#!/usr/bin/sage -python # -*- coding: latin-1 -*- load("../framework/instance_gen.sage") verbosity = 0 report_every = None """ Example Uncomment the following to get the detailed computation """ # verbosity = 2 # report_every = 20 for params in [ 'ntruhps2048509', 'ntruhps2048677', 'ntruhps4096821']: logging("Set of parameters: " + params) if params == 'ntruhps2048509': n = 509 m = 509 q = 2048 elif params == 'ntruhps2048677': n = 677 m = 677 q = 2048 elif params == 'ntruhps4096821': n = 821 m = 821 q = 4096 hamming_weight = (q / 16 - 1) if q / 8 - 2 <= 2 * n / 3: hamming_weight = (q / 16 - 1) else: hamming_weight = floor(n / 3) D_s = {- 1: RR(hamming_weight / n), 0: 1 - RR(2 * hamming_weight / n), 1: RR(hamming_weight / n)} # D_e = {- 1: RR(hamming_weight / n), # 0: 1 - RR(2 * hamming_weight / n), # 1: RR(hamming_weight / n)} D_e = {-1: RR(1 / 3), 0: RR(1 / 3), 1: RR(1 / 3)} # Assessement of the attack without hints A, b, dbdd = initialize_NTRU_instance(DBDD_predict_diag, n, q, m, D_e, D_s, verbosity=verbosity) if report_every is not None: dbdd.integrate_q_vectors(q, indices=range(0, n + m), report_every=report_every) else: dbdd.integrate_q_vectors(q, indices=range(0, n + m)) (beta, _) = dbdd.estimate_attack() logging("Attack without hints: %3.2f bikz" % beta, style="HEADER") # Assessement of the attack with hints A, b, dbdd = initialize_NTRU_instance(DBDD_predict, n, q, m, D_e, D_s, verbosity=verbosity) v = vec([0 if i < m else 1 for i in range(m + n)]) dbdd.integrate_perfect_hint(v, 0) if report_every is not None: dbdd.integrate_q_vectors(q, indices=range(0, m), report_every=report_every) else: dbdd.integrate_q_vectors(q, indices=range(0, m)) (beta, _) = dbdd.estimate_attack() logging("Attack without hints: %3.2f bikz" % beta, style="HEADER")