def one_shot_distribution(self):
if self.cache_dist_3 is None:
t = {-1: 1 / 3, 0: 1 / 3, 1: 1 / 3}
Dfm = dist_iter_convolution(t, self.wt)
if self.improper:
Dfm = dist_scale(Dfm, 3)
t = {-3: 1 / 2, 3: 1 / 2}
Dgr = dist_iter_convolution(t, self.wt)
self.cache_dist_3 = dist_convolution(Dfm, Dgr)
return self.cache_dist_3
def one_shot_s_quantile(self, lgu):
t = {0: 1 / 3, 1: 2 / 3}
D = dist_iter_convolution(t, self.n - 1)
pnz = expectation(top_quantile(D, 2**(lgu / 2))) / (self.n - 1)
t = {-1: pnz / 2, 0: 1 - pnz, 1: pnz / 2}
Dfm = dist_iter_convolution(t, self.n - 1)
Dgr = dist_scale(Dfm, 3)
if self.improper:
Dfm = dist_scale(Dfm, 3)
return dist_convolution(Dfm, Dgr)
def secret_l2_distribution(self):
if self.cache_dist_1 is None:
# b = <A*s2>_{q->p}.
# s1 is rounding noise
r = build_artifact_dist(self.q, self.p)
S1 = dist_square(r)
S1 = dist_iter_convolution(S1, self.m * self.n)
# s2 is centered binomial
c = build_centered_binomial_dist(self.k)
S2 = dist_square(c)
S2 = dist_iter_convolution(S2, self.m * self.n)
self.cache_dist_1 = (S1, S2)
return self.cache_dist_1
def one_shot_distribution(self):
if self.cache_dist_2 is None:
c = build_centered_binomial_dist(self.k)
r = build_artifact_dist(self.q, self.rc2)
D1 = dist_product(c, c)
D1 = dist_iter_convolution(D1, 2*self.n, ignore_below=NEWHOPE_APPROX_ZERO)
D1 = dist_scale_newhope(D1, self.a)
D1 = dist_absolute(D1)
D2 = dist_convolution(c, r)
D2 = dist_iter_convolution(D2, self.m, ignore_below=NEWHOPE_APPROX_ZERO)
D2 = dist_absolute(D2)
D = dist_convolution(D1,D2)
self.cache_dist_2 = D
return self.cache_dist_2
def secret_l2_distribution(self):
# b = <s1 - A*s2>_{q -> r0}
# s1 is cbd + r0 rounding
# s2 is cbd
if self.cache_dist_1 is None:
c = build_centered_binomial_dist(self.k)
r = build_artifact_dist(self.q, self.r0)
S1 = dist_convolution(c, r)
S1 = dist_square(S1)
S1 = dist_iter_convolution(S1, self.m * self.n)
S2 = dist_square(c)
S2 = dist_iter_convolution(S2, self.m * self.n)
self.cache_dist_1 = (S1, S2)
return self.cache_dist_1
def query_l2_distribution(self):
if self.cache_dist_3 is None:
c = build_centered_binomial_dist(self.k)
D = dist_square(c)
D = dist_iter_convolution(D, self.n, ignore_below=NEWHOPE_APPROX_ZERO)
self.cache_dist_3 = (D, D)
return self.cache_dist_3
def secret_l2_distribution(self):
if self.cache_dist_1 is None:
coeff = dist_frodo(self.n)
D = dist_square(coeff)
D = dist_iter_convolution(D, self.n)
self.cache_dist_1 = (D, D)
return self.cache_dist_1
def one_shot_sllskn19(self):
if self.cache_dist_4 is None:
c = build_centered_binomial_dist(self.k)
r = build_artifact_dist(self.q, self.rc2)
cm = dist_cartesian_product(c,c)
x = self.m//2
while self.m > 1:
cm = dist_cartesian_product(cm,cm)
x //= 2
cmsum = dist_negacyclic_sum(cm)
W = dist_vector_dot(cm,cmsum)
D1 = dist_iter_convolution(W, 2*self.n//self.m, ignore_below=NEWHOPE_APPROX_ZERO)
D2 = dist_convolution(c, r)
D2 = dist_iter_convolution(D2, self.m, ignore_below=NEWHOPE_APPROX_ZERO)
D = dist_convolution(D1,D2)
self.cache_dist_4 = D
return self.cache_dist_4
def one_shot_distribution(self):
if self.cache_dist_2 is None:
s = dist_frodo(self.n)
D = dist_product(s, s)
D = dist_iter_convolution(D, 2 * self.n)
D = dist_convolution(D, s)
self.cache_dist_2 = D
return self.cache_dist_2
def secret_l2_distribution(self):
if self.cache_dist_1 is None:
D1 = build_artifact_dist(self.q, self.p)
D1 = dist_square(D1)
D1 = dist_iter_convolution(D1, self.n)
D2 = {self.h: 1.0}
self.cache_dist_1 = (D1, D2)
return self.cache_dist_1
def one_shot_distribution(self):
if self.cache_dist_2 is None:
c = build_centered_binomial_dist(self.k)
r = build_artifact_dist(self.q, self.p)
cr = dist_product(c, r)
D = dist_iter_convolution(cr, 2 * self.m * self.n)
D = dist_convolution(D, self.e3_distribution())
self.cache_dist_2 = D
return self.cache_dist_2
def secret_l2_distribution(self):
if self.cache_dist_1 is None:
t = {0: 1 / 3, 1: 2 / 3}
Df = dist_iter_convolution(t, self.n - 1)
if self.improper:
Df = dist_scale(Df, 9)
Dg = {9 * self.wt: 1}
self.cache_dist_1 = (Df, Dg)
return self.cache_dist_1
def one_shot_distribution(self):
if self.cache_dist_2 is None:
c = {1: 0.5, -1: 0.5}
r1 = build_artifact_dist(self.q, self.p)
r2 = build_artifact_dist(self.q, self.t)
D = dist_convolution(c, r1)
D = dist_iter_convolution(D, 4 * self.h)
D = dist_convolution(D, r2)
self.cache_dist_2 = D
return self.cache_dist_2
def query_l2_distribution(self):
# c1 = <e1A + e2>_{q -> r1}
# e1 is cbd
# e2 is cbd + r1 rounding
if self.r0 == self.r1:
return self.secret_l2_distribution()[::-1]
if self.cache_dist_2 is None:
c = build_centered_binomial_dist(self.k)
r = build_artifact_dist(self.q, self.r1)
E1 = dist_square(c)
E1 = dist_iter_convolution(E1, self.m * self.n)
if self.k2:
c2 = build_centered_binomial_dist(self.k2)
else:
c2 = c
E2 = dist_convolution(c2, r)
E2 = dist_square(E2)
E2 = dist_iter_convolution(E2, self.m * self.n)
self.cache_dist_2 = (E1, E2)
return self.cache_dist_2
def one_shot_distribution(self):
if self.cache_dist_3 is None:
k1 = build_centered_binomial_dist(self.k)
k2 = build_centered_binomial_dist(self.k2 if self.k2 else self.k)
r0 = build_artifact_dist(self.q, self.r0)
r1 = build_artifact_dist(self.q, self.r1)
r2 = build_artifact_dist(self.q, self.r2)
k1Pr0 = dist_convolution(k1, r0)
k2Pr1 = dist_convolution(k2, r1)
k2Pr2 = dist_convolution(k2, r2)
D1 = dist_product(k1, k1Pr0)
D2 = dist_product(k1, k2Pr1)
D = dist_convolution(D1, D2)
D = dist_iter_convolution(D, self.m * self.n)
D = dist_convolution(D, k2Pr2)
self.cache_dist_3 = D
return self.cache_dist_3
def e3_distribution(self):
c = build_centered_binomial_dist(self.k)
r = build_artifact_dist(self.q, self.rc2)
D = dist_convolution(c, r)
D = dist_iter_convolution(D, self.m, ignore_below=NEWHOPE_APPROX_ZERO)
return D
