def one_shot_distribution(self): if self.cache_dist_2 is None: c = {1: 0.5, -1: 0.5} r1 = build_artifact_dist(self.q, self.p) r2 = build_artifact_dist(self.q, self.t) D = dist_convolution(c, r1) D = dist_iter_convolution(D, 4 * self.h) D = dist_convolution(D, r2) self.cache_dist_2 = D return self.cache_dist_2
def e3_distribution(self): # c2 = <e1b + e3>_{q -> r2} # e3 is cbd + r2 rounding c = build_centered_binomial_dist(self.k2 if self.k2 else self.k) r = build_artifact_dist(self.q, self.r2) E3 = dist_convolution(c, r) return E3
def secret_l2_distribution(self): if self.cache_dist_1 is None: D1 = build_artifact_dist(self.q, self.p) D1 = dist_square(D1) D1 = dist_iter_convolution(D1, self.n) D2 = {self.h: 1.0} self.cache_dist_1 = (D1, D2) return self.cache_dist_1
def one_shot_distribution(self): if self.cache_dist_3 is None: k1 = build_centered_binomial_dist(self.k) k2 = build_centered_binomial_dist(self.k2 if self.k2 else self.k) r0 = build_artifact_dist(self.q, self.r0) r1 = build_artifact_dist(self.q, self.r1) r2 = build_artifact_dist(self.q, self.r2) k1Pr0 = dist_convolution(k1, r0) k2Pr1 = dist_convolution(k2, r1) k2Pr2 = dist_convolution(k2, r2) D1 = dist_product(k1, k1Pr0) D2 = dist_product(k1, k2Pr1) D = dist_convolution(D1, D2) D = dist_iter_convolution(D, self.m * self.n) D = dist_convolution(D, k2Pr2) self.cache_dist_3 = D return self.cache_dist_3
def one_shot_distribution(self): if self.cache_dist_2 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.p) cr = dist_product(c, r) D = dist_iter_convolution(cr, 2 * self.m * self.n) D = dist_convolution(D, self.e3_distribution()) self.cache_dist_2 = D return self.cache_dist_2
def secret_l2_distribution(self): if self.cache_dist_1 is None: # b = <A*s2>_{q->p}. # s1 is rounding noise r = build_artifact_dist(self.q, self.p) S1 = dist_square(r) S1 = dist_iter_convolution(S1, self.m * self.n) # s2 is centered binomial c = build_centered_binomial_dist(self.k) S2 = dist_square(c) S2 = dist_iter_convolution(S2, self.m * self.n) self.cache_dist_1 = (S1, S2) return self.cache_dist_1
def one_shot_distribution(self): if self.cache_dist_2 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.rc2) D1 = dist_product(c, c) D1 = dist_iter_convolution(D1, 2*self.n, ignore_below=NEWHOPE_APPROX_ZERO) D1 = dist_scale_newhope(D1, self.a) D1 = dist_absolute(D1) D2 = dist_convolution(c, r) D2 = dist_iter_convolution(D2, self.m, ignore_below=NEWHOPE_APPROX_ZERO) D2 = dist_absolute(D2) D = dist_convolution(D1,D2) self.cache_dist_2 = D return self.cache_dist_2
def secret_l2_distribution(self): # b = <s1 - A*s2>_{q -> r0} # s1 is cbd + r0 rounding # s2 is cbd if self.cache_dist_1 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.r0) S1 = dist_convolution(c, r) S1 = dist_square(S1) S1 = dist_iter_convolution(S1, self.m * self.n) S2 = dist_square(c) S2 = dist_iter_convolution(S2, self.m * self.n) self.cache_dist_1 = (S1, S2) return self.cache_dist_1
def one_shot_sllskn19(self): if self.cache_dist_4 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.rc2) cm = dist_cartesian_product(c,c) x = self.m//2 while self.m > 1: cm = dist_cartesian_product(cm,cm) x //= 2 cmsum = dist_negacyclic_sum(cm) W = dist_vector_dot(cm,cmsum) D1 = dist_iter_convolution(W, 2*self.n//self.m, ignore_below=NEWHOPE_APPROX_ZERO) D2 = dist_convolution(c, r) D2 = dist_iter_convolution(D2, self.m, ignore_below=NEWHOPE_APPROX_ZERO) D = dist_convolution(D1,D2) self.cache_dist_4 = D return self.cache_dist_4
def query_l2_distribution(self): # c1 = <e1A + e2>_{q -> r1} # e1 is cbd # e2 is cbd + r1 rounding if self.r0 == self.r1: return self.secret_l2_distribution()[::-1] if self.cache_dist_2 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.r1) E1 = dist_square(c) E1 = dist_iter_convolution(E1, self.m * self.n) if self.k2: c2 = build_centered_binomial_dist(self.k2) else: c2 = c E2 = dist_convolution(c2, r) E2 = dist_square(E2) E2 = dist_iter_convolution(E2, self.m * self.n) self.cache_dist_2 = (E1, E2) return self.cache_dist_2
def e3_distribution(self): c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.rc2) D = dist_convolution(c, r) D = dist_iter_convolution(D, self.m, ignore_below=NEWHOPE_APPROX_ZERO) return D
def e3_distribution(self): return build_artifact_dist(self.q, self.T)