def gs_norm(f, g, q):
"""Compute the squared Gram-Schmidt norm of the NTRU matrix generated by f, g.
This matrix is [[g, - f], [G, - F]].
This algorithm is equivalent to line 9 of algorithm 5 (NTRUGen).
"""
sqnorm_fg = sqnorm([f, g])
ffgg = add(mul(f, adj(f)), mul(g, adj(g)))
Ft = div(adj(g), ffgg)
Gt = div(adj(f), ffgg)
sqnorm_FG = (q**2) * sqnorm([Ft, Gt])
return max(sqnorm_fg, sqnorm_FG)
def test_ffnp(d, m, iterations):
"""Test ffnp.
This functions check that:
1. the two versions (coefficient and FFT embeddings) of ffnp are consistent
2. ffnp output lattice vectors close to the targets.
"""
q = q_12289
A, B, inv_B, sqr_gsnorm = module_ntru_gen(d, q, m)
G0 = gram(B)
G0_fft = [[fft(elt) for elt in row] for row in G0]
T = ffldl(G0)
T_fft = ffldl_fft(G0_fft)
th_bound = (m + 1) * d * sqr_gsnorm / 4.
mn = 0
for i in range(iterations):
t = [[random() for coef in range(d)] for poly in range(m + 1)]
t_fft = [fft(elt) for elt in t]
z = ffnp(t, T)
z_fft = ffnp_fft(t_fft, T_fft)
zb = [ifft(elt) for elt in z_fft]
zb = [[round(coef) for coef in elt] for elt in zb]
if z != zb:
print("ffnp and ffnp_fft are not consistent")
return False
diff = [sub(t[i], z[i]) for i in range(m + 1)]
diffB = vecmatmul(diff, B)
norm_zmc = int(round(sqnorm(diffB)))
mn = max(mn, norm_zmc)
if mn > th_bound:
print("z = {z}".format(z=z))
print("t = {t}".format(t=t))
print("mn = {mn}".format(mn=mn))
print("th_bound = {th_bound}".format(th_bound=th_bound))
print("sqr_gsnorm = {sqr_gsnorm}".format(sqr_gsnorm=sqr_gsnorm))
print("Warning: the algorithm outputs vectors longer than expected")
return False
else:
return True
def test_ffnp(n, iterations):
"""Test ffnp.
This functions check that:
1. the two versions (coefficient and FFT embeddings) of ffnp are consistent
2. ffnp output lattice vectors close to the targets.
"""
f = sign_KAT[n][0]["f"]
g = sign_KAT[n][0]["g"]
F = sign_KAT[n][0]["F"]
G = sign_KAT[n][0]["G"]
B = [[g, neg(f)], [G, neg(F)]]
G0 = gram(B)
G0_fft = [[fft(elt) for elt in row] for row in G0]
T = ffldl(G0)
T_fft = ffldl_fft(G0_fft)
sqgsnorm = gs_norm(f, g, q)
m = 0
for i in range(iterations):
t = [[random() for i in range(n)], [random() for i in range(n)]]
t_fft = [fft(elt) for elt in t]
z = ffnp(t, T)
z_fft = ffnp_fft(t_fft, T_fft)
zb = [ifft(elt) for elt in z_fft]
zb = [[round(coef) for coef in elt] for elt in zb]
if z != zb:
print("ffnp and ffnp_fft are not consistent")
return False
diff = [sub(t[0], z[0]), sub(t[1], z[1])]
diffB = vecmatmul(diff, B)
norm_zmc = int(round(sqnorm(diffB)))
m = max(m, norm_zmc)
th_bound = (n / 4.) * sqgsnorm
if m > th_bound:
print("Warning: ffnp does not output vectors as short as expected")
return False
else:
return True