def find_opt_distr(sigma, samples, ubits, cost_cl, cost_pq, cost_pp):
"""Finds an optimal distribution approximating rounded continuous Gaussian.
Args:
sigma: The standard deviation of the target (rounded) Gaussian.
samples: The total number of samples drawn by both parties combined.
ubits: The bound on the number of uniform bits required for sampling.
cost_cl, cost_pq, cost_pp: Estimated costs of the rounded Gaussian.
Returns:
Four-tuple consisting of the distribution and the cost triplet.
"""
cost_cl_opt, d, _ = approximate_dgauss(sigma,
samples,
cost_cl,
None,
ubits,
quiet=True)
sym_d = pdf_product(d, {+1: .5, -1: .5})
dg = dgauss(sigma)
_, cost_pq_opt = opt_renyi_bound(-cost_pq * log(2), sym_d, dg, samples)
_, cost_pp_opt = opt_renyi_bound(-cost_pp * log(2), sym_d, dg, samples)
return [sym_d, cost_cl_opt, -cost_pq_opt / log(2), -cost_pp_opt / log(2)]
def main():
# in our work, m = 2^B
parameters = [
{'name': 'Recommend', 'D': 'D_3', 'sigma': sqrt(1.30), 'n': 712, 'q': 14, 'g': 2**8,'B': 4, 'bits': 16, 'base': 138, 'cut': 2},
{'name': 'Recommend-enc', 'D': 'D_3', 'sigma': sqrt(1.30), 'n': 712, 'q': 14, 'g': 2**8,'B': 4, 'bits': 16, 'base': 138, 'cut': 1},
]
for p in parameters:
nbar, mbar = 8, 8
samples = (nbar + mbar) * p['n'] + nbar * mbar
_, p['distr'], p['a'] = approximate_dgauss(p['sigma'], samples, p['base'], None, p['bits'], quiet=True)
print "### C Code ###"
for p in parameters:
suffix = p['D'].replace('_', '')
print distribution_to_C(p['distr'], suffix)
print
print "### TABLE distribution ###"
for p in parameters:
print distribution_to_TeX(p)
print
print "### TABLE 2 ###"
for p in parameters:
print parameters_to_TeX(p, nbar=8)
print
print "### TABLE 3 ###"
for p in parameters:
print security_to_TeX(p, nbar=8, print_sec=p['name'] != 'challenge'),
if p['name'] == 'paranoid':
print r"\bottomrule"
else:
print r"\midrule"
def main():
parameters = [
{
'name': 'paranoid',
'D': 'D_4',
'sigma': sqrt(1.75),
'n': 700,
'q': 12,
'B': 2,
'g': 2**10,
'bits': 16,
'base': 129,
'cut': 0
},
]
for p in parameters:
nbar, mbar = 16, 16
samples = (nbar + mbar) * p['n'] + nbar * mbar
_, p['distr'], p['a'] = approximate_dgauss(p['sigma'],
samples,
p['base'],
None,
p['bits'],
quiet=True)
print "### C Code ###"
for p in parameters:
suffix = p['D'].replace('_', '')
print distribution_to_C(p['distr'], suffix)
print
print "### TABLE 1 ###"
for p in parameters:
print distribution_to_TeX(p)
print
print "### TABLE 2 ###"
for p in parameters:
print parameters_to_TeX(p, nbar=16)
print
print "### TABLE 3 ###"
for p in parameters:
print security_to_TeX(p, nbar=16, print_sec=p['name'] != 'challenge'),
if p['name'] == 'paranoid':
print r"\bottomrule"
else:
print r"\midrule"
def approximate_and_compute_failure_pr(qlog, n, sigma, m_bar, n_bar, agree_bits, w):
samples = 2 * (m_bar + n_bar) * n + m_bar * n_bar
_, d, a = approximate_dgauss(sigma, samples, 149, None, 16, quiet=True)
sym_distr = pdf_product(d, {+1: .5, -1: .5})
return exact_failure_prob_pke(sym_distr, 2 ** qlog, n, w, agree_bits)
def main():
parameters = [
{
'name': 'challenge',
'D': 'D_1',
'sigma': sqrt(1.25),
'n': 352,
'q': 11,
'B': 1,
'bits': 8,
'base': 85
},
{
'name': 'classical',
'D': 'D_2',
'sigma': sqrt(1.00),
'n': 592,
'q': 12,
'B': 2,
'bits': 12,
'base': 137
},
{
'name': 'recommended',
'D': 'D_3',
'sigma': sqrt(1.75),
'n': 752,
'q': 15,
'B': 4,
'bits': 12,
'base': 138
},
{
'name': 'paranoid',
'D': 'D_4',
'sigma': sqrt(1.75),
'n': 864,
'q': 15,
'B': 4,
'bits': 16,
'base': 129
},
]
for p in parameters:
nbar, mbar = 8, 8
samples = (nbar + mbar) * p['n'] + nbar * mbar
_, p['distr'], p['a'] = approximate_dgauss(p['sigma'],
samples,
p['base'],
None,
p['bits'],
quiet=True)
print "### C Code ###"
for p in parameters:
suffix = p['D'].replace('_', '')
print distribution_to_C(p['distr'], suffix)
print
print "### TABLE 1 ###"
for p in parameters:
print distribution_to_TeX(p)
print
print "### TABLE 2 ###"
for p in parameters:
print parameters_to_TeX(p, nbar=8)
print
print "### TABLE 3 ###"
for p in parameters:
print security_to_TeX(p, nbar=8, print_sec=p['name'] != 'challenge'),
if p['name'] == 'paranoid':
print r"\bottomrule"
else:
print r"\midrule"
def main():
# pyformat: disable
parameters = [
{
'name': 'Frodo-640',
'sigma': 2.8,
'n': 640,
'm_bar': 8,
'n_bar': 8,
'q': 15,
'B': 2,
'key_len': 128,
'rand_bits': 16,
'sec_base': 105
},
{
'name': 'Frodo-976',
'sigma': 2.3,
'n': 976,
'm_bar': 8,
'n_bar': 8,
'q': 16,
'B': 3,
'key_len': 192,
'rand_bits': 16,
'sec_base': 151
},
{
'name': 'Frodo-1344',
'sigma': 1.4,
'n': 1344,
'm_bar': 8,
'n_bar': 8,
'q': 16,
'B': 4,
'key_len': 256,
'rand_bits': 16,
'sec_base': 195
},
]
# pyformat: enable
for p in parameters:
if p['rand_bits'] is not None:
samples = (p['n_bar'] +
p['m_bar']) * p['n'] + p['n_bar'] * p['m_bar']
_, p['distr'], p['a'] = approximate_dgauss(p['sigma'],
samples,
p['sec_base'],
None,
p['rand_bits'],
quiet=True)
else:
gauss_dist = cutoff_tails(dgauss(p['sigma']), 2**-16)
p['distr'], p['a'] = gauss_dist, float('inf')
print('### DISTRIBUTION TO PYTHON ###')
for p in parameters:
print('sigma = {:.2f}: {}'.format(p['sigma'],
distribution_to_python(p)))
print()
print('### C Code ###')
for p in parameters:
print(distribution_to_c(p['distr']))
print()
print('### TABLE 1 ###')
for p in parameters:
print(parameters_to_tex(p))
print()
print('### TABLE 2 ###')
for p in parameters:
print(distribution_to_tex(p))
print()
print('### TABLE 4 ###')
for p in parameters:
print(print_sizes(p, 'Frodo', kem=True))
# print(r'\midrule')
# for p in parameters:
# print(print_sizes(p, 'Frodo', kem=False))
print()
print('### PARAMETERS FOR CRYPTANALYIS ###')
for p in parameters:
print(security_to_tex(p), end='')
if p['key_len'] == 256:
print(r'\bottomrule')
else:
print(r'\midrule')
