Bases and Dimension

Section 15 Bases and Dimension

Focus Questions

By the end of this section, you should be able to give precise and thorough answers to the questions listed below. You may want to keep these questions in mind to focus your thoughts as you complete the section

What is the dimension of a subspace of \(\R^n\text{?}\) What property of bases makes the dimension a well-defined number?
If \(W\) is a subspace of \(\R^n\) with dimension \(k\text{,}\) what must be true about any linearly independent subset \(S\) of \(W\) that contains exactly \(k\) vectors?
If \(W\) is a subspace of \(\R^n\) with dimension \(k\text{,}\) what must be true about any subset \(S\) of \(W\) that contains exactly \(k\) vectors and spans \(W\text{?}\)
What is the rank of a matrix?
What does the Rank-Nullity Theorem say?

Subsection Application: Lattice Based Cryptography

When you use your credit card, you expect that the information that is transmitted is protected so others can't use your card. Similarly, when you create a password for your computer or other devices, you do so with the intention that it will be difficult for others to decipher.

Cryptology is the study of methods to maintain secure communication in the presence of other parties (cryptography), along with the study of breaking codes (cryptanalysis). In essence, cryptology is the art of keeping and breaking secrets. The creation of secure codes (cryptography) can provide confidentiality (ensure that information is available only to the intended recipients), data integrity (prevent data from being altered between the sender and recipient), and authentication (making sure that the information is from the correct source).

Modern cryptology uses mathematical theory that can be implemented with computer hardware and algorithms. The security of public key systems is largely based on mathematical problems that are very difficult to solve. For example, the security of the RSA system relies on the fact that it is computationally difficult to find prime factors of very large numbers, and elliptic curve cryptography relies on the difficulty of the discrete logarithm problem for elliptic curves. However, the continual increase in the power of computers threatens the security of these systems, and so cryptographic systems have to keep adapting to the newest technology. For example, Shor's Algorithm (which could run on a quantum computer) can solve the public key cryptographic systems that rely on the integer factorization problem or the discrete logarithm problem. So if a working quantum computer was ever developed, it would threaten the existing cryptographic systems. Lattice-based cryptography is a potential source of systems that may be secure even in such an environment. The security of these systems is dependent on the fact that the average case of the difficulty of certain problems in lattice theory is higher than the worst case problems that underpin current cryptosystems. As we will see later in this section, lattices are built on bases for subspace of \(\R^n\text{.}\)

Subsection Introduction

A basis provides a system in which we can uniquely represent every vector in the space we are considering. More specifically, every vector in the space can be expressed as a linear combination of the vectors in the basis in a unique way. In order to be able to cover every point in the space, the basis has to span the space. In order to be able to provide a unique coordinate for each point, there should not be any extra vectors in the basis, which is achieved by linear independence of the vectors. For practical reasons, a basis simplifies many problems because we only need to solve the problem for each of the basis vectors. Solutions of the other cases usually follow because every vector in the space can be expressed as a unique linear combination of the basis vectors.

Recall that a basis for a subspace \(W\) of \(\R^n\) is a set of vectors which are linearly independent and which span \(W\text{.}\)

Preview Activity 15.1.

(a)

For each of the following sets of vectors, determine whether the vectors form a basis of \(\R^3\text{.}\) Use any appropriate technology for your computations.

(i)

\(\left\{\left[ \begin{array}{c} 1\\0\\0 \end{array} \right],\left[ \begin{array}{c} 1\\1\\ 0 \end{array} \right], \left[ \begin{array}{c} 1\\1\\1 \end{array} \right]\right\}\)

(ii)

\(\left\{\left[ \begin{array}{c} 1\\0\\1 \end{array} \right],\left[ \begin{array}{c} 1\\1\\ 0 \end{array} \right], \left[ \begin{array}{c} 2\\3\\1 \end{array} \right]\right\}\)

(iii)

\(\left\{\left[ \begin{array}{c} 1\\0\\1 \end{array} \right],\left[ \begin{array}{c} 1\\1\\ 1 \end{array} \right], \left[ \begin{array}{c} 0\\3\\3 \end{array} \right], \left[ \begin{array}{r} -1\\2\\1 \end{array} \right]\right\}\)

(iv)

\(\left\{\left[ \begin{array}{c} 1\\0\\0 \end{array} \right],\left[ \begin{array}{c} 0\\1\\ 0 \end{array} \right]\right\}\)

(b)

In problem (1) we should have noticed that a space can have more than one basis, but that any two bases contain the same number of elements. This is a critically important idea that we investigate in more detail in this problem in one specific case. Assume that \(W\) is a subspace of \(\R^n\) that has a basis \(\B = \{\vv_1, \vv_2\}\) with two basis vectors. We want to see if any other basis for \(W\) can have a different number of elements. Let us now consider a set \(U = \{\vu_1, \vu_2, \vu_3\}\) of three vectors in \(W\text{.}\) Our goal is to determine if \(U\) can be a basis for \(W\text{.}\) Since \(\B\) is a basis for \(W\text{,}\) any vector in \(W\) can be written as a linear combination of the vectors in \(\B\text{.}\) So we can write

\begin{align} \vu_1 \amp = a_{11}\vv_1 + a_{21}\vv_2\tag{15.1}\\ \vu_2 \amp = a_{12}\vv_1 + a_{22}\vv_2\tag{15.2}\\ \vu_3 \amp = a_{13}\vv_1 + a_{23}\vv_2\tag{15.3} \end{align}

for some scalars \(a_{ij}\text{.}\) If \(U\) were to be a basis for \(W\text{,}\) then \(U\) would have to be a linearly independent set. To determine the independence or dependence of \(U\) we consider the vector equation

\begin{equation} x_1 \vu_1 + x_2 \vu_2 + x_3 \vu_3 = \vzero\tag{15.4} \end{equation}

for scalars \(x_1\text{,}\) \(x_2\text{,}\) and \(x_3\text{.}\)

(i)

Substitute for \(\vu_1\text{,}\) \(\vu_2\text{,}\) and \(\vu_3\) from (15.1), (15.2), and (15.3) into (15.4) and perform some vector algebra to show that

\begin{equation} \vzero = \left(a_{11}x_1+a_{12}x_2 + a_{13}x_3\right) \vv_1 + \left(a_{21}x_1+a_{22}x_2 + a_{23}x_3\right) \vv_2\text{.}\tag{15.5} \end{equation}

(ii)

Recall that \(\B = \{\vv_1, \vv_2\}\) is a basis. What does that tell us about the weights in the linear combination (15.5)? Explain why \(A \vx = \vzero\text{,}\) where \(A = [a_{ij}]\) and \(\vx = [x_1 \ x_2 \ x_3]^{\tr}\text{.}\)

(iii)

With \(A\) as in part (b), how many solutions does the system \(A \vx = \vzero\) have? Explain. What does this tell us about the independence or dependence of the set \(U\text{?}\) Why?

Hint.

Consider the number of rows and columns of \(A\text{.}\)

(iv)

Can \(U\) be a basis for \(W\text{?}\) Explain.

Subsection The Dimension of a Subspace of \(\R^n\)

In Preview Activity 15.1 we saw that a subspace of \(\R^n\) can have more than one basis. This prompts the question of how, if at all, are any two bases for a given space related. More specifically, is it possible to have two bases for a given subspace of \(\R^n\) that contain different numbers of vectors? As we will see the answer is no, which will lead us to the concept of dimension.

Let \(W\) be a subspace of \(\R^n\) that has a basis \(\B = \{\vv_1, \vv_2, \ldots, \vv_k\}\) of \(k\) vectors. Since we have been calling bases minimal spanning sets, we should expect that any two bases for the same subspace have the same number of elements (otherwise one of the two bases would not be minimal). Our goal in this section is to prove that result — that any other basis of \(W\) contains exactly \(k\) vectors. The approach will be the same as was used in Preview Activity 15.1. We will let \(U = \{\vu_1, \vu_2, \ldots, \vu_m\}\) be a set of vectors in \(W\) with \(m > k\) and demonstrate that \(U\) is a linearly dependent set. To argue linear dependence, let \(x_1\text{,}\) \(x_2\text{,}\) \(\ldots\text{,}\) \(x_m\) be scalars so that

\begin{equation} x_1 \vu_1 + x_2 \vu_2 + \cdots + x_m \vu_m = \vzero\text{.}\tag{15.6} \end{equation}

For each \(i\) there exist scalars \(a_{ij}\) so that

\begin{equation*} \vu_i = a_{1i}\vv_1 + a_{2i}\vv_2 + \cdots + a_{ki}\vv_k\text{.} \end{equation*}

Substituting into (15.6) yields

\begin{align} \vzero \amp = x_1 \vu_1 + x_2 \vu_2 + \cdots + x_m \vu_m\notag\\ \amp = x_1( a_{11}\vv_1 + a_{21}\vv_2 + \cdots + a_{k1}\vv_k ) + x_2 ( a_{12}\vv_1 + a_{22}\vv_2\notag\\ \amp \qquad + \cdots + a_{k2}\vv_k ) + \cdots + x_m ( a_{1m}\vv_1 + a_{2m}\vv_2 + \cdots + a_{km}\vv_k )\notag\\ \amp = (x_1a_{11}+x_2a_{12}+x_3a_{13} + \cdots + x_ma_{1m})\vv_1\notag\\ \amp \qquad + (x_1a_{21}+x_2a_{22}+x_3a_{23} + \cdots + x_ma_{2m})\vv_2\notag\\ \amp \qquad + \cdots + (x_1a_{k1}+x_2a_{k2}+x_3a_{k3} + \cdots + x_ma_{km})\vv_k\text{.}\tag{15.7} \end{align}

Since \(\B\) is a basis, the vectors \(\vv_1\text{,}\) \(\vv_2\text{,}\) \(\ldots\text{,}\) \(\vv_k\) are linearly independent. So each coefficient in (15.7) is 0 and \(\vx~=~[x_1 \ x_2 \ \cdots \ x_m]^{\tr}\) is a solution to the homogeneous system \(A \vx = \vzero\text{,}\) where \(A = [a_{ij}]\text{.}\) Now \(A\) is a \(k \times m\) matrix with \(m > k\text{,}\) so not every column of \(A\) is a pivot column. This means that \(A \vx = \vzero\) has a nontrivial solution. It follows that the vector equation (15.6) has a nontrivial solution and so the \(m\) vectors \(\vu_1\text{,}\) \(\vu_2\text{,}\) \(\ldots\text{,}\) \(\vu_m\) are linearly dependent. We summarize this in the following theorem.

Theorem 15.1.

Let \(W\) be a subspace of \(\R^n\) containing a basis with \(k\) vectors. If \(m > k\text{,}\) then any set of \(m\) vectors in \(W\) is linearly dependent.

One consequence of Theorem 15.1 is that, in addition to being a minimal spanning set, a basis is also a maximal linearly independent set.

Activity 15.2.

Now let's return to the question of the number of elements in a basis for a subspace of \(\R^n\text{.}\) Recall that we are assuming that \(W\) has a basis \(\B = \{\vv_1, \vv_2, \ldots, \vv_k\}\) of \(k\) vectors in \(\R^n\text{.}\) Suppose that \(\B'\) is another basis for \(W\) containing \(m\) vectors.

(a)

Given the fact that \(\B\) is a basis for \(W\text{,}\) what does Theorem 15.1 tell us about the relationship between \(m\) and \(k\text{?}\)

(b)

Given the fact that \(\B'\) is a basis for \(W\text{,}\) what does Theorem 15.1 tell us about the relationship between \(m\) and \(k\text{?}\)

(c)

What do the results of (a) and (b) tell us about the relationship between \(m\) and \(k\text{?}\) What can we conclude about any basis for \(W\text{?}\)

The result of Activity 15.2 is summarized in the following theorem. Recall that the trivial space is the single element set \(\{\vzero\}\text{.}\)

Theorem 15.2.

If a nontrivial subspace \(W\) of \(\R^n\) has a basis of \(k\) vectors, then every basis of \(W\) contains exactly \(k\) vectors.

This last theorem states that the number of vectors in a basis for a subspace space is a well-defined number. In other words, the number of vectors in a basis is an invariant of the subspace. This important number is given a name.

Definition 15.3.

The dimension of a subspace \(W\) of \(\R^n\) is the number of vectors in a basis for \(W\text{.}\) The dimension of the trivial subspace \(\{\vzero\}\) of \(\R^n\) is defined to be 0.

We denote the dimension of a subspace \(W\) of \(\R^n\) by \(\dim(W)\text{.}\) As we will see later, any two vector spaces of the same dimension are basically the same vector space. So the dimension of a vector space is an important number that essentially tells us all we need to know about the structure of the space.

Activity 15.3.

Find the dimensions of each of the indicated subspaces of \(\R^n\) for the appropriate \(n\text{.}\) Explain your method.

(a)

\(\Span\left\{ \left[ \begin{array}{c} 1 \\ 0 \\ 0 \end{array} \right], \left[ \begin{array}{c} 1 \\ 1 \\ 0 \end{array} \right], \left[ \begin{array}{c} 2 \\ 3 \\ 0 \end{array} \right] \right\}\)

(b)

\(xy\)-plane in \(\R^3\)

(c)

\(\R^3\)

(d)

\(\R^n\)

Subsection Conditions for a Basis of a Subspace of \(\R^n\)

There are two items we need to confirm before we can state that a subset \(\B\) of a subspace \(W\) of \(\R^n\) is a basis for \(W\text{:}\) the set \(\B\) must be linearly independent and span \(W\text{.}\) However, if we have the right number (namely, the dimension) of vectors in our set \(\B\text{,}\) then either one of these conditions will imply the other.

Activity 15.4.

Let \(W\) be a subspace of \(\R^n\) with \(\dim(W) = k\text{.}\) We know that every basis of \(W\) contains exactly \(k\) vectors.

(a)

Suppose that \(S\) is a subset of \(W\) that contains \(k\) vectors and is linearly independent. In this part of the activity we will show that \(S\) must span \(W\text{.}\)

(i)

Suppose that \(S\) does not span \(W\text{.}\) Explain why this implies that \(W\) contains a set of \(k+1\) linearly independent vectors.

(ii)

Explain why the result of part i. tells us that \(S\) is a basis for \(W\text{.}\)

(b)

Now suppose that \(S\) is a subset of \(W\) with \(k\) vectors that spans \(W\text{.}\) In this part of the activity we will show that \(S\) must be linearly independent.

(i)

Suppose that \(S\) is not linearly independent. Explain why we can then find a proper subset of \(S\) that is linearly independent but has the same span as \(S\text{.}\)

(ii)

Explain why the result of part i. tells us that \(S\) is a basis for \(W\text{.}\)

The result of Activity 15.4 is the following important theorem.

Theorem 15.4.

Let \(W\) be a subspace of \(\R^n\) of dimension \(k\) and let \(S\) be a subset of \(W\) containing exactly \(k\) vectors.

If \(S\) is linearly independent, then \(S\) is a basis for \(W\text{.}\)
If \(S\) spans \(W\text{,}\) then \(S\) is a basis for \(W\text{.}\)

Subsection Finding a Basis for a Subspace

Since every vector in a subspace of \(\R^n\) can be written uniquely as a linear combination of vectors in a basis for the subspace, a basis provides us with the most efficient and convenient way to represent vectors in the subspace. Until now we have been given a set of vectors and have been asked to find a basis from that set, so an important question to address is how we can find a basis for a subspace \(W\) of \(\R^n\) starting from scratch. Here is one way. If \(W = \{\vzero\}\text{,}\) then the dimension of \(W\) is 0 and \(W\) has no basis. So suppose \(\dim(W) > 0\text{.}\) Start by choosing any nonzero vector \(\vw_1\) in \(W\text{.}\) Let \(\B_1 = \{\vw_1\}\text{.}\) If \(\B_1\) spans \(W\text{,}\) then \(\B_1\) is a basis for \(W\text{.}\) If not, there is a vector \(\vw_2\) in \(W\) that is not in \(\Span(\B_1)\text{.}\) Then \(\B_2 = \{\vw_1, \vw_2\}\) is a linearly independent set. If \(\Span(\B_2) = W\text{,}\) then \(\B_2\) is a basis for \(W\) and we are done. If not, repeat the process. Since any basis for \(W\) can contain at most \(n=\dim(\R^n)\) vectors, we know the process must stop at some point. This process also allows us to construct a basis for a vector space that contains a given nonzero vector.

Activity 15.5.

Find a basis for \(\R^3\) that contains the vector \(\left[ \begin{array}{r} 1 \\ 2 \\ -1 \end{array} \right]\text{.}\) When constructing your basis, how do you know when to stop?

Subsection Rank of a Matrix

In this section, we define the rank of a matrix and review conditions to add to our Invertible Matrix Theorem.

Activity 15.6.

Let \(A = \left[ \begin{array}{rrrrr} 1\amp 2\amp -1\amp 0\amp 0 \\ 0\amp 0\amp 1\amp 0\amp -1 \\ 0\amp 0\amp 0\amp 1\amp 1 \end{array} \right]\text{.}\)

(a)

Without performing any calculations, find \(\dim(\Nul A)\text{.}\) Explain.

(b)

Without performing any calculations, find \(\dim(\Col A)\text{.}\) Explain.

(c)

There is a connection between \(\dim(\Nul A)\text{,}\) \(\dim(\Col A)\) and the size of \(A\text{.}\) Find this connection and explain it.

As Activity 15.6 illustrates, the number of vectors in a basis for \(\Nul A\) is the number of non-pivot columns in \(A\) and the number of vectors in a basis for \(\Col A\) is the number of pivot columns of \(A\text{.}\) We define the rank of a matrix \(A\) (denoted rank(\(A\))) to be the dimension of \(\Col A\) and the nullity of \(A\) to be dimension of \(\Nul A\text{.}\) The dimension of the null space of \(A\) is also called the nullity of \(A\) (denoted nullity(\(A\))) Using this terminology we have the Rank-Nullity Theorem.

Theorem 15.5. The Rank-Nullity Theorem.

Let \(A\) be an \(m \times n\) matrix. Then

\begin{equation*} \rank(A) + \nullity(A) = n\text{.} \end{equation*}

There is also a row space of a matrix \(A\text{,}\) which we define to be the span of the rows of \(A\text{.}\) We can find the row space of \(A\) by finding the column space of \(A^{\tr}\text{,}\) so the row space is really nothing new. As it turns out, the dimension of the row space of \(A\) is always equal to the dimension of the column space of \(A\text{,}\) and justification for this statement is in the exercises.

The Rank-Nullity Theorem allows us to add extra conditions to the Invertible Matrix Theorem.

Theorem 15.6. The Invertible Matrix Theorem.

Let \(A\) be an \(n \times n\) matrix. The following statements are equivalent.

The matrix \(A\) is an invertible matrix.
The matrix equation \(A \vx = \vzero\) has only the trivial solution.
The matrix \(A\) has \(n\) pivot columns.
Every row of \(A\) contains a pivot.
The columns of \(A\) span \(\R^n\text{.}\)
The matrix \(A\) is row equivalent to the identity matrix \(I_n\text{.}\)
The columns of \(A\) are linearly independent.
The columns of \(A\) form a basis for \(\R^n\text{.}\)
The matrix transformation \(T\) from \(\R^n\) to \(\R^n\) defined by \(T(\vx) = A\vx\) is one-to-one.
The matrix equation \(A \vx = \vb\) has exactly one solution for each vector \(\vb\) in \(\R^n\text{.}\)
The matrix transformation \(T\) from \(\R^n\) to \(\R^n\) defined by \(T(\vx) = A\vx\) is onto.
There is an \(n \times n\) matrix \(C\) so that \(AC = I_n\text{.}\)
There is an \(n \times n\) matrix \(D\) so that \(DA = I_n\text{.}\)
The scalar 0 is not an eigenvalue of \(A\text{.}\)
The matrix \(A^{\tr}\) is invertible.
\(\Nul A = \{\vzero\}\text{.}\)
\(\Col A = \R^n\text{.}\)
\(\displaystyle \dim(\Col A) = n\)
\(\displaystyle \dim(\Nul A) = 0\)
\(\displaystyle \rank(A) = n\)

Subsection Examples

What follows are worked examples that use the concepts from this section.

Example 15.7.

Let \(W = \left\{ \left[ \begin{array}{c} r+s+u \\ r+3s+2t-u\\ -s-t+u \\ s+t-u \end{array} \right] : r,s,t,u \in \R \right\}\text{.}\)

(a)

Explain why \(W\) is a subspace of \(\R^4\text{.}\)

Solution.

We can write any vector in \(W\) in the form

\begin{equation*} \left[ \begin{array}{c} r+s+u \\ r+3s+2t-u\\ -s-t+u \\ s+t-u \end{array} \right] = r\left[ \begin{array}{c} 1 \\ 1 \\ 0 \\ 0 \end{array} \right] + s\left[ \begin{array}{r} 1 \\ 3\\ -1 \\ 1 \end{array} \right] + t\left[ \begin{array}{r} 0 \\ 2 \\ -1 \\ 1 \end{array} \right] + u\left[ \begin{array}{r} 1 \\ -1 \\ 1 \\ -1 \end{array} \right]\text{,} \end{equation*}

\begin{equation*} W = \Span\left\{ \left[ \begin{array}{c} 1 \\ 1 \\ 0 \\ 0 \end{array} \right], \left[ \begin{array}{r} 1 \\ 3\\ -1 \\ 1 \end{array} \right] , \left[ \begin{array}{r} 0 \\ 2 \\ -1 \\ 1 \end{array} \right], \left[ \begin{array}{r} 1 \\ -1 \\ 1 \\ -1 \end{array} \right]\right\}\text{.} \end{equation*}

As a span of a set of vectors in \(\R^4\text{,}\) \(W\) is a subspace of \(\R^4\text{.}\)

(b)

Find a basis for \(W\) and determine the dimension of \(W\text{.}\)

Solution.

Let \(A = \left[ \begin{array}{crrr} 1\amp 1\amp 0\amp 1\\1\amp 3\amp 2\amp -1\\0\amp -1\amp -1\amp 1\\0\amp 1\amp 1\amp -1 \end{array} \right]\text{.}\) To find a basis for \(W\text{,}\) we note that the reduced row echelon form of \(A\) is \(\left[ \begin{array}{ccrr} 1\amp 0\amp -1\amp 2\\0\amp 1\amp 1\amp -1\\0\amp 0\amp 0\amp 0\\0\amp 0\amp 0\amp 0 \end{array} \right]\text{.}\) Since the pivot columns of \(A\) form a basis for \(\Col A = W\text{,}\) we conclude that

\begin{equation*} \left\{ \left[ \begin{array}{c} 1\\1\\0\\0 \end{array} \right], \left[ \begin{array}{r} 1\\3\\-1\\1 \end{array} \right] \right\} \end{equation*}

is a basis for \(W\text{.}\) Therefore, \(\dim(W) = 2\text{.}\)

Example 15.8.

Find a basis and the dimension of the solution set to the system

\begin{alignat*}{5} {}r \amp {}+{} \amp {}s \amp {}-{} \amp {}t \amp {}+{} \amp {2}u \amp = 0\amp {}\\ {3}r \amp {}-{} \amp {}s \amp {}+{} \amp {2}t \amp {}-{} \amp {}u \amp = 0\amp {}\\ {}r \amp {}-{} \amp {3}s \amp {}+{} \amp {4}t \amp {}-{} \amp {5}u \amp = 0\amp {}\\ r \amp {}-{} \amp {3}s \amp {}+{} \amp {5}t \amp {}-{} \amp {4}u \amp = 0\amp {.}\text{.} \end{alignat*}

Solution.

The coefficient matrix of this system is

\begin{equation*} A = \left[ \begin{array}{crrr} 1\amp 1\amp -1\amp 2\\3\amp -1\amp 2\amp -1\\1\amp -3\amp 4\amp -5\\5\amp -3\amp 5\amp -4 \end{array} \right]\text{,} \end{equation*}

and the solution set to the system is \(\Nul A\text{.}\) To find a basis for \(\Nul A\) we row reduce \(A\) to

\begin{equation*} \left[ \begin{array}{ccrc} 1\amp 0\amp \frac{1}{4}\amp \frac{1}{4} \\0\amp 1\amp -\frac{5}{4}\amp \frac{7}{4} \\ 0\amp 0\amp 0\amp 0 \\ 0\amp 0\amp 0\amp 0 \end{array} \right]\text{.} \end{equation*}

The general solution to the system has the form

\begin{equation*} \left[ \begin{array}{c}r\\s\\t\\u \end{array} \right] = \left[ \begin{array}{c}-\frac{1}{4}t-\frac{1}{4}u\\\frac{5}{4}t-\frac{7}{4}u\\t\\u \end{array} \right] = t\left[ \begin{array}{r}-\frac{1}{4}\\\frac{5}{4}\\1\\0 \end{array} \right] + u \left[ \begin{array}{r}-\frac{1}{4}\\-\frac{7}{4}\\0\\1 \end{array} \right]\text{,} \end{equation*}

so \(\left\{\left[ \begin{array}{r}-\frac{1}{4}\\\frac{5}{4}\\1\\0 \end{array} \right], \left[ \begin{array}{r}-\frac{1}{4}\\-\frac{7}{4}\\0\\1 \end{array} \right] \right\}\) is a basis for \(\Nul A\) and \(\dim(\Nul A) = 2\text{.}\)

Subsection Summary

The key idea in this section is the dimension of a vector space.

Any two bases for a vector space must contain the same number of vectors. Therefore, we can define the dimension of a vector space \(W\) to be the number of vectors in any basis for \(W\text{.}\)
If \(W\) is a subspace of \(\R^n\) with dimension \(k\) and \(S\) is any linearly independent subset of \(W\) with \(k\) vectors, then \(S\) is a basis for \(W\text{.}\)
If \(W\) is a subspace of \(\R^n\) with dimension \(k\) and \(S\) is any subset of \(W\) with \(k\) vectors that spans \(W\text{,}\) then \(S\) is a basis for \(W\text{.}\)
The rank of a matrix is the dimension of its column space.
The Rank-Nullity Theorem states that if \(A\) is an \(m \times n\) matrix, then \(\rank(A) + \nullity(A) = n\text{.}\)

Exercises Exercises

1.

Let \(A = \left[ \begin{array}{ccccr} 1\amp 3\amp 1\amp 2\amp 0\\ 0\amp 0\amp 0\amp 0\amp 1 \\ 2\amp 6\amp 0\amp 0\amp 1\\ 1\amp 3\amp 2\amp 4\amp 1 \\ 3\amp 9\amp 1\amp 2\amp -1\\ 3\amp 9\amp 3\amp 6\amp 1 \end{array} \right]\text{.}\)

(a)

Find a basis for \(\Col A\text{.}\) What is the dimension of \(\Col A\text{?}\) What, then, is the dimension of \(\Nul A\text{?}\)

(b)

Find a basis for \(\Nul A\) and verify the dimension you found in part (a).

2.

Let \(A = \left[ \begin{array}{crc} 2\amp -1\amp 1\\ 1\amp 0\amp 1 \\ 1\amp -1\amp 2 \end{array} \right]\text{.}\) The eigenvalues of \(A\) are \(1\) and \(2\text{.}\) Find the dimension of each eigenspace of \(A\text{.}\)

3.

Let \(A = \left[ \begin{array}{rrrr} 1\amp 2\amp -1\amp -1 \\ -2\amp -4\amp 2\amp 2 \\ 1\amp 2\amp -1\amp -1 \end{array} \right]\text{.}\)

(a)

Find a basis for \(\Col A\text{.}\) What is the rank of \(A\text{?}\)

(b)

Find a basis for \(\Nul A\text{.}\) What is the nullity of \(A\text{.}\)

(c)

Verify the Rank-Nullity Theorem for \(A\text{.}\)

(d)

The row space of \(A\) is the span of the rows of \(A\text{.}\) Find a basis for the row space of \(A\) and the dimension of the row space of \(A\text{.}\)

4.

Let \(A\) be an \(m \times n\) matrix with \(r\) pivots, where \(r\) is less than or equal to both \(m, n\text{.}\) Fill in the blanks.

(a)

The null space of \(A\) is a subspace of .

(b)

The column space of \(A\) is a subspace of .

(c)

Suppose \(r=m\text{.}\) Then there is a pivot in every and \(\Col A =\) .

(d)

Suppose \(r=n\text{.}\) Then there is a pivot in every and \(\Nul A=\).

(e)

If \(A\) has 3 pivots, then the rank of \(A\) is .

(f)

If \(A\) has 3 pivots, then the number of free variables in the system \(A \vx = \vzero\) is .

(g)

The dimension of \(\Col A\) is equal to the number of , i.e. \(\dim \Col A =\).

(h)

The dimension of \(\Nul A\) is equal to the number of , i.e. \(\dim \Nul A =\).

(i)

\(\dim(\Nul A) + \dim(\Col A) =\) .

(j)

Suppose the columns of \(A\) span \(\R^m\text{.}\) Then rank \(A\) is .

(k)

Suppose the columns of \(A\) are linearly independent. Then \(r=\) and the dimension of \(\Nul A\) is .

5.

Prove the remaining parts of the Invertible Matrix Theorem (Theorem 15.6). Let \(A\) be an \(n \times n\) matrix.

(a)

Prove that \(A\) is invertible if and only if \(\dim(\Nul A)= 0\text{.}\)

Hint.

What are the solutions to \(A \vx = \vzero\text{?}\)

(b)

Prove that \(A\) is invertible if and only if \(\dim(\Col A) = n\text{.}\)

Hint.

Use part (a) and the Rank-Nullity Theorem.

6.

We can convert the language of the Rank-Nullity Theorem to matrix transformation language, as we show in this exercise. Let \(T\) be the matrix transformation defined by the matrix \(A\text{.}\)

(a)

How is the kernel of \(T\) related to \(A\text{?}\)

(b)

How is the range of \(T\) related to \(A\text{?}\)

(c)

How is the domain of \(T\) related to \(A\text{?}\)

(d)

Explain why the Rank-Nullity Theorem says that \(\dim(\Ker(T)) + \dim(\Range(T)) = \dim(\Domain(T))\text{.}\)

7.

Let \(W\) be a subspace of \(\R^4\text{.}\) What are possible values for the dimension of \(W\text{?}\) Explain. What are the geometric descriptions of \(W\) in each case?

8.

Is it possible to find two subspaces \(W_1\) and \(W_2\) in \(\R^3\) such that \(W_1 \cap W_2=\{ \vzero \}\) and \(\dim W_1=\dim W_2=2\text{?}\) If possible, give an example and justify that they satisfy the conditions. If not possible, explain why not.

Hint.

Dimension two leads to two linearly independent vectors in each of \(W_i\text{.}\)

9.

Determine the dimensions of the column space and null space of \(\left[ \begin{array}{ccccc} 1\amp 2\amp 4\amp 3\amp 2 \\ 1\amp 0\amp 2\amp 1\amp 4 \\ 1\amp 1\amp 3\amp 1\amp 2 \\ 1\amp 0\amp 2\amp 2\amp 5 \end{array} \right]\text{.}\)

10.

If possible, find a \(3\times 4\) matrix whose column space has dimension 3 and null space has dimension 1. Explain how you found the matrix in addition to explaining why your answer works. If not possible, explain why it is not possible to find such a matrix.

11.

(a)

If possible, find a \(5\times 5\) matrix whose column space has the same dimension as its null space. Explain how you found the matrix in addition to explaining why your answer works. If not possible, explain why it is not possible to find such a matrix.

(b)

If possible, find a matrix \(A\) so that \(\Col A = \Nul A\text{.}\) Explain how you found the matrix in addition to explaining why your answer works. If not possible, explain why it is not possible to find such a matrix.

12.

In this exercise we examine why the dimension of a row space of a matrix is the same as the dimension of the column space of the matrix. Let \(A\) be an \(m \times n\) matrix.

(a)

Explain why row operations do not change the row space of a matrix. Then explain why if \(R\) is the reduced row echelon form of \(A\text{,}\) then \(\Row R = \Row A\text{,}\) where \(\Row M\) is the row space of the matrix \(M\text{.}\)

(b)

Explain why the rows of \(R\) that contain pivots form a basis for \(\Row R\text{,}\) and also of \(\Row A\text{.}\)

(c)

Explain why \(\rank(A)\) is the number of pivots in the matrix \(A\text{.}\) Then explain why \(\dim(\Row A) = \dim(\Col A)\text{.}\)

13.

Label each of the following statements as True or False. Provide justification for your response.

(a) True/False.

The dimension of the column space of a \(3\times 2\) matrix can be three.

(b) True/False.

There exists a \(3\times 3\) matrix whose column space has equal dimension as the null space.

(c) True/False.

If a set of vectors spans a subspace, then that set is a basis of this subspace.

(d) True/False.

If a linearly independent set of vectors spans a subspace, then that set is a basis of this subspace.

(e) True/False.

The dimension of a space is the minimum number of vectors needed to span that space.

(f) True/False.

The dimension of the null space of a \(3\times 2\) matrix can at most be 2.

(g) True/False.

Any basis of \(\R^4\) contains 4 vectors.

(h) True/False.

If \(n\) vectors span \(\R^n\text{,}\) then these vectors form a basis of \(\R^n\text{.}\)

(i) True/False.

Every line in \(\R^n\) is a one-dimensional subspace of \(\R^n\text{.}\)

(j) True/False.

Every plane through origin in \(\R^n\) is a two-dimensional subspace of \(\R^n\text{.}\)

(k) True/False.

In \(\R^n\) any \(n\) linearly independent vectors form a basis.

Subsection Project: The GGH Cryptosystem

A cryptographic system (or cryptosystem) allows for secure communication between two or more parties. These systems take messages (called plaintext) and encrypt them in some way to produce what is called ciphertext. This is the scrambled information that is transmitted to the receiver, from which it should not be possible for someone who does not have the proper key to recover the original message. When the message is received by the intended recipient, it must be unscrambled or decrypted. Decryption is the process of converting ciphertext back to plaintext.

The Goldreich-Goldwasser-Halevi (GGH) public key cryptosystem³⁰ uses lattices to encrypt plaintext. The security of the system depends on the fact that the Closest Vector Problem (CVP) is, in general, a very hard problem. To begin to understand these cryptosystems, we begin with lattices.

Lattices are closely related to spans of sets of vectors in \(\R^n\text{.}\) If we start with a linearly independent set \(S = \{\vb_1, \vb_2, \ldots, \vb_m\}\) in \(\R^n\text{,}\) we can create the span of \(S\) — the set of all linear combinations

\begin{equation*} c_1 \vb_1 + c_2 \vb_2 + \cdots + c_m \vb_m\text{,} \end{equation*}

where \(c_1\text{,}\) \(c_2\text{,}\) \(\ldots\text{,}\) \(c_m\) are real numbers. This span creates a subspace of \(\R^n\text{.}\) If we restrict the set from which we choose the coefficients, we can create different types of structures. An important one is a lattice. The lattice \(\mathcal{L}(S)\) defined by the linearly independent set \(S = \{\vb_1, \vb_2, \ldots, \vb_m\}\) is the set of linear combinations

\begin{equation*} c_1 \vb_1 + c_2 \vb_2 + \cdots + c_m \vb_m\text{,} \end{equation*}

where \(c_1\text{,}\) \(c_2\text{,}\) \(\ldots\text{,}\) \(c_m\) are integers. If the vectors in \(S\) have integer components, then every point in \(\mathcal{L}(S)\) will have integer entries. In these cases, \(\mathcal{L}(S)\) is a subset of \(\Z^n\text{,}\) as illustrated in Figure 15.9. Also, if \(m = n\) we say that the lattice \(\mathcal{L}(S)\) is full-rank. We will restrict ourselves to full-rank lattices in this project. A basis for a lattice is any set of linearly independent vectors that generates the lattice. There is a little special notation that is often used with lattices. If \(\CB = \{\vb_1, \vb_2, \ldots, \vb_n\}\) is a basis for \(\R^n\text{,}\) we associate to \(\CB\) the matrix \(B = [\vb_1 \ \vb_2 \ \vb_3 \ \cdots \ \vb_n]\text{.}\) We then use the notation \(\mathcal{L}(B)\) to also refer to the lattice defined by \(\CB\text{.}\)

Project Activity 15.7.

We explore lattices in more detail in this activity.

(a)

Let \(S_1 = \{[1 \ 1]^{\tr}, [-1 \ 1]^{\tr}\}\text{.}\)

(i)

Find five distinct vectors in \(\mathcal{L}(S_1)\text{.}\)

(ii)

Is the vector \([1 \ 0]^{\tr}\) in \(\mathcal{L}(S_1)\text{?}\) Justify your answer.

(iii)

We can draw pictures of lattices by plotting the terminal points of the lattice vectors. Draw all of the lattice points in \(\mathcal{L}(S_1)\) on the square with vertices \((-4,-4)\text{,}\) \((4,-4)\text{,}\) \((4,4)\text{,}\) and \((-4,4)\text{.}\)

(b)

Now let \(S_2 = \{[3 \ 5]^{\tr}, [1 \ 2]^{\tr}\}\text{.}\) A picture of \(\mathcal{L}(S_2)\) is shown in Figure 15.9 with the basis vectors highlighted. As we have seen, \(\mathcal{L}(S_1)\) is not the entire space \(\Z^2\text{.}\) Is \(\mathcal{L}(S_2) = \Z^2\text{?}\) Justify your answer.

Figure 15.9. The lattice \(\mathcal{L}(S_2)\text{.}\)

Project Activity 15.7 shows that even if \(\CB\) is a basis for \(\R^n\text{,}\) it does not follow that \(\mathcal{L}(\CB)\) is all of \(\Z^n\text{.}\) So latices can be complicated, and problems in lattice theory can be very difficult.

The GGH cryptosystem relies on the fact that we can convert “good” bases for lattices into “bad” bases. We will not delve into the details of what separates a “good” basis from a “bad” one, but suffice it to say that a good basis is one in which the basis vectors are close to being perpendicular³¹ and are all short (that is, they have small norms), while any other basis is a bad basis. An example of a good basis is the basis \(S_1\) for \(\R^2\) in Project Activity 15.7, and we will see later that \(\{[-2 \ 8]^{\tr}, [-1 \ 3]^{\tr}\}\) is a bad basis for the same lattice. You should draw a picture of the vectors \([-2 \ 8]^{\tr}\) and \([-1 \ 3]^{\tr}\) to convince yourself that this is a bad basis for its lattice.

The GGH cryptosystem works with two keys — a public key and a private key. The keys are based on lattices. The general process of the GGH cryptosystem is as follows. Begin with a good basis \(\CB = \{\vb_1 \ \vb_2 \ \ldots \ \vb_n\}\) of \(\R^n\) of vectors with integer components. Let \(B = [\vb_1 \ \vb_2 \ \cdots \ \vb_n]\) be the matrix associated with \(\CB\text{.}\) Let \(\CB' = \{\vb'_1, \vb'_2, \ldots, \vb'_n\}\) be a bad basis for which \(\mathcal{L}(\CB') = \mathcal{L}(\CB)\text{.}\) Let \(B' = [\vb'_1 \ \vb'_2 \ \cdots \ \vb'_n]\) be the matrix associated to the basis \(\CB'\text{.}\) The bad basis can be shared with anyone (the public key), but the good basis is kept secret (the private key). Start with a message \(\vm = [m_1 \ m_2 \ \cdots \ m_n]^{\tr}\) with integer entries to send.

First we encrypt the message, which can be done by anyone who has the public key \(\CB'\text{.}\)

Create the message vector

\begin{equation*} \vm' = m_1 \vb'_1 + m_2 \vb'_2 + \cdots + m_n \vb'_n = B' \vm \end{equation*}

that is in the lattice using the bad basis \(\CB'\text{.}\)
Choose a small error \(\ve\) to add to \(\vm'\) to move \(\vm'\) off the lattice (small enough so that \(\vm'\) does not pass by another lattice point). This is an important step that will make the message difficult to decrypt without the key. Let \(\vc = \vm' + \ve = B'\vm + \ve\text{.}\) The vector \(\vc\) is the ciphertext that is to be transmitted to the receiver.

Only someone who knows the basis \(\CB\) can decode the ciphertext. This is done as follows.

Find the vector \(\va = a_1 \vb_1 + a_2 \vb_2 + \cdots + a_n \vb_n\) in the good basis \(\CB\) that is closest to \(\vc\text{.}\)
We interpret the vector \([a_1 \ a_2 \ \ldots \ a_n]^{\tr}\) as being the encoded vector without the error. So to recreate the original message vector we need to undo the encrypting using the bad basis \(\CB'\text{.}\) That is, we need to find the weights \(y_1\text{,}\) \(y_2\text{,}\) \(\ldots\text{,}\) \(y_n\) such that

\begin{equation*} [a_1 \ a_2 \ \ldots \ a_n]^{\tr} = y_1 \vb'_1 + y_2 \vb'_2 + \cdots + y_n \vb'_n = B' [y_1 \ y_2 \ \cdots \ y_n]^{\tr}\text{.} \end{equation*}

We can do this by as \([y_1 \ y_2 \ \cdots \ y_n]^{\tr} = B'^{-1} [a_1 \ a_2 \ \ldots \ a_n]^{\tr}\text{.}\)

There are several items to address before we can implement this algorithm. One is how we create a bad basis \(\CB'\) from \(\CB\) that produces the same lattice. Another is how we find the vector in \(\mathcal{\CB}\) closest to a given vector. The latter problem is called the Closest Vector Problem (CVP) and is, in general, a very difficult problem. This is what makes lattice-based cryptosystems secure. We address the first of these items in the next activity, and the second a bit later.

Project Activity 15.8.

Consider again the basis \(S_1 = \{[1 \ 1]^{\tr}, [-1 \ 1]^{\tr}\}\) from Project Activity 15.7, and let \(B = \left[ \begin{array}{cr} 1\amp -1\\1\amp 1 \end{array} \right]\) be the matrix whose columns are the vectors in \(S_1\text{.}\)

(a)

Let \(T\) be the triangle with vertices \((0,0)\text{,}\) \((1,1)\text{,}\) and \((-1,1)\text{.}\) Show that this triangle is a right triangle, and conclude that the vectors \(\vv_1 = [1 \ 1]^{\tr}\text{,}\) and \(\vv_2 = [-1 \ 1]^{\tr}\) are perpendicular.

(b)

Let \(U = \left[ \begin{array}{cc} 3\amp 1\\5\amp 2 \end{array} \right]\text{.}\) Let \(S_3\) be the set whose vectors are the columns of the matrix \(B_1U\text{.}\) Show that \(\mathcal{L}(S_1) = \mathcal{L}(S_3)\text{.}\)

The two bases \(S_1 = \{[1 \ 1]^{\tr}, [-1 \ 1]^{\tr}\}\) and \(S_3 =\{[-2 \ 8]^{\tr}, [-1 \ 3]^{\tr}\}\) from Project Activity 15.8 are shown in Figure 15.10. This figure illustrates how the matrix \(U\) transforms the basis \(S_1\text{,}\) in which the vectors are perpendicular and short, to one in which the vectors are nearly parallel and significantly longer. So the matrix \(U\) converts the “good” basis \(S_1\) into a “bad” basis \(S_2\text{,}\) keeping the lattice intact. This is a key idea in the GGH cryptosystem. What makes this work is the fact that both \(U\) and \(U^{-1}\) have integer entries. The reason for this is that, for a \(2 \times 2\) matrix \(U = \left[ \begin{array}{cc} a\amp b\\c\amp d \end{array} \right]\text{,}\) we know that \(U^{-1} = \frac{1}{ad-bc} \left[ \begin{array}{rr} d\amp -b\\-c\amp a \end{array} \right]\text{.}\) If \(U\) has integer entries and \(ad-bc = \pm 1\text{,}\) then \(U^{-1}\) will also have integer entries. The number \(ad-bc\) is called the determinant of \(U\text{,}\) and matrices with determinant of \(1\) or \(-1\) are called unimodular. That what happened in Project Activity 15.8 happens in the general case is the focus of the next activity.

Figure 15.10. The lattices \(\mathcal{L}(S_1)\) and \(\mathcal{L}(S_3)\text{.}\)

Project Activity 15.9.

We will restrict ourselves to \(2 \times 2\) matrices in this activity, but the results generalize to \(n \times n\) matrices. Let \(\CB = \{\vb_1, \vb_2\}\) and \(\CB' = \{\vb'_1, \vb'_2\}\) be bases for \(\R^2\) with integer entries, and let \(B = [\vb_1 \ \vb_2]\) and \(B' = [\vb'_1 \ \vb'_2]\) be the matrices associated to these bases. Show that if \(B' = BU\) for some unimodular matrix \(U\) with integer entries, then \(\mathcal{L}(B) = \mathcal{L}(B')\text{.}\)

Project Activity 15.9 is the part we need for our lattice-based cryptosysystem. Although we won't show it here, the converse of the statement in Project Activity 15.9 is also true. That is, if \(\CB\) and \(\CB'\) generate the same lattice, then \(B' = BU\) for some unimodular matrix \(U\) with integer entries.

There is one more item to address before we implement the GGH cryptosystem. That item is how to solve the Closest Vector Problem. There are some algorithms for approximating the closest vector in a basis. One is Babai's Closest Vector algorithm. This algorithm works in the following way. Consider a lattice with basis \(\{\vb_1, \vb_2, \ldots, \vb_n\}\text{.}\) To approximate the closest vector in the lattice to a vector \(\vw\text{,}\) find the weights \(c_1\text{,}\) \(c_2\text{,}\) \(\ldots\text{,}\) \(c_n\) in \(\R\) such that \(\vw = c_1\vb_1 + c_2 \vb_2 + \cdots + c_n \vb_n\text{.}\) Then round the coefficients to the nearest integer. This algorithm works well for a good basis, but is unlikely to return a lattice point that is close to \(\vw\) if the basis is a bad one.

Now we put this all together to illustrate the GGH algorithm.

Figure 15.11. Decrypting an encrypted message.

Project Activity 15.10.

Let \(\CB = \{[5 \ 0]^{\tr}, [0 \ 3]^{\tr}\}\) be the private key, and let \(B = \left[ \begin{array}{cc}5\amp 0\\0\amp 3 \end{array} \right]\) be the matrix whose columns are the vectors in \(\CB\text{.}\) Let \(U\) be the unimodular matrix \(U = \left[ \begin{array}{cc} 2\amp 3\\3\amp 5 \end{array} \right]\text{.}\) Let \(\vm = [3 \ -2]^{\tr}\) be our message and let \(\ve = [1 \ -1]^{\tr}\) be our error vector.

(a)

Use the unimodular matrix \(U\) to create the bad basis \(\CB'\text{.}\)

(b)

Determine the ciphertext message \(\vc\text{.}\)

(c)

A picture of the message vector \(\vm\) and the ciphertext vector \(\vc\) are shown in Figure 15.11. Although the closest vector in the lattice to \(\vc\) can be determined by the figure, actual messages are constructed in high dimensional spaces where a visual approach is not practical. Use Babai's algorithm to find the vector in \(\mathcal{L}(\CB)\) that is closest to \(\vc\) and compare to Figure 15.11.

(d)

The final step in the GGH scheme is to recover the original message. Complete the GGH algorithm to find this message.

(e)

The GGH cryptosystem works because the CVP can be reasonable solved using a good basis. That is, Babai's algorithm works if our basis is a good basis. To illustrate that a bad basis will not allow us to reproduce the original message vector, show that Babai's algorithm does not return the closest vector to \(\vc\) using the bad basis \(\CB'\text{.}\)

Published in 1997 by Oded Goldreich, Shafi Goldwasser, and Shai Halevi.

This is also a good property in vector spaces. We will see in a later section that perpendicular basis vectors make calculations in vector spaces relatively easy. A similar thing is true in lattices, where we are able to solve certain variants of closest vector problem very efficiently.