def test_bkz_gram_bkz_coherence():
"""
Test if BKZ is coherent if it is given a matrix A or its associated
Gram matrix A*A^T
We should have Gram(BKZ_basis(A)) = BKZ_Gram(Gram(A)).
"""
for m, n in dimensions:
if m < 2 or n < 2:
continue
for float_type in float_types:
A = make_integer_matrix(m, n)
G = tools.compute_gram(A)
GSO_A = GSO.Mat(A, float_type=float_type)
GSO_G = GSO.Mat(G, float_type=float_type, gram=True)
lll_obj_a = LLL.Reduction(GSO_A)
lll_obj_g = LLL.Reduction(GSO_G)
param = BKZ.Param(block_size=min(m, 40), strategies=BKZ.DEFAULT_STRATEGY)
bkz_a = BKZ.Reduction(GSO_A, lll_obj_a, param)
bkz_g = BKZ.Reduction(GSO_G, lll_obj_g, param)
bkz_a()
bkz_g()
G_updated = tools.compute_gram(A)
for i in range(m):
for j in range(i + 1):
assert G_updated[i, j] == G[i, j]
def test_lll_gram_lll_coherence():
"""
Test if LLL is coherent if it is given a matrix A or its associated
Gram matrix A*A^T
We should have Gram(LLL_basis(A)) = LLL_Gram(Gram(A)).
"""
for m, n in dimensions:
for int_type in int_types:
A = make_integer_matrix(m, n)
G = tools.compute_gram(A)
for float_type in float_types:
M_A = GSO.Mat(A, float_type=float_type, gram=False)
lll_A = LLL.Reduction(M_A)
M_G = GSO.Mat(G, float_type=float_type, gram=True)
lll_G = LLL.Reduction(M_G)
# A modified in place
lll_A()
# G modified in place
lll_G()
G_updated = tools.compute_gram(A)
if (m, n) == (0, 0):
continue
for i in range(m):
for j in range(i + 1):
assert G_updated[i, j] == G[i, j]
def test_multisol():
A = make_integer_matrix()
m = GSO.Mat(A)
lll_obj = LLL.Reduction(m)
lll_obj()
solutions = []
solutions = Enumeration(m, nr_solutions=200).enumerate(0, 27, 48.5, 0)
assert len(solutions) == 126 / 2
for _, sol in solutions:
sol = IntegerMatrix.from_iterable(1, A.nrows,
map(lambda x: int(round(x)), sol))
sol = tuple((sol * A)[0])
dist = sum([x**2 for x in sol])
assert dist == 48
solutions = []
solutions = Enumeration(m, nr_solutions=126 / 2).enumerate(0, 27, 100., 0)
assert len(solutions) == 126 / 2
for _, sol in solutions:
sol = IntegerMatrix.from_iterable(1, A.nrows,
map(lambda x: int(round(x)), sol))
sol = tuple((sol * A)[0])
dist = sum([x**2 for x in sol])
assert dist == 48
def __init__(self, A, tuners=None, recycle=True):
"""Construct a new instance of the BKZ algorithm.
:param A: an integer matrix, a GSO object or an LLL object
"""
self.recycle = recycle
if isinstance(A, LLL.Reduction):
L, M, B = A, A.M, A.M.B
elif isinstance(A, GSO.Mat):
L, M, B = None, A, A.B
elif isinstance(A, IntegerMatrix):
L, M, B = None, None, A
else:
raise TypeError(
"type of A must be in {IntegerMatrix, GSO.Mat, LLL.Reduction}, but got type '%s'"
% type(A))
if M is None and L is None:
wrapper = LLL.Wrapper(B)
wrapper()
if M is None:
M = GSO.Mat(B, flags=GSO.ROW_EXPO)
if L is None:
L = LLL.Reduction(M, flags=LLL.DEFAULT)
self.lll_obj, self.M, self.A = L, M, B
self.lll_obj()
if tuners is None:
self.tuners = [Tuner(b) for b in range(YOLO_MAX_BLOCK_SIZE)]
else:
self.tuners = tuners
self.tracer = BKZTreeTracer(self, verbosity=True)
def solve_hnp(samples):
d = len(samples)
q = order
B = IntegerMatrix(d + 2, d + 2)
for i in range(d):
t, u, v = samples[i]
scale = q / v
B[i, i] = q * scale
B[d, i] = t * scale
B[d + 1, i] = u * scale
B[d, d] = 1
B[d + 1, d + 1] = q
M = GSO.Mat(B)
L_red = LLL.Reduction(M)
bkzparam = BKZ.Param(block_size=20)
B_red = BKZ.Reduction(M, L_red, bkzparam)
B_red()
if B[1, d + 1] > 0:
x = -1 * B[1, d]
else:
x = B[1, d]
if x < 0:
x += q
private_value = 834818473318008049647448379209460658614088501345180055220225408308906924726
print x == private_value
priv = ec.derive_private_key(x, pub.curve, OSSL)
original = ec.derive_private_key(private_value, pub.curve, OSSL)
return priv, original
def test_lll_init():
for m, n in dimensions:
A = make_integer_matrix(m, n)
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
lll = LLL.Reduction(M)
del lll
def __init__(self, A):
"""Construct a new instance of the BKZ algorithm.
:param A: an integer matrix, a GSO object or an LLL object
"""
if isinstance(A, GSO.Mat):
L = None
M = A
A = M.B
elif isinstance(A, LLL.Reduction):
L = A
M = L.M
A = M.B
elif isinstance(A, IntegerMatrix):
L = None
M = None
A = A
else:
raise TypeError("Matrix must be IntegerMatrix but got type '%s'"%type(A))
if M is None and L is None:
# run LLL first, but only if a matrix was passed
wrapper = LLL.Wrapper(A)
wrapper()
self.A = A
if M is None:
self.M = GSO.Mat(A, flags=GSO.ROW_EXPO)
else:
self.M = M
if L is None:
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
else:
self.lll_obj = L
def main_cleanbkz_mpi_master(filename, bs, cores):
try:
with open(filename, "rb") as f:
mat = pickle.load(f)
#print "len(mat)", len(mat)
#if (len(mat) > 1):
# mat = mat[0]
if isinstance(mat, IntegerMatrix):
Ainput = mat
else:
Ainput = IntegerMatrix.from_matrix(mat)
except:
Ainput = IntegerMatrix.from_file(filename)
Ainput_M = GSO.Mat(Ainput, float_type='double')
Ainput_M.update_gso()
r = [Ainput_M.get_r(i, i) for i in range(0, Ainput.nrows)]
L_Ainput_M = LLL.Reduction(Ainput_M)
L_Ainput_M()
print r
A = IntegerMatrix.from_matrix(L_Ainput_M.M.B, int_type="long")
cleanbkz_mpi = CLEANBKZ_MPI(A, cores)
#cleanbkz_mpi = BKZ2(A)
cleanbkz_mpi.lll_obj()
cleanbkz_mpi.M.update_gso()
r = [
log(cleanbkz_mpi.M.get_r(i, i)) for i in range(0, cleanbkz_mpi.A.nrows)
]
print "# starting r "
print r
params = BKZ.Param(
block_size=bs,
max_loops=5000,
min_success_probability=.01,
flags=BKZ.BOUNDED_LLL, #|BKZ.DUMP_GSO,
dump_gso_filename="gso_output.file",
strategies="default.json")
cleanbkz_mpi(params=params, min_row=0)
#print "# done. found sv", cleanbkz_mpi.M.B[0]
# done send last end signal
for i in range(1, size):
comm.send(1, i, tag=999) # *** changed to send
cleanbkz_mpi.M.update_gso()
r2 = [
log(cleanbkz_mpi.M.get_r(i, i)) for i in range(0, cleanbkz_mpi.A.nrows)
]
print cleanbkz_mpi.A[0]
print "# ending r"
print r2
return
def test_bkz_init():
for m, n in dimensions:
A = make_integer_matrix(m, n)
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
lll_obj = LLL.Reduction(M)
param = BKZ.Param(block_size=3, strategies=BKZ.DEFAULT_STRATEGY)
bkz = BKZ.Reduction(M, lll_obj, param)
del bkz
def __call__(self, params, min_row=0, max_row=-1):
"""Run the BKZ algorithm with parameters `param`.
:param params: BKZ parameters
:param min_row: start processing in this row
:param max_row: stop processing in this row (exclusive)
"""
self.ith_block = 0
tracer = BKZTreeTracer(self, verbosity=params.bkz_param.flags & BKZ.VERBOSE, start_clocks=True)
self.params = params
self.lll_objs = 20*[None]
for i in range(20):
eta = etas[i]
self.lll_objs[i] = LLL.Reduction(self.M, flags=LLL.DEFAULT, eta=eta)
cputime_start = time.clock()
self.M.discover_all_rows()
with tracer.context("lll"):
for i in range(20):
self.lll_objs[i]()
if params.rampup:
with tracer.context("rampup", -1):
self.preprocessing(params.bkz_param.block_size, min_row, max_row, start=10, step=1, tracer=tracer)
i = 0
self.ith_tour = 0
while True:
with tracer.context("tour", i):
self.ith_block = 0
self.ith_tour += 1
clean = self.tour(params.bkz_param, min_row, max_row, tracer=tracer, top_level=True)
print "proba %.4f" % self.tuners[params.bkz_param.block_size].proba
# for x in sorted(self.tuners[params.bkz_param.block_size].data.keys()):
# try:
# print x, "\t %d \t %.2f " % (self.tuners[params.bkz_param.block_size].counts[x], self.tuners[params.bkz_param.block_size].data[x])
# except:
# pass
print
i += 1
if (not clean) or params.bkz_param.block_size >= self.A.nrows:
break
if (params.bkz_param.flags & BKZ.AUTO_ABORT) and auto_abort.test_abort():
break
if (params.bkz_param.flags & BKZ.MAX_LOOPS) and i >= params.bkz_param.max_loops:
break
if (params.bkz_param.flags & BKZ.MAX_TIME) and time.clock() - cputime_start >= params.bkz_param.max_time:
break
self.trace = tracer.trace
return clean
def iterated_sub_sieve(A, goal):
n = A.nrows
M = GSO.Mat(A)
lll = LLL.Reduction(M)
lll()
n = M.d
d = n / 4
while M.get_r(0, 0) > goal:
sub_sieve_plus(lll, d)
d -= 1
return d + 1
def main_pruning(filename, bs, cores):
try:
with open(filename, "rb") as f:
mat = pickle.load(f)
#print "len(mat)", len(mat)
#if (len(mat) > 1):
# mat = mat[0]
if isinstance(mat, IntegerMatrix):
Ainput = mat
else:
Ainput = IntegerMatrix.from_matrix(mat)
except:
Ainput = IntegerMatrix.from_file(filename)
Ainput_M = GSO.Mat(Ainput, float_type='double')
Ainput_M.update_gso()
r = [Ainput_M.get_r(i, i) for i in range(0, Ainput.nrows)]
L_Ainput_M = LLL.Reduction(Ainput_M)
L_Ainput_M()
#print r
A = IntegerMatrix.from_matrix(L_Ainput_M.M.B, int_type="long")
M = GSO.Mat(A, float_type="double")
bkzobj = BKZ2(M)
bkzobj.M.update_gso()
block_size = bs
r = [M.get_r(i, i) for i in range(0, block_size)]
radius = r[0] * 0.99
preproc_cost = 5000**(rank + 1)
pr0 = Pruning.run(radius,
NPS[block_size] * preproc_cost, [r],
0.1,
metric="probability",
float_type="double",
flags=Pruning.GRADIENT | Pruning.NELDER_MEAD)
print pr0.coefficients
"""
pruning = prune(radius, NPS[block_size] * preproc_cost, [r], 0.01,
metric="probability", float_type="double",
flags=Pruning.GRADIENT|Pruning.NELDER_MEAD)
cost = sum(pruning.detailed_cost) / NPS[block_size]
print "# [rank %d] cost %.1f, precost %.1f " % (rank, cost, preproc_cost)
"""
pr0_linear = pr0.LinearPruningParams(block_size, block_size - 2)
print pr0_linear.coefficients
return
def test_lll_lll():
for m, n in dimensions:
A = make_integer_matrix(m, n)
b00 = []
for float_type in float_types:
B = copy(A)
M = GSO.Mat(B, float_type=float_type)
lll = LLL.Reduction(M)
lll()
if (m, n) == (0, 0):
continue
b00.append(B[0, 0])
for i in range(1, len(b00)):
assert b00[0] == b00[i]
def test():
for n in ns:
print
print "++++ Dim ", n
A = make_integer_matrix(n)
M = GSO.Mat(A, flags=GSO.ROW_EXPO)
lll_obj = LLL.Reduction(M, flags=LLL.DEFAULT)
lll_obj()
t_start = time()
B = copy(A)
timer = Timer()
proudly_parrallel(3, yolo_hsvp, (n, B, 1.05**2))
print "time: %.1f sec" % (time() - t_start)
def test_bkz_bkz():
for m, n in dimensions:
if m < 2 or n < 2:
continue
A = make_integer_matrix(m, n)
b00 = []
for float_type in float_types:
B = copy(A)
M = GSO.Mat(B, float_type=float_type)
lll_obj = LLL.Reduction(M)
param = BKZ.Param(block_size=min(m, 40), strategies="default.json")
bkz = BKZ.Reduction(M, lll_obj, param)
bkz()
b00.append(B[0, 0])
for i in range(1, len(b00)):
assert b00[0] == b00[i]
def __init__(self, A):
"""Construct a new BKZ reduction instance.
:param A: Integer matrix to reduce.
"""
if not isinstance(A, IntegerMatrix):
raise TypeError("Matrix must be IntegerMatrix but got type '%s'" %
type(A))
# run LLL first
wrapper = LLL.Wrapper(A)
wrapper()
self.A = A
self.m = GSO.Mat(A, flags=GSO.ROW_EXPO)
self.lll_obj = LLL.Reduction(self.m)
def compare():
tuners = [Tuner(b) for b in range(100)]
recycled_tuners = [Tuner(b) for b in range(100)]
A = make_integer_matrix(n)
M = GSO.Mat(A, flags=GSO.ROW_EXPO)
lll_obj = LLL.Reduction(M, flags=LLL.DEFAULT)
lll_obj()
for n in ns:
params = fplll_bkz.Param(block_size=bs,
max_loops=tours,
flags=fplll_bkz.VERBOSE | fplll_bkz.GH_BND,
strategies="default.json")
print
print "======"
print "dim ", n
print "======"
# print
# print "yoloBKZ"
# B = copy(A)
# YoloBKZ(B, tuners=tuners, recycle=False)(b=bs, tours=tours)
print
print "Recycled yoloBKZ"
# B = copy(A)
# YoloBKZ(B, tuners=recycled_tuners)(b=bs, tours=1)
# print
# print "Restart"
# print
B = copy(A)
timer = Timer()
YoloBKZ(B, tuners=recycled_tuners)(b=bs, tours=tours)
print "Total: %.3f" % timer.elapsed()
def __call__(self, solver=None, flavor="plain", worst_case=False, sample=True, **kwds):
"""
Solve the HNP instance.
:param solver: a uSVP with predicate solver or ``None`` for letting ``usvp_pred_solve`` decide.
:param sample: if ``True`` a fresh basis is sampled
:param worst_case: if ``True`` the target norm is chosen to match the maximum of the target, this will be slow.
"""
if sample:
self.M = self.gen_lattice()
tau = max([2 ** (klen - 1) for klen in self.klen_list])
def predicate(v, standard_basis=True):
G_powers, A0, A1 = self._data_for_test()
w = 2 ** (self.klen_list[0] - 1)
f = Integer((2 ** (max(self.klen_list) - 1)) / w)
if standard_basis:
nz = v[-1]
else:
nz = sum(round(v[i]) * A1[i] for i in range(len(A1))) # the last coefficient must be non-zero
if abs(nz) != tau:
return False
if standard_basis:
kG = G_powers[v[0] // f]
else:
kG = sum(round(v[i]) * G_powers[A0[i]] for i in range(len(A0)))
r = self.r_list[0]
if (kG + G_powers[w]).xy()[0] == r:
return True
elif (-kG + G_powers[w]).xy()[0] == r:
return True
else:
return False
def invalidate_cache():
self._data_for_test.clear_cache()
if worst_case:
target_norm = self.mvf(self.m, max(self.klen_list), prec=self.ecdsa.nbits // 2)
else:
target_norm = self.evf(self.m, max(self.klen_list), prec=self.ecdsa.nbits // 2)
LLL.Reduction(self.M)()
invalidate_cache()
res = flavors[flavor](
self.M,
predicate,
squared_target_norm=target_norm ** 2,
invalidate_cache=invalidate_cache,
threads=self.threads,
solver=solver,
**kwds
)
if res.success:
key = self.recover_key(res.solution)
else:
key = False
return key, res
def svp_reduction_mpi(self,
kappa,
block_size,
params,
tracer=dummy_tracer):
# time
start_time = time()
# max preprocessing block size
bs_diff = BS_DIFF
bs_max = block_size - bs_diff
# set goal
self.M.update_gso()
# current vector
#kappa_length = self.M.get_r(kappa, kappa) * self.lll_obj.delta
kappa_length = self.M.get_r(kappa, kappa)
# gh length
r = [self.M.get_r(i, i) for i in range(kappa, kappa + block_size)]
#gh_length = gaussian_heuristic(r) * params.gh_factor
gh_length = gaussian_heuristic(r) * 1.1
goal = gh_length
if (kappa_length <= goal):
if (rank == 0 and block_size >= BOUND_SINGLE):
print "# [rank %d] kappa = %d bs = %d, goal = %d, r = %d (already achieved -- pass)" % \
(rank, kappa, block_size, goal, r[0])
print "gh_factor: ", params.gh_factor
return 1
"""
goal = (goal + kappa_length) / 2
if (goal < r[0] * 0.95):
goal = r[0] * 0.95
"""
# info
#"""
if (rank == 0 and block_size >= BOUND_SINGLE):
print "# [rank %d] kappa = %d bs = %d, goal = %d, r = %d" % \
(rank, kappa, block_size, goal, r[0])
#"""
# set matrices
n = self.A.nrows
trials = self.ncores * [0]
As = self.ncores * [None]
POOL_SIZE = 8 * self.ncores
POOL_COPIES = 1 + self.ncores / 4
# randomization matrices
for i in range(self.ncores):
As[i] = self.copy_to_IntegerMatrix_long(self.A)
M = GSO.Mat(As[i], float_type=TYPE)
bkz = BKZ2_SUB(M)
bkz.randomize_block(kappa,
kappa + block_size,
density=block_size / 3)
del bkz
del M
# setup share pools
sv_pool = SVPool(POOL_SIZE, copies=POOL_COPIES)
sv_pool.data = []
workers = self.ncores * [None]
over = False
#print "####################################################"
#print "### Process", rank, " starts cores ", self.ncores
# list of queues
list_queue = [Queue() for i in xrange(self.ncores)]
fail_list = [0 for i in xrange(self.ncores)]
break_flag = [0 for i in xrange(self.ncores)]
terminated_by_other = 0
filenames = ["b" + str(n) + "_n" + str(rank) + \
"-c" + str(i) for i in xrange(self.ncores)]
while not over:
state = MPI.Status()
okay = comm.iprobe(source=MPI.ANY_SOURCE, tag=99, status=state)
if (okay):
node = state.Get_source()
data = comm.recv(source=node, tag=99)
#print "# [rank %d] receive exit signal from rank %d " % (rank, node)
if (data == 1):
terminated_by_other = 1
self.A = As[0] # need improve
self.M = GSO.Mat(self.A, float_type=TYPE)
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
for i in range(self.ncores):
self.insert_in_IntegerMatrix(self.A, As[i][kappa],
kappa, block_size)
break
sleep(0.01)
for i in range(self.ncores):
if workers[i] is None:
v = sv_pool.pop()
if v is not None:
self.insert_in_IntegerMatrix(As[i], v, kappa,
block_size)
bsi = bs_max - 30
bsi += min(20, 2 *
trials[i]) # about 10 trials to go up to bs_max
bsi -= random.randint(0, 3)
norm = self.M.get_r(kappa, kappa)
pickle.dump((As[i], norm, False), open(filenames[i], 'wb'))
# just use current bsi
if (fail_list[i] <= 0):
workers[i] = Process(
target=self.svp_reduction_mpi_trial,
args=(As[i], kappa, block_size, bsi, list_queue[i],
filenames[i]))
# increase blocksize bsi
elif (fail_list[i] > 0
and fail_list[i] <= THRESHOLD_LEVEL1):
bsi = min(bs_max, bsi + fail_list[i])
workers[i] = Process(
target=self.svp_reduction_mpi_trial,
args=(As[i], kappa, block_size, bsi, list_queue[i],
filenames[i]))
# stablize bsi; but rerandomization
elif (fail_list[i] <= THRESHOLD_LEVEL2):
M = GSO.Mat(As[i], float_type=TYPE)
bkz = BKZ2_SUB(M)
bkz.randomize_block(kappa,
kappa + block_size,
density=block_size / 3)
del bkz
del M
workers[i] = Process(
target=self.svp_reduction_mpi_trial,
args=(As[i], kappa, block_size, bsi, list_queue[i],
filenames[i]))
else:
workers[i] = Process(
target=self.svp_reduction_mpi_trial,
args=(As[i], kappa, block_size, bsi, list_queue[i],
filenames[i]))
break_flag[i] = True
# start woker
t = workers[i].start()
if (workers[i] is not None) and (not workers[i].is_alive()):
# get and insert
As[i], norm, success = pickle.load(open(
filenames[i], 'rb'))
"""
success = list_queue[i].get()
norm = list_queue[i].get()
j = 0
# buffer read for queue
while True:
if (j >= block_size):
break
try:
v = list_queue[i].get()
except Queue.Empty:
break
for k in range(As[i].ncols):
As[i][kappa+j, k] = v[k]
j += 1
#for j in xrange(THRESHOLD_SEND):
# self.insert_in_IntegerMatrix(As[i], mat[j], kappa, block_size)
"""
# break
if (break_flag[i]):
workers[i] = None
self.A = As[i]
self.M = GSO.Mat(self.A, float_type=TYPE)
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
over = True
break
# found smaller norm than goal
if norm < goal:
#print "# SVP-", n, "SOLUTION :", As[i][kappa]
#print "# [rank %d] found SVP-%d, norm %d < goal %d" % (rank,
# block_size, norm, goal)
self.A = As[i]
self.M = GSO.Mat(self.A, float_type=TYPE)
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
over = True
break
# found smaller norm but larger than goal
if (success):
sv_pool.push([x for x in As[i][kappa]], norm)
fail_list[i] = 0
else:
norm = 1e100
fail_list[i] += 1
# done update
workers[i] = None
trials[i] += 1
for w in [w for w in workers if w is not None]:
w.terminate()
# terminated by this process -- signal others MPI's to stop
if (terminated_by_other == 0):
for i in range(size):
if (i != rank):
comm.isend(1, i, tag=99)
# sending data to master node
self.M.update_gso()
if (rank != 0):
send_vec = []
#for i in range(block_size/10):
# send_vec.append(list(self.A[kappa+i]))
send_vec.append(list(self.A[kappa]))
# self.M.update_gso()
norm = self.M.get_r(kappa, kappa)
comm.isend(send_vec, dest=0, tag=11)
# master node receiving data
if (rank == 0):
num = 0
while (1):
if (num >= size - 1):
break
sleep(.01)
state = MPI.Status()
okay = comm.iprobe(source=MPI.ANY_SOURCE, tag=11, status=state)
if (okay):
num += 1
node = state.Get_source()
vectors = comm.recv(source=node, tag=11)
for i in range(len(vectors)):
self.insert_in_IntegerMatrix(self.A, vectors[i], kappa,
block_size)
self.M = GSO.Mat(self.A, float_type=TYPE)
self.M.update_gso()
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
norm = self.M.get_r(kappa, kappa)
# message
self.M.update_gso()
kappa_length = self.M.get_r(kappa, kappa)
if (rank == 0 and block_size >= BOUND_SINGLE):
print "# [rank %d] kappa %d, bs %d, r %d (gh %d), time %s, trials %s " % \
(rank, kappa, block_size, kappa_length, goal, time()-start_time, trials)
# check processes
while True:
sleep(.01)
some_alive = False
for w in [w for w in workers if w is not None]:
some_alive |= w.is_alive()
if not some_alive:
return 1
def svp_reduction_single(self,
kappa,
block_size,
params,
tracer=dummy_tracer):
"""
:param kappa:
:param block_size:
:param params:
:param tracer:
"""
print self.lll_obj.delta
verbose = 0
if (params.flags & BKZ.DUMP_GSO):
verbose = 1
if (verbose):
start_time = time()
self.M.update_gso()
r = [self.M.get_r(i, i) for i in range(kappa, kappa + block_size)]
gh_length = gaussian_heuristic(r)
kappa_length = self.M.get_r(kappa, kappa)
goal = min(kappa_length, gh_length)
self.lll_obj.size_reduction(0, kappa + 1)
old_first, old_first_expo = self.M.get_r_exp(kappa, kappa)
remaining_probability = 1.0
rerandomize = False
trials = 0
sub_solutions = block_size > SUBSOL_BLOCKSIZE
# copy old lattice
if (params.flags & BKZ.DUMP_GSO):
A_backup = self.copy_to_IntegerMatrix_long(self.A)
v_old = A_backup[kappa]
r_old = [
log(self.M.get_r(i, i))
for i in range(kappa, kappa + block_size)
]
# main loop
while remaining_probability > 1. - params.min_success_probability:
# 1. preprocessing
preproc_start = time()
with tracer.context("preprocessing"):
#self.M.update_gso()
self.svp_preprocessing(kappa,
block_size,
params,
trials,
tracer=tracer)
preproc_cost = time() - preproc_start
with tracer.context("pruner"):
target = 1 - ((1. - params.min_success_probability) /
remaining_probability)
radius, pruning = self.get_pruning(kappa, block_size, params,
target * 1.01, preproc_cost,
tracer)
# 2. enum
enum_obj = Enumeration(self.M, sub_solutions=sub_solutions)
try:
with tracer.context("enumeration",
enum_obj=enum_obj,
probability=pruning.expectation,
full=block_size == params.block_size):
max_dist, solution = enum_obj.enumerate(
kappa,
kappa + block_size,
radius,
0,
pruning=pruning.coefficients)[0]
# 3. post processing
with tracer.context("postprocessing"):
preproc_start = time(
) # Include post_processing time as the part of the next pre_processing
if not sub_solutions:
self.svp_postprocessing(kappa,
block_size,
solution,
tracer=tracer)
if sub_solutions:
self.insert_sub_solutions(
kappa, block_size,
enum_obj.sub_solutions[:1 + block_size / 4])
self.M.update_gso()
except EnumerationError:
preproc_start = time()
remaining_probability *= (1 - pruning.expectation)
trials += 1
# recover basis
if (params.flags & BKZ.DUMP_GSO):
r_new = [
self.M.get_r(i, i) for i in range(kappa, kappa + block_size)
]
current = self.copy_to_vector_long(self.A[kappa])
# update
self.copy_from_IntegerMatrix_long(A_backup)
self.M = GSO.Mat(self.A, float_type=TYPE)
self.M.update_gso()
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
self.insert_in_IntegerMatrix(self.A, current, kappa, block_size)
# update again for safe
self.M = GSO.Mat(self.A, float_type=TYPE)
self.M.update_gso()
self.M = GSO.Mat(self.A, float_type=TYPE)
self.M = GSO.Mat(self.A, float_type=TYPE)
self.M.update_gso()
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
if (not self.check_compare(A_backup, self.A, kappa, block_size)):
print "# error exit"
sys.exit(1)
self.M.update_gso()
new_first, new_first_expo = self.M.get_r_exp(kappa, kappa)
clean = old_first <= new_first * 2**(new_first_expo - old_first_expo)
if (params.flags & BKZ.DUMP_GSO):
global stat_update_gh
r_new = self.M.get_r(kappa, kappa)
r_newlog = [
log(self.M.get_r(i, i))
for i in range(kappa, kappa + block_size)
]
stat_update_gh[stat_tours - 1].append(
float(sqrt(r_new / gh_length)))
if (verbose):
if (rank == 0):
kappa_length = r_new
print "# [rank %d] kappa %d, bs %d, r %d (gh %d), time %s, trials %s " % \
(rank, kappa, block_size, kappa_length, goal, time()-start_time, trials)
det_n = float(sum(r_old) / block_size)
normalized_old = [(r_old[i] - det_n)
for i in range(0, block_size)]
normalized_new = [(r_newlog[i] - det_n)
for i in range(0, block_size)]
global stat_old_norm
global stat_new_norm
if (block_size == params.block_size):
for i in range(block_size):
stat_old_norm[i] = stat_old_norm[i] + normalized_old[i]
stat_new_norm[i] = stat_new_norm[i] + normalized_new[i]
return clean
def prepare(n):
A = IntegerMatrix.random(n, "qary", bits=n / 2, k=n / 2)
M = GSO.Mat(A)
L = LLL.Reduction(M)
L()
return M
#print(gpoly(1,0))
indrow = 0
A = IntegerMatrix(w, w)
for v in range(m + 1):
for u in range(e):
coeff_vector = gpoly(u, v)
#print(v,u,coeff_vector)
for icol in range(len(coeff_vector)):
A[indrow,
icol] = int(coeff_vector[len(coeff_vector) - icol - 1]) #.item()
indrow += 1
print(A)
FPLLL.set_precision(120)
M = GSO.Mat(A, float_type="mpfr")
M.update_gso()
print('before LLL:', A[0].norm(), M.get_r(0, 0))
L = LLL.Reduction(M, delta=0.9999, eta=0.5001)
L()
print('after LLL:', A[0].norm(), M.get_r(0, 0))
print(A[0])
A0rev = list(A[0])[::-1]
hpoly = np.poly1d(A0rev)
print('hpoly:', hpoly)
print('eval at 2 = ', np.polyval(hpoly, 2) % (N ^ 3))
print(hpoly.r)
