| 243 |
243 |
reductionTime = cputime()
|
| 244 |
244 |
# Compute the reduced polynomials.
|
| 245 |
245 |
ccReducedPolynomialsList = \
|
| 246 |
|
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
| 247 |
|
alpha,
|
| 248 |
|
N,
|
| 249 |
|
iBound,
|
| 250 |
|
tBound)
|
|
246 |
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
|
247 |
alpha,
|
|
248 |
N,
|
|
249 |
iBound,
|
|
250 |
tBound)
|
| 251 |
251 |
if ccReducedPolynomialsList is None:
|
| 252 |
252 |
raise Exception("Reduction failed.")
|
| 253 |
253 |
reductionsFullTime += cputime(reductionTime)
|
| ... | ... | |
| 709 |
709 |
reductionTime = cputime()
|
| 710 |
710 |
#### Compute the reduced polynomials.
|
| 711 |
711 |
ccReducedPolynomialsList = \
|
| 712 |
|
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
| 713 |
|
alpha,
|
| 714 |
|
N,
|
| 715 |
|
iBound,
|
| 716 |
|
tBound)
|
|
712 |
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
|
713 |
alpha,
|
|
714 |
N,
|
|
715 |
iBound,
|
|
716 |
tBound)
|
| 717 |
717 |
if ccReducedPolynomialsList is None:
|
| 718 |
718 |
raise Exception("Reduction failed.")
|
| 719 |
719 |
reductionsFullTime += cputime(reductionTime)
|
| ... | ... | |
| 937 |
937 |
## Output counters
|
| 938 |
938 |
# End srs_runSLZ-v02
|
| 939 |
939 |
|
|
940 |
def srs_run_SLZ_v03(inputFunction,
|
|
941 |
inputLowerBound,
|
|
942 |
inputUpperBound,
|
|
943 |
alpha,
|
|
944 |
degree,
|
|
945 |
precision,
|
|
946 |
emin,
|
|
947 |
emax,
|
|
948 |
targetHardnessToRound,
|
|
949 |
debug = False):
|
|
950 |
"""
|
|
951 |
Changes from V2:
|
|
952 |
Root search is changed:
|
|
953 |
- we compute the resultants in i and in t;
|
|
954 |
- we compute the roots set of each of these resultants;
|
|
955 |
- we combine all the possible pairs between the two sets;
|
|
956 |
- we check these pairs in polynomials for correctness.
|
|
957 |
Changes from V1:
|
|
958 |
1- check for roots as soon as a resultant is computed;
|
|
959 |
2- once a non null resultant is found, check for roots;
|
|
960 |
3- constant resultant == no root.
|
|
961 |
"""
|
|
962 |
|
|
963 |
if debug:
|
|
964 |
print "Function :", inputFunction
|
|
965 |
print "Lower bound :", inputLowerBound
|
|
966 |
print "Upper bounds :", inputUpperBound
|
|
967 |
print "Alpha :", alpha
|
|
968 |
print "Degree :", degree
|
|
969 |
print "Precision :", precision
|
|
970 |
print "Emin :", emin
|
|
971 |
print "Emax :", emax
|
|
972 |
print "Target hardness-to-round:", targetHardnessToRound
|
|
973 |
print
|
|
974 |
## Important constants.
|
|
975 |
### Stretch the interval if no error happens.
|
|
976 |
noErrorIntervalStretch = 1 + 2^(-5)
|
|
977 |
### If no vector validates the Coppersmith condition, shrink the interval
|
|
978 |
# by the following factor.
|
|
979 |
noCoppersmithIntervalShrink = 1/2
|
|
980 |
### If only (or at least) one vector validates the Coppersmith condition,
|
|
981 |
# shrink the interval by the following factor.
|
|
982 |
oneCoppersmithIntervalShrink = 3/4
|
|
983 |
#### If only null resultants are found, shrink the interval by the
|
|
984 |
# following factor.
|
|
985 |
onlyNullResultantsShrink = 3/4
|
|
986 |
## Structures.
|
|
987 |
RRR = RealField(precision)
|
|
988 |
RRIF = RealIntervalField(precision)
|
|
989 |
## Converting input bound into the "right" field.
|
|
990 |
lowerBound = RRR(inputLowerBound)
|
|
991 |
upperBound = RRR(inputUpperBound)
|
|
992 |
## Before going any further, check domain and image binade conditions.
|
|
993 |
print inputFunction(1).n()
|
|
994 |
output = slz_fix_bounds_for_binades(lowerBound, upperBound, inputFunction)
|
|
995 |
if output is None:
|
|
996 |
print "Invalid domain/image binades. Domain:",\
|
|
997 |
lowerBound, upperBound, "Images:", \
|
|
998 |
inputFunction(lowerBound), inputFunction(upperBound)
|
|
999 |
raise Exception("Invalid domain/image binades.")
|
|
1000 |
lb = output[0] ; ub = output[1]
|
|
1001 |
if lb != lowerBound or ub != upperBound:
|
|
1002 |
print "lb:", lb, " - ub:", ub
|
|
1003 |
print "Invalid domain/image binades. Domain:",\
|
|
1004 |
lowerBound, upperBound, "Images:", \
|
|
1005 |
inputFunction(lowerBound), inputFunction(upperBound)
|
|
1006 |
raise Exception("Invalid domain/image binades.")
|
|
1007 |
#
|
|
1008 |
## Progam initialization
|
|
1009 |
### Approximation polynomial accuracy and hardness to round.
|
|
1010 |
polyApproxAccur = 2^(-(targetHardnessToRound + 1))
|
|
1011 |
polyTargetHardnessToRound = targetHardnessToRound + 1
|
|
1012 |
### Significand to integer conversion ratio.
|
|
1013 |
toIntegerFactor = 2^(precision-1)
|
|
1014 |
print "Polynomial approximation required accuracy:", polyApproxAccur.n()
|
|
1015 |
### Variables and rings for polynomials and root searching.
|
|
1016 |
i=var('i')
|
|
1017 |
t=var('t')
|
|
1018 |
inputFunctionVariable = inputFunction.variables()[0]
|
|
1019 |
function = inputFunction.subs({inputFunctionVariable:i})
|
|
1020 |
# Polynomial Rings over the integers, for root finding.
|
|
1021 |
Zi = ZZ[i]
|
|
1022 |
Zt = ZZ[t]
|
|
1023 |
Zit = ZZ[i,t]
|
|
1024 |
## Number of iterations limit.
|
|
1025 |
maxIter = 100000
|
|
1026 |
#
|
|
1027 |
## Compute the scaled function and the degree, in their Sollya version
|
|
1028 |
# once for all.
|
|
1029 |
(scaledf, sdlb, sdub, silb, siub) = \
|
|
1030 |
slz_compute_scaled_function(function, lowerBound, upperBound, precision)
|
|
1031 |
print "Scaled function:", scaledf._assume_str().replace('_SAGE_VAR_', '')
|
|
1032 |
scaledfSo = sollya_lib_parse_string(scaledf._assume_str().replace('_SAGE_VAR_', ''))
|
|
1033 |
degreeSo = pobyso_constant_from_int_sa_so(degree)
|
|
1034 |
#
|
|
1035 |
## Compute the scaling. boundsIntervalRifSa defined out of the loops.
|
|
1036 |
domainBoundsInterval = RRIF(lowerBound, upperBound)
|
|
1037 |
(unscalingFunction, scalingFunction) = \
|
|
1038 |
slz_interval_scaling_expression(domainBoundsInterval, i)
|
|
1039 |
#print scalingFunction, unscalingFunction
|
|
1040 |
## Set the Sollya internal precision (with an arbitrary minimum of 192).
|
|
1041 |
internalSollyaPrec = ceil((RR('1.5') * targetHardnessToRound) / 64) * 64
|
|
1042 |
if internalSollyaPrec < 192:
|
|
1043 |
internalSollyaPrec = 192
|
|
1044 |
pobyso_set_prec_sa_so(internalSollyaPrec)
|
|
1045 |
print "Sollya internal precision:", internalSollyaPrec
|
|
1046 |
## Some variables.
|
|
1047 |
### General variables
|
|
1048 |
lb = sdlb
|
|
1049 |
ub = sdub
|
|
1050 |
nbw = 0
|
|
1051 |
intervalUlp = ub.ulp()
|
|
1052 |
#### Will be set by slz_interval_and_polynomila_to_sage.
|
|
1053 |
ic = 0
|
|
1054 |
icAsInt = 0 # Set from ic.
|
|
1055 |
solutionsSet = set()
|
|
1056 |
tsErrorWidth = []
|
|
1057 |
csErrorVectors = []
|
|
1058 |
csVectorsResultants = []
|
|
1059 |
floatP = 0 # Taylor polynomial.
|
|
1060 |
floatPcv = 0 # Ditto with variable change.
|
|
1061 |
intvl = "" # Taylor interval
|
|
1062 |
terr = 0 # Taylor error.
|
|
1063 |
iterCount = 0
|
|
1064 |
htrnSet = set()
|
|
1065 |
### Timers and counters.
|
|
1066 |
wallTimeStart = 0
|
|
1067 |
cpuTimeStart = 0
|
|
1068 |
taylCondFailedCount = 0
|
|
1069 |
coppCondFailedCount = 0
|
|
1070 |
resultCondFailedCount = 0
|
|
1071 |
coppCondFailed = False
|
|
1072 |
resultCondFailed = False
|
|
1073 |
globalResultsList = []
|
|
1074 |
basisConstructionsCount = 0
|
|
1075 |
basisConstructionsFullTime = 0
|
|
1076 |
basisConstructionTime = 0
|
|
1077 |
reductionsCount = 0
|
|
1078 |
reductionsFullTime = 0
|
|
1079 |
reductionTime = 0
|
|
1080 |
resultantsComputationsCount = 0
|
|
1081 |
resultantsComputationsFullTime = 0
|
|
1082 |
resultantsComputationTime = 0
|
|
1083 |
rootsComputationsCount = 0
|
|
1084 |
rootsComputationsFullTime = 0
|
|
1085 |
rootsComputationTime = 0
|
|
1086 |
print
|
|
1087 |
## Global times are started here.
|
|
1088 |
wallTimeStart = walltime()
|
|
1089 |
cpuTimeStart = cputime()
|
|
1090 |
## Main loop.
|
|
1091 |
while True:
|
|
1092 |
if lb >= sdub:
|
|
1093 |
print "Lower bound reached upper bound."
|
|
1094 |
break
|
|
1095 |
if iterCount == maxIter:
|
|
1096 |
print "Reached maxIter. Aborting"
|
|
1097 |
break
|
|
1098 |
iterCount += 1
|
|
1099 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \
|
|
1100 |
"log2(numbers)."
|
|
1101 |
### Compute a Sollya polynomial that will honor the Taylor condition.
|
|
1102 |
prceSo = slz_compute_polynomial_and_interval(scaledfSo,
|
|
1103 |
degreeSo,
|
|
1104 |
lb,
|
|
1105 |
ub,
|
|
1106 |
polyApproxAccur)
|
|
1107 |
### Convert back the data into Sage space.
|
|
1108 |
(floatP, floatPcv, intvl, ic, terr) = \
|
|
1109 |
slz_interval_and_polynomial_to_sage((prceSo[0], prceSo[0],
|
|
1110 |
prceSo[1], prceSo[2],
|
|
1111 |
prceSo[3]))
|
|
1112 |
intvl = RRIF(intvl)
|
|
1113 |
## Clean-up Sollya stuff.
|
|
1114 |
for elem in prceSo:
|
|
1115 |
sollya_lib_clear_obj(elem)
|
|
1116 |
#print floatP, floatPcv, intvl, ic, terr
|
|
1117 |
#print floatP
|
|
1118 |
#print intvl.endpoints()[0].n(), \
|
|
1119 |
# ic.n(),
|
|
1120 |
#intvl.endpoints()[1].n()
|
|
1121 |
### Check returned data.
|
|
1122 |
#### Is approximation error OK?
|
|
1123 |
if terr > polyApproxAccur:
|
|
1124 |
exceptionErrorMess = \
|
|
1125 |
"Approximation failed - computed error:" + \
|
|
1126 |
str(terr) + " - target error: "
|
|
1127 |
exceptionErrorMess += \
|
|
1128 |
str(polyApproxAccur) + ". Aborting!"
|
|
1129 |
raise Exception(exceptionErrorMess)
|
|
1130 |
#### Is lower bound OK?
|
|
1131 |
if lb != intvl.endpoints()[0]:
|
|
1132 |
exceptionErrorMess = "Wrong lower bound:" + \
|
|
1133 |
str(lb) + ". Aborting!"
|
|
1134 |
raise Exception(exceptionErrorMess)
|
|
1135 |
#### Set upper bound.
|
|
1136 |
if ub > intvl.endpoints()[1]:
|
|
1137 |
ub = intvl.endpoints()[1]
|
|
1138 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \
|
|
1139 |
"log2(numbers)."
|
|
1140 |
taylCondFailedCount += 1
|
|
1141 |
#### Is interval not degenerate?
|
|
1142 |
if lb >= ub:
|
|
1143 |
exceptionErrorMess = "Degenerate interval: " + \
|
|
1144 |
"lowerBound(" + str(lb) +\
|
|
1145 |
")>= upperBound(" + str(ub) + \
|
|
1146 |
"). Aborting!"
|
|
1147 |
raise Exception(exceptionErrorMess)
|
|
1148 |
#### Is interval center ok?
|
|
1149 |
if ic <= lb or ic >= ub:
|
|
1150 |
exceptionErrorMess = "Invalid interval center for " + \
|
|
1151 |
str(lb) + ',' + str(ic) + ',' + \
|
|
1152 |
str(ub) + ". Aborting!"
|
|
1153 |
raise Exception(exceptionErrorMess)
|
|
1154 |
##### Current interval width and reset future interval width.
|
|
1155 |
bw = ub - lb
|
|
1156 |
nbw = 0
|
|
1157 |
icAsInt = int(ic * toIntegerFactor)
|
|
1158 |
#### The following ratio is always >= 1. In case we may want to
|
|
1159 |
# enlarge the interval
|
|
1160 |
curTaylErrRat = polyApproxAccur / terr
|
|
1161 |
### Make the integral transformations.
|
|
1162 |
#### Bounds and interval center.
|
|
1163 |
intIc = int(ic * toIntegerFactor)
|
|
1164 |
intLb = int(lb * toIntegerFactor) - intIc
|
|
1165 |
intUb = int(ub * toIntegerFactor) - intIc
|
|
1166 |
#
|
|
1167 |
#### Polynomials
|
|
1168 |
basisConstructionTime = cputime()
|
|
1169 |
##### To a polynomial with rational coefficients with rational arguments
|
|
1170 |
ratRatP = slz_float_poly_of_float_to_rat_poly_of_rat_pow_two(floatP)
|
|
1171 |
##### To a polynomial with rational coefficients with integer arguments
|
|
1172 |
ratIntP = \
|
|
1173 |
slz_rat_poly_of_rat_to_rat_poly_of_int(ratRatP, precision)
|
|
1174 |
##### Ultimately a multivariate polynomial with integer coefficients
|
|
1175 |
# with integer arguments.
|
|
1176 |
coppersmithTuple = \
|
|
1177 |
slz_rat_poly_of_int_to_poly_for_coppersmith(ratIntP,
|
|
1178 |
precision,
|
|
1179 |
targetHardnessToRound,
|
|
1180 |
i, t)
|
|
1181 |
#### Recover Coppersmith information.
|
|
1182 |
intIntP = coppersmithTuple[0]
|
|
1183 |
N = coppersmithTuple[1]
|
|
1184 |
nAtAlpha = N^alpha
|
|
1185 |
tBound = coppersmithTuple[2]
|
|
1186 |
leastCommonMultiple = coppersmithTuple[3]
|
|
1187 |
iBound = max(abs(intLb),abs(intUb))
|
|
1188 |
basisConstructionsFullTime += cputime(basisConstructionTime)
|
|
1189 |
basisConstructionsCount += 1
|
|
1190 |
reductionTime = cputime()
|
|
1191 |
#### Compute the reduced polynomials.
|
|
1192 |
ccReducedPolynomialsList = \
|
|
1193 |
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
|
1194 |
alpha,
|
|
1195 |
N,
|
|
1196 |
iBound,
|
|
1197 |
tBound)
|
|
1198 |
if ccReducedPolynomialsList is None:
|
|
1199 |
raise Exception("Reduction failed.")
|
|
1200 |
reductionsFullTime += cputime(reductionTime)
|
|
1201 |
reductionsCount += 1
|
|
1202 |
if len(ccReducedPolynomialsList) < 2:
|
|
1203 |
print "Nothing to form resultants with."
|
|
1204 |
print
|
|
1205 |
coppCondFailedCount += 1
|
|
1206 |
coppCondFailed = True
|
|
1207 |
##### Apply a different shrink factor according to
|
|
1208 |
# the number of compliant polynomials.
|
|
1209 |
if len(ccReducedPolynomialsList) == 0:
|
|
1210 |
ub = lb + bw * noCoppersmithIntervalShrink
|
|
1211 |
else: # At least one compliant polynomial.
|
|
1212 |
ub = lb + bw * oneCoppersmithIntervalShrink
|
|
1213 |
if ub > sdub:
|
|
1214 |
ub = sdub
|
|
1215 |
if lb == ub:
|
|
1216 |
raise Exception("Cant shrink interval \
|
|
1217 |
anymore to get Coppersmith condition.")
|
|
1218 |
nbw = 0
|
|
1219 |
continue
|
|
1220 |
#### We have at least two polynomials.
|
|
1221 |
# Let us try to compute resultants.
|
|
1222 |
# For each resultant computed, go for the solutions.
|
|
1223 |
##### Build the pairs list.
|
|
1224 |
polyPairsList = []
|
|
1225 |
for polyOuterIndex in xrange(0, len(ccReducedPolynomialsList) - 1):
|
|
1226 |
for polyInnerIndex in xrange(polyOuterIndex+1,
|
|
1227 |
len(ccReducedPolynomialsList)):
|
|
1228 |
polyPairsList.append((ccReducedPolynomialsList[polyOuterIndex],
|
|
1229 |
ccReducedPolynomialsList[polyInnerIndex]))
|
|
1230 |
#### Actual root search.
|
|
1231 |
rootsSet = set()
|
|
1232 |
hasNonNullResultant = False
|
|
1233 |
for polyPair in polyPairsList:
|
|
1234 |
if hasNonNullResultant:
|
|
1235 |
break
|
|
1236 |
resultantsComputationTime = cputime()
|
|
1237 |
currentResultantI = \
|
|
1238 |
slz_resultant(polyPair[0],
|
|
1239 |
polyPair[1],
|
|
1240 |
t)
|
|
1241 |
resultantsComputationsCount += 1
|
|
1242 |
if currentResultantI is None:
|
|
1243 |
resultantsComputationsFullTime += \
|
|
1244 |
cputime(resultantsComputationTime)
|
|
1245 |
print "Nul resultant"
|
|
1246 |
continue # Next polyPair.
|
|
1247 |
currentResultantT = \
|
|
1248 |
slz_resultant(polyPair[0],
|
|
1249 |
polyPair[1],
|
|
1250 |
i)
|
|
1251 |
resultantsComputationsFullTime += cputime(resultantsComputationTime)
|
|
1252 |
resultantsComputationsCount += 1
|
|
1253 |
if currentResultantT is None:
|
|
1254 |
print "Nul resultant"
|
|
1255 |
continue # Next polyPair.
|
|
1256 |
else:
|
|
1257 |
hasNonNullResultant = True
|
|
1258 |
#### We have a non null resultants pair. From now on, whatever the
|
|
1259 |
# root search yields, no extra root search is necessary.
|
|
1260 |
#### A constant resultant leads to no root. Root search is done.
|
|
1261 |
if currentResultantI.degree() < 1:
|
|
1262 |
print "Resultant is constant:", currentResultantI
|
|
1263 |
break # Next polyPair and should break.
|
|
1264 |
if currentResultantT.degree() < 1:
|
|
1265 |
print "Resultant is constant:", currentResultantT
|
|
1266 |
break # Next polyPair and should break.
|
|
1267 |
#### Actual roots computation.
|
|
1268 |
rootsComputationTime = cputime()
|
|
1269 |
##### Compute i roots
|
|
1270 |
iRootsList = Zi(currentResultantI).roots()
|
|
1271 |
rootsComputationsCount += 1
|
|
1272 |
if len(iRootsList) == 0:
|
|
1273 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
|
1274 |
print "No roots in \"i\"."
|
|
1275 |
break # No roots in i.
|
|
1276 |
tRootsList = Zt(currentResultantT).roots()
|
|
1277 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
|
1278 |
rootsComputationsCount += 1
|
|
1279 |
if len(tRootsList) == 0:
|
|
1280 |
print "No roots in \"t\"."
|
|
1281 |
break # No roots in i.
|
|
1282 |
##### For each iRoot, get a tRoot and check against the polynomials.
|
|
1283 |
for iRoot in iRootsList:
|
|
1284 |
####### Roots returned by roots() are (value, multiplicity)
|
|
1285 |
# tuples.
|
|
1286 |
#print "iRoot:", iRoot
|
|
1287 |
for tRoot in tRootsList:
|
|
1288 |
###### Use the tRoot against each polynomial, alternatively.
|
|
1289 |
if polyPair[0](iRoot[0],tRoot[0]) != 0:
|
|
1290 |
continue
|
|
1291 |
if polyPair[1](iRoot[0],tRoot[0]) != 0:
|
|
1292 |
continue
|
|
1293 |
rootsSet.add((iRoot[0], tRoot[0]))
|
|
1294 |
# End of roots computation.
|
|
1295 |
# End loop for polyPair in polyParsList. Will break at next iteration.
|
|
1296 |
# since a non null resultant was found.
|
|
1297 |
#### Prepare for results for the current interval..
|
|
1298 |
intervalResultsList = []
|
|
1299 |
intervalResultsList.append((lb, ub))
|
|
1300 |
#### Check roots.
|
|
1301 |
rootsResultsList = []
|
|
1302 |
for root in rootsSet:
|
|
1303 |
specificRootResultsList = []
|
|
1304 |
failingBounds = []
|
|
1305 |
intIntPdivN = intIntP(root[0], root[1]) / N
|
|
1306 |
if int(intIntPdivN) != intIntPdivN:
|
|
1307 |
continue # Next root
|
|
1308 |
# Root qualifies for modular equation, test it for hardness to round.
|
|
1309 |
hardToRoundCaseAsFloat = RRR((icAsInt + root[0]) / toIntegerFactor)
|
|
1310 |
#print "Before unscaling:", hardToRoundCaseAsFloat.n(prec=precision)
|
|
1311 |
#print scalingFunction
|
|
1312 |
scaledHardToRoundCaseAsFloat = \
|
|
1313 |
scalingFunction(hardToRoundCaseAsFloat)
|
|
1314 |
print "Candidate HTRNc at x =", \
|
|
1315 |
scaledHardToRoundCaseAsFloat.n().str(base=2),
|
|
1316 |
if slz_is_htrn(scaledHardToRoundCaseAsFloat,
|
|
1317 |
function,
|
|
1318 |
2^-(targetHardnessToRound),
|
|
1319 |
RRR):
|
|
1320 |
print hardToRoundCaseAsFloat, "is HTRN case."
|
|
1321 |
if lb <= hardToRoundCaseAsFloat and hardToRoundCaseAsFloat <= ub:
|
|
1322 |
print "Found in interval."
|
|
1323 |
else:
|
|
1324 |
print "Found out of interval."
|
|
1325 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2))
|
|
1326 |
# Check the root is in the bounds
|
|
1327 |
if abs(root[0]) > iBound or abs(root[1]) > tBound:
|
|
1328 |
print "Root", root, "is out of bounds for modular equation."
|
|
1329 |
if abs(root[0]) > iBound:
|
|
1330 |
print "root[0]:", root[0]
|
|
1331 |
print "i bound:", iBound
|
|
1332 |
failingBounds.append('i')
|
|
1333 |
failingBounds.append(root[0])
|
|
1334 |
failingBounds.append(iBound)
|
|
1335 |
if abs(root[1]) > tBound:
|
|
1336 |
print "root[1]:", root[1]
|
|
1337 |
print "t bound:", tBound
|
|
1338 |
failingBounds.append('t')
|
|
1339 |
failingBounds.append(root[1])
|
|
1340 |
failingBounds.append(tBound)
|
|
1341 |
if len(failingBounds) > 0:
|
|
1342 |
specificRootResultsList.append(failingBounds)
|
|
1343 |
else: # From slz_is_htrn...
|
|
1344 |
print "is not an HTRN case."
|
|
1345 |
if len(specificRootResultsList) > 0:
|
|
1346 |
rootsResultsList.append(specificRootResultsList)
|
|
1347 |
if len(rootsResultsList) > 0:
|
|
1348 |
intervalResultsList.append(rootsResultsList)
|
|
1349 |
### Check if a non null resultant was found. If not shrink the interval.
|
|
1350 |
if not hasNonNullResultant:
|
|
1351 |
print "Only null resultants for this reduction, shrinking interval."
|
|
1352 |
resultCondFailed = True
|
|
1353 |
resultCondFailedCount += 1
|
|
1354 |
### Shrink interval for next iteration.
|
|
1355 |
ub = lb + bw * onlyNullResultantsShrink
|
|
1356 |
if ub > sdub:
|
|
1357 |
ub = sdub
|
|
1358 |
nbw = 0
|
|
1359 |
continue
|
|
1360 |
#### An intervalResultsList has at least the bounds.
|
|
1361 |
globalResultsList.append(intervalResultsList)
|
|
1362 |
#### Compute an incremented width for next upper bound, only
|
|
1363 |
# if not Coppersmith condition nor resultant condition
|
|
1364 |
# failed at the previous run.
|
|
1365 |
if not coppCondFailed and not resultCondFailed:
|
|
1366 |
nbw = noErrorIntervalStretch * bw
|
|
1367 |
else:
|
|
1368 |
nbw = bw
|
|
1369 |
##### Reset the failure flags. They will be raised
|
|
1370 |
# again if needed.
|
|
1371 |
coppCondFailed = False
|
|
1372 |
resultCondFailed = False
|
|
1373 |
#### For next iteration (at end of loop)
|
|
1374 |
#print "nbw:", nbw
|
|
1375 |
lb = ub
|
|
1376 |
ub += nbw
|
|
1377 |
if ub > sdub:
|
|
1378 |
ub = sdub
|
|
1379 |
print
|
|
1380 |
# End while True
|
|
1381 |
## Main loop just ended.
|
|
1382 |
globalWallTime = walltime(wallTimeStart)
|
|
1383 |
globalCpuTime = cputime(cpuTimeStart)
|
|
1384 |
## Output results
|
|
1385 |
print ; print "Intervals and HTRNs" ; print
|
|
1386 |
for intervalResultsList in globalResultsList:
|
|
1387 |
print "[", intervalResultsList[0][0], ",",intervalResultsList[0][1], "]",
|
|
1388 |
if len(intervalResultsList) > 1:
|
|
1389 |
rootsResultsList = intervalResultsList[1]
|
|
1390 |
for specificRootResultsList in rootsResultsList:
|
|
1391 |
print "\t", specificRootResultsList[0],
|
|
1392 |
if len(specificRootResultsList) > 1:
|
|
1393 |
print specificRootResultsList[1],
|
|
1394 |
print ; print
|
|
1395 |
#print globalResultsList
|
|
1396 |
#
|
|
1397 |
print "Timers and counters"
|
|
1398 |
print
|
|
1399 |
print "Number of iterations:", iterCount
|
|
1400 |
print "Taylor condition failures:", taylCondFailedCount
|
|
1401 |
print "Coppersmith condition failures:", coppCondFailedCount
|
|
1402 |
print "Resultant condition failures:", resultCondFailedCount
|
|
1403 |
print "Iterations count: ", iterCount
|
|
1404 |
print "Number of intervals:", len(globalResultsList)
|
|
1405 |
print "Number of basis constructions:", basisConstructionsCount
|
|
1406 |
print "Total CPU time spent in basis constructions:", \
|
|
1407 |
basisConstructionsFullTime
|
|
1408 |
if basisConstructionsCount != 0:
|
|
1409 |
print "Average basis construction CPU time:", \
|
|
1410 |
basisConstructionsFullTime/basisConstructionsCount
|
|
1411 |
print "Number of reductions:", reductionsCount
|
|
1412 |
print "Total CPU time spent in reductions:", reductionsFullTime
|
|
1413 |
if reductionsCount != 0:
|
|
1414 |
print "Average reduction CPU time:", \
|
|
1415 |
reductionsFullTime/reductionsCount
|
|
1416 |
print "Number of resultants computation rounds:", \
|
|
1417 |
resultantsComputationsCount
|
|
1418 |
print "Total CPU time spent in resultants computation rounds:", \
|
|
1419 |
resultantsComputationsFullTime
|
|
1420 |
if resultantsComputationsCount != 0:
|
|
1421 |
print "Average resultants computation round CPU time:", \
|
|
1422 |
resultantsComputationsFullTime/resultantsComputationsCount
|
|
1423 |
print "Number of root finding rounds:", rootsComputationsCount
|
|
1424 |
print "Total CPU time spent in roots finding rounds:", \
|
|
1425 |
rootsComputationsFullTime
|
|
1426 |
if rootsComputationsCount != 0:
|
|
1427 |
print "Average roots finding round CPU time:", \
|
|
1428 |
rootsComputationsFullTime/rootsComputationsCount
|
|
1429 |
print "Global Wall time:", globalWallTime
|
|
1430 |
print "Global CPU time:", globalCpuTime
|
|
1431 |
## Output counters
|
|
1432 |
# End srs_runSLZ-v03
|
|
1433 |
|
|
1434 |
def srs_compute_lattice_volume(inputFunction,
|
|
1435 |
inputLowerBound,
|
|
1436 |
inputUpperBound,
|
|
1437 |
alpha,
|
|
1438 |
degree,
|
|
1439 |
precision,
|
|
1440 |
emin,
|
|
1441 |
emax,
|
|
1442 |
targetHardnessToRound,
|
|
1443 |
debug = False):
|
|
1444 |
"""
|
|
1445 |
Changes from V2:
|
|
1446 |
Root search is changed:
|
|
1447 |
- we compute the resultants in i and in t;
|
|
1448 |
- we compute the roots set of each of these resultants;
|
|
1449 |
- we combine all the possible pairs between the two sets;
|
|
1450 |
- we check these pairs in polynomials for correctness.
|
|
1451 |
Changes from V1:
|
|
1452 |
1- check for roots as soon as a resultant is computed;
|
|
1453 |
2- once a non null resultant is found, check for roots;
|
|
1454 |
3- constant resultant == no root.
|
|
1455 |
"""
|
|
1456 |
|
|
1457 |
if debug:
|
|
1458 |
print "Function :", inputFunction
|
|
1459 |
print "Lower bound :", inputLowerBound
|
|
1460 |
print "Upper bounds :", inputUpperBound
|
|
1461 |
print "Alpha :", alpha
|
|
1462 |
print "Degree :", degree
|
|
1463 |
print "Precision :", precision
|
|
1464 |
print "Emin :", emin
|
|
1465 |
print "Emax :", emax
|
|
1466 |
print "Target hardness-to-round:", targetHardnessToRound
|
|
1467 |
print
|
|
1468 |
## Important constants.
|
|
1469 |
### Stretch the interval if no error happens.
|
|
1470 |
noErrorIntervalStretch = 1 + 2^(-5)
|
|
1471 |
### If no vector validates the Coppersmith condition, shrink the interval
|
|
1472 |
# by the following factor.
|
|
1473 |
noCoppersmithIntervalShrink = 1/2
|
|
1474 |
### If only (or at least) one vector validates the Coppersmith condition,
|
|
1475 |
# shrink the interval by the following factor.
|
|
1476 |
oneCoppersmithIntervalShrink = 3/4
|
|
1477 |
#### If only null resultants are found, shrink the interval by the
|
|
1478 |
# following factor.
|
|
1479 |
onlyNullResultantsShrink = 3/4
|
|
1480 |
## Structures.
|
|
1481 |
RRR = RealField(precision)
|
|
1482 |
RRIF = RealIntervalField(precision)
|
|
1483 |
## Converting input bound into the "right" field.
|
|
1484 |
lowerBound = RRR(inputLowerBound)
|
|
1485 |
upperBound = RRR(inputUpperBound)
|
|
1486 |
## Before going any further, check domain and image binade conditions.
|
|
1487 |
print inputFunction(1).n()
|
|
1488 |
output = slz_fix_bounds_for_binades(lowerBound, upperBound, inputFunction)
|
|
1489 |
if output is None:
|
|
1490 |
print "Invalid domain/image binades. Domain:",\
|
|
1491 |
lowerBound, upperBound, "Images:", \
|
|
1492 |
inputFunction(lowerBound), inputFunction(upperBound)
|
|
1493 |
raise Exception("Invalid domain/image binades.")
|
|
1494 |
lb = output[0] ; ub = output[1]
|
|
1495 |
if lb != lowerBound or ub != upperBound:
|
|
1496 |
print "lb:", lb, " - ub:", ub
|
|
1497 |
print "Invalid domain/image binades. Domain:",\
|
|
1498 |
lowerBound, upperBound, "Images:", \
|
|
1499 |
inputFunction(lowerBound), inputFunction(upperBound)
|
|
1500 |
raise Exception("Invalid domain/image binades.")
|
|
1501 |
#
|
|
1502 |
## Progam initialization
|
|
1503 |
### Approximation polynomial accuracy and hardness to round.
|
|
1504 |
polyApproxAccur = 2^(-(targetHardnessToRound + 1))
|
|
1505 |
polyTargetHardnessToRound = targetHardnessToRound + 1
|
|
1506 |
### Significand to integer conversion ratio.
|
|
1507 |
toIntegerFactor = 2^(precision-1)
|
|
1508 |
print "Polynomial approximation required accuracy:", polyApproxAccur.n()
|
|
1509 |
### Variables and rings for polynomials and root searching.
|
|
1510 |
i=var('i')
|
|
1511 |
t=var('t')
|
|
1512 |
inputFunctionVariable = inputFunction.variables()[0]
|
|
1513 |
function = inputFunction.subs({inputFunctionVariable:i})
|
|
1514 |
# Polynomial Rings over the integers, for root finding.
|
|
1515 |
Zi = ZZ[i]
|
|
1516 |
Zt = ZZ[t]
|
|
1517 |
Zit = ZZ[i,t]
|
|
1518 |
## Number of iterations limit.
|
|
1519 |
maxIter = 100000
|
|
1520 |
#
|
|
1521 |
## Compute the scaled function and the degree, in their Sollya version
|
|
1522 |
# once for all.
|
|
1523 |
(scaledf, sdlb, sdub, silb, siub) = \
|
|
1524 |
slz_compute_scaled_function(function, lowerBound, upperBound, precision)
|
|
1525 |
print "Scaled function:", scaledf._assume_str().replace('_SAGE_VAR_', '')
|
|
1526 |
scaledfSo = sollya_lib_parse_string(scaledf._assume_str().replace('_SAGE_VAR_', ''))
|
|
1527 |
degreeSo = pobyso_constant_from_int_sa_so(degree)
|
|
1528 |
#
|
|
1529 |
## Compute the scaling. boundsIntervalRifSa defined out of the loops.
|
|
1530 |
domainBoundsInterval = RRIF(lowerBound, upperBound)
|
|
1531 |
(unscalingFunction, scalingFunction) = \
|
|
1532 |
slz_interval_scaling_expression(domainBoundsInterval, i)
|
|
1533 |
#print scalingFunction, unscalingFunction
|
|
1534 |
## Set the Sollya internal precision (with an arbitrary minimum of 192).
|
|
1535 |
internalSollyaPrec = ceil((RR('1.5') * targetHardnessToRound) / 64) * 64
|
|
1536 |
if internalSollyaPrec < 192:
|
|
1537 |
internalSollyaPrec = 192
|
|
1538 |
pobyso_set_prec_sa_so(internalSollyaPrec)
|
|
1539 |
print "Sollya internal precision:", internalSollyaPrec
|
|
1540 |
## Some variables.
|
|
1541 |
### General variables
|
|
1542 |
lb = sdlb
|
|
1543 |
ub = sdub
|
|
1544 |
nbw = 0
|
|
1545 |
intervalUlp = ub.ulp()
|
|
1546 |
#### Will be set by slz_interval_and_polynomila_to_sage.
|
|
1547 |
ic = 0
|
|
1548 |
icAsInt = 0 # Set from ic.
|
|
1549 |
solutionsSet = set()
|
|
1550 |
tsErrorWidth = []
|
|
1551 |
csErrorVectors = []
|
|
1552 |
csVectorsResultants = []
|
|
1553 |
floatP = 0 # Taylor polynomial.
|
|
1554 |
floatPcv = 0 # Ditto with variable change.
|
|
1555 |
intvl = "" # Taylor interval
|
|
1556 |
terr = 0 # Taylor error.
|
|
1557 |
iterCount = 0
|
|
1558 |
htrnSet = set()
|
|
1559 |
### Timers and counters.
|
|
1560 |
wallTimeStart = 0
|
|
1561 |
cpuTimeStart = 0
|
|
1562 |
taylCondFailedCount = 0
|
|
1563 |
coppCondFailedCount = 0
|
|
1564 |
resultCondFailedCount = 0
|
|
1565 |
coppCondFailed = False
|
|
1566 |
resultCondFailed = False
|
|
1567 |
globalResultsList = []
|
|
1568 |
basisConstructionsCount = 0
|
|
1569 |
basisConstructionsFullTime = 0
|
|
1570 |
basisConstructionTime = 0
|
|
1571 |
reductionsCount = 0
|
|
1572 |
reductionsFullTime = 0
|
|
1573 |
reductionTime = 0
|
|
1574 |
resultantsComputationsCount = 0
|
|
1575 |
resultantsComputationsFullTime = 0
|
|
1576 |
resultantsComputationTime = 0
|
|
1577 |
rootsComputationsCount = 0
|
|
1578 |
rootsComputationsFullTime = 0
|
|
1579 |
rootsComputationTime = 0
|
|
1580 |
print
|
|
1581 |
## Global times are started here.
|
|
1582 |
wallTimeStart = walltime()
|
|
1583 |
cpuTimeStart = cputime()
|
|
1584 |
## Main loop.
|
|
1585 |
while True:
|
|
1586 |
if lb >= sdub:
|
|
1587 |
print "Lower bound reached upper bound."
|
|
1588 |
break
|
|
1589 |
if iterCount == maxIter:
|
|
1590 |
print "Reached maxIter. Aborting"
|
|
1591 |
break
|
|
1592 |
iterCount += 1
|
|
1593 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \
|
|
1594 |
"log2(numbers)."
|
|
1595 |
### Compute a Sollya polynomial that will honor the Taylor condition.
|
|
1596 |
prceSo = slz_compute_polynomial_and_interval(scaledfSo,
|
|
1597 |
degreeSo,
|
|
1598 |
lb,
|
|
1599 |
ub,
|
|
1600 |
polyApproxAccur)
|
|
1601 |
### Convert back the data into Sage space.
|
|
1602 |
(floatP, floatPcv, intvl, ic, terr) = \
|
|
1603 |
slz_interval_and_polynomial_to_sage((prceSo[0], prceSo[0],
|
|
1604 |
prceSo[1], prceSo[2],
|
|
1605 |
prceSo[3]))
|
|
1606 |
intvl = RRIF(intvl)
|
|
1607 |
## Clean-up Sollya stuff.
|
|
1608 |
for elem in prceSo:
|
|
1609 |
sollya_lib_clear_obj(elem)
|
|
1610 |
#print floatP, floatPcv, intvl, ic, terr
|
|
1611 |
#print floatP
|
|
1612 |
#print intvl.endpoints()[0].n(), \
|
|
1613 |
# ic.n(),
|
|
1614 |
#intvl.endpoints()[1].n()
|
|
1615 |
### Check returned data.
|
|
1616 |
#### Is approximation error OK?
|
|
1617 |
if terr > polyApproxAccur:
|
|
1618 |
exceptionErrorMess = \
|
|
1619 |
"Approximation failed - computed error:" + \
|
|
1620 |
str(terr) + " - target error: "
|
|
1621 |
exceptionErrorMess += \
|
|
1622 |
str(polyApproxAccur) + ". Aborting!"
|
|
1623 |
raise Exception(exceptionErrorMess)
|
|
1624 |
#### Is lower bound OK?
|
|
1625 |
if lb != intvl.endpoints()[0]:
|
|
1626 |
exceptionErrorMess = "Wrong lower bound:" + \
|
|
1627 |
str(lb) + ". Aborting!"
|
|
1628 |
raise Exception(exceptionErrorMess)
|
|
1629 |
#### Set upper bound.
|
|
1630 |
if ub > intvl.endpoints()[1]:
|
|
1631 |
ub = intvl.endpoints()[1]
|
|
1632 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \
|
|
1633 |
"log2(numbers)."
|
|
1634 |
taylCondFailedCount += 1
|
|
1635 |
#### Is interval not degenerate?
|
|
1636 |
if lb >= ub:
|
|
1637 |
exceptionErrorMess = "Degenerate interval: " + \
|
|
1638 |
"lowerBound(" + str(lb) +\
|
|
1639 |
")>= upperBound(" + str(ub) + \
|
|
1640 |
"). Aborting!"
|
|
1641 |
raise Exception(exceptionErrorMess)
|
|
1642 |
#### Is interval center ok?
|
|
1643 |
if ic <= lb or ic >= ub:
|
|
1644 |
exceptionErrorMess = "Invalid interval center for " + \
|
|
1645 |
str(lb) + ',' + str(ic) + ',' + \
|
|
1646 |
str(ub) + ". Aborting!"
|
|
1647 |
raise Exception(exceptionErrorMess)
|
|
1648 |
##### Current interval width and reset future interval width.
|
|
1649 |
bw = ub - lb
|
|
1650 |
nbw = 0
|
|
1651 |
icAsInt = int(ic * toIntegerFactor)
|
|
1652 |
#### The following ratio is always >= 1. In case we may want to
|
|
1653 |
# enlarge the interval
|
|
1654 |
curTaylErrRat = polyApproxAccur / terr
|
|
1655 |
### Make the integral transformations.
|
|
1656 |
#### Bounds and interval center.
|
|
1657 |
intIc = int(ic * toIntegerFactor)
|
|
1658 |
intLb = int(lb * toIntegerFactor) - intIc
|
|
1659 |
intUb = int(ub * toIntegerFactor) - intIc
|
|
1660 |
#
|
|
1661 |
#### Polynomials
|
|
1662 |
basisConstructionTime = cputime()
|
|
1663 |
##### To a polynomial with rational coefficients with rational arguments
|
|
1664 |
ratRatP = slz_float_poly_of_float_to_rat_poly_of_rat_pow_two(floatP)
|
|
1665 |
##### To a polynomial with rational coefficients with integer arguments
|
|
1666 |
ratIntP = \
|
|
1667 |
slz_rat_poly_of_rat_to_rat_poly_of_int(ratRatP, precision)
|
|
1668 |
##### Ultimately a multivariate polynomial with integer coefficients
|
|
1669 |
# with integer arguments.
|
|
1670 |
coppersmithTuple = \
|
|
1671 |
slz_rat_poly_of_int_to_poly_for_coppersmith(ratIntP,
|
|
1672 |
precision,
|
|
1673 |
targetHardnessToRound,
|
|
1674 |
i, t)
|
|
1675 |
#### Recover Coppersmith information.
|
|
1676 |
intIntP = coppersmithTuple[0]
|
|
1677 |
N = coppersmithTuple[1]
|
|
1678 |
nAtAlpha = N^alpha
|
|
1679 |
tBound = coppersmithTuple[2]
|
|
1680 |
leastCommonMultiple = coppersmithTuple[3]
|
|
1681 |
iBound = max(abs(intLb),abs(intUb))
|
|
1682 |
basisConstructionsFullTime += cputime(basisConstructionTime)
|
|
1683 |
basisConstructionsCount += 1
|
|
1684 |
reductionTime = cputime()
|
|
1685 |
#### Compute the reduced polynomials.
|
|
1686 |
ccReducedPolynomialsList = \
|
|
1687 |
slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(intIntP,
|
|
1688 |
alpha,
|
|
1689 |
N,
|
|
1690 |
iBound,
|
|
1691 |
tBound)
|
|
1692 |
if ccReducedPolynomialsList is None:
|
|
1693 |
raise Exception("Reduction failed.")
|
|
1694 |
reductionsFullTime += cputime(reductionTime)
|
|
1695 |
reductionsCount += 1
|
|
1696 |
if len(ccReducedPolynomialsList) < 2:
|
|
1697 |
print "Nothing to form resultants with."
|
|
1698 |
print
|
|
1699 |
coppCondFailedCount += 1
|
|
1700 |
coppCondFailed = True
|
|
1701 |
##### Apply a different shrink factor according to
|
|
1702 |
# the number of compliant polynomials.
|
|
1703 |
if len(ccReducedPolynomialsList) == 0:
|
|
1704 |
ub = lb + bw * noCoppersmithIntervalShrink
|
|
1705 |
else: # At least one compliant polynomial.
|
|
1706 |
ub = lb + bw * oneCoppersmithIntervalShrink
|
|
1707 |
if ub > sdub:
|
|
1708 |
ub = sdub
|
|
1709 |
if lb == ub:
|
|
1710 |
raise Exception("Cant shrink interval \
|
|
1711 |
anymore to get Coppersmith condition.")
|
|
1712 |
nbw = 0
|
|
1713 |
continue
|
|
1714 |
#### We have at least two polynomials.
|
|
1715 |
# Let us try to compute resultants.
|
|
1716 |
# For each resultant computed, go for the solutions.
|
|
1717 |
##### Build the pairs list.
|
|
1718 |
polyPairsList = []
|
|
1719 |
for polyOuterIndex in xrange(0, len(ccReducedPolynomialsList) - 1):
|
|
1720 |
for polyInnerIndex in xrange(polyOuterIndex+1,
|
|
1721 |
len(ccReducedPolynomialsList)):
|
|
1722 |
polyPairsList.append((ccReducedPolynomialsList[polyOuterIndex],
|
|
1723 |
ccReducedPolynomialsList[polyInnerIndex]))
|
|
1724 |
#### Actual root search.
|
|
1725 |
rootsSet = set()
|
|
1726 |
hasNonNullResultant = False
|
|
1727 |
for polyPair in polyPairsList:
|
|
1728 |
if hasNonNullResultant:
|
|
1729 |
break
|
|
1730 |
resultantsComputationTime = cputime()
|
|
1731 |
currentResultantI = \
|
|
1732 |
slz_resultant(polyPair[0],
|
|
1733 |
polyPair[1],
|
|
1734 |
t)
|
|
1735 |
resultantsComputationsCount += 1
|
|
1736 |
if currentResultantI is None:
|
|
1737 |
resultantsComputationsFullTime += \
|
|
1738 |
cputime(resultantsComputationTime)
|
|
1739 |
print "Nul resultant"
|
|
1740 |
continue # Next polyPair.
|
|
1741 |
currentResultantT = \
|
|
1742 |
slz_resultant(polyPair[0],
|
|
1743 |
polyPair[1],
|
|
1744 |
i)
|
|
1745 |
resultantsComputationsFullTime += cputime(resultantsComputationTime)
|
|
1746 |
resultantsComputationsCount += 1
|
|
1747 |
if currentResultantT is None:
|
|
1748 |
print "Nul resultant"
|
|
1749 |
continue # Next polyPair.
|
|
1750 |
else:
|
|
1751 |
hasNonNullResultant = True
|
|
1752 |
#### We have a non null resultants pair. From now on, whatever the
|
|
1753 |
# root search yields, no extra root search is necessary.
|
|
1754 |
#### A constant resultant leads to no root. Root search is done.
|
|
1755 |
if currentResultantI.degree() < 1:
|
|
1756 |
print "Resultant is constant:", currentResultantI
|
|
1757 |
break # Next polyPair and should break.
|
|
1758 |
if currentResultantT.degree() < 1:
|
|
1759 |
print "Resultant is constant:", currentResultantT
|
|
1760 |
break # Next polyPair and should break.
|
|
1761 |
#### Actual roots computation.
|
|
1762 |
rootsComputationTime = cputime()
|
|
1763 |
##### Compute i roots
|
|
1764 |
iRootsList = Zi(currentResultantI).roots()
|
|
1765 |
rootsComputationsCount += 1
|
|
1766 |
if len(iRootsList) == 0:
|
|
1767 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
|
1768 |
print "No roots in \"i\"."
|
|
1769 |
break # No roots in i.
|
|
1770 |
tRootsList = Zt(currentResultantT).roots()
|
|
1771 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
|
1772 |
rootsComputationsCount += 1
|
|
1773 |
if len(tRootsList) == 0:
|
|
1774 |
print "No roots in \"t\"."
|
|
1775 |
break # No roots in i.
|
|
1776 |
##### For each iRoot, get a tRoot and check against the polynomials.
|
|
1777 |
for iRoot in iRootsList:
|
|
1778 |
####### Roots returned by roots() are (value, multiplicity)
|
|
1779 |
# tuples.
|
|
1780 |
#print "iRoot:", iRoot
|
|
1781 |
for tRoot in tRootsList:
|
|
1782 |
###### Use the tRoot against each polynomial, alternatively.
|
|
1783 |
if polyPair[0](iRoot[0],tRoot[0]) != 0:
|
|
1784 |
continue
|
|
1785 |
if polyPair[1](iRoot[0],tRoot[0]) != 0:
|
|
1786 |
continue
|
|
1787 |
rootsSet.add((iRoot[0], tRoot[0]))
|
|
1788 |
# End of roots computation.
|
|
1789 |
# End loop for polyPair in polyParsList. Will break at next iteration.
|
|
1790 |
# since a non null resultant was found.
|
|
1791 |
#### Prepare for results for the current interval..
|
|
1792 |
intervalResultsList = []
|
|
1793 |
intervalResultsList.append((lb, ub))
|
|
1794 |
#### Check roots.
|
|
1795 |
rootsResultsList = []
|
|
1796 |
for root in rootsSet:
|
|
1797 |
specificRootResultsList = []
|
|
1798 |
failingBounds = []
|
|
1799 |
intIntPdivN = intIntP(root[0], root[1]) / N
|
|
1800 |
if int(intIntPdivN) != intIntPdivN:
|
|
1801 |
continue # Next root
|
|
1802 |
# Root qualifies for modular equation, test it for hardness to round.
|
|
1803 |
hardToRoundCaseAsFloat = RRR((icAsInt + root[0]) / toIntegerFactor)
|
|
1804 |
#print "Before unscaling:", hardToRoundCaseAsFloat.n(prec=precision)
|
|
1805 |
#print scalingFunction
|
|
1806 |
scaledHardToRoundCaseAsFloat = \
|
|
1807 |
scalingFunction(hardToRoundCaseAsFloat)
|
|
1808 |
print "Candidate HTRNc at x =", \
|
|
1809 |
scaledHardToRoundCaseAsFloat.n().str(base=2),
|
|
1810 |
if slz_is_htrn(scaledHardToRoundCaseAsFloat,
|
|
1811 |
function,
|
|
1812 |
2^-(targetHardnessToRound),
|
|
1813 |
RRR):
|
|
1814 |
print hardToRoundCaseAsFloat, "is HTRN case."
|
|
1815 |
if lb <= hardToRoundCaseAsFloat and hardToRoundCaseAsFloat <= ub:
|
|
1816 |
print "Found in interval."
|
|
1817 |
else:
|
|
1818 |
print "Found out of interval."
|
|
1819 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2))
|
|
1820 |
# Check the root is in the bounds
|
|
1821 |
if abs(root[0]) > iBound or abs(root[1]) > tBound:
|
|
1822 |
print "Root", root, "is out of bounds for modular equation."
|
|
1823 |
if abs(root[0]) > iBound:
|
|
1824 |
print "root[0]:", root[0]
|
|
1825 |
print "i bound:", iBound
|
|
1826 |
failingBounds.append('i')
|
|
1827 |
failingBounds.append(root[0])
|
|
1828 |
failingBounds.append(iBound)
|
|
1829 |
if abs(root[1]) > tBound:
|
|
1830 |
print "root[1]:", root[1]
|
|
1831 |
print "t bound:", tBound
|
|
1832 |
failingBounds.append('t')
|
|
1833 |
failingBounds.append(root[1])
|
|
1834 |
failingBounds.append(tBound)
|
|
1835 |
if len(failingBounds) > 0:
|
|
1836 |
specificRootResultsList.append(failingBounds)
|
|
1837 |
else: # From slz_is_htrn...
|
|
1838 |
print "is not an HTRN case."
|
|
1839 |
if len(specificRootResultsList) > 0:
|
|
1840 |
rootsResultsList.append(specificRootResultsList)
|
|
1841 |
if len(rootsResultsList) > 0:
|
|
1842 |
intervalResultsList.append(rootsResultsList)
|
|
1843 |
### Check if a non null resultant was found. If not shrink the interval.
|
|
1844 |
if not hasNonNullResultant:
|
|
1845 |
print "Only null resultants for this reduction, shrinking interval."
|
|
1846 |
resultCondFailed = True
|
|
1847 |
resultCondFailedCount += 1
|
|
1848 |
### Shrink interval for next iteration.
|
|
1849 |
ub = lb + bw * onlyNullResultantsShrink
|
|
1850 |
if ub > sdub:
|
|
1851 |
ub = sdub
|
|
1852 |
nbw = 0
|
|
1853 |
continue
|
|
1854 |
#### An intervalResultsList has at least the bounds.
|
|
1855 |
globalResultsList.append(intervalResultsList)
|
|
1856 |
#### Compute an incremented width for next upper bound, only
|
|
1857 |
# if not Coppersmith condition nor resultant condition
|
|
1858 |
# failed at the previous run.
|
|
1859 |
if not coppCondFailed and not resultCondFailed:
|
|
1860 |
nbw = noErrorIntervalStretch * bw
|
|
1861 |
else:
|
|
1862 |
nbw = bw
|
|
1863 |
##### Reset the failure flags. They will be raised
|
|
1864 |
# again if needed.
|
|
1865 |
coppCondFailed = False
|
|
1866 |
resultCondFailed = False
|
|
1867 |
#### For next iteration (at end of loop)
|
|
1868 |
#print "nbw:", nbw
|
|
1869 |
lb = ub
|
|
1870 |
ub += nbw
|
|
1871 |
if ub > sdub:
|
|
1872 |
ub = sdub
|
|
1873 |
print
|
|
1874 |
# End while True
|
|
1875 |
## Main loop just ended.
|
|
1876 |
globalWallTime = walltime(wallTimeStart)
|
|
1877 |
globalCpuTime = cputime(cpuTimeStart)
|
|
1878 |
## Output results
|
|
1879 |
print ; print "Intervals and HTRNs" ; print
|
|
1880 |
for intervalResultsList in globalResultsList:
|
|
1881 |
print "[", intervalResultsList[0][0], ",",intervalResultsList[0][1], "]",
|
|
1882 |
if len(intervalResultsList) > 1:
|
|
1883 |
rootsResultsList = intervalResultsList[1]
|
|
1884 |
for specificRootResultsList in rootsResultsList:
|
|
1885 |
print "\t", specificRootResultsList[0],
|
|
1886 |
if len(specificRootResultsList) > 1:
|
|
1887 |
print specificRootResultsList[1],
|
|
1888 |
print ; print
|
|
1889 |
#print globalResultsList
|
|
1890 |
#
|
|
1891 |
print "Timers and counters"
|
|
1892 |
print
|
|
1893 |
print "Number of iterations:", iterCount
|
|
1894 |
print "Taylor condition failures:", taylCondFailedCount
|
|
1895 |
print "Coppersmith condition failures:", coppCondFailedCount
|
|
1896 |
print "Resultant condition failures:", resultCondFailedCount
|
|
1897 |
print "Iterations count: ", iterCount
|
|
1898 |
print "Number of intervals:", len(globalResultsList)
|
|
1899 |
print "Number of basis constructions:", basisConstructionsCount
|
|
1900 |
print "Total CPU time spent in basis constructions:", \
|
|
1901 |
basisConstructionsFullTime
|
|
1902 |
if basisConstructionsCount != 0:
|
|
1903 |
print "Average basis construction CPU time:", \
|
|
1904 |
basisConstructionsFullTime/basisConstructionsCount
|
|
1905 |
print "Number of reductions:", reductionsCount
|
|
1906 |
print "Total CPU time spent in reductions:", reductionsFullTime
|
|
1907 |
if reductionsCount != 0:
|
|
1908 |
print "Average reduction CPU time:", \
|
|
1909 |
reductionsFullTime/reductionsCount
|
|
1910 |
print "Number of resultants computation rounds:", \
|
|
1911 |
resultantsComputationsCount
|
|
1912 |
print "Total CPU time spent in resultants computation rounds:", \
|
|
1913 |
resultantsComputationsFullTime
|
|
1914 |
if resultantsComputationsCount != 0:
|
|
1915 |
print "Average resultants computation round CPU time:", \
|
|
1916 |
resultantsComputationsFullTime/resultantsComputationsCount
|
|
1917 |
print "Number of root finding rounds:", rootsComputationsCount
|
|
1918 |
print "Total CPU time spent in roots finding rounds:", \
|
|
1919 |
rootsComputationsFullTime
|
|
1920 |
if rootsComputationsCount != 0:
|
|
1921 |
print "Average roots finding round CPU time:", \
|
|
1922 |
rootsComputationsFullTime/rootsComputationsCount
|
|
1923 |
print "Global Wall time:", globalWallTime
|
|
1924 |
print "Global CPU time:", globalCpuTime
|
|
1925 |
## Output counters
|
|
1926 |
# End srs_compute_lattice_volume
|
| 940 |
1927 |
|