def run_LLL(A, delta=0.99, eta=0.501, **kwds):
u"""run LLL reduction for a given matrix
:param A: Integer matrix, represent in `list`
:param delta: (default: 0.99) LLL parameter `0.25 < δ ≤ 1`
:param eta: (default: 0.501) LLL parameter `0 ≤ η < √δ`
:param int_type: (default: 'mpz') an element of `fpylll.config.int_types`
:param method: one of 'wrapper', 'proved', 'heuristic', 'fast' or `None`
:param float_type: an element of `fpylll.config.float_types` or `None`
:param precision: bit precision to use if `float_type` is 'mpfr'
:param verbose: (default: `False`) print verbose outputs
:param use_siegel: (default: `False`) use Siegel's condition
instead of Lovász's condition
:param early_red: (default: `False`) perform early reduction
:returns: reduced matrix ``B``, represent in `list`
"""
kwds['delta'] = delta
kwds['eta'] = eta
int_type = kwds.pop('int_type', 'mpz')
kwds['flags'] = LLL.DEFAULT
if kwds.pop('verbose', False):
kwds['flags'] |= LLL.VERBOSE
if kwds.pop('use_siegel', False):
kwds['flags'] |= LLL.SIEGEL
if kwds.pop('early_red', False):
kwds['flags'] |= LLL.EARLY_RED
A = IntegerMatrix.from_matrix(A, int_type=int_type)
LLL.reduction(A, **kwds)
B = [[A[i, j] for j in range(A.ncols)] for i in range(A.nrows)]
return B
def load_matrix_file(filepath, randomize=False, seed=None):
"""
Load matrix from file, LLL reduce (and randomize).
:param filepath: Load matrix from this file
:param randomize: Randomize the basis
:param seed: Seed for randomization
:returns: lattice basis and BKZ object
"""
A = IntegerMatrix.from_file(filepath)
A = LLL.reduction(A)
A = IntegerMatrix.from_matrix(A, int_type="long")
M = GSO.Mat(A, float_type="double", flags=GSO.ROW_EXPO)
bkz = BKZReduction(M)
if seed is not None:
FPLLL.set_random_seed(seed)
if randomize:
bkz.randomize_block(0, A.nrows, density=A.ncols / 4)
LLL.reduction(A)
bkz = BKZReduction(A)
LLL.reduction(A)
bkz.lll_obj() # to initialize bkz.M etc
return A, bkz
def test_enum_gram_coherence():
"""
Test if the enumeration algorithm is consistent with the Gram matrices
The vectors returned by the enumeration should be the same wether a
lattice is given by its basis or by its Gram matrix
"""
dimensions = ((3, 3), (10, 10), (20, 20), (25, 25))
for m, n in dimensions:
for int_type in int_types:
A = make_integer_matrix(m, n, int_type=int_type)
LLL.reduction(A)
G = tools.compute_gram(A)
for float_type in float_types:
M_A = GSO.Mat(copy(A), float_type=float_type, gram=False)
M_G = GSO.Mat(copy(G), float_type=float_type, gram=True)
M_A.update_gso()
M_G.update_gso()
enum_obj_a = Enumeration(M_A, nr_solutions=min(m, 5))
shortest_vectors_a = enum_obj_a.enumerate(
0, M_A.d, M_A.get_r(0, 0), 0)
enum_obj_g = Enumeration(M_G, nr_solutions=min(m, 5))
shortest_vectors_g = enum_obj_g.enumerate(
0, M_G.d, M_G.get_r(0, 0), 0)
for i in range(len(shortest_vectors_a)):
assert shortest_vectors_a[i] == shortest_vectors_g[i]
def load_svp_challenge(d, seed=0):
"""
Load SVP Challenge matrix in dimension `d` and ``seed``
:param d: dimension
:param seed: random seed
"""
filename = os.path.join("data", "svp-challenge", "%03d-%d.txt" % (d, seed))
if os.path.isfile(filename) is False:
import requests
logging.debug("Did not find '{filename}', downloading ...".format(
filename=filename))
r = requests.post(
"https://www.latticechallenge.org/svp-challenge/generator.php",
data={
"dimension": d,
"seed": seed,
"sent": "True"
},
)
logging.debug("%s %s" % (r.status_code, r.reason))
fn = open(filename, "w")
fn.write(r.text)
fn.close()
A = IntegerMatrix.from_file(filename)
LLL.reduction(A)
return A
def __init__(self, A):
"""Construct a new instance of the BKZ algorithm.
:param A: an integer matrix, a GSO object or an LLL object
"""
if isinstance(A, GSO.Mat):
L = None
M = A
A = M.B
elif isinstance(A, LLL.Reduction):
L = A
M = L.M
A = M.B
elif isinstance(A, IntegerMatrix):
L = None
M = None
A = A
else:
raise TypeError("Matrix must be IntegerMatrix but got type '%s'" %
type(A))
if M is None and L is None:
# run LLL first, but only if a matrix was passed
LLL.reduction(A)
self.A = A
if M is None:
self.M = GSO.Mat(A, flags=GSO.ROW_EXPO)
else:
self.M = M
if L is None:
self.lll_obj = LLL.Reduction(self.M, flags=LLL.DEFAULT)
else:
self.lll_obj = L
def test_enum_enum():
for int_type in int_types:
A = make_integer_matrix(20, 20, int_type=int_type)
LLL.reduction(A)
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
M.update_gso()
enum_obj = Enumeration(M)
enum_obj.enumerate(0, M.d, M.get_r(0, 0), 0)
def insert_in_IntegerMatrix(A, v):
n = A.nrows
AA = IntegerMatrix(n + 1, n, int_type="long")
for j in xrange(n):
AA[0, j] = v[j]
for i in xrange(n):
AA[i + 1, j] = A[i, j]
LLL.reduction(AA)
for j in xrange(n):
for i in xrange(n):
A[i, j] = AA[i + 1, j]
del AA
def test_simple_bkz_reduction(block_size=10):
for n in dimensions:
set_random_seed(n)
A = make_integer_matrix(n)
LLL.reduction(A)
B = copy(A)
BKZ.reduction(B, BKZ.Param(block_size=block_size))
C = copy(A)
SimpleBKZ(C)(block_size=block_size)
assert abs(C[0].norm() - B[0].norm()) < 0.1
assert abs(C[0].norm() < A[0].norm())
def test_simple_bkz_reduction(block_size=10):
for n in dimensions:
FPLLL.set_random_seed(n)
A = make_integer_matrix(n)
LLL.reduction(A)
B = copy(A)
BKZ.reduction(B, BKZ.Param(block_size=block_size))
C = copy(A)
SimpleBKZ(C)(block_size=block_size)
assert abs(C[0].norm() - B[0].norm()) < 0.1
assert abs(C[0].norm() < A[0].norm())
def run_instance(L, block_size, tours, evec):
from fpylll import BKZ, LLL, GSO, IntegerMatrix
from fpylll.algorithms.bkz2 import BKZReduction as BKZ2
from sage.all import e
A = IntegerMatrix.from_matrix(L)
block_size = ZZ(block_size)
par = BKZ.Param(block_size=block_size,
strategies=BKZ.DEFAULT_STRATEGY,
flags=BKZ.VERBOSE)
block_size = ZZ(block_size)
delta_0 = (block_size / (2 * pi * e) *
(pi * block_size)**(1 / block_size))**(1 / (2 * block_size - 1))
n = ZZ(L.nrows())
alpha = delta_0**(-2 * n / (n - 1))
if len(evec) == n - 1:
evec = vector(list(evec) + [1])
LLL.reduction(A)
M = GSO.Mat(A)
M.update_gso()
vol = sqrt(prod([RR(M.get_r(i, i)) for i in range(n)]))
norms = [
map(lambda x: RR(log(x, 2)),
[(alpha**i * delta_0**n * vol**(1 / n))**2 for i in range(n)])
]
def proj(v, i):
return v - vector(RR, M.to_canonical(list(M.from_canonical(v, 0, i))))
# norms += [map(lambda x: RR(log(x,2)),
# [(stddev*sqrt(n-i))**2 for i in range(n)])]
norms += [
map(lambda x: RR(log(x, 2)),
[proj(evec, i).norm()**2 for i in range(1, n - 1)])
]
norms += [[log(RR(M.get_r(i, i)), 2) for i in range(n)]]
bkz = BKZ2(M)
for i in range(tours):
bkz.tour(par)
norms += [[log(M.get_r(i, i), 2) for i in range(n)]]
return A.to_matrix(matrix(ZZ, n, n)), norms
def load_challenge_and_randomize(n):
A_pre = IntegerMatrix.from_file("svpchallenge/svpchallengedim%dseed0.txt" %
n)
LLL.reduction(A_pre)
A = IntegerMatrix.from_matrix(A_pre, int_type="long")
params = fplll_bkz.Param(block_size=n,
max_loops=1,
strategies=fplll_bkz.DEFAULT_STRATEGY,
flags=fplll_bkz.GH_BND,
min_success_probability=.8)
bkz = BKZReduction(A)
bkz.lll_obj()
bkz.randomize_block(0, n, density=n / 4)
bkz.lll_obj()
return A, bkz
def test_gso_io():
for m, n in dimensions:
if m <= 2 or n <= 2:
continue
A = make_integer_matrix(m, n)
v = list(A[0])
LLL.reduction(A)
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
M.update_gso()
w = M.babai(v)
v_ = IntegerMatrix.from_iterable(1, m, w) * A
v_ = list(v_[0])
assert v == v_
def ntru_plain_hybrid_basis(A, g, q, nsamples):
"""
Construct ntru basis for the MitM hybrid
"""
n = A.ncols
ell = n - g
B = IntegerMatrix(nsamples + ell, nsamples + ell)
for i in range(ell):
B[i, i] = 1
for j in range(nsamples):
B[i, j + ell] = A[i, j]
for i in range(nsamples):
B[i + ell, i + ell] = q
# print('B:')
# print(B)
Al = B.submatrix(0, ell, ell, ell + nsamples)
Ag = A.submatrix(ell, 0, nsamples, nsamples)
B = LLL.reduction(B)
return B, Al, Ag
def __init__(self, A, preprocessing_levels=1, preprocessing_cutoff=45):
"""
Create a new BKZ Simulation object.
:param A: An integer matrix, a GSO object or a list of squared Gram-Schmidt norms.
:param preprocessing_levels: how many levels of preprocessing to simulate (slow!)
.. note :: Our internal representation is log2 norms of Gram-Schmidt vectors (not squared).
"""
if isinstance(A, GSO.Mat):
A.update_gso()
r = A.r()
self.r = [log(r_, 2) / 2.0 for r_ in r]
elif isinstance(A, LLL.Reduction):
A.M.update_gso()
r = A.M.r()
self.r = [log(r_, 2) / 2.0 for r_ in r]
elif isinstance(A, IntegerMatrix):
M = GSO.Mat(LLL.reduction(A))
M.update_gso()
r = M.r()
self.r = [log(r_, 2) / 2.0 for r_ in r]
else:
try:
self.r = [log(r_, 2) / 2.0 for r_ in A]
except TypeError:
raise TypeError("Unsupported type '%s'" % type(A))
self.preprocessing_levels = preprocessing_levels
self.preprocessing_cutoff = preprocessing_cutoff
def primal_lattice_basis(A, c, q, m=None):
"""
Construct primal lattice basis for LWE challenge
``(A,c)`` defined modulo ``q``.
:param A: LWE matrix
:param c: LWE vector
:param q: integer modulus
:param m: number of samples to use (``None`` means all)
"""
if m is None:
m = A.nrows
elif m > A.nrows:
raise ValueError("Only m=%d samples available." % A.nrows)
n = A.ncols
B = IntegerMatrix(m + n + 1, m + 1)
for i in range(m):
for j in range(n):
B[j, i] = A[i, j]
B[i + n, i] = q
B[-1, i] = c[i]
B[-1, -1] = 1
B = LLL.reduction(B)
assert (B[:n] == IntegerMatrix(n, m + 1))
B = B[n:]
return B
def sample_matrix(d, lattice_type="qary", seed=None):
"""
Sample a matrix in dimension `d`.
:param d: lattice dimension
:param lattice_type: see module level documentation
:param seed: optional random seed
:returns: LLL-reduced integer matrix
.. note :: This function seeds the FPLLL RNG, i.e. it is deterministic.
"""
if seed is None:
FPLLL.set_random_seed(d)
else:
FPLLL.set_random_seed(seed)
if lattice_type == "qary":
A = IntegerMatrix.random(d, "qary", bits=30, k=d // 2, int_type="long")
elif lattice_type == "qary-lv":
A = IntegerMatrix.random(d, "qary", bits=10 * d, k=d // 2)
else:
raise ValueError("Lattice type '%s' not supported." % lattice_type)
A = LLL.reduction(A)
return A
def svpchallenge_test ():
dim = 60
A_pre = IntegerMatrix.from_file("svpchallenge/svpchallengedim%dseed0.txt"%dim)
print "# input dim: ", dim
print "# nrows: ", A_pre.nrows
ASVP_START = time()
LLL.reduction(A_pre)
A = IntegerMatrix.from_matrix(A_pre, int_type="long")
bkz = BKZReduction(A)
bkz.lll_obj()
r = [bkz.M.get_r(i, i) for i in range(dim)]
goal = (1.05)**2 * gaussian_heuristic(r)
params = fplll_bkz.Param(block_size=20, max_loops=1,
min_success_probability=.01)
bkz(params=params)
print " done BKZ yes"
def main(n=150,
block_size=60,
float_type="d",
logq=40,
verbose=False,
seed=0xdeadbeef):
print "= n: %3d, β: %2d, bits: %3d, float_type: %s, seed: 0x%08x =" % (
n, block_size, logq, float_type, seed)
print
set_random_seed(seed)
A = IntegerMatrix.random(n, "qary", k=n // 2, bits=logq)
A = LLL.reduction(A)
params = BKZ.Param(block_size=block_size,
max_loops=4,
strategies=BKZ.DEFAULT_STRATEGY,
flags=BKZ.MAX_LOOPS | BKZ.VERBOSE)
bkz = BKZReduction(GSO.Mat(copy.copy(A), float_type=float_type))
bkz(params)
print bkz.trace
bkz2 = BKZ2(GSO.Mat(copy.copy(A), float_type=float_type))
bkz2(params)
print bkz2.trace
if verbose:
print
print bkz.trace.report()
def test_callback_enum(d=40):
FPLLL.set_random_seed(0x1337)
A = LLL.reduction(IntegerMatrix.random(100, "qary", k=50, q=7681))
M = GSO.Mat(A)
M.update_gso()
# we are not imposing a constraint
enum_obj = Enumeration(M)
solutions = enum_obj.enumerate(0, d, 0.99*M.get_r(0, 0), 0)
max_dist, sol = solutions[0]
assert(A.multiply_left(sol)[0] != 2)
# now we do
def callback(new_sol_coord):
if A.multiply_left(new_sol_coord)[0] == 2:
return True
else:
return False
enum_obj = Enumeration(M, callbackf=callback)
solutions = enum_obj.enumerate(0, d, 0.99*M.get_r(0, 0), 0)
max_dist, sol = solutions[0]
assert(A.multiply_left(sol)[0] == 2)
def svpchallenge_par3(bs_diff=10, cores=2, start_dim=80, end_dim=80+2, BS_RANDOM_RANGE = 10):
for dim in range(start_dim, start_dim+2, 2):
A_pre = IntegerMatrix.from_file("svpchallenge/svpchallengedim%dseed0.txt"%dim)
print "# input dim: ", dim
print "# nrows: ", A_pre.nrows
ASVP_START = time()
LLL.reduction(A_pre)
A = IntegerMatrix.from_matrix(A_pre, int_type="long")
bkz = BKZReduction(A)
bkz.lll_obj()
r = [bkz.M.get_r(i, i) for i in range(dim)]
goal = (1.05)**2 * gaussian_heuristic(r)
bs_ulim = dim - bs_diff
interacting_parrallel_asvp(A, bs_ulim, goal, cores, BS_RANDOM_RANGE)
ASVP_TIME = time() - ASVP_START
print ("\nSUMMARY", {"input dim": dim, "bs_range": (bs_ulim - BS_RANDOM_RANGE, bs_ulim), "time": ASVP_TIME})
def reduce_lattice(self, lattice, block_size):
if block_size is None:
self.log("Start LLL.")
return LLL.reduction(lattice)
else:
self.log("Start BKZ-{}.".format(block_size))
return BKZ.reduction(lattice, BKZ.Param(block_size=block_size,
strategies=BKZ.DEFAULT_STRATEGY,
auto_abort=True))
def test_svp_too_large():
from fpylll.config import max_enum_dim
m = max_enum_dim + 1
n = max_enum_dim + 1
A = make_integer_matrix(m, n)
A = LLL.reduction(A)
M = GSO.Mat(A)
M.update_gso()
with pytest.raises(NotImplementedError):
SVP.shortest_vector(A)
def test_gso_update_gso():
for m, n in dimensions:
A = make_integer_matrix(m, n)
LLL.reduction(A)
r00 = []
re00 = []
g00 = []
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
M.update_gso()
if (m, n) == (0, 0):
continue
r00.append(M.get_r(0, 0))
re00.append(M.get_r_exp(0, 0)[0])
g00.append(M.get_gram(0, 0))
for i in range(1, len(r00)):
abs(r00[0]/r00[i] - 1.0) < 0.0001
abs(re00[0]/re00[i] - 1.0) < 0.0001
abs(g00[0]/g00[i] - 1.0) < 0.0001
def test_gso_update_gso():
for m, n in dimensions:
A = make_integer_matrix(m, n)
LLL.reduction(A)
r00 = []
re00 = []
g00 = []
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
M.update_gso()
if (m, n) == (0, 0):
continue
r00.append(M.get_r(0, 0))
re00.append(M.get_r_exp(0, 0)[0])
g00.append(M.get_gram(0, 0))
for i in range(1, len(r00)):
assert abs(r00[0]/r00[i] - 1.0) < 0.0001
assert abs(re00[0]/re00[i] - 1.0) < 0.0001
assert abs(g00[0]/g00[i] - 1.0) < 0.0001
def reduce_lattice(self, lattice, block_size):
"""Reduce the lattice, either using *LLL* if `block_size` is `None` or *BKZ* with the given `block_size`."""
if block_size is None:
self.log("Start LLL.")
return LLL.reduction(lattice)
else:
self.log("Start BKZ-{}.".format(block_size))
return BKZ.reduction(
lattice,
BKZ.Param(block_size=block_size,
strategies=BKZ.DEFAULT_STRATEGY,
auto_abort=True))
def test_bkz_postprocessing():
A = IntegerMatrix.random(20, "qary", bits=20, k=10, int_type="long")
LLL.reduction(A)
bkz = BKZ(A)
bkz.M.update_gso()
tracer = BKZTreeTracer(bkz)
solution = (2, 2, 0, 3, 4, 5, 7)
v = A.multiply_left(solution, 3)
bkz.svp_postprocessing(3, len(solution), solution, tracer)
w = tuple(A[3])
assert v == w
solution = (2, 1, 0, 3, 4, 5, 7)
v = A.multiply_left(solution, 3)
bkz.svp_postprocessing(3, len(solution), solution, tracer)
w = tuple(A[3])
assert v == w
def load_prebkz(n, s=0, blocksize=40):
"""
"""
filename = "qarychallenge/prebkz-%02d-dim-%03d-seed-%02d.txt" % (blocksize,
n, s)
if not os.path.isdir("qarychallenge"):
os.mkdir("qarychallenge")
if os.path.isfile(filename) is False:
set_random_seed(s)
A = IntegerMatrix.random(n, "qary", q=2**30, k=n // 2)
print "Did not find '{filename}'. Creating and reducing".format(
filename=filename)
print "created, ",
sys.stdout.flush()
A = LLL.reduction(A)
print "LLLed, ",
sys.stdout.flush()
if A.nrows >= 160:
float_type = "long double"
elif A.nrows >= 200:
float_type = "dd"
else:
float_type = "double"
M = GSO.Mat(A, float_type=float_type, flags=GSO.ROW_EXPO)
bkz = BKZReduction(M)
for b in range(10, blocksize + 1):
print "\r created, LLLed, BKZed %d" % b,
sys.stdout.flush()
par = fplll_bkz.Param(b,
strategies=fplll_bkz.DEFAULT_STRATEGY,
max_loops=1,
flags=fplll_bkz.MAX_LOOPS)
bkz(par)
print
fn = open(filename, "w")
fn.write(str(A))
fn.close()
return load_matrix_file(filename, randomize=False)
def test_svp():
for m, n in dimensions:
A = make_integer_matrix(m, n)
A = LLL.reduction(A)
M = GSO.Mat(A)
M.update_gso()
E = Enumeration(M)
_, v1 = E.enumerate(0, M.d, M.get_r(0, 0), 0)[0]
v1 = A.multiply_left(v1)
nv1 = sum([v_**2 for v_ in v1])
v0 = SVP.shortest_vector(A)
nv0 = sum([v_**2 for v_ in v0])
assert nv0 == nv1
def test_gso_update_gso():
EPSILON = 0.0001
for int_type in int_types:
for m, n in dimensions:
A = make_integer_matrix(m, n, int_type=int_type)
LLL.reduction(A)
r00 = []
re00 = []
g00 = []
for float_type in float_types:
M = GSO.Mat(copy(A), float_type=float_type)
M.update_gso()
if (m, n) == (0, 0):
continue
r00.append(M.get_r(0, 0))
re00.append(M.get_r_exp(0, 0)[0])
g00.append(M.get_gram(0, 0))
for i in range(1, len(r00)):
assert r00[0] == pytest.approx(r00[i], rel=EPSILON)
assert re00[0] == pytest.approx(re00[i], rel=EPSILON)
assert g00[0] == pytest.approx(g00[i], rel=EPSILON)
def mpi_svpchallenge_par3(bs_diff=10,
cores=2,
start_dim=80,
end_dim=80 + 2,
BS_RANDOM_RANGE=10):
dim = start_dim
A_pre = IntegerMatrix.from_file(
"/home/shi/suite/sb_fpylll/bench/svpchallenge/svpchallengedim%dseed0.txt"
% dim)
if (rank == 0):
print "# input dim: ", dim
print "# nrows: ", A_pre.nrows
ASVP_START = time()
LLL.reduction(A_pre)
A = IntegerMatrix.from_matrix(A_pre, int_type="long")
bkz = BKZReduction(A)
bkz.lll_obj()
r = [bkz.M.get_r(i, i) for i in range(dim)]
goal = (1.05)**2 * gaussian_heuristic(r)
bs_ulim = dim - bs_diff
mpi_interacting_parrallel_asvp(A, bs_ulim, goal, cores, BS_RANDOM_RANGE)
ASVP_TIME = time() - ASVP_START
# done send signal
comm.send(99, dest=0, tag=0)
comm.send(rank, dest=0, tag=1)
if (rank == 0):
print(
"\nSUMMARY", {
"input dim": dim,
"bs_range": (bs_ulim - BS_RANDOM_RANGE, bs_ulim),
"time": ASVP_TIME
})
return
def test_cvp():
for m, n in dimensions:
A = make_integer_matrix(m, n)
A = LLL.reduction(A)
M = GSO.Mat(A)
M.update_gso()
t = list(make_integer_matrix(n, n)[0])
v0 = CVP.closest_vector(A, t)
E = Enumeration(M)
v1, _ = E.enumerate(0, A.nrows, 2, 40, M.from_canonical(t))
v1 = IntegerMatrix.from_iterable(1, A.nrows, map(lambda x: int(round(x)), v1))
v1 = tuple((v1*A)[0])
assert v0 == v1
def test_cvp():
for m, n in dimensions:
A = make_integer_matrix(m, n)
A = LLL.reduction(A)
M = GSO.Mat(A)
M.update_gso()
t = list(make_integer_matrix(n, n)[0])
v0 = CVP.closest_vector(A, t)
E = Enumeration(M)
v1, _ = E.enumerate(0, A.nrows, 2, 40, M.from_canonical(t))[0]
v1 = IntegerMatrix.from_iterable(1, A.nrows,
map(lambda x: int(round(x)), v1))
v1 = tuple((v1 * A)[0])
assert v0 == v1
def reduce_lattice(self, lattice, block_size):
if block_size is None:
self.log("Start LLL.")
return LLL.reduction(lattice)
else:
if self.sieve:
#self.log("Start sieving(BKZ-{}).".format(block_size))
#g6k = Siever(lattice)
#tracer = SieveTreeTracer(g6k, root_label=("bkz", block_size), start_clocks=True)
#for _ in range(3):
# BKZ_Sieve(g6k, tracer, block_size)
return lattice
else:
self.log("Start BKZ-{}.".format(block_size))
return BKZ.reduction(
lattice,
BKZ.Param(block_size=block_size,
strategies=BKZ.DEFAULT_STRATEGY,
auto_abort=True))
def silke(A, c, beta, h, m=None, scale=1, float_type="double"):
"""
:param A: LWE matrix
:param c: LWE vector
:param beta: BKW block size
:param m: number of samples to consider
:param scale: scale rhs of lattice by this factor
"""
from fpylll import BKZ, IntegerMatrix, LLL, GSO
from fpylll.algorithms.bkz2 import BKZReduction as BKZ2
if m is None:
m = A.nrows()
L = dual_instance1(A, scale=scale)
L = IntegerMatrix.from_matrix(L)
L = LLL.reduction(L, flags=LLL.VERBOSE)
M = GSO.Mat(L, float_type=float_type)
bkz = BKZ2(M)
t = 0.0
param = BKZ.Param(block_size=beta,
strategies=BKZ.DEFAULT_STRATEGY,
auto_abort=True,
max_loops=16,
flags=BKZ.VERBOSE|BKZ.AUTO_ABORT|BKZ.MAX_LOOPS)
bkz(param)
t += bkz.stats.total_time
H = copy(L)
import pickle
pickle.dump(L, open("L-%d-%d.sobj"%(L.nrows, beta), "wb"))
E = []
Y = set()
V = set()
y_i = vector(ZZ, tuple(L[0]))
Y.add(tuple(y_i))
E.append(apply_short1(y_i, A, c, scale=scale)[1])
v = L[0].norm()
v_ = v/sqrt(L.ncols)
v_r = 3.2*sqrt(L.ncols - A.ncols())*v_/scale
v_l = sqrt(h)*v_
fmt = u"{\"t\": %5.1fs, \"log(sigma)\": %5.1f, \"log(|y|)\": %5.1f, \"log(E[sigma]):\" %5.1f}"
print
print fmt%(t,
log(abs(E[-1]), 2),
log(L[0].norm(), 2),
log(sqrt(v_r**2 + v_l**2), 2))
print
for i in range(m):
t = cputime()
M = GSO.Mat(L, float_type=float_type)
bkz = BKZ2(M)
t = cputime()
bkz.randomize_block(0, L.nrows, stats=None, density=3)
LLL.reduction(L)
y_i = vector(ZZ, tuple(L[0]))
l_n = L[0].norm()
if L[0].norm() > H[0].norm():
L = copy(H)
t = cputime(t)
Y.add(tuple(y_i))
V.add(y_i.norm())
E.append(apply_short1(y_i, A, c, scale=scale)[1])
if len(V) >= 2:
fmt = u"{\"i\": %4d, \"t\": %5.1fs, \"log(|e_i|)\": %5.1f, \"log(|y_i|)\": %5.1f,"
fmt += u"\"log(sigma)\": (%5.1f,%5.1f), \"log(|y|)\": (%5.1f,%5.1f), |Y|: %5d}"
print fmt%(i+2, t, log(abs(E[-1]), 2), log(l_n, 2), log_mean(E), log_var(E), log_mean(V), log_var(V), len(Y))
return E
