43
Modulation: AWGN channel

input output
x y= x+
z
+ z
An additive-noise channel is given by the input/output relation

y = x + z,

where the noise z is independent of the input x.

In the AWGN channel case, z is a white (i.i.d.) Gaussian noise with
zero mean and variance σ2 whose pdf is given by
1 −
l zl 2
fZ (z) = .
(2πσ2)n/2 2σ2
e

44
Modulation: Error Probability
Suppose that (part of) a lattice Λ is used as a codebook, then the
transmitted signal x ∈ Λ.
Since the pdf is monotonically decreasing with the norm of the noise
lz l , given a received vector y, it is natural to decode x as the
closest lattice point:
(NN)
ˆx = arg λ ∈Λ min ly − λ l = QΛ
(y).
The error probability is thus defined as

Pe (Λ, σ2) � Pr[z ∈/ V(Λ)]

• Pe (Λ, σ2) increases monotonically with the noise variance σ2

• For some target error probability 0 < E< 1, let σ2(E) =
value of σ2 such that Pe (Λ, σ2) is equal to E.
45
Modulation: Figure of Merit

Definition (Normalized volume to noise ratio)

The normalized volume to noise ratio of a lattice Λ, at a target
error probability Pe , 0 < Pe < 1, is defined as

det(Λ)2/n
µ(Λ, Pe ) = .
σ2(P e)

• µ(Λ, Pe ) is invariant to scaling.

• The lower, the better.

46
Modulation: Figure of Merit (Cont’d)

• The minimum possible value of µ(Λ, Pe ) over all lattices in Rn

is denoted by µn (Pe ). Clearly, µn(Pe ) ≤ µ(Zn, Pe ).
Q: What is a lower bound on µn(Pe )?
A: An n-dimensional ball contains more probability mass of an
AWGN vector than any other body of the same volume. The
corresponding quantity µ∗n(Pe ) is monotonically decreasing with
for 0 < Pe < Peth ≈ 0.03, and it approaches 2πe, as n → , for all
n
∞< Pe < 1.
0
• Hence,
2πe < µ∗n(Pe ) ≤ µn (Pe ) ≤ µ(Zn, Pe ).
• There exists a sequence of lattices Λn of increasing dimension n
such that for all 0 < Pe < 1, µ(Λn, Pe ) → 2πe, as n → ∞.

47
Fun Facts about Lattices (Lifted from the Pages of [Zamir,2014])
• The seventeenth century astronomer Johannes Kepler
conjectured that the face-centered cubic lattice forms the best
sphere-packing in three dimensions. While Gauss showed that
no other lattice packing is better, the perhaps harder part—of
excluding non-lattice packings—remained open until a full
(computer-aided) proof was given in 1998 by Hales.
• The optimal sphere packings in 2 and 3 dimensions are lattice
packings—could this be the case in higher dimensions as well?
This remains a mystery.
• The early twentieth century mathematician Hermann
Minkowski used lattices to relate n-dimensional geometry with
number theory—an area he called “the geometry of numbers.”
The Minkowski-Hlawka theorem (conjectured by Minkowski
and proved by Hlawka in 1943) will play the role of Shannon’s
random coding technique in Part 4.
• Some of the stronger (post-quantum) public-key algorithms
today use lattice-based cryptography.
48
Fields
Definition
Recall that a field is a triple (F, +, ·) with the properties that
1 (F, +) forms an abelian group with identity 0,
2 (F∗, ·) forms an abelian group with identity 1,
3 for all x, y, z ∈ F, x · (y + z ) = (x · y ) + (x · z ),
i.e., multiplication ‘·’ distributes over addition ‘+’.
Roughly speaking, fields enjoy all the usual familiar arithmetic
properties of real numbers, including addition, subtraction,
multiplication and division (by nonzero elements), the product of
nonzero elements is nonzero, etc.
• R and C form (infinite) fields under real and complex
arithmetic, respectively.
• Z does not form a field (since most elements don’t have
multiplicative inverses).

50
Finite Fields
Definition
A field with a finite number of elements is called a finite field.
• Fp = {0, 1, . . . , p − 1} forms a field under integer
arithmetic modulo p, where p is a prime.
• Zm = {0, 1, . . . , m − 1} does not form field under integer
arithmetic modulo m, when m is composite, since if m = ab
with 1 < a < m then ab = 0 mod m, yet a and b are
nonzero elements of Zm. Such “zero divisors” cannot be
present in a field.
The following facts are well known:
• A q-element finite field Fq exists if and only if q = pm for a
prime integer p and a positive integer m. Thus there are finite
fields of order 2, 3, 4, 5, 7, 8, 9, 11, 13, 16, . . ., but none of
order 6, 10, 12, 14, 15, . . ..
• Any two finite fields of the same order are isomorphic; thus we
refer to the finite field Fq of order q. 51
The Vector Space Fnq
The set of n-tuples
F qn= {(x 1, . . . , n ) : x1∈ F q, . . . , nx ∈ Fq }
x
forms a vector space over Fq with
1 vector addition defined componentwise

(x1, . . . , xn) + (y1, . . . , yn) = (x1 + y1, . . . , xn +

yn)

2
vector
scalar x ∈ F nq, via ax =defined,
multiplication (ax 1, . .for
. , any
n scalar a ∈ F and any
q
ax ).
• Any subset of C ⊆ Fnq forming a vector space under the
operations inherited from Fnq, is called a subspace of Fn .
• A set of vectors {v , . . . , vq} ⊆ Fn is called linearly
1 k
independent if theqonly solution to the equation
0 = a1v1 + · · · + anvn in unknown scalars a1, . . . , an is
the trivial one (with a1 = · · · = an = 0).
52
Dimension

• If C is a subspace of F nq, then the number of elements in any

maximal subset of C of linearly independent vectors is an
invariant called the dimension of C .
• For example, F nqhas dimension n.
• If C is a subspace of F nqof dimension k, then 0 ≤ k ≤ n.

53
Linear Block Codes over Fq
Definition
An (n, k) linear code over Fq is a k-dimensional subspace of Fn q.

The parameter n is called the block length, and k is the

dimension. The elements of a code are called codewords. For
example, {000, 111} is a (3,1) linear code over F2.

Let B = {g1, . . . , gk } be a maximal linearly independent subset of

an (n, k) linear code C . Then B is a basis having the property that
each element v of C has a unique representation as a linear
combination
k
v= ai i
g i =1
for some scalars a1, . . . , ak ∈ Fq .

By counting the number of distinct choices for a1, . . . , ak , we

find that an (n, k) linear code over Fq has qk codewords. 54
Generator Matrices
Definition
A generator matrix for an (n, k) linear code C over Fq is a matrix
G ∈ Fkq ×n given
as g
1
 g2

G= ..
 gk 

where {g1, . . . , gk } is any basis for
C.
The code C itself is then the row space of G, i.e.,
C = {uG : u ∈ Fqk },
and G is said to generate C .
Two different generator matrices G1 and G2 generate the same code
C if G2 = UG1 for some invertible matrix U ∈ F k×k , or equivalently
if G2 can be obtained from G1 by a sequence of elementary row
operations
. 55
Systematic Form

A canonical generator matrix for a code C is obtained (using

Gauss-Jordan elimination) by reducing any generator matrix G of C
to its unique reduced row echelon form GRREF.

In some cases, GRREF takes the form, called systematic form,

GRREF = Ik P

where I k is the k × k identity matrix, and P is some k × (n −

k) matrix.
If v = uG, with G in systematic form, then v = (u, uP).
When G used as an encoder, mapping a message u to a codeword v
= uG, then, when G is in systematic form, the message u appears
in the first k positions of every codeword.
(More generally, if GRREF is used as an encoder, the components of
the message u appears in k fixed locations, corresponding to the
pivot columns of GRREF, of every codeword.) 56
Dual Codes
n i
We may define an “inner-product” in F nqvia (x, y) = =1 xi yi .
Definition
The dual C ⊥ of a linear code C over Fq is the set

C⊥ n
= {v ∈ Fq : ∀c ∈ C, (v, c) =
0}.
• The dual of an (n, k) linear code is an (n, n − k) linear code.
• A generator matrix H for C ⊥ is called a parity-check matrix
for C and must satisfy GH T = 0k×(n−k) for every generator
matrix G of C .
• Equivalently, we may write

C = {c ∈ Fnq : cHT = } ,
0
displaying C as the k-dimensional solution space of a system of
n − k homogenous equations in n unknowns.
57
Computing H from G

When C has a generator matrix G in systematic form

G= I P

then it is easy to verify (by multiplication) that

H = −PT I

is a parity-check matrix for C .

More generally, any given G can be reduced to GRREF. If P is the
matrix obtained from GRREF by deleting its pivot columns, then a
parity-check matrix H is obtained by distributing the columns of
− P T (in order) among the k columns corresponding to pivots of
GRREF, and distributing the columns of the identity matrix In−k (in
order) among the remaining columns.

58
Error-Correcting Capability under Additive Errors
n
Let C be a linear (n, k) code over F q. Let E ⊂ F be
q a general set
of error patterns, and suppose that when c ∈ C is sent, an adversary
may add any vector e ∈ E , so that y = c + e is received.
input output
c y= c+
e
+

When c1 ∈ C is sent, the adversary can cause confusion at the

e∈E
receiver (more than one possible explanation for y) if and only if
there are error patterns e1, e2 ∈ E and another codeword c2 ∈ C ,
c2 /= c1, satisfying

c1 + e1 = c2 + e2 ⇔ c1 − c2 = e2 − e1

Since C is linear, c1 − c2 is in C ∗and hence the adversary can cause

confusion if and only if E contains two error patterns whose
difference is a nonzero codeword.
59
Error-Correcting Capability (cont’d)

Theore
m
Let E ⊂ F nqbe a set of error patterns and let
∆ E = {e1 − e2 : e1, e2 ∈ E }. An adversary restricted to adding
patterns of E to codewords of a code C cannot cause confusion at
the receiver if and only if ∆ E ∩ C ∗= ∅.
Example: if E consists of the all-zero pattern and all patterns of
Hamming weight one, then ∆ E consists of the all-zero pattern and
all patterns of Hamming weight one or two. Thus C is
single-error-correcting if and only if it contains no nonzero
codewords of weight smaller than 3.

60
Linear Codes: A Quick Summary

A linear (n, k) code over the finite field Fq is a k-dimensional

subspace of Fnq . Such a code C is specified by giving:
• a generator matrix G whose rows form a basis for C ; or
• a parity-check matrix H whose rows form a basis for the dual
code C ⊥ .
Then
C = {uG : u ∈ Fkq } = {c ∈ Fn : cHT = } .
0 q
Every (n, k) linear code over Fq contains qk distinct codewords.
A code C can correct every additive error pattern in a set E if and
only if ∆ E ∩ C ∗ = ∅, where ∆ E = {e1 − e2 : e1, e2 ∈ E }.

61
From Codes to Lattices: Construction A

Definition
The modulo-p-reduction of an integer vector
v = (v1, . . . , vn) ∈ Zn is the vector

v mod p = (v1 mod p, . . . , vn mod p) ∈n

p
F
where F np= { 0, 1, . . . , p − 1} and s mod p = r if s = qp + r
with we think of r simultaneously as an integer residue
0 ≤ r < p. [Here
and as an element of Fp , with the obvious correspondence.]

Definition (Modulo-p Lattices)

The Construction A lifting of a linear (n, k) code C over Fp is the
lattice
ΛC = {x ∈ Zn : x mod p ∈ C };
such a lattice is sometimes called a modulo-p lattice.
62
Properties

Properties of a modulo-p lattice ΛC :

1 pZn ⊆ ΛC ⊆ Zn.
2 For a linear (n, k) code C over Fp , det(ΛC ) = pn−k .
3 Let G be a generator matrix of C and In be the n × n identity
matrix, then ΛC is spanned by the extended n × (n + k)
generator matrix l
G
GΛC= . (1)
pIn
4 If the generator matrix G is of the systematic form
G = [Ik Pk×(n−k)], then the extended generator matrix (1) can
be reduced to a standard n × n generator matrix for ΛC
l
I P
GΛC= k k×(n−k) .
0
pIn−k

63
Nested Construction A

Consider two linear codes C1, C2 over Fp with C2 ⊂ C1. By lifting

the nested codes to Rn using Construction A, we generate nested
Construction A lattices
ΛC n
1 = {x ∈ Z | x mod p ∈ C 1 }, and

ΛC n
2 = {x ∈ Z | x mod p ∈ C 2 }.

64
Properties

Properties of nested-Construction-A lattices ΛC1 , ΛC2 :

1 pZn ⊆ ΛC ⊂ ΛC ⊆ Zn.
2 1
2 Let C i be a linear (n, ki ) code over Fp , then det(ΛC ) = pn−ki .
i
3 There exist generator matrices GΛC and GΛC such
that
1
GΛC2= diag(1, . . . , 1,
2
p, . . . , 1
p)GΛC k1−k2

Property 3 is an example of the “diagonal nesting” theorem of Part

1, which follows from the Smith normal form of the nesting matrix
J relates GΛ and GΛ . Used is the fact that det(J) = pk1−k2 ,
that C2
which forces the
C1
invariant factors of J to be (1, 1, . . . , 1, p, p, . . .
, p).

65
Other Constructions

• A myriad of other constructions for lattices exist; see Conway

and Sloane’s SPLAG for Construction B and Construction D.
• There are a host of number-theoretic constructions for lattices
(some of them useful in space-time coding); see papers by J.-C.
Belfiore, E. Viterbo, M. O. Damen, among many others.
• There are so-called “low-density lattice codes”; see papers by
N. Sommer, M. Feder, O. Shalvi, and others.
For our purposes in this tutorial, Construction A will suffice.

66
Balanced Families

Definition
A family B of (n, k) linear codes over a finite field F is called
balanced if every nonzero vector in Fn appears in the same number,
N B , of codes from B.
For example, the set of all linear (n, k) codes is a balanced family.
degree N B degree qk − 1




 ···
 
vectors  |B| codes
··
. ..
 . · 
qn − 1 nonzero 
 


Edge balance: (q n− 1)N B = (qk− 1)|B|

68
Basic Averaging Lemma
Basic averaging lemma
Let f : F nq→ C be an arbitrary complex-valued function. Then

1 f (w) = q − 1
k
f (2)
|B| (v). n∗
C ∈B w∈C ∗ qn − 1 q

v∈(F )

Proof: Label each edge of the bipartite graph incident on circular

node v with f (v ). Summing the labels over all edges incident on
circular nodes is equivalent to summing over all edges incident on
square nodes, which implies that

NB f (v ) = f (w ).
v n∗
q C ∈B w ∈C
∈(F ) ∗

Then (2) follows by substituting for N B from the edge-balance

condition.
69
First Application: Gilbert-Varshamov-like Bound
Let A ⊂ Fnqbe given, and, for v ∈ (F )qn,∗define

1 if v ∈ A,
f (v)
= 0
otherwise.
Then

f (v) = |A∗| and f (w) |C ∗ ∩ A|

v∈(Fnq )∗ w∈C =
∗ ,
inte rsec ti on c
for any code C of length n. ount
The basic averaging lemma for any balanced family B of (n, k)
linear codes gives
1 qk − 1 ∗
|C ∗∩ A| = |A |
|B| qn− 1
C ∈B

a vg. inters e ction cou

nt
70
First Application (cont’d)

Now if
qk − 1 ∗
|A | < 1
qn− 1
then the average intersection count is < 1. But since |C ∗∩ A| is an
integer, this would mean that B contains at least one code with
C ∗ ∩ A = ∅.
• Setting A = ∆ E , we see that qn −1 |∆E ∗| < 1, or more
k

q −1
if
loosely if n−k
|∆E | < q ,
then B contains at least one (n, k) linear code that can correct
all additive errors in a set E .
• For example setting E to a Hamming ball yields (essentially)
the Gilbert-Varshamov bound.

71
Constructing mod-p Lattices of Constant Volume
It is natural to construct a family of lattices in fixed dimension n,
with a fixed determinant V f , using lifted (n, k) codes with fixed k,
where 0 < k < n. Free parameter: p.
Unscaled Construction A, lifting code C over Fp , gives
pZn ⊂ ΛC ⊂ Zn
det=p n
de t= p n det

We scale everything by γ > 0,−where

k
=1 = V
γ np n−k f
(†).
• From (†), as p → ∞ we must have γ → 0.
• Since (γp)n = pk V f , we have γp → ∞ as p → ∞.

After scaling by γ we have:

γpZn ⊂ γΛC ⊂ γZn

det= (γ p )n d et = V f det = γ n

→∞ →0
72
Example: Lifting ((1, 1)) mod p with fixed Vf

γp/2

γp/ 2
-γp/2

-γp/2
p= 2 p= 3
General case
As p → ∞:
• fine lattice γZn grows
increasingly “fine”
• Voronoi region of
coarse lattice γpZn
grows increasingly
p=5 p = 23 large
Yellow-shaded region: V(γpZ2)
73
Minkowski-Hlawka Theorem

Minkowski-Hlawka Theorem
Let f be a Riemann integrable function Rn → R of bounded support
(i.e., f (v) = 0 if l v l exceeds some bound). Then, for any integer k,
0 < k < n, and any fixed V f , the approximation
1
f (w) ≈ Vf−1 f
|B|
C ∈B Rn (v)dv
w∈γΛ∗C
where B is any balanced family of linear (n, k) codes over Fp ,
becomes exact in the limit as p → ∞, γ → 0 with γn pn−k = V f
fixed.

74
Minkowski-Hlawka Theorem: A Proof
Let V be the Voronoi region of γpZn. Then, when p is sufficiently
large (so that supp(f ) ⊆ V),
1 1
f (w) = f (w) supp(f ) ⊆
|B| V |B|
C ∈B C ∈B w∈(γΛ C ∗ ∩V)

= p − 1
w∈γΛ∗C k
f averaging lemma
pn − 1
v∈((γZn )∗∩V) (v)
= p − 1 γ−n
k
n
f multiply by unity
pn − 1
v∈((γZn )∗∩V) (v)γ
k−n −n
→ p γ f (v)dv sum → integral
Rn

= V f−1 f
Rn (v)dv.

75
Minkowski-Hlawka Theorem: Equivalent Form
Theorem
Let E be a bounded subset of Rn that is Jordan-measurable (i.e.,
Vol(E ) is the Riemann integral of the indicator function of E ); let k
be an integer such that 0 < k < n and let V f be a positive real
number. Then the approximation
1
|γΛ∗
C∩ E | ≈ Vol(E )/ V f
|B| C ∈B

where B is any balanced family of linear (n, k) codes over Fp ,

becomes exact in the limit p → ∞, γ → 0 with γn pn−k = V f fixed.
Proof of “ ⇒ ”: Let f be the indicator function for E (i.e., f (v ) = 1
if v ∈ E and f (v ) = 0 otherwise). (The other direction is left as
exercise.)
an
Note: if Vol(E )/V f < 1 then there exists a lattice Λ with
det(Λ) = V f and |Λ∗ ∩ E | = 0.
76
“Good” Lattices

To illustrate the application of the Minkowski-Hlawka Theorem, we

now show that “good” lattices exist for packing and modulation in
n dimensions (existence) and that, as n → ∞, a random choice
(from an appropriate ensemble) is highly likely to be good
(concentration).

77
Goodness for Packing

Theore
m
For any n > 1 and any E> 0, there exists a lattice Λn of dimension
n such that
rpack n
ρpack (Λn) = (Λ ) ≥
reff (Λn) . 2(1 +
1
E)

78
Lower Bound on Packing Radius

|Λ∗ ∩ Br | = 0 ⇒ dmin(Λ) ≥ r ⇒ rpack(Λ) ≥ r/2

)Λ
r

in (
m
Br
d

Λ∗

79
Goodness for Packing: A Proof

For any n > 1 and any E> 0, let Br be the ball with
n
n
Vol(Br ) = r V n = V f /(1 + E) < V f .

Then, 1
|γΛ∗∩ B | → Vol(B )/ V < 1.
|B| C ∈B C r r f

Hence, there exists a lattice Λn with |Λ∗n∩ Br | = 0. This means that

rpack(Λn) ≥ r/2.

✓
On the other hand, reff (Λn) = n V f /V n = r (1 + E). Hence,
rpack (Λn ) 1
ρpack (Λn) = ≥
reff (Λn) . 2(1 +
E)
80
From Existence to Concentration

Concentration for Large n

Let Λn be a random lattice of dimension n uniformly distributed
over {γΛ∗C | C ∈ B}. Then,

Pr[Λn is good for packing] → 1,

as n → ∞.
Proof: Recall that 1 |γΛ∗∩ B |r→ (1/(1 + E)) n, as p → ∞ .
|B| C ∈B C
Consider the random variable |Λ ∗
n∩ B |,r where Λ isnuniform over
{γΛ∗C | C ∈ B}. By Markov’s inequality,

E [|Λ∗
n ∩ B r|] 1
Pr[|Λ∗
n∩ B |r ≥ 1] ≤ = |γΛ∗
C∩ B |.r
1 |B|
C
∈B
Hence, Pr[|Λ∗n ∩ B r | ≥ 1] → 0, as n →
∞. 81
Goodness for Modulation

Theorem
There exists a sequence of lattices Λn such that for all 0 < Pe < 1,
µ(Λn, Pe ) → 2πe, as n → ∞.

82
Upper Bound on the Error Probability
For a specific (non-random) lattice Λ, the error probability Pe (Λ) is
upper bounded by

Pe (Λ) ≤ Pr[z ∈/ Br ] + fr (v )|Λ∗ ∩ (v + Br )|dv,

Br

where fr (v ) = fz(v | {z ∈ B r }) is the conditional pdf.

83
Average Error Probability P¯e

1
Pe
� Pe (γΛC )
|B| C ∈B
¯
1
≤ Pr[z ∈/ Br ] fr (v )|(γΛC )∗ ∩ (v + B r )|
+ |B| C ∈B
(B r dv
1
= Pr[z / Br ] + fr |(γΛC )∗ ∩ (v + Br )|
∈ (v ) |B| C ∈B dv
Br

→ Pr[z ∈/ B r ] + B r fr (v ) (Vol(Br )/V f )

= Pr[z ∈/ Br ] +
dv
Vol(B )/V f √
The typical r“noise radius” rnoise =
nσ2.
Claim:
If rnoise = ref f
1+ for some E> 0, then ¯Pe → 0, as n → ∞ .
84
Average Error Probability P¯e (Cont’d)
Proof of the Claim: On the last slide we had

P¯e < Pr[z ∈/ Br ] + Vol(Br )/V f .

If rnoise = reff /(1 + E), then there exist Er1, E2> 0 such that
ef
rnoise f
= (1 + E1)(1 +
. 2)
Now, we set r = reff /(1 + E1).EThen rnoise = r/(1 + E2),
( )n ( ) n
Vol(B r ) r 1
= = , and
Vf 1+
reff
E1
Pr[z ∈/ Br ] = Pr[lzl > r ]
2
2
= Pr[lzl /n
> r /n]
2
2
2 85
Goodness for Modulation: A Proof

Recall that the normalized volume to noise ratio

det(Λ)2/n
µ(Λ, Pe ) = .
σ2(P e)

For any target error probability δ > 0, if we set rnoise = reff /(1 + E)
for some E> 0, then P¯ ≤ δ for sufficiently large n. Hence, there
exists a lattice Λn with Pee (Λ ) ≤ δ and σ2 (δ) ≥ noise
r
2
/ n. n
Therefore,

2/n 2/n 2
µ(Λn, δ) = V f ≤ Vf = nVn2/n r 2ef f → 2πe(1 + E)
σ2(δ) rnoise
2 /n r 2 .
noise
The theorem follows because we can make Earbitrarily small.

86
From Existence to Concentration
Concentration for Large n
Let Λn be a random lattice of dimension n uniformly distributed
over {γΛ∗C | C ∈ B}. Then,

Pr[Λn is good for modulation] → 1,

as n → ∞.

Proof: For any target error probability δ > 0 and any large L > 0, if
we set rnoise = reff /(1 + E) for some E> 0, then P¯e≤ δ/L for
sufficiently very large n.
Consider the random variable Pe (Λn), where Λn is uniform over
{γΛ∗C | C ∈ B}. By Markov’s inequality,
E [Pe (Λn)] P¯ 1
Pr[Pe (Λn) ≥ δ] ≤ = ≤ .
δ L
e
Hence, with probability at least 1 − 1/L, Λn has Pe (Λn) ≤ δ and
σ2 (δ) ≥ rnoise δ
2 87
Simultaneous Goodness

Theorem
Let Λn be a random lattice of dimension n uniformly distributed
over {γΛ∗C | C ∈ B}. Then for any 0 < Pe < 1 and any E> 0,
l
1
Pr ρpack(Λn) ≥ and µ(Λ n, P ) ≤ 2πe(1 + E) →
2(1 +
1 e
E)
as n → ∞.
Proof: a union-bound argument.

88
Goodness of Nested Lattices

• Previously, the use of the Minkowski-Hlawka Theorem, together

with a balanced family of linear codes, proves the existence and
concentration of “good” lattices.
• This naturally extends to nested lattices, if nested Construction
A is applied to some appropriate linear-code ensemble.
• For example, let B be the set of all linear (n, k) codes, and let
Bt be the set of all linear (n, kt) codes with kt < k. Then, for
all possible linear codes C1 ∈ B, C2 ∈ Bt with C2 ⊂ C1, we
generate corresponding nested-Construction-A lattices ΛC1 and
ΛC 2 .
• This ensemble allows us to prove the existence and
concentration of “good” nested lattices for packing and
modulation.

89
Nested Lattices Good for (Almost) Everything

In fact, with a refined argument, one can prove that, with high
probability, both Λn and Λtn are simultaneously good for packing,
modulation, covering, and quantization.
Remark 1: goodness for covering implies goodness for quantization
Remark 2: in order to prove the goodness for covering, we need
some constraints on k and kt of the underlying linear codes. This is
beyond the scope of this tutorial.

90
Practical Ensembles of Lattices
For linear codes, practical ensembles include Turbo codes, LDPC
codes, Polar codes, Spatially-Coupled LDPC codes.
What about their lattice versions?
• LDPC Lattices: M-R. Sadeghi, A. H. Banihashemi, and D.
Panario, 2006
• Low-Density Lattice Codes: N. Sommer, M. Feder, and O.
Shalvi, 2008
• Low-Density Integer Lattices: N. Di Pietro, J. J. Boutros, G.
Z´emor, and L. Brunel, 2012
• Turbo Lattices: A. Sakzad, M.-R. Sadeghi, and D. Panario,
2012
• Polar Lattices: Y. Yan, C. Ling, and X. Wu, 2013
• Spatially-Coupled Low-Density Lattices: A. Vem, Y.-C.
Huang,
K. Narayanan, and H. Pfister, 2014
91
Towards a Unified Framework

A unified framework
It is possible to generalize the balanced families to “almost
balanced” families so that goodness of some (practical) linear codes
over Fp implies goodness of lattices.

For goodness of linear LDPC codes, see, e.g.,

• U. Erez and G. Miller. The ML decoding performance of LDPC
ensembles over Zq . IEEE Trans. Inform. Theory, 51:1871–
1879, May 2005.
• G. Como and F. Fagnani. Average spectra and minimum
distances of LDPC codes over abelian groups. SIAM J.
Discrete Math., 23:19–53, 2008.
• S. Yang, T. Honold, Y. Chen, Z. Zhang, and P. Qiu. Weight
distributions of regular LDPC codes over finite fields. IEEE
Trans. Inform. Theory, 57:7507–7521, Nov. 2011.
92
Nested Lattice Codes — Voronoi Constellations
For Λt ⊂ Λ, define a finite codebook—a Voronoi constellation—via
Λ ∩ V(Λt).

• Λ is the “fine lattice”

• Λt is the “shaping lattice”
• The points of the
constellation are coset
representatives of Λ/Λt ; it
is often convenient to
have a “linear labelling”
achieved via diagonal
nesting.

93
Encoding

Encoding is convenient when we have diagonal nesting (as is always

possible), and
GΛI = diag(c1, c2, . . . , cn)GΛ
Then we encode a message m ∈ Zc1 × Zc2 × · · · × Zcn to mGΛ,
subtracting the nearest point of Λt, i.e.,
(NN)
m 1→ mGΛ mod Λt � mG Λ
− QI
Λ
(mG ). Λ
The result is always a point in V(Λt).

94
Encoding with a Random Dither

Let u be continuously and uniformly distributed over V(Λt). (In

transmission applications, u is pseudorandom and known to both
transmitter and receiver.) We add u to λ ∈ Λ prior to implementing
the mod Λt operation.
Purpose of dither: to control the average power
Let

x = [λ + u] mod
Λt= λ + u − Q (λ +
Λ I
u) NN
Clearly, x ∈ V(Λt), and we will now show that in fact x is uniformly
distributed and hence has
1
E [lxl2 ] = σ2(Λt).
n

95
The Role of the Random Dither

Crypto Lemma
If the dither u is uniform over the Voronoi region V(Λt ) and
independent of λ, then x = [λ + u] mod Λt is uniform over V(Λt),
independent of λ.
Hence, n1 E xl ] = σ2(Λ ).
t
[l practice
In 2 one often uses a non-random dither chosen to achieve a

transmitted signal with zero mean.

96
Decoding
A sensible (though suboptimal) decoding rule at the output of a
Gaussian noise channel:
• Given y, map y − u to the nearest point of the fine lattice
Λ.
• Reduce mod Λt if necessary.
λˆ = Q NN
Λ (y − u) mod
t

Λ
Understanding the decoding: Let λ t = Q NN (λ + u).
ΛI
Then,
y− u=x+ z−
u = λ + u − λt +z −
u x
= λ + z − λt
Hence, λˆ = λ if and only if QNN ∈ Λ t . Therefore,
Λ
(z) NN
/ Λ ] ≤ Pr[QNN
Λ (z) /= 0] = ∈/
Pr[λˆ /= λ] = Pr[QΛ
t (z)
Pr[z V(Λ)].
∈ 97
Rate versus SNR

R = 1 log2
det(Λt)
n
det(Λ)(
1 det(Λt )2/n
=
det(Λ)2/n
log2 ( )
2
1 σ2 (Λt )/G (Λt)
σ2(P e) · µ(Λ, P )
= ( 2 e )
1 σ (Λ ) ( t
log2 t
2 1
σ (P e)
2 − log 2 G (Λ ) · µ(Λ, P e )
( ) 2 ( )
P ( t 1 µ(Λ, Pe )
= − log2 2πeG (Λ ) − .
2 2 N 1 2 2 2π
loglog log
2
2 2 e
shapi n g codin g
1 loss loss

99
Summary of Nested Lattice Codes

For a specific nested lattice code with Λt ⊂ Λ,

( ) ( )
1 P ( 1 µ(Λ, Pe )
R = 2 − log2 2πeG (Λt ) − 2 .
1
2 N 2 2π
log log
2 e
shapi n g codin g
loss loss
IfΛtis good for quantization (i.e., G (Λt 1
) → 2π ) and Λ is good
for
modulation (i.e., µ(Λ, Pe ) → 2πe), then both
e losses → 0.

Recall that G (Zn) = 1/12. Hence, the uncoded transmission has a

shaping loss of 12 log2(2πe/12) ≈
0.254. (
Compared to R = 12 log2 1 + NP , what about the “1+” term?
–
see Part 5!

100
Outline

1 AWGN Channel Coding

2 Dirty-Paper Coding
3 Two-Way Relay Channel
4 Compute-and-Forward
5 Successive Compute-and-Forward

102
AWGN Channel Coding

input output
x + y= x+
z
z
y = x + z, where zi ∼ N(0, N), independent components,
and independent of x.
Average power constraint: n1 E l ] ≤ P.
[lx 2

C AWG = log2 1 +N
N 2

103
Key Intuition (Erez&Zamir’04)

Intuition: consider Y = X + Z , where X ∼ N(0, 1) and

Z ∼ N(0, 10). Taking Y as an estimate of X would give us an MSE
ten times larger than the variance of X !

If we use αY as an estimate, then the estimation error is

αY − X = α(X + Z ) − X = (α − 1)X + αZ,

with MSE(α) = (α − 1)2 · 1 + α2 · 10.

In fact, the optimal α∗ (i.e., the MMSE coefficient) is

1/11, and

MSE(α∗) = 110/121 < 1.

This shows the value of prior information!

Lesson Learned: we should use prior information in 104

Encoding with a Random Dither

The encoding is the same as before.

x = [λ + u] mod Λt
= λ + u − QNN (λ +
ΛI
u)
Clearly, x ∈ V(Λ t ) and n E l 2] = σ2(Λ ).
t
[lx 1

105
Decoding with the MMSE Estimator

(NN)
y ×
+ QΛ mod Λt
λˆ
α −u

λˆ = Q NN
Λ (αy − u) mod
Λt ,
where α is the MMSE coefficient.
Note that when α = 1, it reduces to our previous case.

106
Error Probability
Let λ t = Q NN (λ + u).
ΛI
Then,
αy − u = α(x + z) −
u = α(λ + u − λt +z) −
u x
= λ + (α − 1)(λ + u − λt ) + αz −
λt λ + (α − 1)x + αz
=
−λ t

Hence, λˆ = λ if and only if QΛNN (nα) ∈ Λ . Therefore,

t

Pe � Pr[λˆ /=
NN t
λ] = Pr[QΛ α ) ∈/
(n Λ]
≤ Pr[QNN
Λ (nα) /= 0]

= Pr[nα ∈/ V(Λ)].

107
The Role of the MMSE Estimator
The effective channel noise is nα (instead of z), and the second
moment per dimension of nα is
1
σ2(nα ) � E 2
αl ]
n
[ln 2 2
22
= (α − 1) σ (x) + α σ (z)
2
2
= (α − 1) P + α N.

The optimal α∗ = P2/ ( P + N),PN

and
σ (nα∗ ) = < min{P, N}.
P +N

Now, the achievable rate) (

P 1 P )
= 1
1
2 2
σ2(nα∗ ) 2 2 PN 2 2
N
R = log log P +N P
= log 1+
. 108
Caution

Previous argument is heuristic, since nα∗ is not Gaussian...

To address this issue, we only need to prove that

Pr[lnα∗ l 2 /n > σ2(nα∗ )(1 + E2)2] → 0,

as n → ∞.
This can be done with some additional steps.

109
Dirty-Paper Coding
S

m TX + RX m
X Y ˆ
Z
In the dirty-paper channel Y = X + S + Z , where Z is an
unknown additive noise, and S is an interference signal known to
the transmitter but not to the receiver.
The channel input satisfies an average power constraint:
2
E l x l ≤ nP.
If S and Z are statistically independent Gaussian variables, then the
channel capacity
1 P
CDP = AWG = log2 () 1 +
C N . 2 N
110
Encoding

−α ×

λ + mod Λt x

x = [λ + u − αs] mod
Λt

111
Decoding

(NN)
y ×
+ QΛ mod Λt
λˆ
α −u

λˆ = Q NN
Λ (αy − u) mod
Λt ,
where α is the MMSE coefficient.

112
Error Probability

Let λ t = Q NN (λ + u − αs).
ΛI
Then,
αy − u = α(x + s + z) −
u = α(λ + u − αs − λt +s + z) −
u x
= λ + (α − 1)(λ + u − αs − λ t ) + αz −
λt λ + (α − 1)x + αz
=
−λ t

Once again, λˆ = λ if and only if QNN

Λ (nα) ∈ Λ . Therefore,
t

Pe � Pr[λˆ /= λ] ≤ Pr[nα ∈/
V(Λ)].

113
Achievable Rate

Recall that nα = (α − 1)x + αz with

σ2(nα) = (α − 1)2P + α 2 N.

Once again, the optimal α∗ = P / ( P + N) and

2 PN
σ (nα∗ ) = .
P + N

Hence, the achievable rate

P 1 P
) = log ( 1 + )
R = 2 log2 σ2(nα∗ ) . 2
2
N

114
Gaussian Two-Way Relay Channel
Y MAC Relay
X2
Z +
X1
Y1 X BC Y2
λ1 User 1 + + User 2 λ2

Z1 Z2
λˆ λˆ
2 1
YMAC = X1 + X2 + Z Y1 = XBC + Z1 Y2 = XBC
+ Z2
where Z ∼ N(0, N), Z1 ∼ N(0, N1), and Z2 ∼ N(0, N2).
1 power
Average 1 2
E [lx1 l 2 ] constraints:
≤ P , E x2 l 2 ] ≤ P2 , and E [l xBC l
1 1 ]≤ P .
[l n BC
n
For simplicity, we first consider the symmetric case P1 = P2 = PBC
and Nn 1 = N2 = N. 115
Transmission Strategy

Two-phase transmission strategy:

1 1st phase: the relay recovers

λ = [λ1 + λ2] mod Λt

from the received signal yMAC.

2 2nd phase: the relay broadcasts λ to both
nodes.
3 Clearly, λ1 = [λ − λ2] mod Λt and λ2 = [λ −
λ1] mod Λt.

116
1st Phase

Encoding
:

x1 = [λ1 + u1] mod Λt

x2 = [λ2 + u2] mod Λt

Decoding:

λˆ = Q NN
Λ (αy − 1− u ) mod
u 2 Λt

117
1st Phase: Error Probability

Let λ ti = Q NN (λ + u ) for i = 1, 2. Then,

Λ I i
i
αy − u1 − u2 = α(x1 + x2 + z) − u1 −
u2 = α( (λ + u − λ t) +z) − u1 −
i i i
u i i
2
x

= λ + λ + (α − 1) (λ + u − λ t) + αz − λt1 − t
1 2 i i i
λ i 2
t
= λ1 + λ2 + (α − 1)(x1 + x2) + αz −λ 1 −
λ t2 .
t NN
Note that λ=ˆ [λ1 + λ2] mod Λ ift and only if Q Λ (nα ) ∈ Λ .
Hence,
Pe ≤ Pr[nα ∈ V(Λ)].

118
1st Phase: Achievable Rate

Note that

(
σ2(na) = (α −1) 2 σ2(x1) + σ2(x2) + α2σ2(z) = (α −1) 2 2P +
α 2 N.

The optimal α∗ = 2P/(2P2 + N) and 2PN

σ (nα∗ ) = .
2P + N

Hence, the achievable rate )

1 1 P
2 = log
2 + .
2
P σ2(nα∗ ) 2 2 N
R = log

119
Summary of the Symmetric Case

Since decoding in 1st phase is “harder” than the 2nd phase, we

have the following achievable rate
1 P
1 2 +
2 2
1 2 N
R (.
In this case, the cut-set bound == R12 log2 1 + PN
. =
The achievable rate approaches the cut-set bound at high
log
SNR!

120
Asymmetric Powers
Recall that the channel model is

YMAC = X1 + X2 + Z
Y1 = XBC + Z1
Y2 = XBC + Z2

where Z ∼ N(0, N), Z1 ∼ N(0, N1), and Z2

∼ N(0, N2).
1
Asymmetric 1 2
E [lx1power
l 2 ] ≤ Pconstraints:
, E x2 l 2 ] ≤ P2 , and E [lxBC BC .
1 1 l ]≤ P n
[l n
n
Symmetric noise variance:

N1 = N2 = N

Key idea: use the same fine lattice at both users but different
coarse lattices, each sized to meet its user’s power constraint
121
A Triple of Nested Lattices

Λ t1 ⊂ Λ t 2 ⊂ Λ
with
σ2(Λt1) = P1 and σ2(Λt2) = P2 ,
1 det(Λ1t ) 1
R 1 = log2 and R2 det(Λ2t )
n det(Λ) = log2
n
det(Λ)

122
1st Phase: Encodng

x1 = [λ1 + u1] mod

x2 = [λ2 + Λt1 mod

Clearly, u2 ] Λt 2
1
E [lx l 2t ] = σ2 (Λ ) = P
n i i i
.

123
1st Phase: Decoding

λˆ = Q NN
Λ (αy − u 1 − u ) mod
Λt 1 2
To understand the decoding, let λ ti = QNN (λ + u ) for i = 1,
Λ Ii i
2.
Then, once again, i

αy − u1 − u2 = λ1 + λ2 + nα − λt1 − λt2,

where
nα � (α − 1)(x1 + x2) + αz.
Let λ = [λ1 + λ2 − λt2] mod Λt1. Then,
λˆ = λ if and only if QNN t
Λ (nα) ∈ Λ 1.

124
1st Phase: Achievable Rates

Note that

(
σ2(na) = (α−1)2 σ2(x1) + σ2(x2) +α2σ2(z) = (α−1)2 (P 1 +P 2 )+α 2 N.

The optimal α∗ = (P1 + P 2 )/(P 1 + P2 + N) and

2 (P1 + P 2 )N .
σ (nα∗ ) = 1 + P + N
P
2
Hence, λ = [λ1 + λ2 − λt2] mod Λt1 can be decoded reliably if
( ) ( )
1 P1 1 P1 P
R1 ≤ = +
2 2 σ2(nα∗ ) 2 2 P1 +1 P2 N
log ( ) log ( )
1 P2 1 P2 P
R2 ≤ = +
2 2 σ2(nα∗ ) 2
P1 +2 P2 N
log log
2

125
2nd Phase: Coding Scheme

Encoding: The relay sends

λ = [λ1 + λ2 − λt2]
mod Λt1.

Decoding: Upon decoding λ, node 1 recovers λ2 and node 2

recovers λ1.
This is feasible, because
[λ − λ ] mod Λt = λ
1 2 2

and
[λ − λ2 + λt2] mod Λt1 = λ1 .

126
2nd Phase: Achievable Rates

λ = [λ1 + λ2 − λt2] mod Λt1 can be decoded reliably if

( )
1 PBC
R , R ≤ log 1 .
1 2 2 N
+2

127
Asymmetric Powers: A Summary

The achievable rate region (R1, R2) is the intersection of the

previous two regions:
( ) ( )
1 P1 P 1 P BC
R 1 ≤ min + , log2 1
2 2 P1 +1 P2 N 2 N
log ( ) + ( )
1 P2 P 1 P BC
R ≤ min + , log2 1
2
log 2 P1 +2 P2 N 2
+
N
2
The above region turns out to be within half a bit of the cut-set
bound. See [Nam–Chung–Lee, IT 2010].

128
Compute-and-Forward

X1 Y1 R0
User 1 Relay 1

X2 Y2 R0
User 2 Channel Relay 2 Dest.

X3 Y3 R0
User 3 Relay 3

L
Yk = hkX + Z k
=1

Assume symmetric power constraint, due to hk .

Previously, the relay is interested in the sum of the transmitted
codewords. Here, we expand the class of functions to include integer
linear combinations of codewords.

129
Encoding

For each transmitter

x = [λ + u ]

mod Λt

130
Relay Decoding

( L
ˆt k = NN
QΛ αk yk − ak u mod Λt
=1

131
Error Probability
Let λ t = Q NN
I
(λ + u ) for = 1, . . . , L. Then,
Λ

α k yk − k u
a
(
= αk hk x + z − ak u
 
 
= αk  hk (λ + u − λ t ) + z − ak u

x

= ak λ + (α h − a )(λ + u − λ t) + α z − ak λ t
k k k k

t k = t k � [ ak λ ] mod Λt if and only if QΛNN (nα k ) ∈

Hence, ˆ
t
Λ.
Therefore, Pe (t k ) ≤ Pr[nαk ∈ V(Λ)].
132
Achievable Rate

Recall that nαk = (α k h k − ak )x + α k z with

σ2(nα k ) = (α k hk − ak ) 2σ (x
2 2 2
) + α kσ (z)

= (α h − a ) 22P + α N
k k k k

Pa hT
The optimal α∗k = PIh k kI 2 +N
k
, where ak = (ak1, . . . , akL)
hk = (hk1, . . . , hkL), and
and
P2 (ak hkT )2
σ2(nα ∗k ) = P l akl 2− .
P l h k l 2+ N

Hence, t k � [ ak λ ] mod Λt can be decoded reliably if

1 P
R ≤ 2(
log 2 σ2(n αk∗ )

133
Decoding at the Destination

Each relay k sends the label of t k to the destination.

The destination solves a system of linear equations of labels →
network coding

134
Decoding at the Destination (Cont’d)

The integer coefficients ak should be chosen by the relays such that

A = {a k } is full rank over Fp .
The overall achievable rate

1 2 P 12 , R0
P R 2 ≤ min σ2(n
log
α1∗ ) 2 ,...σ
, 2(nαL∗ )
log

135
Finding the Best Integer Coefficients

Problem formulation:

maximize R
(
1 P
subject to ∀k : R ≤ 2
log 2 σ2(nαk∗ )
R ≤ R0
A = {a k } is full rank over Fp

A greedy solution: each relay k minimizes σ2 (n

α∗
k
) subject to k /=
a 0

136
Finding the Best Integer Coefficients (Cont’d)

Note that

P2 (ak hkT )2
σ22(nα ∗k ) = P l ak l −
P l h kl 2+ N
 

 P2
= ak  P I L − hT h  aTk .
 P l h kl 2+ N k k 

k
M

Since M k is Hermitian and positive definite, it has a unique

Cholesky decomposition M k = Lk LTk . Hence,
σ2(nα∗ ) = ak M k aT = ak Lk LT aT = la k Lk l 2 .
k k k k

So, minimize la k Lk l subject to ak /= 0 ⇒ shortest vector problem

137
Compute-and-Forward: A Summary

Achievable rate:
( (
1
1 , R0
σ2(nα1∗ ) , . . . , 2 log σ2(nα∗L )
2
A P2 2 ,
R ≤ min log
where A is full rank. P

A greedy solution: relay k minimize la k Lk l subject to ak /= 0.

138
Successive Compute-and-Forward

Consider the case of two transmitters and two relays.

Relay k recovers ak1λ1 + ak2λ2 mod Λt as described before.
However, the matrix
l
a11
A = 12 is singular.
a
a21
So, some relay should compute
a22 another integer linear combination.
A similar analysis, using the same by-now familiar tools, ensues!

139
Conclusion

1 Fundamentals
2 Packing, Covering, Quantization, Modulation

3 Lattices and Linear Codes

4 Asymptopia

5 Communications Applications
Lattices give a structured approach to Gaussian information theory
problems, though the asymptotic results are still based on
random-(linear)-coding arguments.
Much work can be done in applying these tools to new problems,
and searching for constructions having tractable implementation
complexity.

140
Bibliography

Fundamentals of Lattices
1 J. W. H. Cassels. An Introduction to the Geometry of
Numbers. Springer, 1971.
2 J. H. Conway and N. J. A. Sloane. Sphere Packings, Lattices
and Groups. Springer-Verlag, New York, 3rd Ed., 1999.
3 P. M. Gruber and C. G. Lekkerkerker. Geometry of Numbers.
North-Holland Mathematical Library, Vol. 37, 1987.
4 D. Micciancio and S. Goldwasser. Complexity of Lattice
Problems: A Cryptographic Perspective. Kluwer, 2002.
5 V. Vaikuntanathan. Lattices in Computer Science. Class notes
at the University of Toronto.
6 R. Zamir. Lattice Coding for Signals and Networks. Cambridge
University Press, Cambridge, 2014.

141
Bibliography (Cont’d)
Asymptotically-Good Lattices
1 U. Erez, S. Litsyn, and R. Zamir. Lattices which are good for
(almost) everything. IEEE Trans. Inform. Theory, 51:3401–
3416, Oct. 2005.
2 G. D. Forney, M. D. Trott, and S.-Y. Chung.
Sphere-bound-achieving coset codes and multilevel coset
codes.
IEEE Trans. Inform. Theory, 46:820–850, May 2000.
3 H. A. Loeliger. Averaging bounds for lattices and linear
codes.
IEEE Trans. Inform. Theory, 43:1767–1773, Nov. 1997.
4 O. Ordentlich and U. Erez. A simple proof for the existence of
good pairs of nested lattices. In Proc. of IEEEI, 2012.
5 N. D. Pietro. On Infinite and Finite Lattice Constellations for
the Additive White Gaussian Noise Channel. PhD Thesis,
2014.
142
Bibliography (Cont’d)

Applications of Lattices
1 U. Erez, S. Shamai (Shitz), and R. Zamir. Capacity and lattice
strategies for cancelling known interference. IEEE Trans.
Inform. Theory, 51:3820–3833, Nov. 2005.
2 U. Erez and R. Zamir. Achieving 1/2 log(1 + SNR) on
the AWGN channel with lattice encoding and decoding.
IEEE Trans. Inform. Theory, 50:2293–2314, Oct. 2004.
3 B. Nazer and M. Gastpar. Compute-and-forward: harnessing
interference through structured codes. IEEE Trans. Inform.
Theory, 57:6463–6486, Oct. 2011.
4 M. P. Wilson, K. Narayanan, H. Pfister, and A. Sprintson.
Joint physical layer coding and network coding for bidirectional
relaying. IEEE Trans. Inform. Theory, 56:5641–5654, Nov.
2010.

143
Bibliography (Cont’d)
More on Applications of Lattices
1 C. Feng, D. Silva, and F. R. Kschischang. An algebraic
approach to physical-layer network coding. IEEE Trans. Inform.
Theory, 59:7576–7596, Nov. 2013.
2 W. Nam, S.-Y. Chung, and Y. H. Lee. Capacity of the
Gaussian two-way relay channel to within 1/2 bit. IEEE Trans.
Inform. Theory, 56:5488–5494, Nov. 2010.
3 B. Nazer. Successive compute-and-forward. In Proc. of IZS,
2012.
4 R. Zamir, S. Shamai, and U. Erez. Nested linear/lattice codes
for structured multiterminal binning. IEEE Trans. Inform.
Theory, 48:1250–1276, Jun. 2002.
5 J. Zhu and M. Gastpar. Multiple access via
compute-and-forward. submitted to IEEE Trans. Inform.
Theory, Jul. 2014.
144