tfeneuil
/
LeakLWE2
Наблюдаван 1
Харесван 0
Разклонения 0
Код Задачи 0 Заявки за сливане 0 Версии 0 Уики Activity
Fork of the official github repository of the framework Leaky-LWE-Estimator, a Sage Toolkit to attack and estimate the hardness of LWE with Side Information. https://github.com/lducas/leaky-LWE-Estimator
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Ревизии
1 Клон
Клон: master
Клонове Маркери
${ item.name }
Create branch ${ searchTerm }
от 'master'
${ noResults }
LeakLWE2/framework/DBDD_generic.sage

DBDD_generic.sage 12KB
Директен файл Постоянна връзка Normal View История

First Commit
преди 4 години
Correction of formula to restore q-modular hints
преди 4 години
First Commit
преди 4 години
 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323 
  1. from fpylll import *

  2. 

  3. # current version fpylll raises a lot of Deprecation warnings. Silence that.

  4. import warnings

  5. warnings.filterwarnings("ignore", category=DeprecationWarning)

  6. 

  7. load("../framework/proba_utils.sage")

  8. load("../framework/utils.sage")

  9. load("../framework/geometry.sage")

  10. 

  11. 

  12. # Issues with hint that are caught, and only raise a warning

  13. class RejectedHint(Exception):

  14.     def __init__(self, message):

  15.         self.message = message

  16. 

  17.     def __str__(self):

  18.         return self.message

  19. 

  20. # Issues with hint that are caught, and only raise a warning

  21. 

  22. 

  23. class InvalidHint(Exception):

  24.     def __init__(self, message):

  25.         self.message = message

  26. 

  27.     def __str__(self):

  28.         return self.message

  29. 

  30. 

  31. def not_after_projections(fn):

  32.     def decorated(self, *args, **kwargs):

  33.         # if self.projections:

  34.         #     self.logging("You can't integrate more hints after projection. Sorry.", )

  35.         #     raise ValueError

  36.         return fn(self, *args, **kwargs)

  37.     return decorated

  38. 

  39. def without_dependencies(fn):

  40.     def decorated(self, *args, **kwargs):

  41.         has_been_reduced = False

  42.         if self.B is not None:

  43.             has_been_reduced = has_been_reduced or (self.B.nrows() > self._dim)

  44.             self.B = remove_linear_dependencies(self.B, self._dim)

  45.         if self.D is not None:

  46.             if has_been_reduced and (self.D.nrows() > self._dim):

  47.                 self.logging("(Warning, double computation with LLL)", priority=0, style='WARNING', newline=False)            

  48.             has_been_reduced = has_been_reduced or (self.D.nrows() > self._dim)

  49.             self.D = remove_linear_dependencies(self.D, self._dim)

  50.         return fn(self, *args, **kwargs)

  51.     return decorated

  52. 

  53. def hint_integration_wrapper(force=False,

  54.                              non_primitive_action=None,

  55.                              requires=[],

  56.                              invalidates=[],

  57.                              catch_invalid_hint=True,

  58.                              estimate=True):

  59.     def decorator(fn):

  60.         def decorated(self, *args, **kwargs):

  61. 

  62.             if self.verbosity:

  63.                 self.logging(fn.__name__.replace("_", " "),

  64.                              style='ACTION', priority=1, newline=False)

  65.                 if fn.__name__ == "integrate_perfect_hint":

  66.                     self.logging(hint_to_string(

  67.                         args[0], args[1]), style='DATA',

  68.                         priority=2, newline=False)

  69. 

  70.                 if fn.__name__ == "integrate_modular_hint":

  71.                     self.logging("(smooth)" if kwargs.get(

  72.                         "smooth", True) else "(nonsmooth)",

  73.                         priority=1, newline=False)

  74.                     self.logging(hint_to_string(

  75.                         args[0], args[1]) + " MOD %d" % args[2], style='DATA',

  76.                         priority=2, newline=False)

  77. 

  78.                 if fn.__name__ == "integrate_approx_hint":

  79.                     self.logging("(aposteriori)" if kwargs.get(

  80.                         "aposteriori", False) else "(conditionning)",

  81.                         priority=1, newline=False)

  82.                     self.logging(hint_to_string(

  83.                         args[0], args[1]) + " + χ(σ²=%.3f)" % args[2],

  84.                         style='DATA', priority=2, newline=False)

  85. 

  86.                 if fn.__name__ == "integrate_short_vector_hint":

  87.                     self.logging(hint_to_string(

  88.                         args[0], None, lit="c") + "∈ Λ", style='DATA',

  89.                         priority=2, newline=False)

  90. 

  91.             if "primal" in requires and self.B is None:

  92.                 self.D = remove_linear_dependencies(self.D, self._dim)

  93.                 self.B = dual_basis(self.D)

  94.             if "dual" in requires and self.D is None:

  95.                 self.B = remove_linear_dependencies(self.B, self._dim)

  96.                 self.D = dual_basis(self.B)

  97. 

  98.             if "force" in kwargs:

  99.                 _force = kwargs["force"]

  100.                 del kwargs["force"]

  101.             else:

  102.                 _force = force

  103. 

  104.             if "estimate" in kwargs:

  105.                 _estimate = kwargs["estimate"]

  106.                 del kwargs["estimate"]

  107.             else:

  108.                 _estimate = estimate

  109. 

  110.             if (not _force) or _estimate:

  111.                 self.stash()

  112. 

  113.             if "catch_invalid_hint" in kwargs:

  114.                 _catch_invalid_hint = kwargs["catch_invalid_hint"]

  115.                 del kwargs["catch_invalid_hint"]

  116.             else:

  117.                 _catch_invalid_hint = catch_invalid_hint

  118. 

  119.             if "non_primitive_action" in kwargs:

  120.                 _non_primitive_action = kwargs["non_primitive_action"]

  121.                 del kwargs["non_primitive_action"]

  122.             else:

  123.                 _non_primitive_action = non_primitive_action

  124. 

  125.             try:

  126.                 if _non_primitive_action is not None:

  127.                     self.test_primitive_dual(concatenate(

  128.                         args[0], -args[1]), _non_primitive_action)

  129.                 fn(self, *args, **kwargs)

  130.                 self.beta = None

  131.             except RejectedHint as err:

  132.                 logging(str(err) + ", Rejected.", style="REJECT", newline=True)

  133.                 return False

  134.             except InvalidHint as err:

  135.                 if _catch_invalid_hint:

  136.                     logging(str(err) + ", Invalid.",

  137.                             style="REJECT", newline=True)

  138.                     return False

  139.                 else:

  140.                     raise err

  141. 

  142.             if "primal" in invalidates:

  143.                 self.B = None

  144.             if "dual" in invalidates:

  145.                 self.D = None

  146. 

  147.             if (not _force) or _estimate:

  148.                 return self.undo_if_unworthy(_force)

  149.             else:

  150.                 self.logging("", newline=True)

  151.                 return True

  152. 

  153.         return decorated

  154.     return decorator

  155. 

  156. 

  157. class DBDD_generic:

  158.     """

  159.     This class defines all the elements defining a DBDD instance

  160.     """

  161.     def __init__():

  162.         raise NotImplementedError(

  163.             "The generic class is not meant to be used directly.")

  164. 

  165.     def leak(self, v):

  166.         value = scal(self.u * concatenate([v, [0]]).T)

  167.         return value

  168. 

  169.     def stash(self):

  170.         if self.beta is None:

  171.             self.estimate_attack(silent=True)

  172.         for key, val in self.__dict__.items():

  173.             if key != "save":

  174.                 self.save[key] = copy(val)

  175. 

  176.     def pop(self):

  177.         for key, val in self.save.items():

  178.             if key != "save":

  179.                 self.__dict__[key] = val

  180. 

  181.     def undo_if_unworthy(self, force):

  182.         self.estimate_attack(silent=True)

  183.         if (-self.beta, self.delta)\

  184.                 <= (-self.save["beta"], self.save["delta"]):

  185.             if force:

  186.                 self.logging("\t Unworthy hint, Forced it.", style="REJECT")

  187.                 return True

  188.             else:

  189.                 self.logging("\t Unworthy hint, Rejected.", style="REJECT")

  190.                 self.pop()

  191.                 return False

  192. 

  193.         self.logging("\t Worthy hint !", style="ACCEPT", newline=False)

  194.         self.logging("dim=%3d, δ=%.8f, β=%3.2f" %

  195.                      (self.dim(), self.delta, self.beta), style="VALUE")

  196.         return True

  197. 

  198.     def logging(self, message, priority=1, style='NORMAL', newline=True):

  199.         if priority > self.verbosity:

  200.             return

  201.         logging(message, style=style, newline=newline)

  202. 

  203.     def check_solution(self, solution):

  204.         """ Checks wether the solution is correct

  205.         If the private attributes of the instance are not None,

  206.         the solution is compared to them. It outputs True

  207.         if the solution is indeed the same as the private s and e,

  208.         False otherwise.

  209.         If the private e and s are not stored, we check that the

  210.         solution is small enough.

  211.         :solution: a vector

  212.         """

  213.         if self.u == solution or self.u == - solution:

  214.             return True

  215.         if scal(solution * solution.T) > 1.2 * self.expected_length:

  216.             #print(scal(solution * solution.T), 1.2 * self.expected_length)

  217.             return False

  218.         if self.u is None:

  219.             return True

  220.         if self.verbosity:

  221.             self.logging("Found an incorrect short solution.",

  222.                          priority=-1, style="WARNING")

  223.             #print(solution)

  224.         return False

  225. 

  226.     @not_after_projections

  227.     @hint_integration_wrapper()

  228.     def integrate_perfect_hint(self, v, l):

  229.         raise NotImplementedError("This method is not generic.")

  230. 

  231.     @not_after_projections

  232.     @hint_integration_wrapper()

  233.     def integrate_modular_hint(self, v, l, k, smooth=True):

  234.         raise NotImplementedError("This method is not generic.")

  235. 

  236.     @not_after_projections

  237.     @hint_integration_wrapper()

  238.     def integrate_approx_hint(self, v, l, variance, aposteriori=False):

  239.         raise NotImplementedError("This method is not generic.")

  240. 

  241.     @not_after_projections

  242.     @hint_integration_wrapper()

  243.     def integrate_approx_hint_fulldim(self, center, covariance):

  244.         raise NotImplementedError("This method is not generic.")

  245. 

  246.     @hint_integration_wrapper()

  247.     def integrate_short_vector_hint(self, v):

  248.         raise NotImplementedError("This method is not generic.")

  249. 

  250.     def volumes(self):

  251.         raise NotImplementedError("This method is not generic.")

  252. 

  253.     def dim(self):

  254.         raise NotImplementedError("This method is not generic.")

  255. 

  256.     def test_primitive_dual(self, V, action):

  257.         raise NotImplementedError("This method is not generic.")

  258. 

  259.     def estimate_attack(self, probabilistic=False, tours=1, silent=False):

  260.         """ Assesses the complexity of the lattice attack on the instance.

  261.         Return value in Bikz

  262.         """

  263.         (Bvol, Svol, dvol) = self.volumes()

  264.         dim_ = self.dim()

  265.         beta, delta = compute_beta_delta(

  266.             dim_, dvol, probabilistic=probabilistic, tours=tours)

  267. 

  268.         self.dvol = dvol

  269.         self.delta = delta

  270.         self.beta = beta

  271. 

  272.         if self.verbosity and not silent:

  273.             self.logging("      Attack Estimation     ", style="HEADER")

  274.             self.logging("ln(dvol)=%4.7f \t ln(Bvol)=%4.7f \t ln(Svol)=%4.7f \t"

  275.                          % (dvol, Bvol, Svol) +

  276.                          "δ(β)=%.6f" % compute_delta(beta),

  277.                          style="DATA", priority=2)

  278.             self.logging("dim=%3d \t δ=%.6f \t β=%3.2f " %

  279.                          (dim_, delta, beta), style="VALUE")

  280.             self.logging("")

  281.         return (beta, delta)

  282. 

  283.     def attack(self, beta_max=None, beta_pre=None, randomize=False, tours=1):

  284.         raise NotImplementedError(

  285.             "The generic class is not meant to be used directly.")

  286. 

  287.     def S_diag(self):

  288.         raise NotImplementedError(

  289.             "The generic class is not meant to be used directly.")

  290. 

  291.     def integrate_q_vectors(self, q, min_dim=0, report_every=1, indices=None):

  292.         self.logging("      Integrating q-vectors     ", style="HEADER")

  293.         Sd = self.S_diag()

  294.         n = len(Sd)

  295.         I = []

  296.         J = []

  297.         M = q * identity_matrix(n - 1)

  298.         it = 0

  299.         verbosity = self.verbosity

  300.         if indices is None:

  301.             indices = range(n - 1)

  302.         while self.dim() > min_dim:

  303.             if (it % report_every == 0) and report_every > 1:

  304.                 self.logging("[...%d]" % report_every, newline=False)

  305.             Sd = self.S_diag()

  306.             L = [(Sd[i], i) for i in indices if i not in I]

  307.             if len(L) == 0:

  308.                 break

  309.             _, i = max(L)

  310.             I += [i]

  311.             try:

  312.                 didit = self.integrate_short_vector_hint(

  313.                     vec(M[i]), catch_invalid_hint=False)

  314.                 if not didit:

  315.                     break

  316.                 J += [i]

  317.             except InvalidHint as err:

  318.                 self.logging(str(err) + ", Invalid.",

  319.                              style="REJECT", priority=1, newline=True)

  320.             it += 1

  321.             self.verbosity = verbosity if (it % report_every == 0) else 0

  322.         self.verbosity = verbosity

  323.         return [vec(M[i]) for i in J]