def Babai_CVP(mat, target): M = IntegerLattice(mat, lll_reduce=True).reduced_basis G = M.gram_schmidt()[0] diff = target for i in reversed(range(G.nrows())): diff -= M[i] * ((diff * G[i]) / (G[i] * G[i])).round() return target - diff
def NTRU(h, K, q):
basis = K.integral_basis()
H = h.matrix()
return IntegerLattice(block_matrix([[Integer(1), H],
[Integer(0), Integer(q)]]),
lll_reduce=True)
def taut_cone_homological_dim(tri, angle):
# find the dimension of the projection of the taut cone into
# homology
# boundaries of tets
bdys = zeroth_coboundary(tri)
bdys = matrix_transpose(bdys)
rays = taut_rays(tri, angle)
# but these are all 'upwards', so we need to fix the
# co-orientations
coorient = is_transverse_taut(tri, angle, return_type = "face_coorientations")
rays = [[int(a * b) for a, b in zip(coorient, ray)] for ray in rays]
# now work in the space of two-chains
Rays = IntegerLattice(rays + bdys)
Bdys = Matrix(bdys)
Cobs = Bdys.transpose()
Anns = Cobs.kernel()
return Rays.intersection(Anns).dimension()
def NTRU_subfield(hprime, q, nprime, r):
z = hprime.parent().gen()
mat = []
for i in range(nprime):
coordinate = (hprime * z**(r * i)).vector().list()
mat.append([coordinate[r * j] for j in range(nprime)])
Hprime = matrix(mat)
return IntegerLattice(block_matrix([[Integer(1), Hprime],
[Integer(0), Integer(q)]]),
lll_reduce=True)
def gen_lattice(type='modular', n=4, m=8, q=11, seed=None,
quotient=None, dual=False, ntl=False, lattice=False):
r"""
This function generates different types of integral lattice bases
of row vectors relevant in cryptography.
Randomness can be set either with ``seed``, or by using
:func:`sage.misc.randstate.set_random_seed`.
INPUT:
- ``type`` -- one of the following strings
- ``'modular'`` (default) -- A class of lattices for which
asymptotic worst-case to average-case connections hold. For
more refer to [Aj1996]_.
- ``'random'`` -- Special case of modular (n=1). A dense class
of lattice used for testing basis reduction algorithms
proposed by Goldstein and Mayer [GM2002]_.
- ``'ideal'`` -- Special case of modular. Allows for a more
compact representation proposed by [LM2006]_.
- ``'cyclotomic'`` -- Special case of ideal. Allows for
efficient processing proposed by [LM2006]_.
- ``n`` -- Determinant size, primal:`det(L) = q^n`, dual:`det(L) = q^{m-n}`.
For ideal lattices this is also the degree of the quotient polynomial.
- ``m`` -- Lattice dimension, `L \subseteq Z^m`.
- ``q`` -- Coefficient size, `q-Z^m \subseteq L`.
- ``seed`` -- Randomness seed.
- ``quotient`` -- For the type ideal, this determines the quotient
polynomial. Ignored for all other types.
- ``dual`` -- Set this flag if you want a basis for `q-dual(L)`, for example
for Regev's LWE bases [Reg2005]_.
- ``ntl`` -- Set this flag if you want the lattice basis in NTL readable
format.
- ``lattice`` -- Set this flag if you want a
:class:`FreeModule_submodule_with_basis_integer` object instead
of an integer matrix representing the basis.
OUTPUT: ``B`` a unique size-reduced triangular (primal: lower_left,
dual: lower_right) basis of row vectors for the lattice in question.
EXAMPLES:
Modular basis::
sage: sage.crypto.gen_lattice(m=10, seed=42)
[11 0 0 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0 0 0]
[ 2 4 3 5 1 0 0 0 0 0]
[ 1 -5 -4 2 0 1 0 0 0 0]
[-4 3 -1 1 0 0 1 0 0 0]
[-2 -3 -4 -1 0 0 0 1 0 0]
[-5 -5 3 3 0 0 0 0 1 0]
[-4 -3 2 -5 0 0 0 0 0 1]
Random basis::
sage: sage.crypto.gen_lattice(type='random', n=1, m=10, q=11^4, seed=42)
[14641 0 0 0 0 0 0 0 0 0]
[ 431 1 0 0 0 0 0 0 0 0]
[-4792 0 1 0 0 0 0 0 0 0]
[ 1015 0 0 1 0 0 0 0 0 0]
[-3086 0 0 0 1 0 0 0 0 0]
[-5378 0 0 0 0 1 0 0 0 0]
[ 4769 0 0 0 0 0 1 0 0 0]
[-1159 0 0 0 0 0 0 1 0 0]
[ 3082 0 0 0 0 0 0 0 1 0]
[-4580 0 0 0 0 0 0 0 0 1]
Ideal bases with quotient x^n-1, m=2*n are NTRU bases::
sage: sage.crypto.gen_lattice(type='ideal', seed=42, quotient=x^4-1)
[11 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0]
[-2 -3 -3 4 1 0 0 0]
[ 4 -2 -3 -3 0 1 0 0]
[-3 4 -2 -3 0 0 1 0]
[-3 -3 4 -2 0 0 0 1]
Ideal bases also work with polynomials::
sage: R.<t> = PolynomialRing(ZZ)
sage: sage.crypto.gen_lattice(type='ideal', seed=1234, quotient=t^4-1)
[11 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0]
[ 1 4 -3 3 1 0 0 0]
[ 3 1 4 -3 0 1 0 0]
[-3 3 1 4 0 0 1 0]
[ 4 -3 3 1 0 0 0 1]
Cyclotomic bases with n=2^k are SWIFFT bases::
sage: sage.crypto.gen_lattice(type='cyclotomic', seed=42)
[11 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0]
[-2 -3 -3 4 1 0 0 0]
[-4 -2 -3 -3 0 1 0 0]
[ 3 -4 -2 -3 0 0 1 0]
[ 3 3 -4 -2 0 0 0 1]
Dual modular bases are related to Regev's famous public-key
encryption [Reg2005]_::
sage: sage.crypto.gen_lattice(type='modular', m=10, seed=42, dual=True)
[ 0 0 0 0 0 0 0 0 0 11]
[ 0 0 0 0 0 0 0 0 11 0]
[ 0 0 0 0 0 0 0 11 0 0]
[ 0 0 0 0 0 0 11 0 0 0]
[ 0 0 0 0 0 11 0 0 0 0]
[ 0 0 0 0 11 0 0 0 0 0]
[ 0 0 0 1 -5 -2 -1 1 -3 5]
[ 0 0 1 0 -3 4 1 4 -3 -2]
[ 0 1 0 0 -4 5 -3 3 5 3]
[ 1 0 0 0 -2 -1 4 2 5 4]
Relation of primal and dual bases::
sage: B_primal=sage.crypto.gen_lattice(m=10, q=11, seed=42)
sage: B_dual=sage.crypto.gen_lattice(m=10, q=11, seed=42, dual=True)
sage: B_dual_alt=transpose(11*B_primal.inverse()).change_ring(ZZ)
sage: B_dual_alt.hermite_form() == B_dual.hermite_form()
True
TESTS:
Test some bad quotient polynomials::
sage: sage.crypto.gen_lattice(type='ideal', seed=1234, quotient=cos(x))
Traceback (most recent call last):
...
TypeError: unable to convert cos(x) to an integer
sage: sage.crypto.gen_lattice(type='ideal', seed=1234, quotient=x^23-1)
Traceback (most recent call last):
...
ValueError: ideal basis requires n = quotient.degree()
sage: R.<u,v> = ZZ[]
sage: sage.crypto.gen_lattice(type='ideal', seed=1234, quotient=u+v)
Traceback (most recent call last):
...
TypeError: quotient should be a univariate polynomial
We are testing output format choices::
sage: sage.crypto.gen_lattice(m=10, q=11, seed=42)
[11 0 0 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0 0 0]
[ 2 4 3 5 1 0 0 0 0 0]
[ 1 -5 -4 2 0 1 0 0 0 0]
[-4 3 -1 1 0 0 1 0 0 0]
[-2 -3 -4 -1 0 0 0 1 0 0]
[-5 -5 3 3 0 0 0 0 1 0]
[-4 -3 2 -5 0 0 0 0 0 1]
sage: sage.crypto.gen_lattice(m=10, q=11, seed=42, ntl=True)
[
[11 0 0 0 0 0 0 0 0 0]
[0 11 0 0 0 0 0 0 0 0]
[0 0 11 0 0 0 0 0 0 0]
[0 0 0 11 0 0 0 0 0 0]
[2 4 3 5 1 0 0 0 0 0]
[1 -5 -4 2 0 1 0 0 0 0]
[-4 3 -1 1 0 0 1 0 0 0]
[-2 -3 -4 -1 0 0 0 1 0 0]
[-5 -5 3 3 0 0 0 0 1 0]
[-4 -3 2 -5 0 0 0 0 0 1]
]
sage: sage.crypto.gen_lattice(m=10, q=11, seed=42, lattice=True)
Free module of degree 10 and rank 10 over Integer Ring
User basis matrix:
[ 0 0 1 1 0 -1 -1 -1 1 0]
[-1 1 0 1 0 1 1 0 1 1]
[-1 0 0 0 -1 1 1 -2 0 0]
[-1 -1 0 1 1 0 0 1 1 -1]
[ 1 0 -1 0 0 0 -2 -2 0 0]
[ 2 -1 0 0 1 0 1 0 0 -1]
[-1 1 -1 0 1 -1 1 0 -1 -2]
[ 0 0 -1 3 0 0 0 -1 -1 -1]
[ 0 -1 0 -1 2 0 -1 0 0 2]
[ 0 1 1 0 1 1 -2 1 -1 -2]
"""
from sage.rings.finite_rings.integer_mod_ring import IntegerModRing
from sage.matrix.constructor import identity_matrix, block_matrix
from sage.matrix.matrix_space import MatrixSpace
from sage.rings.integer_ring import IntegerRing
if seed is not None:
from sage.misc.randstate import set_random_seed
set_random_seed(seed)
if type == 'random':
if n != 1: raise ValueError('random bases require n = 1')
ZZ = IntegerRing()
ZZ_q = IntegerModRing(q)
A = identity_matrix(ZZ_q, n)
if type == 'random' or type == 'modular':
R = MatrixSpace(ZZ_q, m-n, n)
A = A.stack(R.random_element())
elif type == 'ideal':
if quotient is None:
raise ValueError('ideal bases require a quotient polynomial')
try:
quotient = quotient.change_ring(ZZ_q)
except (AttributeError, TypeError):
quotient = quotient.polynomial(base_ring=ZZ_q)
P = quotient.parent()
# P should be a univariate polynomial ring over ZZ_q
if not is_PolynomialRing(P):
raise TypeError("quotient should be a univariate polynomial")
assert P.base_ring() is ZZ_q
if quotient.degree() != n:
raise ValueError('ideal basis requires n = quotient.degree()')
R = P.quotient(quotient)
for i in range(m//n):
A = A.stack(R.random_element().matrix())
elif type == 'cyclotomic':
from sage.arith.all import euler_phi
from sage.misc.functional import cyclotomic_polynomial
# we assume that n+1 <= min( euler_phi^{-1}(n) ) <= 2*n
found = False
for k in range(2*n,n,-1):
if euler_phi(k) == n:
found = True
break
if not found:
raise ValueError("cyclotomic bases require that n "
"is an image of Euler's totient function")
R = ZZ_q['x'].quotient(cyclotomic_polynomial(k, 'x'), 'x')
for i in range(m//n):
A = A.stack(R.random_element().matrix())
# switch from representatives 0,...,(q-1) to (1-q)/2,....,(q-1)/2
def minrep(a):
if abs(a-q) < abs(a): return a-q
else: return a
A_prime = A[n:m].lift().apply_map(minrep)
if not dual:
B = block_matrix([[ZZ(q), ZZ.zero()], [A_prime, ZZ.one()] ],
subdivide=False)
else:
B = block_matrix([[ZZ.one(), -A_prime.transpose()],
[ZZ.zero(), ZZ(q)]], subdivide=False)
for i in range(m//2):
B.swap_rows(i,m-i-1)
if ntl and lattice:
raise ValueError("Cannot specify ntl=True and lattice=True "
"at the same time")
if ntl:
return B._ntl_()
elif lattice:
from sage.modules.free_module_integer import IntegerLattice
return IntegerLattice(B)
else:
return B
def attack(m, q, r=4, sigma=3.0, subfield_only=False):
K = CyclotomicField(m, 'z')
z = K.gen()
OK = K.ring_of_integers()
G = K.galois_group()
n = euler_phi(m)
mprime = m / r
nprime = euler_phi(mprime)
Gprime = [tau for tau in G if tau(z**r) == z**r]
R = PolynomialRing(IntegerRing(), 'a')
a = R.gen()
phim = a**n + 1
D = DiscreteGaussianDistributionIntegerSampler(sigma)
print "sampling f,g"
while True:
f = sum([D() * z**i for i in range(n)])
fx = sum([f[i] * a**i for i in range(n)])
res = inverse(fx, phim, q)
if res[0]:
f_inv = sum([res[1][i] * z**i for i in range(n)])
print "f_inv * f = %s (mod %d)" % ((f * f_inv).mod(q), q)
break
g = sum([D() * z**i for i in range(n)])
print "done sampling f, g"
#h = [g*f^{-1)]_q
h = (g * f_inv).mod(q)
lognorm_f = log(f.vector().norm(), 2)
lognorm_g = log(g.vector().norm(), 2)
print "f*h - g = %s" % (f * h - g).mod(q)
print "log q = ", log(q, 2).n(precision)
print "log |f| = %s, log |g| = %s" % (lognorm_f.n(precision),
lognorm_g.n(precision))
print "log |(f,g)| = ", log(
sqrt(f.vector().norm()**2 + g.vector().norm()**2), 2).n(precision)
print "begin computing N(f), N(g), N(h), Tr(h), fbar"
fprime = norm(f, Gprime)
gprime = norm(g, Gprime)
hprime = norm(h, Gprime).mod(q)
htr = trace(h, Gprime)
fbar = prod([tau(f) for tau in Gprime[1:]])
print "end computing N(f), N(g), N(h), Tr(h), fbar"
lognorm_fp = log(fprime.vector().norm(), 2)
lognorm_gp = log(gprime.vector().norm(), 2)
print "%d * log |f| - log |f'| = %s" % (r, r * lognorm_f.n(precision) -
lognorm_fp.n(precision))
print "log |(f', g')| = ", log(
sqrt(fprime.vector().norm()**2 + gprime.vector().norm()**2),
2).n(precision)
print "log |N(f), Tr(g fbar)| = ", log(
sqrt(fprime.vector().norm()**2 +
trace(g * fbar, Gprime).vector().norm()**2), 2).n(precision)
#(fprime, gprime) lies in the lattice \Lambda_hprime^q
print "f'*h' - g' = %s " % (hprime * fprime - gprime).mod(q)
print "N(f) Tr(h) - Tr(g fbar) = %s" % (htr * fprime -
trace(g * fbar, Gprime)).mod(q)
if not subfield_only:
ntru_full = NTRU(h, K, q)
full_sv = ntru_full.shortest_vector()
print "log |v| = %s" % log(full_sv.norm(), 2).n(precision)
ntru_subfield = NTRU_subfield(hprime, q, nprime, r)
ntru_trace_subfield = NTRU_subfield(htr, q, nprime, r)
print "begin computing Shortest Vector of subfield lattice"
norm_sv = ntru_subfield.shortest_vector()
tr_sv = ntru_trace_subfield.shortest_vector()
print "end computing Shortest Vector of subfield lattice"
norm_xp = sum(
[coerce(Integer, norm_sv[i]) * z**(r * i) for i in range(nprime)])
tr_xp = sum(
[coerce(Integer, tr_sv[i]) * z**(r * i) for i in range(nprime)])
print "Norm map: log |(x',y')| = ", log(norm_sv.norm(), 2).n(precision)
print "Trace map: log |(x', y')| = ", log(tr_sv.norm(), 2).n(precision)
#test if xprime belongs to <fprime>
mat = []
for i in range(nprime):
coordinate = (fprime * z**(r * i)).vector().list()
mat.append([coordinate[r * j] for j in range(nprime)])
FL = IntegerLattice(mat)
print norm_sv[:nprime] in FL
print tr_sv[:nprime] in FL
norm_x = norm_xp
norm_y = mod_q(norm_x * h, q)
tr_x = tr_xp
tr_y = mod_q(tr_x * h, q)
print "Norm map: log |(x,y)| = ", log(
sqrt(norm_x.vector().norm()**2 + norm_y.vector().norm()**2),
2).n(precision)
print "Trace map: log |(x,y)| = ", log(
sqrt(tr_x.vector().norm()**2 + tr_y.vector().norm()**2),
2).n(precision)
# B.swap_rows(i,m-i-1)
# print("{0}\n".format(A_neg))
# B=block_matrix([[ZZ(q), ZZ.zero(),ZZ.zero()],[ZZ.one(),A_neg,ZZ.zero() ],[ZZ.zero(),b_neg,ZZ.one()]],
# subdivide=False)
#print("B=\n{0}".format(B))
print("B*A=\n{0}\n\n".format(B*A))
#print("A=\n{0}\n".format(A))
def remap(x):
return minrep((x*251)%251)
BL=B.BKZ(block_size=n/2.)
y=(BL.solve_left(Z_fixed))#.apply_map(remap))
# print("y*B={0}".format(y*B))
print("y:=B.solve_left(Z_fixed)={0}".format(y))
# BL=B.BKZ(block_size=n/2.)
print(BL[0])
print("shortest norm={0}".format(float(BL[0].norm())))
# L = IntegerLattice(B)
# p
# v=L.shortest_vector()
# print("L.shortest_vector={0}, norm={1}".format(v,float(v.norm())))
if ntl and lattice:
raise ValueError("Cannot specify ntl=True and lattice=True ")
if ntl:
return B._ntl_()
elif lattice:
from sage.modules.free_module_integer import IntegerLattice
return IntegerLattice(B)
else:
return B
def gen_lattice(type='modular',
n=4,
m=8,
q=11,
seed=None,
quotient=None,
dual=False,
ntl=False,
lattice=False):
"""
This function generates different types of integral lattice bases
of row vectors relevant in cryptography.
Randomness can be set either with ``seed``, or by using
:func:`sage.misc.randstate.set_random_seed`.
INPUT:
* ``type`` - one of the following strings
* ``'modular'`` (default). A class of lattices for which
asymptotic worst-case to average-case connections hold. For
more refer to [A96]_.
* ``'random'`` - Special case of modular (n=1). A dense class
of lattice used for testing basis reduction algorithms
proposed by Goldstein and Mayer [GM02]_.
* ``'ideal'`` - Special case of modular. Allows for a more
compact representation proposed by [LM06]_.
* ``'cyclotomic'`` - Special case of ideal. Allows for
efficient processing proposed by [LM06]_.
* ``n`` - Determinant size, primal:`det(L) = q^n`, dual:`det(L) = q^{m-n}`.
For ideal lattices this is also the degree of the quotient polynomial.
* ``m`` - Lattice dimension, `L \subseteq Z^m`.
* ``q`` - Coefficent size, `q*Z^m \subseteq L`.
* ``seed`` - Randomness seed.
* ``quotient`` - For the type ideal, this determines the quotient
polynomial. Ignored for all other types.
* ``dual`` - Set this flag if you want a basis for `q*dual(L)`, for example
for Regev's LWE bases [R05]_.
* ``ntl`` - Set this flag if you want the lattice basis in NTL readable
format.
* ``lattice`` - Set this flag if you want a
:class:`FreeModule_submodule_with_basis_integer` object instead
of an integer matrix representing the basis.
OUTPUT: ``B`` a unique size-reduced triangular (primal: lower_left,
dual: lower_right) basis of row vectors for the lattice in question.
EXAMPLES:
* Modular basis ::
sage: sage.crypto.gen_lattice(m=10, seed=42)
[11 0 0 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0 0 0]
[ 2 4 3 5 1 0 0 0 0 0]
[ 1 -5 -4 2 0 1 0 0 0 0]
[-4 3 -1 1 0 0 1 0 0 0]
[-2 -3 -4 -1 0 0 0 1 0 0]
[-5 -5 3 3 0 0 0 0 1 0]
[-4 -3 2 -5 0 0 0 0 0 1]
* Random basis ::
sage: sage.crypto.gen_lattice(type='random', n=1, m=10, q=11^4, seed=42)
[14641 0 0 0 0 0 0 0 0 0]
[ 431 1 0 0 0 0 0 0 0 0]
[-4792 0 1 0 0 0 0 0 0 0]
[ 1015 0 0 1 0 0 0 0 0 0]
[-3086 0 0 0 1 0 0 0 0 0]
[-5378 0 0 0 0 1 0 0 0 0]
[ 4769 0 0 0 0 0 1 0 0 0]
[-1159 0 0 0 0 0 0 1 0 0]
[ 3082 0 0 0 0 0 0 0 1 0]
[-4580 0 0 0 0 0 0 0 0 1]
* Ideal bases with quotient x^n-1, m=2*n are NTRU bases ::
sage: sage.crypto.gen_lattice(type='ideal', seed=42, quotient=x^4-1)
[11 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0]
[ 4 -2 -3 -3 1 0 0 0]
[-3 4 -2 -3 0 1 0 0]
[-3 -3 4 -2 0 0 1 0]
[-2 -3 -3 4 0 0 0 1]
* Cyclotomic bases with n=2^k are SWIFFT bases ::
sage: sage.crypto.gen_lattice(type='cyclotomic', seed=42)
[11 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0]
[ 4 -2 -3 -3 1 0 0 0]
[ 3 4 -2 -3 0 1 0 0]
[ 3 3 4 -2 0 0 1 0]
[ 2 3 3 4 0 0 0 1]
* Dual modular bases are related to Regev's famous public-key
encryption [R05]_ ::
sage: sage.crypto.gen_lattice(type='modular', m=10, seed=42, dual=True)
[ 0 0 0 0 0 0 0 0 0 11]
[ 0 0 0 0 0 0 0 0 11 0]
[ 0 0 0 0 0 0 0 11 0 0]
[ 0 0 0 0 0 0 11 0 0 0]
[ 0 0 0 0 0 11 0 0 0 0]
[ 0 0 0 0 11 0 0 0 0 0]
[ 0 0 0 1 -5 -2 -1 1 -3 5]
[ 0 0 1 0 -3 4 1 4 -3 -2]
[ 0 1 0 0 -4 5 -3 3 5 3]
[ 1 0 0 0 -2 -1 4 2 5 4]
* Relation of primal and dual bases ::
sage: B_primal=sage.crypto.gen_lattice(m=10, q=11, seed=42)
sage: B_dual=sage.crypto.gen_lattice(m=10, q=11, seed=42, dual=True)
sage: B_dual_alt=transpose(11*B_primal.inverse()).change_ring(ZZ)
sage: B_dual_alt.hermite_form() == B_dual.hermite_form()
True
TESTS:
We are testing output format choices::
sage: sage.crypto.gen_lattice(m=10, q=11, seed=42)
[11 0 0 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0 0 0]
[ 2 4 3 5 1 0 0 0 0 0]
[ 1 -5 -4 2 0 1 0 0 0 0]
[-4 3 -1 1 0 0 1 0 0 0]
[-2 -3 -4 -1 0 0 0 1 0 0]
[-5 -5 3 3 0 0 0 0 1 0]
[-4 -3 2 -5 0 0 0 0 0 1]
sage: sage.crypto.gen_lattice(m=10, q=11, seed=42, ntl=True)
[
[11 0 0 0 0 0 0 0 0 0]
[0 11 0 0 0 0 0 0 0 0]
[0 0 11 0 0 0 0 0 0 0]
[0 0 0 11 0 0 0 0 0 0]
[2 4 3 5 1 0 0 0 0 0]
[1 -5 -4 2 0 1 0 0 0 0]
[-4 3 -1 1 0 0 1 0 0 0]
[-2 -3 -4 -1 0 0 0 1 0 0]
[-5 -5 3 3 0 0 0 0 1 0]
[-4 -3 2 -5 0 0 0 0 0 1]
]
sage: sage.crypto.gen_lattice(m=10, q=11, seed=42, lattice=True)
Free module of degree 10 and rank 10 over Integer Ring
User basis matrix:
[ 0 0 1 1 0 -1 -1 -1 1 0]
[-1 1 0 1 0 1 1 0 1 1]
[-1 0 0 0 -1 1 1 -2 0 0]
[-1 -1 0 1 1 0 0 1 1 -1]
[ 1 0 -1 0 0 0 -2 -2 0 0]
[ 2 -1 0 0 1 0 1 0 0 -1]
[-1 1 -1 0 1 -1 1 0 -1 -2]
[ 0 0 -1 3 0 0 0 -1 -1 -1]
[ 0 -1 0 -1 2 0 -1 0 0 2]
[ 0 1 1 0 1 1 -2 1 -1 -2]
REFERENCES:
.. [A96] Miklos Ajtai.
Generating hard instances of lattice problems (extended abstract).
STOC, pp. 99--108, ACM, 1996.
.. [GM02] Daniel Goldstein and Andrew Mayer.
On the equidistribution of Hecke points.
Forum Mathematicum, 15:2, pp. 165--189, De Gruyter, 2003.
.. [LM06] Vadim Lyubashevsky and Daniele Micciancio.
Generalized compact knapsacks are collision resistant.
ICALP, pp. 144--155, Springer, 2006.
.. [R05] Oded Regev.
On lattices, learning with errors, random linear codes, and cryptography.
STOC, pp. 84--93, ACM, 2005.
"""
from sage.rings.finite_rings.integer_mod_ring \
import IntegerModRing
from sage.matrix.constructor import matrix, \
identity_matrix, block_matrix
from sage.matrix.matrix_space import MatrixSpace
from sage.rings.integer_ring import IntegerRing
if seed is not None:
from sage.misc.randstate import set_random_seed
set_random_seed(seed)
if type == 'random':
if n != 1: raise ValueError('random bases require n = 1')
ZZ = IntegerRing()
ZZ_q = IntegerModRing(q)
A = identity_matrix(ZZ_q, n)
if type == 'random' or type == 'modular':
R = MatrixSpace(ZZ_q, m - n, n)
A = A.stack(R.random_element())
elif type == 'ideal':
if quotient is None: raise \
ValueError('ideal bases require a quotient polynomial')
x = quotient.default_variable()
if n != quotient.degree(x): raise \
ValueError('ideal bases require n = quotient.degree()')
R = ZZ_q[x].quotient(quotient, x)
for i in range(m // n):
A = A.stack(R.random_element().matrix())
elif type == 'cyclotomic':
from sage.rings.arith import euler_phi
from sage.misc.functional import cyclotomic_polynomial
# we assume that n+1 <= min( euler_phi^{-1}(n) ) <= 2*n
found = False
for k in range(2 * n, n, -1):
if euler_phi(k) == n:
found = True
break
if not found: raise \
ValueError('cyclotomic bases require that n is an image of' + \
'Euler\'s totient function')
R = ZZ_q['x'].quotient(cyclotomic_polynomial(k, 'x'), 'x')
for i in range(m // n):
A = A.stack(R.random_element().matrix())
# switch from representatives 0,...,(q-1) to (1-q)/2,....,(q-1)/2
def minrep(a):
if abs(a - q) < abs(a): return a - q
else: return a
A_prime = A[n:m].lift().apply_map(minrep)
if not dual:
B = block_matrix([[ZZ(q), ZZ.zero()], [A_prime, ZZ.one()] ], \
subdivide=False)
else:
B = block_matrix([[ZZ.one(), -A_prime.transpose()], [ZZ.zero(), \
ZZ(q)]], subdivide=False)
for i in range(m // 2):
B.swap_rows(i, m - i - 1)
if ntl and lattice:
raise ValueError("Cannot specify ntl=True and lattice=True "
"at the same time")
if ntl:
return B._ntl_()
elif lattice:
from sage.modules.free_module_integer import IntegerLattice
return IntegerLattice(B)
else:
return B
def run_tests(num_to_check=10, smaller_num_to_check = 10):
import taut
veering_isosigs = parse_data_file("Data/veering_census.txt")
print("testing is_taut")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
assert taut.is_taut(tri, angle), sig
print("testing isosig round trip")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
recovered_sig = taut.isosig_from_tri_angle(tri, angle)
assert sig == recovered_sig, sig
# we only test this round trip - the other round trip does not
# make sense because tri->isosig is many to one.
import transverse_taut
print("testing is_transverse_taut")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
assert transverse_taut.is_transverse_taut(tri, angle), sig
non_transverse_taut_isosigs = parse_data_file("Data/veering_non_transverse_taut_examples.txt")
print("testing not is_transverse_taut")
for sig in non_transverse_taut_isosigs:
tri, angle = taut.isosig_to_tri_angle(sig)
assert not transverse_taut.is_transverse_taut(tri, angle), sig
import veering
print("testing is_veering")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
assert veering.is_veering(tri, angle), sig
# tri, angle = taut.isosig_to_tri_angle("cPcbbbdxm_10")
# explore_mobius_surgery_graph(tri, angle, max_tetrahedra = 12)
# # tests to see that it makes only veering triangulations as it goes
import veering_dehn_surgery
print("testing veering_dehn_surgery")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
for face_num in veering_dehn_surgery.get_mobius_strip_indices(tri):
(tri_s, angle_s, face_num_s) = veering_dehn_surgery.veering_mobius_dehn_surgery(tri, angle, face_num)
assert veering.is_veering(tri_s, angle_s), sig
import veering_fan_excision
print("testing veering_fan_excision")
m003, _ = taut.isosig_to_tri_angle('cPcbbbdxm_10')
m004, _ = taut.isosig_to_tri_angle('cPcbbbiht_12')
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
tet_types = veering.is_veering(tri, angle, return_type = "tet_types")
if tet_types.count("toggle") == 2:
excised_tri, _ = veering_fan_excision.excise_fans(tri, angle)
assert ( excised_tri.isIsomorphicTo(m003) != None or
excised_tri.isIsomorphicTo(m004) != None ), sig
import pachner
print("testing pachner with taut structure")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
face_num = random.randrange(tri.countTriangles())
result = pachner.twoThreeMove(tri, face_num, angle = angle, return_edge = True)
if result != False:
tri2, angle2, edge_num = result
tri3, angle3 = pachner.threeTwoMove(tri2, edge_num, angle = angle2)
assert taut.isosig_from_tri_angle(tri, angle) == taut.isosig_from_tri_angle(tri3, angle3), sig
import branched_surface
import regina
print("testing branched_surface and pachner with branched surface")
for sig in random.sample(veering_isosigs, num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
tri_original = regina.Triangulation3(tri) #copy
branch = branched_surface.upper_branched_surface(tri, angle, return_lower = random.choice([True, False]))
### test branch isosig round trip
sig_with_branch = branched_surface.isosig_from_tri_angle_branch(tri, angle, branch)
tri2, angle2, branch2 = branched_surface.isosig_to_tri_angle_branch(sig_with_branch)
assert (branch == branch2) and (angle == angle2), sig
branch_original = branch[:] #copy
face_num = random.randrange(tri.countTriangles())
out = pachner.twoThreeMove(tri, face_num, branch = branch, return_edge = True)
if out != False:
tri, possible_branches, edge_num = out
tri, branch = pachner.threeTwoMove(tri, edge_num, branch = possible_branches[0])
all_isoms = tri.findAllIsomorphisms(tri_original)
all_branches = [branched_surface.apply_isom_to_branched_surface(branch, isom) for isom in all_isoms]
assert branch_original in all_branches, sig
import flow_cycles
import drill
print("testing taut and branched drill + semiflows on drillings")
for sig in random.sample(veering_isosigs, smaller_num_to_check):
tri, angle = taut.isosig_to_tri_angle(sig)
branch = branched_surface.upper_branched_surface(tri, angle) ### also checks for veering and transverse taut
found_loops = flow_cycles.find_flow_cycles(tri, branch)
for loop in random.sample(found_loops, min(len(found_loops), 5)): ## drill along at most 5 loops
tri, angle = taut.isosig_to_tri_angle(sig)
branch = branched_surface.upper_branched_surface(tri, angle)
tri_loop = flow_cycles.flow_cycle_to_triangle_loop(tri, branch, loop)
if tri_loop != False:
if not flow_cycles.tri_loop_is_boundary_parallel(tri_loop, tri):
drill.drill(tri, tri_loop, angle = angle, branch = branch, sig = sig)
assert branched_surface.has_non_sing_semiflow(tri, branch), sig
print("all basic tests passed")
try:
import snappy
import snappy_util
snappy_working = True
except:
print("failed to import from snappy?")
snappy_working = False
if snappy_working:
print("testing algebraic intersection")
census = snappy.OrientableCuspedCensus() # not a set or list, so can't use random.sample
for i in range(10):
M = random.choice(census)
n = M.num_cusps()
peripheral_curves = M.gluing_equations()[-2*n:]
for i in range(2*n):
for j in range(i, 2*n):
alg_int = snappy_util.algebraic_intersection(peripheral_curves[i], peripheral_curves[j])
if i % 2 == 0 and j == i + 1:
assert alg_int == 1, M.name()
else:
assert alg_int == 0, M.name()
if snappy_working:
import veering_drill_midsurface_bdy
print("testing veering drilling and filling")
for sig in random.sample(veering_isosigs[:3000], num_to_check):
T, per = veering_drill_midsurface_bdy.drill_midsurface_bdy(sig)
M = snappy.Manifold(T.snapPea())
M.set_peripheral_curves("shortest")
L = snappy_util.get_slopes_from_peripherals(M, per)
M.dehn_fill(L)
N = snappy.Manifold(sig.split("_")[0])
assert M.is_isometric_to(N), sig
if snappy_working:
print("all tests depending on snappy passed")
# try:
# from hashlib import md5
# from os import remove
# import pyx
# from boundary_triangulation import draw_triangulation_boundary_from_veering_isosig
# pyx_working = True
# except:
# print("failed to import from pyx?")
# pyx_working = False
# ladders_style_sigs = {
# "cPcbbbiht_12": "f34c1fdf65db9d02994752814803ae01",
# "gLLAQbecdfffhhnkqnc_120012": "091c85b4f4877276bfd8a955b769b496",
# "kLALPPzkcbbegfhgijjhhrwaaxnxxn_1221100101": "a0f15a8454f715f492c74ce1073a13a4",
# }
# geometric_style_sigs = {
# "cPcbbbiht_12": "1e74d0b68160c4922e85a5adb20a0f1d",
# "gLLAQbecdfffhhnkqnc_120012": "856a1fce74eb64f519bcda083303bd8f",
# "kLALPPzkcbbegfhgijjhhrwaaxnxxn_1221100101": "33bd23b34c5d977a103fa50ffe63120a",
# }
# args = {
# "draw_boundary_triangulation":True,
# "draw_triangles_near_poles": False,
# "ct_depth":-1,
# "ct_epsilon":0.03,
# "global_drawing_scale": 4,
# "delta": 0.2,
# "ladder_width": 10.0,
# "ladder_height": 20.0,
# "draw_labels": True,
# }
# shapes_data = read_from_pickle("Data/veering_shapes_up_to_ten_tetrahedra.pkl")
# if pyx_working:
# for sig in ladders_style_sigs:
# print("testing boundary triangulation pictures, ladder style", sig)
# args["tet_shapes"] = shapes_data[sig]
# args["style"] = "ladders"
# file_name = draw_triangulation_boundary_from_veering_isosig(sig, args = args)
# f = open(file_name, "rb")
# file_hash = md5(f.read())
# assert file_hash.hexdigest() == ladders_style_sigs[sig]
# f.close()
# remove(file_name)
# if pyx_working:
# for sig in geometric_style_sigs:
# print("testing boundary triangulation pictures, ladder style", sig)
# args["tet_shapes"] = shapes_data[sig]
# args["style"] = "geometric"
# file_name = draw_triangulation_boundary_from_veering_isosig(sig, args = args)
# f = open(file_name, "rb")
# file_hash = md5(f.read())
# assert file_hash.hexdigest() == geometric_style_sigs[sig]
# f.close()
# remove(file_name)
# if pyx_working:
# print("all tests depending on pyx passed")
veering_polys = {
"cPcbbbiht_12": [-4, -1, 1, 4],
"eLMkbcddddedde_2100": [-2, -2, -2, -1, -1, -1, -1, 1, 1, 1, 1, 1, 1, 2, 2],
"gLLAQbecdfffhhnkqnc_120012": [-1, -1, -1, -1, 1, 1, 1, 1],
"gLLPQcdfefefuoaaauo_022110": [-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 1, 1, 1, 1],
}
# veering_polys = { ### old
# "cPcbbbiht_12": "a^3 - 4*a^2 + 4*a - 1",
# "eLMkbcddddedde_2100": "a^6*b - a^6 - 2*a^5*b - a^4*b^2 + a^5 + 2*a^4*b + a^3*b^2 - 2*a^3*b + a^3 + 2*a^2*b + a*b^2 - a^2 - 2*a*b - b^2 + b",
# "gLLAQbecdfffhhnkqnc_120012": "a^7 + a^6 + a^5 + a^4 - a^3 - a^2 - a - 1",
# "gLLPQcdfefefuoaaauo_022110": "a^12*b^3 - a^11*b^2 - a^10*b^3 - a^10*b^2 - a^7*b^3 - a^7*b^2 - a^6*b^3 + a^7*b + a^5*b^2 - a^6 - a^5*b - a^5 - a^2*b - a^2 - a*b + 1",
# }
taut_polys = {
"cPcbbbiht_12": [-3, 1, 1],
"eLMkbcddddedde_2100": [-1, -1, -1, 1, 1],
"iLLAwQcccedfghhhlnhcqeesr_12001122": [],
}
# taut_polys = { ### old
# "cPcbbbiht_12": "a^2 - 3*a + 1",
# "eLMkbcddddedde_2100": "a^2*b - a^2 - a*b - b^2 + b",
# "iLLAwQcccedfghhhlnhcqeesr_12001122": "0",
# }
torus_bundles = [
"cPcbbbiht_12",
"eLMkbcdddhhqqa_1220",
"gLMzQbcdefffhhqqqdl_122002",
]
measured = [
"gLLAQbecdfffhhnkqnc_120012",
"iLLALQcccedhgghhlnxkxrkaa_12001112",
"iLLAwQcccedfghhhlnhcqeesr_12001122",
]
empties = [
"fLAMcaccdeejsnaxk_20010",
"gLALQbcbeeffhhwsras_211220",
"hLALAkbcbeefgghhwsraqj_2112202",
]
try:
from sage.rings.integer_ring import ZZ
sage_working = True
except:
print("failed to import from sage?")
sage_working = False
if sage_working:
import taut_polytope
print("testing is_layered")
for sig in veering_isosigs[:17]:
assert taut_polytope.is_layered(sig), sig
for sig in veering_isosigs[17:21]:
assert not taut_polytope.is_layered(sig), sig
if sage_working:
import fibered
print("testing is_fibered")
mflds = parse_data_file("Data/mflds_which_fiber.txt")
mflds = [line.split("\t")[0:2] for line in mflds]
for (name, kind) in random.sample(mflds, num_to_check):
assert fibered.is_fibered(name) == (kind == "fibered"), name
if sage_working:
import veering_polynomial
import taut_polynomial
print("testing veering poly")
for sig in veering_polys:
p = veering_polynomial.veering_polynomial(sig)
assert check_polynomial_coefficients(p, veering_polys[sig]), sig
### Nov 2021: sage 9.4 changed how smith normal form works, which changed our polynomials
### to equivalent but not equal polynomials. To avoid this kind of change breaking things
### in the future, we changed to comparing the list of coefficients.
# assert p.__repr__() == veering_polys[sig]
print("testing taut poly")
for sig in taut_polys:
p = taut_polynomial.taut_polynomial_via_tree(sig)
assert check_polynomial_coefficients(p, taut_polys[sig]), sig
# assert p.__repr__() == taut_polys[sig]
print("testing divide")
for sig in random.sample(veering_isosigs[:3000], num_to_check):
p = veering_polynomial.veering_polynomial(sig)
q = taut_polynomial.taut_polynomial_via_tree(sig)
if q == 0:
assert p == 0, sig
else:
assert q.divides(p), sig
if sage_working:
print("testing alex")
for sig in random.sample(veering_isosigs[:3000], num_to_check):
snap_sig = sig.split("_")[0]
M = snappy.Manifold(snap_sig)
if M.homology().betti_number() == 1:
assert taut_polynomial.taut_polynomial_via_tree(sig, mode = "alexander") == M.alexander_polynomial(), sig
if sage_working:
# would be nice to automate this - need to fetch the angle
# structure say via z_charge.py...
print("testing is_torus_bundle")
for sig in torus_bundles:
assert taut_polytope.is_torus_bundle(sig), sig
if sage_working:
# ditto
print("testing is_layered")
for sig in torus_bundles:
assert taut_polytope.is_layered(sig), sig
print("testing measured")
for sig in measured:
assert taut_polytope.LMN_tri_angle(sig) == "M", sig
print("testing empty")
for sig in empties:
assert taut_polytope.LMN_tri_angle(sig) == "N", sig
if sage_working: # warning - this takes random amounts of time!
print("testing hom dim")
for sig in random.sample(veering_isosigs[:3000], 3): # magic number
# dimension = zero if and only if nothing is carried.
assert (taut_polytope.taut_cone_homological_dim(sig) == 0) == (taut_polytope.LMN_tri_angle(sig) == "N"), sig
if sage_working:
boundary_cycles = {
("eLMkbcddddedde_2100",(2,5,5,1,3,4,7,1)): "((-7, -7, 0, 0, 4, -3, 7, 0), (7, 7, 0, 0, -4, 3, -7, 0))",
("iLLLQPcbeegefhhhhhhahahha_01110221",(0,1,0,0,0,1,0,0,0,0,0,0,1,0,1,0)): "((0, 0, -1, 1, 1, 0, 1, 1, -1, 0, 0, 0, 0, 1, 0, 1), (0, 0, 1, -1, -1, 0, -1, -1, 1, 0, 0, 0, 0, -1, 0, -1))",
("ivvPQQcfhghgfghfaaaaaaaaa_01122000",(1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1)): "((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0), (-2, 0, -3, 1, 2, -1, 0, 2, -1, 0, 3, 1, -2, 1, 0, -1), (0, -2, 1, -3, 0, -1, 2, 0, -1, 2, -1, 1, 0, 1, -2, 3))",
}
taut_polys_with_cycles = {
("eLMkbcddddedde_2100", ((7, 7, 0, 0, -4, 3, -7, 0),)): [-1, -1, -1, 1, 1],
("iLLLQPcbeegefhhhhhhahahha_01110221", ((0, 0, 1, -1, -1, 0, -1, -1, 1, 0, 0, 0, 0, -1, 0, -1),)): [1, 1, 2],
("ivvPQQcfhghgfghfaaaaaaaaa_01122000", ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0))): [-4, -1, -1, 1, 1],
}
# taut_polys_with_cycles = {
# ("eLMkbcddddedde_2100", ((7, 7, 0, 0, -4, 3, -7, 0),)): "a^14 - a^8 - a^7 - a^6 + 1",
# ("iLLLQPcbeegefhhhhhhahahha_01110221", ((0, 0, 1, -1, -1, 0, -1, -1, 1, 0, 0, 0, 0, -1, 0, -1),)): "a^2 + 2*a + 1",
# ("ivvPQQcfhghgfghfaaaaaaaaa_01122000", ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0))): "a*b^2 - a^2 - 4*a*b - b^2 + a",
# }
taut_polys_image = {
('eLMkbcddddedde_2100', ((7, 8, -1, 0, -4, 4, -8, 0),)):[-1, -1, -1, 1, 1],
('ivvPQQcfhghgfghfaaaaaaaaa_01122000', ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2),)):[-2, -2, -1, -1, 1, 1],
('ivvPQQcfhghgfghfaaaaaaaaa_01122000', ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0))):[-4, -1, -1, 1, 1]
}
# taut_polys_image = {
# ('eLMkbcddddedde_2100', ((7, 8, -1, 0, -4, 4, -8, 0),)):"a^16 - a^9 - a^8 - a^7 + 1",
# ('ivvPQQcfhghgfghfaaaaaaaaa_01122000', ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2),)):"a*b^2*c - 2*a*b*c - b^2*c - a^2 - 2*a*b + a",
# ('ivvPQQcfhghgfghfaaaaaaaaa_01122000', ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0))):"a*b^2 - a^2 - 4*a*b - b^2 + a"
# }
alex_polys_with_cycles = {
("eLMkbcddddedde_2100",((7, 7, 0, 0, -4, 3, -7, 0),)): [-2, -1, -1, -1, 1, 1, 1, 2],
("iLLLQPcbeegefhhhhhhahahha_01110221", ((0, 0, 1, -1, -1, 0, -1, -1, 1, 0, 0, 0, 0, -1, 0, -1),)): [-3, -1, 1, 3],
("ivvPQQcfhghgfghfaaaaaaaaa_01122000", ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0))): [-1, -1, 1, 1],
}
# alex_polys_with_cycles = {
# ("eLMkbcddddedde_2100",((7, 7, 0, 0, -4, 3, -7, 0),)): "a^15 - a^14 + a^9 - 2*a^8 + 2*a^7 - a^6 + a - 1",
# ("iLLLQPcbeegefhhhhhhahahha_01110221", ((0, 0, 1, -1, -1, 0, -1, -1, 1, 0, 0, 0, 0, -1, 0, -1),)): "3*a^3 - a^2 + a - 3",
# ("ivvPQQcfhghgfghfaaaaaaaaa_01122000", ((1, 1, 2, 0, -1, 2, 1, -3, 0, -1, 0, -2, -1, 0, 3, -2), (1, 1, 0, 2, -1, 0, -3, 1, 2, -1, -2, 0, 3, -2, -1, 0))): "a*b^2 - a^2 - b^2 + a",
# }
if sage_working:
import taut_carried
print("testing boundary cycles")
for sig, surface in boundary_cycles:
surface_list = list(surface)
cycles = taut_carried.boundary_cycles_from_surface(sig, surface_list)
cycles = tuple(tuple(cycle) for cycle in cycles)
assert cycles.__repr__() == boundary_cycles[(sig, surface)], sig
if sage_working:
print("testing taut with cycles")
for sig, cycles in taut_polys_with_cycles:
cycles_in = [list(cycle) for cycle in cycles]
p = taut_polynomial.taut_polynomial_via_tree(sig, cycles_in)
assert check_polynomial_coefficients(p, taut_polys_with_cycles[(sig, cycles)]), sig
# assert p.__repr__() == taut_polys_with_cycles[(sig, cycles)]
if sage_working:
print("testing taut with images")
for sig, cycles in taut_polys_image:
cycles_in = [list(cycle) for cycle in cycles]
p = taut_polynomial.taut_polynomial_image(sig, cycles_in)
assert check_polynomial_coefficients(p, taut_polys_image[(sig, cycles)]), sig
# assert p.__repr__() == taut_polys_image[(sig, cycles)]
if sage_working:
print("testing alex with cycles")
for sig, cycles in alex_polys_with_cycles:
cycles_in = [list(cycle) for cycle in cycles]
p = taut_polynomial.taut_polynomial_via_tree(sig, cycles_in, mode = "alexander")
assert check_polynomial_coefficients(p, alex_polys_with_cycles[(sig, cycles)]), sig
# assert p.__repr__() == alex_polys_with_cycles[(sig, cycles)]
if sage_working:
import edge_orientability
import taut_euler_class
print("testing euler and edge orientability")
for sig in random.sample(veering_isosigs[:3000], 3):
# Theorem: If (tri, angle) is edge orientable then e = 0.
assert not ( edge_orientability.is_edge_orientable(sig) and
(taut_euler_class.order_of_euler_class_wrapper(sig) == 2) ), sig
if sage_working:
# Theorem: If (tri, angle) is edge orientable then taut poly = alex poly.
# taut_polynomial.taut_polynomial_via_tree(sig, mode = "alexander") ==
# taut_polynomial.taut_polynomial_via_tree(sig, mode = "taut")
pass
if sage_working:
print("testing exotics")
for sig in random.sample(veering_isosigs[:3000], 3):
tri, angle = taut.isosig_to_tri_angle(sig)
T = veering.veering_triangulation(tri, angle)
is_eo = T.is_edge_orientable()
for angle in T.exotic_angles():
assert taut_polytope.taut_cone_homological_dim(tri, angle) == 0, sig
assert is_eo == transverse_taut.is_transverse_taut(tri, angle), sig
### test for drill_midsurface_bdy: drill then fill, check you get the same manifold
if sage_working:
from sage.combinat.words.word_generators import words
from sage.modules.free_module_integer import IntegerLattice
from sage.modules.free_module import VectorSpace
from sage.matrix.constructor import Matrix
import z_charge
import z2_taut
import regina
ZZ2 = ZZ.quotient(ZZ(2))
sig_starts = ["b+-LR", "b++LR"]
print("testing lattice for punc torus bundle")
for i in range(3):
for sig_start in sig_starts:
sig = sig_start + str(words.RandomWord(8, 2, "LR")) # 8 is a magic number
M = snappy.Manifold(sig)
tri = regina.Triangulation3(M)
t, A = z_charge.sol_and_kernel(M)
B = z_charge.leading_trailing_deformations(M)
C = z2_taut.cohomology_loops(tri)
AA = IntegerLattice(A)
BB = IntegerLattice(B)
assert AA == BB.saturation(), sig
dim = 3*M.num_tetrahedra()
V = VectorSpace(ZZ2, dim)
AA = V.subspace(A)
BB = V.subspace(B)
CM = Matrix(ZZ2, C)
CC = CM.right_kernel()
assert AA.intersection(CC) == BB , sig
## so l-t defms are the part of the kernel that doesn't flip over
if sage_working:
print("testing charges for punc torus bundle")
for i in range(3):
for sig_start in sig_starts:
sig = sig_start + str(words.RandomWord(8, 2, "LR")) # 8 is a magic number
M = snappy.Manifold(sig)
assert z_charge.can_deal_with_reduced_angles(M), sig
if sage_working:
import carried_surface
import mutation
print("testing building carried surfaces and mutations")
sigs_weights = [
['iLLLPQccdgefhhghqrqqssvof_02221000', (0, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0)],
['jLLAvQQcedehihiihiinasmkutn_011220000', (2, 0, 1, 0, 0, 0, 1, 2, 0, 2, 0, 2, 1, 0, 0, 0, 1, 0)],
['jLLAvQQcedehihiihiinasmkutn_011220000', (0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0)],
['jLLLMPQcdgfhfhiiihshassspiq_122201101', (0, 0, 4, 0, 4, 1, 0, 2, 2, 0, 1, 0, 0, 4, 0, 4, 0, 0)]
]
strata = [
((1, 2), [2, 2]),
((2, 4), [5, 5, 1, 1]),
((0, 3), [2, 0, 0]),
((6, 1), [22])
]
orders_of_veering_symmetry_groups = [4, 2, 2, 2]
for i in range(len(sigs_weights)):
tri, angle = taut.isosig_to_tri_angle(sigs_weights[i][0])
weights = sigs_weights[i][1]
surface, edge_colours = carried_surface.build_surface(tri, angle, weights, return_edge_colours = True)
assert strata[i] == carried_surface.stratum_from_weights_surface(weights, surface)
veering_isoms = carried_surface.veering_symmetry_group(surface, edge_colours)
assert len(veering_isoms) == orders_of_veering_symmetry_groups[i]
isom = veering_isoms[1]
mutation.mutate(tri, angle, weights, isom, quiet = True)
if i == 0:
assert tri.isoSig() == 'ivLLQQccfhfeghghwadiwadrv'
#print('svof to wadrv passed')
elif i == 1:
assert tri.isoSig() == 'jvLLAQQdfghhfgiiijttmtltrcr'
#print('smkutn to tltrcr passed')
elif i == 2:
assert tri.isoSig() == 'jLLMvQQcedehhiiihiikiwnmtxk'
#print('smkutn to mtxk passed')
elif i == 3:
assert tri.isoSig() == 'jLLALMQcecdhggiiihqrwqwrafo'
#print('spiq to rafo passed')
if sage_working:
print("all tests depending on sage passed")
def my_gen_lattice2(n=4, q=11, seed=None,
quotient=None, dual=False, ntl=False, lattice=False, GuessStuff=True):
"""
This is a modification of the code for the gen_lattice function from Sage
Randomness can be set either with ``seed``, or by using
:func:`sage.misc.randstate.set_random_seed`.
INPUT:
- ``type`` -- one of the following strings
- ``'cyclotomic'`` -- Special case of ideal. Allows for
efficient processing proposed by [LM2006]_.
- ``n`` -- Determinant size, primal:`det(L) = q^n`, dual:`det(L) = q^{m-n}`.
For ideal lattices this is also the degree of the quotient polynomial.
- ``m`` -- Lattice dimension, `L \subseteq Z^m`.
- ``q`` -- Coefficient size, `q-Z^m \subseteq L`.
- ``t`` -- BKZ Block Size
- ``seed`` -- Randomness seed.
- ``quotient`` -- For the type ideal, this determines the quotient
polynomial. Ignored for all other types.
- ``dual`` -- Set this flag if you want a basis for `q-dual(L)`, for example
for Regev's LWE bases [Reg2005]_.
- ``ntl`` -- Set this flag if you want the lattice basis in NTL readable
format.
- ``lattice`` -- Set this flag if you want a
:class:`FreeModule_submodule_with_basis_integer` object instead
of an integer matrix representing the basis.
OUTPUT: ``B`` a unique size-reduced triangular (primal: lower_left,
dual: lower_right) basis of row vectors for the lattice in question.
EXAMPLES:
Cyclotomic bases with n=2^k are SWIFFT bases::
sage: sage.crypto.gen_lattice(type='cyclotomic', seed=42)
[11 0 0 0 0 0 0 0]
[ 0 11 0 0 0 0 0 0]
[ 0 0 11 0 0 0 0 0]
[ 0 0 0 11 0 0 0 0]
[ 4 -2 -3 -3 1 0 0 0]
[ 3 4 -2 -3 0 1 0 0]
[ 3 3 4 -2 0 0 1 0]
[ 2 3 3 4 0 0 0 1]
Dual modular bases are related to Regev's famous public-key
encryption [Reg2005]_::
sage: sage.crypto.gen_lattice(type='modular', m=10, seed=42, dual=True)
[ 0 0 0 0 0 0 0 0 0 11]
[ 0 0 0 0 0 0 0 0 11 0]
[ 0 0 0 0 0 0 0 11 0 0]
[ 0 0 0 0 0 0 11 0 0 0]
[ 0 0 0 0 0 11 0 0 0 0]
[ 0 0 0 0 11 0 0 0 0 0]
[ 0 0 0 1 -5 -2 -1 1 -3 5]
[ 0 0 1 0 -3 4 1 4 -3 -2]
[ 0 1 0 0 -4 5 -3 3 5 3]
[ 1 0 0 0 -2 -1 4 2 5 4]
"""
from sage.rings.finite_rings.integer_mod_ring import IntegerModRing
from sage.matrix.constructor import identity_matrix, block_matrix
from sage.matrix.matrix_space import MatrixSpace
from sage.rings.integer_ring import IntegerRing
from sage.modules.free_module_integer import IntegerLattice
if seed is not None:
from sage.misc.randstate import set_random_seed
set_random_seed(seed)
m=n+1
ZZ = IntegerRing()
ZZ_q = IntegerModRing(q)
from sage.arith.all import euler_phi
from sage.misc.functional import cyclotomic_polynomial
# we assume that n+1 <= min( euler_phi^{-1}(n) ) <= 2*n
found = False
for k in range(2*n,n,-1):
if euler_phi(k) == n:
found = True
break
if not found:
raise ValueError("cyclotomic bases require that n "
"is an image of Euler's totient function")
R = ZZ_q['x'].quotient(cyclotomic_polynomial(2*n, 'x'), 'x')
g=x**(n/2)+1
T=ZZ_q['x'].quotient(x**(n/2)+1)
a_pol=R.random_element()
s_pol=sample_noise(R)
e_pol=sample_noise(R)
s_pol2=T((s_pol))
e_pol2=T((e_pol))
print("s={0},e={1}".format(T(s_pol),T(e_pol)))
Z_mat=e_pol2.matrix().augment(s_pol2.matrix())
Z_mattop=Z_mat[0:1].augment(matrix(1,1,[ZZ.one()*-1]))
b_pol=(a_pol*s_pol+e_pol)
print("s_pol={0}\ne_pol={1}".format((s_pol2).list(),(e_pol2).list()))
# Does a linear mapping change the shortest vector size for the rest?/
a_pol=a_pol#*x_pol
b_pol=b_pol#*x_pol
a_pol2 = T(a_pol.list())# % S(g.list())
b_pol2 = T((b_pol).list())# % S(g.list())
# print("a={0}\nb={1}".format(a_pol2,b_pol2))
A=identity_matrix(ZZ_q,n/2)
A=A.stack(a_pol2.matrix())
b_prime=b_pol2.matrix()[0:1]
b_prime=b_prime - 11*A[8:9]
A=A.stack(b_pol2.matrix()[0:1])
# print("X=\n{0}".format(X))
# A = A.stack(identity_matrix(ZZ_q, n/2))
print("A=\n{0}\n".format(A))
# switch from representatives 0,...,(q-1) to (1-q)/2,....,(q-1)/2
def minrepnegative(a):
if abs(a-q) < abs(a): return (a-q)*-1
else: return a*-1
def minrep(a):
if abs(a-q) < abs(a): return (a-q)
else: return a
A_prime = A[(n/2):(n+1)].lift().apply_map(minrep)
# b_neg= A[(n):(n+1)].lift().apply_map(minrepnegative)
Z_fixed=Z_mattop.lift().apply_map(minrep)
print("Z_fixed={0}\n||Z_fixed||={1}".format(Z_fixed,float(Z_fixed[0].norm())))
print('Z_fixed*A={0}\n\n'.format(Z_fixed*A))
print("z_fixed[0].norm()={0}".format(float(Z_fixed[0].norm())))
# B=block_matrix([[ZZ(q),ZZ.zero()],[A_neg,ZZ.one()]], subdivide=False)
# B = block_matrix([[ZZ.one(), -A_prime.transpose()],
# [ZZ.zero(), ZZ(q)]], subdivide=False)
B = block_matrix([[ZZ(q), ZZ.zero()], [-A_prime, ZZ.one()]], subdivide=False)
# for i in range(m//2):
# B.swap_rows(i,m-i-1)
# print("{0}\n".format(A_neg))
# B=block_matrix([[ZZ(q), ZZ.zero(),ZZ.zero()],[ZZ.one(),A_neg,ZZ.zero() ],[ZZ.zero(),b_neg,ZZ.one()]],
# subdivide=False)
#print("B=\n{0}".format(B))
print("B*A=\n{0}\n\n".format(B*A))
#print("A=\n{0}\n".format(A))
def remap(x):
return minrep((x*251)%251)
BL=B.BKZ(block_size=n/2.)
y=(BL.solve_left(Z_fixed))#.apply_map(remap))
# print("y*B={0}".format(y*B))
print("y:=B.solve_left(Z_fixed)={0}".format(y))
# BL=B.BKZ(block_size=n/2.)
print(BL[0])
print("shortest norm={0}".format(float(BL[0].norm())))
# L = IntegerLattice(B)
# p
# v=L.shortest_vector()
# print("L.shortest_vector={0}, norm={1}".format(v,float(v.norm())))
if ntl and lattice:
raise ValueError("Cannot specify ntl=True and lattice=True ")
if ntl:
return B._ntl_()
elif lattice:
from sage.modules.free_module_integer import IntegerLattice
return IntegerLattice(B)
else:
return B