def find_opt_distr(sigma, samples, ubits, cost_cl, cost_pq, cost_pp): """Finds an optimal distribution approximating rounded continuous Gaussian. Args: sigma: The standard deviation of the target (rounded) Gaussian. samples: The total number of samples drawn by both parties combined. ubits: The bound on the number of uniform bits required for sampling. cost_cl, cost_pq, cost_pp: Estimated costs of the rounded Gaussian. Returns: Four-tuple consisting of the distribution and the cost triplet. """ cost_cl_opt, d, _ = approximate_dgauss(sigma, samples, cost_cl, None, ubits, quiet=True) sym_d = pdf_product(d, {+1: .5, -1: .5}) dg = dgauss(sigma) _, cost_pq_opt = opt_renyi_bound(-cost_pq * log(2), sym_d, dg, samples) _, cost_pp_opt = opt_renyi_bound(-cost_pp * log(2), sym_d, dg, samples) return [sym_d, cost_cl_opt, -cost_pq_opt / log(2), -cost_pp_opt / log(2)]
def main(): # in our work, m = 2^B parameters = [ {'name': 'Recommend', 'D': 'D_3', 'sigma': sqrt(1.30), 'n': 712, 'q': 14, 'g': 2**8,'B': 4, 'bits': 16, 'base': 138, 'cut': 2}, {'name': 'Recommend-enc', 'D': 'D_3', 'sigma': sqrt(1.30), 'n': 712, 'q': 14, 'g': 2**8,'B': 4, 'bits': 16, 'base': 138, 'cut': 1}, ] for p in parameters: nbar, mbar = 8, 8 samples = (nbar + mbar) * p['n'] + nbar * mbar _, p['distr'], p['a'] = approximate_dgauss(p['sigma'], samples, p['base'], None, p['bits'], quiet=True) print "### C Code ###" for p in parameters: suffix = p['D'].replace('_', '') print distribution_to_C(p['distr'], suffix) print print "### TABLE distribution ###" for p in parameters: print distribution_to_TeX(p) print print "### TABLE 2 ###" for p in parameters: print parameters_to_TeX(p, nbar=8) print print "### TABLE 3 ###" for p in parameters: print security_to_TeX(p, nbar=8, print_sec=p['name'] != 'challenge'), if p['name'] == 'paranoid': print r"\bottomrule" else: print r"\midrule"
def main(): parameters = [ { 'name': 'paranoid', 'D': 'D_4', 'sigma': sqrt(1.75), 'n': 700, 'q': 12, 'B': 2, 'g': 2**10, 'bits': 16, 'base': 129, 'cut': 0 }, ] for p in parameters: nbar, mbar = 16, 16 samples = (nbar + mbar) * p['n'] + nbar * mbar _, p['distr'], p['a'] = approximate_dgauss(p['sigma'], samples, p['base'], None, p['bits'], quiet=True) print "### C Code ###" for p in parameters: suffix = p['D'].replace('_', '') print distribution_to_C(p['distr'], suffix) print print "### TABLE 1 ###" for p in parameters: print distribution_to_TeX(p) print print "### TABLE 2 ###" for p in parameters: print parameters_to_TeX(p, nbar=16) print print "### TABLE 3 ###" for p in parameters: print security_to_TeX(p, nbar=16, print_sec=p['name'] != 'challenge'), if p['name'] == 'paranoid': print r"\bottomrule" else: print r"\midrule"
def approximate_and_compute_failure_pr(qlog, n, sigma, m_bar, n_bar, agree_bits, w): samples = 2 * (m_bar + n_bar) * n + m_bar * n_bar _, d, a = approximate_dgauss(sigma, samples, 149, None, 16, quiet=True) sym_distr = pdf_product(d, {+1: .5, -1: .5}) return exact_failure_prob_pke(sym_distr, 2 ** qlog, n, w, agree_bits)
def main(): parameters = [ { 'name': 'challenge', 'D': 'D_1', 'sigma': sqrt(1.25), 'n': 352, 'q': 11, 'B': 1, 'bits': 8, 'base': 85 }, { 'name': 'classical', 'D': 'D_2', 'sigma': sqrt(1.00), 'n': 592, 'q': 12, 'B': 2, 'bits': 12, 'base': 137 }, { 'name': 'recommended', 'D': 'D_3', 'sigma': sqrt(1.75), 'n': 752, 'q': 15, 'B': 4, 'bits': 12, 'base': 138 }, { 'name': 'paranoid', 'D': 'D_4', 'sigma': sqrt(1.75), 'n': 864, 'q': 15, 'B': 4, 'bits': 16, 'base': 129 }, ] for p in parameters: nbar, mbar = 8, 8 samples = (nbar + mbar) * p['n'] + nbar * mbar _, p['distr'], p['a'] = approximate_dgauss(p['sigma'], samples, p['base'], None, p['bits'], quiet=True) print "### C Code ###" for p in parameters: suffix = p['D'].replace('_', '') print distribution_to_C(p['distr'], suffix) print print "### TABLE 1 ###" for p in parameters: print distribution_to_TeX(p) print print "### TABLE 2 ###" for p in parameters: print parameters_to_TeX(p, nbar=8) print print "### TABLE 3 ###" for p in parameters: print security_to_TeX(p, nbar=8, print_sec=p['name'] != 'challenge'), if p['name'] == 'paranoid': print r"\bottomrule" else: print r"\midrule"
def main(): # pyformat: disable parameters = [ { 'name': 'Frodo-640', 'sigma': 2.8, 'n': 640, 'm_bar': 8, 'n_bar': 8, 'q': 15, 'B': 2, 'key_len': 128, 'rand_bits': 16, 'sec_base': 105 }, { 'name': 'Frodo-976', 'sigma': 2.3, 'n': 976, 'm_bar': 8, 'n_bar': 8, 'q': 16, 'B': 3, 'key_len': 192, 'rand_bits': 16, 'sec_base': 151 }, { 'name': 'Frodo-1344', 'sigma': 1.4, 'n': 1344, 'm_bar': 8, 'n_bar': 8, 'q': 16, 'B': 4, 'key_len': 256, 'rand_bits': 16, 'sec_base': 195 }, ] # pyformat: enable for p in parameters: if p['rand_bits'] is not None: samples = (p['n_bar'] + p['m_bar']) * p['n'] + p['n_bar'] * p['m_bar'] _, p['distr'], p['a'] = approximate_dgauss(p['sigma'], samples, p['sec_base'], None, p['rand_bits'], quiet=True) else: gauss_dist = cutoff_tails(dgauss(p['sigma']), 2**-16) p['distr'], p['a'] = gauss_dist, float('inf') print('### DISTRIBUTION TO PYTHON ###') for p in parameters: print('sigma = {:.2f}: {}'.format(p['sigma'], distribution_to_python(p))) print() print('### C Code ###') for p in parameters: print(distribution_to_c(p['distr'])) print() print('### TABLE 1 ###') for p in parameters: print(parameters_to_tex(p)) print() print('### TABLE 2 ###') for p in parameters: print(distribution_to_tex(p)) print() print('### TABLE 4 ###') for p in parameters: print(print_sizes(p, 'Frodo', kem=True)) # print(r'\midrule') # for p in parameters: # print(print_sizes(p, 'Frodo', kem=False)) print() print('### PARAMETERS FOR CRYPTANALYIS ###') for p in parameters: print(security_to_tex(p), end='') if p['key_len'] == 256: print(r'\bottomrule') else: print(r'\midrule')