def one_shot_distribution(self): if self.cache_dist_3 is None: t = {-1: 1 / 3, 0: 1 / 3, 1: 1 / 3} Dfm = dist_iter_convolution(t, self.wt) if self.improper: Dfm = dist_scale(Dfm, 3) t = {-3: 1 / 2, 3: 1 / 2} Dgr = dist_iter_convolution(t, self.wt) self.cache_dist_3 = dist_convolution(Dfm, Dgr) return self.cache_dist_3
def one_shot_s_quantile(self, lgu): t = {0: 1 / 3, 1: 2 / 3} D = dist_iter_convolution(t, self.n - 1) pnz = expectation(top_quantile(D, 2**(lgu / 2))) / (self.n - 1) t = {-1: pnz / 2, 0: 1 - pnz, 1: pnz / 2} Dfm = dist_iter_convolution(t, self.n - 1) Dgr = dist_scale(Dfm, 3) if self.improper: Dfm = dist_scale(Dfm, 3) return dist_convolution(Dfm, Dgr)
def secret_l2_distribution(self): if self.cache_dist_1 is None: # b = <A*s2>_{q->p}. # s1 is rounding noise r = build_artifact_dist(self.q, self.p) S1 = dist_square(r) S1 = dist_iter_convolution(S1, self.m * self.n) # s2 is centered binomial c = build_centered_binomial_dist(self.k) S2 = dist_square(c) S2 = dist_iter_convolution(S2, self.m * self.n) self.cache_dist_1 = (S1, S2) return self.cache_dist_1
def one_shot_distribution(self): if self.cache_dist_2 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.rc2) D1 = dist_product(c, c) D1 = dist_iter_convolution(D1, 2*self.n, ignore_below=NEWHOPE_APPROX_ZERO) D1 = dist_scale_newhope(D1, self.a) D1 = dist_absolute(D1) D2 = dist_convolution(c, r) D2 = dist_iter_convolution(D2, self.m, ignore_below=NEWHOPE_APPROX_ZERO) D2 = dist_absolute(D2) D = dist_convolution(D1,D2) self.cache_dist_2 = D return self.cache_dist_2
def secret_l2_distribution(self): # b = <s1 - A*s2>_{q -> r0} # s1 is cbd + r0 rounding # s2 is cbd if self.cache_dist_1 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.r0) S1 = dist_convolution(c, r) S1 = dist_square(S1) S1 = dist_iter_convolution(S1, self.m * self.n) S2 = dist_square(c) S2 = dist_iter_convolution(S2, self.m * self.n) self.cache_dist_1 = (S1, S2) return self.cache_dist_1
def query_l2_distribution(self): if self.cache_dist_3 is None: c = build_centered_binomial_dist(self.k) D = dist_square(c) D = dist_iter_convolution(D, self.n, ignore_below=NEWHOPE_APPROX_ZERO) self.cache_dist_3 = (D, D) return self.cache_dist_3
def secret_l2_distribution(self): if self.cache_dist_1 is None: coeff = dist_frodo(self.n) D = dist_square(coeff) D = dist_iter_convolution(D, self.n) self.cache_dist_1 = (D, D) return self.cache_dist_1
def one_shot_sllskn19(self): if self.cache_dist_4 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.rc2) cm = dist_cartesian_product(c,c) x = self.m//2 while self.m > 1: cm = dist_cartesian_product(cm,cm) x //= 2 cmsum = dist_negacyclic_sum(cm) W = dist_vector_dot(cm,cmsum) D1 = dist_iter_convolution(W, 2*self.n//self.m, ignore_below=NEWHOPE_APPROX_ZERO) D2 = dist_convolution(c, r) D2 = dist_iter_convolution(D2, self.m, ignore_below=NEWHOPE_APPROX_ZERO) D = dist_convolution(D1,D2) self.cache_dist_4 = D return self.cache_dist_4
def one_shot_distribution(self): if self.cache_dist_2 is None: s = dist_frodo(self.n) D = dist_product(s, s) D = dist_iter_convolution(D, 2 * self.n) D = dist_convolution(D, s) self.cache_dist_2 = D return self.cache_dist_2
def secret_l2_distribution(self): if self.cache_dist_1 is None: D1 = build_artifact_dist(self.q, self.p) D1 = dist_square(D1) D1 = dist_iter_convolution(D1, self.n) D2 = {self.h: 1.0} self.cache_dist_1 = (D1, D2) return self.cache_dist_1
def one_shot_distribution(self): if self.cache_dist_2 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.p) cr = dist_product(c, r) D = dist_iter_convolution(cr, 2 * self.m * self.n) D = dist_convolution(D, self.e3_distribution()) self.cache_dist_2 = D return self.cache_dist_2
def secret_l2_distribution(self): if self.cache_dist_1 is None: t = {0: 1 / 3, 1: 2 / 3} Df = dist_iter_convolution(t, self.n - 1) if self.improper: Df = dist_scale(Df, 9) Dg = {9 * self.wt: 1} self.cache_dist_1 = (Df, Dg) return self.cache_dist_1
def one_shot_distribution(self): if self.cache_dist_2 is None: c = {1: 0.5, -1: 0.5} r1 = build_artifact_dist(self.q, self.p) r2 = build_artifact_dist(self.q, self.t) D = dist_convolution(c, r1) D = dist_iter_convolution(D, 4 * self.h) D = dist_convolution(D, r2) self.cache_dist_2 = D return self.cache_dist_2
def query_l2_distribution(self): # c1 = <e1A + e2>_{q -> r1} # e1 is cbd # e2 is cbd + r1 rounding if self.r0 == self.r1: return self.secret_l2_distribution()[::-1] if self.cache_dist_2 is None: c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.r1) E1 = dist_square(c) E1 = dist_iter_convolution(E1, self.m * self.n) if self.k2: c2 = build_centered_binomial_dist(self.k2) else: c2 = c E2 = dist_convolution(c2, r) E2 = dist_square(E2) E2 = dist_iter_convolution(E2, self.m * self.n) self.cache_dist_2 = (E1, E2) return self.cache_dist_2
def one_shot_distribution(self): if self.cache_dist_3 is None: k1 = build_centered_binomial_dist(self.k) k2 = build_centered_binomial_dist(self.k2 if self.k2 else self.k) r0 = build_artifact_dist(self.q, self.r0) r1 = build_artifact_dist(self.q, self.r1) r2 = build_artifact_dist(self.q, self.r2) k1Pr0 = dist_convolution(k1, r0) k2Pr1 = dist_convolution(k2, r1) k2Pr2 = dist_convolution(k2, r2) D1 = dist_product(k1, k1Pr0) D2 = dist_product(k1, k2Pr1) D = dist_convolution(D1, D2) D = dist_iter_convolution(D, self.m * self.n) D = dist_convolution(D, k2Pr2) self.cache_dist_3 = D return self.cache_dist_3
def e3_distribution(self): c = build_centered_binomial_dist(self.k) r = build_artifact_dist(self.q, self.rc2) D = dist_convolution(c, r) D = dist_iter_convolution(D, self.m, ignore_below=NEWHOPE_APPROX_ZERO) return D