A lattice is a discrete additive subgroup of $\newcommand{\R}{\mathbb{R}}\R^n$; for the purposes of this post we’ll restrict ourselves to full rank lattices, i.e., those which span the entire vector space $\R^n$. An alternate way of defining a lattice is to consider it as the integer span of a collection of linearly independent vectors $\newcommand{\b}{\mathbf{b}}\newcommand{\c}{{,}~}\b_1\c\dotsc\c\b_n\in\R^n$, known as a basis of $L$. That is, $L$ consists of the collection of points

\[ \newcommand{\norm}[1]{\lVert#1\rVert}\newcommand{\x}{\mathbf{x}}\newcommand{\Z}{\mathbb{Z}} \biggl\{\,\sum_{i=1}^n x_i\b_i : x_i\in\Z \,\biggr\} . \]

The goal of this post is to show that these two ways of defining a lattice are equivalent. It is more or less immediate that a lattice $L$ in the second sense is an additive subgroup which spans $\R^n$; it is also discrete since one can show that¹

\[ \newcommand{\0}{\mathbf{0}} \norm{\x} \geq \min_{1\leq i\leq n}\norm{\b_i^*} \]

for all $\x\in L$ and $\x\neq\0$, where $\b_i^*$ is the Gram–Schmidt orthogonalization of $\b_i$. Thus $\0$ is an isolated point of $L$, and it follows that every point of $L$ must be isolated; a nonisolated point would imply (using a suitable translation) that $\0$ is nonisolated.

The harder direction is to show that a lattice in the first sense is also a lattice in the second sense; the remainder of the post is devoted to this. Let $L$ be a discrete additive subgroup of $\R^n$ containing $n$ linearly independent vectors.

In the case $n:=1$, since $L$ spans $\R$ it must contain $\pm a\neq0$. Since it also contains $0$ and is discrete, there must be a minimal $b>0$ with $b\in L$. Then as required we have $L= \{\, xb : x\in\Z \,\}$; if there was any point $c=xb\in L$ for $x\notin\Z$ then $c-\lfloor x\rfloor b$ would lie in $L$ and $(0,b)$, a contradiction to the minimality of $b$.

Now suppose the result holds for all lattices in $\R^{n-1}$; we will show the result holds for $L$ and appeal to induction. We know that $L$ contains $n$ linearly independent vectors; select any $n-1$ of them and let $S$ be the subspace they generate. Let $S’$ be the rotation of $S$ such that every vector in $S’$ has a $0$ in its final coordinate. Crucially, applying the rotation on $L$ to form $L’$ preserves the discrete additive subgroup structure, so we can apply the induction hypothesis to the discrete additive subgroup formed by only considering the first $n-1$ coordinates of $S’\cap L’$. Let $\b_1\c\dotsc\c\b_{n-1}$ be a basis of this lattice (which exists by hypothesis), except extended with an extra $0$ coordinate so as to live in $\R^n$ instead of $\R^{n-1}$.

Since $L’$ generates $\R^n$, it must contain a vector not in $S’$, i.e., with nonzero final coordinate. Furthermore, it must contain a vector with minimal positive final coordinate; otherwise there would exist a sequence $\newcommand{\N}{\mathbb{N}}\{\x_i\in L’\}_{i\in\N}$ with $(x_i)_n\to0$ as $i\to\infty$. By translating the $\x_i$ by suitable multiples of $\b_1\c\dotsc\c\b_{n-1}$ we can ensure that they lie in the compact set

\[ \biggl\{\, \sum_{i=1}^{n-1} \alpha_i \b_i + (0,\dotsc,0,\alpha) : \alpha_i\in[0,1]\c\lvert \alpha\rvert\leq\max_{i\in\N}\lvert(x_i)_n\rvert \,\biggr\} , \]

and therefore some subsequence of the $\x_i$ converges to some point in the set. Taking successive differences of this subsequence we get a sequence of points in $L’$ which converge to $\0\in L’$, a contradiction to the discreteness of $L’$.

Let $\b_n\in L’$ be a vector with minimal nonzero final coordinate. We claim that $\b_1\c\dotsc\c\b_n$ is a basis for $L’$. Let $\x\in L’$ be arbitrary, and consider

\[ \x’ := \x – \biggl\lfloor \frac{x_n}{(b_n)_n} \biggr\rfloor \b_n \in L’ . \]

Its final coordinate is $x_n-\lfloor x_n/(b_n)_n\rfloor(b_n)_n\in[0,(b_n)_n)$ and therefore by minimality of $(b_n)_n$ it must be $0$, so $\x’\in S’\cap L’$ and therefore can be written as an integer combination of $\b_1\c\dotsc\c\b_{n-1}$. Thus $\x=\x’+\lfloor x_n/(b_n)_n\rfloor\b_n$ can be written as an integer linear combination of $\b_1\c\dotsc\c\b_n$, and so these vectors form a basis of $L’$. Applying the reverse rotation of $L\mapsto L’$ to the basis $\b_1\c\dotsc\c\b_n$ gives us a basis of $L$, as required.

Last time when I derived the formula for the volume of a hypersphere in $n$ dimensions I forgot to point out a curious consequence of the formula, namely that the volume tends to zero as $n$ tends to infinity.

When I was an undergraduate I remember a professor of mine pointing this out and then declaring “That doesn’t make sense!”. At the time it didn’t seem too surprising to me, since I could see that the unit circle in $\newcommand{\R}{\mathbb{R}}\R^2$ took up more of the surrounding square $[-1,1]^2$ than the unit sphere in $\R^3$ took up of $[-1,1]^3$. Consquently, I thought it likely that the ratio of the volume of the unit sphere in $\R^n$ to the volume of $[-1,1]^n$ should go to zero as $n\to\infty$.

However, I misunderstood the claim being made: not only does the above ratio of hypersphere-to-hypercube volume go to zero, the volume of the hypersphere itself goes to zero. This was something I hadn’t even considered: since as $n\to\infty$ the hypersphere is “growing”, I presumably took for granted that its volume should go to infinity, not zero!

Of course, one can consider the unit sphere in $\R^{n-1}$ as a subset of the unit sphere in $\R^n$, since for example the unit sphere in $\R^3$ contains the unit circle as a “slice”. In this way as $n\to\infty$ the hypersphere is growing. However, though the “slice” has volume in $\R^{n-1}$, it has no volume in $\R^n$; as the dimension increases it becomes “harder” to make volume in a sense. This allows the hypersphere to “grow” as $n\to\infty$ while still shrink in volume.

Algebraically, as we’ve seen, the volume of the unit sphere in $\R^n$ is given by

\[ V_n = \frac{\pi^{n/2}}{(n/2)!} . \]

If one knows Stirling’s approximation

\[ n! \sim \sqrt{2\pi n}\Bigl(\frac{n}{e}\Bigr)^n \]

then it isn’t too hard to see that the denominator of $V_n$ grows asymptotically faster than the numerator, and therefore $V_n$ tends to $0$. Explicitly, we have

\[ \lim_{n\to\infty} V_n = \lim_{n\to\infty}\frac{\pi^{n/2}}{\sqrt{\pi n}(\frac{n}{2e})^{n/2}} = \lim_{n\to\infty}\frac{1}{\sqrt{\pi n}}\cdot\lim_{n\to\infty}\Bigl(\frac{2\pi e}{n}\Bigr)^{n/2} = 0 \]

since $\lim_{n\to\infty}1/\sqrt{\pi n}=0$ and

\[ \lim_{n\to\infty}\Bigl(\frac{2\pi e}{n}\Bigr)^{n/2} = \lim_{n\to\infty}\exp\Bigl(\frac{n}{2}\ln\Bigl(\frac{2\pi e}{n}\Bigr)\Bigr) = \lim_{m\to-\infty}\exp(m) = 0 . \]

The volume of a hypersphere with radius $R$ in $n$ dimensions is given by the expression¹

\[ V_n(R) = \frac{\pi^{n/2}}{(n/2)!} R^n . \]

We will show this by induction on $n$. The base cases can be checked directly, where we make use of polar coordinates in two dimensions:

\begin{gather*}
V_1(R) = \int_{-R}^R\newcommand{\d}{\,\mathrm{d}}\d x = 2R = \frac{\pi^{1/2}}{(1/2)!} R \\
V_2(R) = \iint\limits_{x_1^2+x_2^2\leq R^2}\d x_2\d x_1 = \int_0^{2\pi}\int_0^R r\d r\d\theta = 2\pi\biggl[\frac{r^2}{2}\biggr]_0^R = \pi R^2
\end{gather*}

Suppose the formula holds in dimension $n-2$. Using this, we will show that the formula holds in dimension $n$:

\begin{align*}
V_n(R) &= \int\limits_{x_1^2\leq R^2}\;\int\limits_{x_1^2+x_2^2\leq R^2}\;\int\limits_{x_1^2+x_2^2+x_3^2\leq R^2}\dotsi\int\limits_{x_1^2+\dotsb+x_n^2\leq R^2}\d x_n\dotsm\d x_1 \\
&= \int\limits_{x_1^2\leq R^2}\;\int\limits_{x_1^2+x_2^2\leq R^2}\;\int\limits_{x_3^2\leq R^2-x_1^2-x_2^2}\dotsi\int\limits_{x_3^2+\dotsb+x_n^2\leq R^2-x_1^2-x_2^2}\d x_n\dotsm\d x_1 \\
&= \int\limits_{x_1^2\leq R^2}\;\int\limits_{x_1^2+x_2^2\leq R^2}V_{n-2}\Bigl(\sqrt{R^2-x_1^2-x_2^2}\Bigr)\d x_2\d x_1 \\
&= \frac{\pi^{n/2-1}}{(n/2-1)!}\iint\limits_{x_1^2+x_2^2\leq R^2}\sqrt{R^2-x_1^2-x_2^2}^{n-2}\d x_2\d x_1 \\
&= \frac{\pi^{n/2-1}}{(n/2-1)!}\int_0^{2\pi}\int_0^R\sqrt{R^2-r^2}^{n-2}r\d r\d\theta \\
&= \frac{2\pi^{n/2}}{(n/2-1)!}\biggl[-\frac{1}{n}\sqrt{R^2-r^2}^n\biggr]_0^R \\
&= \frac{\pi^{n/2}}{(n/2)!} R^n
\end{align*}

By induction, the formula holds for all positive integers $n$.

It is well known¹ that

\[ \sum_{p\leq x}\ln p = x + O\biggl(\frac{x}{e^{c\sqrt{\ln x}}}\biggr) \]

where $c>0$ is a constant and the summation runs over the primes. In fact, under the Riemann hypothesis, one even has

\[ \sum_{p\leq x}\ln p = x + O(x^{1/2+\epsilon}) \]

for any $\epsilon>0$. Since $e^{c\sqrt{\ln x}}$ grows slower than any power of $x$, the second statement gives a better approximation.

A related question, but one I wasn’t familiar with, is to give a similar asymptotic result for the summation with $\ln p$ replaced by $\ln\ln p$. In other words, to estimate the quantity

\[ \sum_{p\leq x}\ln\ln p . \]

To do this, we may employ Abel’s summation formula with

\[ a_n := \begin{cases}
1 & \text{if $n$ is prime} \\
0 & \text{otherwise}
\end{cases} \]

and $\phi(n):=\ln\ln n$. Then we have

\[ \sum_{p\leq x}\ln\ln p = \pi(x)\ln\ln x-\int_2^x\frac{\pi(t)}{t\ln t}\mathrm{d}t . \]

By the prime number theorem we have $\pi(t)=t/\ln t+O(t/\ln(t)^2)$, so

\[ \int_2^x\frac{\pi(t)}{t\ln t}\mathrm{d}t = \int_2^x\frac{\mathrm{d}t}{\ln(t)^2}+O\biggl(\int_2^x\frac{\mathrm{d}t}{\ln(t)^3}\biggr) . \]

By Wolfram Alpha we have that

\[ \int_2^x\frac{\mathrm{d}t}{\ln(t)^2} = \DeclareMathOperator{\li}{li}\li(x)-\frac{x}{\ln x} + O(1) = \frac{x}{\ln(x)^2} + O\biggl(\frac{x}{\ln(x)^3}\biggr) , \]

with the latter equality following from the asymptotic expansion of the logarithmic integral.

It remains to estimate the integral $\int_2^x\ln(t)^{-3}\,\mathrm{d}t$. Actually, this is not entirely straightforward, but a trick is to split the integral into two (around $\sqrt{x}$) and then estimate each, as follows:

\[ \int_2^{\sqrt{x}}\frac{\mathrm{d}t}{\ln(t)^3} + \int_{\sqrt{x}}^x\frac{\mathrm{d}t}{\ln(t)^3} \leq \frac{\sqrt{x}-2}{\ln(2)^3} + \frac{x-\sqrt{x}}{\ln(\sqrt{x})^3} = O\biggl(\frac{x}{\ln(x)^3}\biggr) \]

Putting everything together, we find the result

\[ \sum_{p\leq x}\ln\ln p =\pi(x)\ln\ln x-\frac{x}{\ln(x)^2} +O\biggl(\frac{x}{\ln(x)^3}\biggr) . \]

Last time I discussed the $n-1$ and $n+1$ primality tests. Recall that the $n-1$ test says that $n$ is prime if there exists an $\newcommand{\Z}{\mathbb{Z}}a\in\Z^*_n$ such that

\begin{align}
a^{n-1} &\equiv 1 \pmod{n} \\
a^{(n-1)/p} &\not\equiv 1 \pmod{n}
\end{align}

for all primes $p$ which divide $n-1$.

The $n+1$ can be stated in a similar form, and says that $n$ is prime if it is odd and there exists an $a\in(\Z[\sqrt{d}])^*$ with $(\frac{d}{n})=-1$ such that

\begin{align}
a^{n+1} &\equiv 1 \pmod{n} \\
a^{(n+1)/p} &\not\equiv 1 \pmod{n}
\end{align}

for all primes $p$ which divide $n+1$.

I state it in this form to make the connection with the $n-1$ test, but I’ve done a little sleight-of-hand in the presentation. In the first test $a$ is a unit of $\Z_n$, while in the second test $a$ is a unit of $\Z[\sqrt{d}]$ (not $\Z_n[\sqrt{d}]$). That is, the norm of $a$ in $\mathbb{Q}(\sqrt{d})$ is $1$; this is a rather restrictive condition. In fact, when $d<-3$ the only units of $\Z[\sqrt{d}]$ are $\pm1$, and both of these will fail the second condition since $(n+1)/p$ will be even for some $p$.

When $d$ is positive and squarefree the situation is a little better in that there are an infinite number of units in $\Z[\sqrt{d}]$. However, these units are all of the form $\pm\epsilon^k$ for some fundamental unit $\epsilon:=x+y\sqrt{d}$ (this may be found by solving Pell’s equation $x^2-dy^2=1$). If the fundamental unit doesn’t satisfy the conditions then any power of it will also necessarily fail, so for any given value of $d$ there is essentially only one possible choice of $a$ which could work. On the upside, one could simply look up this choice in a table when $d$ is small; e.g., for $d:=3$ one should use $a:=2+\sqrt{3}$.

So that’s an unfortunate condition which isn’t present in the $n-1$ test, but it’s necessary to be able to use Fermat’s theorem in $\Z[\sqrt{d}]$, which implies that if $p$ is prime and $a$ has norm $1$ then

\[ a^{p-(d/p)} \equiv 1 \pmod{p} , \]

and more generally

\[ a^{p^{e-1}(p-(d/p))} \equiv 1 \pmod{p^e} . \]

Now we’re ready to prove that the primality test works as stated. Let $\newcommand{\ord}{\mathop{\mathrm{ord}}\nolimits}\ord_{n,d}(a)$ denote the order of $a$ in $(\Z_n[\sqrt{d}])^*$, so the two conditions of the primality test tell us that $\ord_{n,d}(a)=n+1$.

Say $n$ has prime factorization $\prod_{i=1}^k p_i^{e_i}$. By the Chinese remainder theorem, we have

\[ \Z_n[\sqrt{d}] \cong \prod_{i=1}^k \Z_{p_i^{e_i}}[\sqrt{d}] , \]

so

\[ n+1 = \ord_{n,d}(a) = \DeclareMathOperator{\lcm}{lcm}\lcm(\ord_{p_1^{e_1},d}(a),\dotsc,\ord_{p_k^{e_k},d}(a)) \]

and by Fermat’s theorem this divides

\[ \lcm(p_1^{e_1-1}(p_1-(d/p_1)),\dotsc,p_k^{e_k-1}(p_k-(d/p_k))) . \]

Since each $p_i$ is odd, this equals

\begin{align}
&\mathrel{\phantom{=}}2\lcm\Bigl(p_1^{e_1-1}\frac{p_1-(d/p_1)}{2},\dotsc,p_k^{e_k-1}\frac{p_k-(d/p_k)}{2}\Bigr) \\
&\leq 2\prod_{i=1}^k p_i^{e_i-1}\frac{p_i-(d/p_i)}{2} \\
&\leq 2n\prod_{i=1}^k\frac{p_i+1}{2p_i} .
\end{align}

Now, if $n$ has at least two distinct prime factors then this is at most

\[ 2n\cdot\frac{3+1}{2\cdot3}\cdot\frac{5+1}{2\cdot5} = \frac{4}{5}n . \]

Thus we conclude that $n+1\leq4n/5$, a contradiction since $n$ is positive. Thus $n$ must have just one prime factor; say $n:=p^e$. Using Fermat’s theorem and the fact that $(\frac{d}{p})=-1$ (otherwise $(\frac{d}{n})\neq-1$), we have

\[ n+1 = \ord_{n,d}(a) \mid p^{e-1}(p+1) = n+p^{e-1} . \]

It follows that $n+1\mid p^{e-1}-1\leq n/3$, again a contradiction, unless $p^{e-1}=1$, i.e., $e=1$ and $n=p$ is prime.

I found this kind of argument in Prime Numbers and Computer Methods for Factorization (page 116). In that book it is applied to Lucas sequences, which simplifies some things, although can also obscure the group $\mathbb{F}_{n^2}^*$ working in the background.

Determining if a number $n$ is a prime number or not is an important problem in computational number theory. Two simple ways of proving primality rely on the prime factorizations of $n-1$ and $n+1$. In general finding these factorizations is probably a harder problem than testing the primality of $n$, so the methods are only applicable in special cases, but are they are interesting nonetheless.

At a high level, the $n-1$ method works by showing that a subgroup of $\newcommand{\Z}{\mathbb{Z}}\Z^*_n$ is so large that $n$ must be prime. Specifically, a subgroup of order $n-1$ is demonstrated, which implies that $\Z_n^*$ is as large as possible, namely the full set of nonzero residues $\{1,2,\dotsc,n-1\}$; if even one element was missing then there would be less than $n-1$ elements in $\Z_n^*$. But $\Z_n^*=\{1,2,\dotsc,n-1\}$ means that every positive integer strictly less than $n$ is coprime to $n$, and so $n$ is prime.

To show that $\Z_n^*$ contains a subgroup of size $n-1$, we find an element $a\in\Z_n^*$ whose order is $n-1$ (such an element is called a primitive root). To do this, we show that

\[ a^{n-1} \equiv 1 \pmod{n} \tag{1} \]

and

\[ a^{(n-1)/p} \not\equiv 1 \pmod{n} \tag{2} \]

for all primes $p$ which divide $n-1$. This is enough to show that the order of $a$ is $n-1$; if the true order was $r<n-1$ then using Bézout’s identity one would be able to derive $a^{\gcd(r,n-1)}\equiv1\pmod{n}$ and this would contradict (2) for some $p$.

When $n$ is prime, there isn’t any known efficient algorithm which is guaranteed to find a primitive root $a$ satisfying (1) and (2), but in practice this isn’t a concern. In fact, there are $\varphi(n-1)=\Theta(n/\ln\ln n)$ primitive roots (where $\varphi$ denotes Euler’s totient function), so if one simply tests if random $a$ satisfies (1) and (2) then one should quickly find one which works, and thereby prove that $n$ is prime. As mentioned, the real problem with applying this method in practice is finding the primes $p$ which divide $n-1$.

Incidentally, when $n$ isn’t prime, this is usually easy to show since condition (1) will often fail to hold, and all primes satisfy (1) for all $a\in\Z_n^*$. However, some composite numbers still satisfy (1) for all $a\in\Z_n^*$. In such a case a more stringent form of (1) can be used to prove compositeness, and this method can be employed in practice since it only requires the “evenness factorization” $n-1=2^r\cdot m$ with $m$ odd, which is simple to compute.

The $n+1$ method is similar to the $n-1$ method, except it works in the group $(\Z_n[\sqrt{d}])^*$, where $d$ satisfies $(\frac{d}{n})=-1$, i.e., $d$ is not a quadratic residue mod $n$. We assume that $n$ is odd (otherwise the problem is trivial), so that in practice $d$ can be found by computing the Jacobi symbol $(\frac{d}{n})$ for multiple values of $d$ until one works. Note that when $n$ is prime we have $\newcommand{\F}{\mathbb{F}}\Z_n[\sqrt{d}]\cong\F_{n^2}$, the finite field of size $n^2$, so there still exist primitive roots $a$ which generate $(\Z_n[\sqrt{d}])^*$. We’ll denote the conjugate of $a$ by $\bar{a}$, so if $a:=b+c\sqrt{d}$ with $b$, $c\in\Z_n$ then $\bar{a}=b-c\sqrt{d}$.

As you might expect in relation to the above, the $n+1$ method finds a subgroup of $(\Z_n[\sqrt{d}])^*$ of size $n+1$ by finding an $a\in(\Z_n[\sqrt{d}])^*$ which has order $n+1$. Actually, we need something a bit stronger than this; we need to show

\[ a^{n+1} \equiv 1 \pmod{n} \tag{3} \]

and

\[ \gcd((a^{(n+1)/p}-1)(\bar{a}^{(n+1)/p}-1),n)=1 \tag{4} \]

for all primes $p$ which divide $n+1$. Condition (4) not only implies that $a^{(n+1)/p} \not\equiv 1 \pmod{n}$, but also that $a^{(n+1)/p} \not\equiv 1 \pmod{q}$ where $q$ is any prime divisor of $n$. To see that this, we show the contrapositive. Suppose that $q$ is a prime divisor of $n$ and that $q\mid a^{(n+1)/p}-1$.¹ It follows that $q$ also divides $(a^{(n+1)/p}-1)(\bar{a}^{(n+1)/p}-1)\in\Z$, and thus divides the gcd in (4), so (4) fails to hold.

Since condition (3) implies that $a^{n+1}\equiv1\pmod{q}$ and condition (4) implies that $a^{(n+1)/p}\not\equiv1\pmod{q}$, just like before one knows that $a\pmod{q}$ has order $n+1$. In particular, there must be at least $n+1$ elements in $(\Z_q[\sqrt{d}])^*$.

Toward a contradiction, suppose that (3) and (4) hold and that $n$ is not prime. Let $q$ be the smallest prime divisor of $n$, so that $q^2\leq n$. As we just saw, $a\pmod{q}$ has order $n+1$, so we get the lower bound

\[ n+1 \leq \lvert(\Z_q[\sqrt{d}])^*\rvert . \]

However, $\Z_q[\sqrt{d}]$ has $q^2$ elements, and so

\[ \lvert(\Z_q[\sqrt{d}])^*\rvert \leq q^2-1 \leq n-1 , \]

which contradicts the lower bound. Thus $n$ must in fact be prime.

When $n$ is prime, an $a$ which satisfies (3) and (4) can be found by taking a primitive root of $\F_{n^2}$ and raising it to the power $n-1$, since in this case $(a^{n-1})^{n+1}\equiv1\pmod{n}$ and $n$ will not divide $(a^{n-1})^{(n+1)/p}-1$ or its conjugate. As mentioned, there isn’t a guaranteed procedure to find a primitive root, but since there are $\varphi(n^2-1)=\Theta(n^2/\ln\ln n)$ of them, in practice it shouldn’t be too hard to find one; the sticking point is finding the factorization of $n+1$.

Incidentally, the $n+1$ test is often presented using Lucas sequences rather than $\F_{n^2}$. But that’s a topic for another post.