The shortest vectors of lattices connected with a linear congruent generator

Let ε > 0 be a fixed real number, ⊂ R^s be a full rank lattice with determinant Δ ∈ Q. We call this lattice ε-regular if λ₁ () > Δ^1/s (h(Δ))^–ε, where λ₁() is the length of the shortest nonzero vector of and h(Δ) is the maximum of absolute values of the numerator and the denominator of the irreducible rational fraction for Δ. In this paper, we consider two full rank lattices in the space R^s: the lattice ℒ(a, W) connected with the linear congruent sequence

(x_N), x_N+1 = ax_N (mod W), N =1 ,2, . . . , (1)

and the lattice ℒ^∗ (a, W) dual to ℒ(a, W).

There is a conjecture which states that for any natural number s, any real number 0 < ε < ε₀(s), and any natural number W > W₀ (s, ε), the lattices ℒ(a, W) and ℒ^∗(a, W) are ε-regular for all a = 0 ,1, . . . , W – 1 excluding some set of numbers a of cardinality at most W^1–ε.

In the case s = 3, A. M. Frieze, J. Hestad, R. Kannan, J. C. Lagarias, and A. Shamir in a paper published in 1988 proved a more weak assertion (in their estimate the number of exceptional values a is at most W^{1– ε/2}). Using the methods of this paper, it is not difficult to prove the conjecture for s = 1 and s = 2.

In our paper, we prove the conjecture for s = 4. With the help of our methods we improve the result of the paper mentioned above and prove the conjecture for s = 3.

Our result can be applied to the reconstruction of a linear congruent sequence (1) if the high-order bits of its first s elements are given.