|
1 |
r"""
|
|
2 |
Main SLZ algorithm body in several versions.
|
|
3 |
|
|
4 |
AUTHORS:
|
|
5 |
- S.T. (2015-10-10): initial version
|
|
6 |
|
|
7 |
Examples:
|
|
8 |
TODO
|
| 1 |
9 |
"""
|
|
10 |
print "sageRationalOperations loading..."
|
|
11 |
|
|
12 |
def srs_compute_lattice_volume(inputFunction,
|
|
13 |
inputLowerBound,
|
|
14 |
inputUpperBound,
|
|
15 |
alpha,
|
|
16 |
degree,
|
|
17 |
precision,
|
|
18 |
emin,
|
|
19 |
emax,
|
|
20 |
targetHardnessToRound,
|
|
21 |
debug = False):
|
|
22 |
"""
|
|
23 |
Changes from V2:
|
|
24 |
Root search is changed:
|
|
25 |
- we compute the resultants in i and in t;
|
|
26 |
- we compute the roots set of each of these resultants;
|
|
27 |
- we combine all the possible pairs between the two sets;
|
|
28 |
- we check these pairs in polynomials for correctness.
|
|
29 |
Changes from V1:
|
|
30 |
1- check for roots as soon as a resultant is computed;
|
|
31 |
2- once a non null resultant is found, check for roots;
|
|
32 |
3- constant resultant == no root.
|
|
33 |
"""
|
|
34 |
|
|
35 |
if debug:
|
|
36 |
print "Function :", inputFunction
|
|
37 |
print "Lower bound :", inputLowerBound
|
|
38 |
print "Upper bounds :", inputUpperBound
|
|
39 |
print "Alpha :", alpha
|
|
40 |
print "Degree :", degree
|
|
41 |
print "Precision :", precision
|
|
42 |
print "Emin :", emin
|
|
43 |
print "Emax :", emax
|
|
44 |
print "Target hardness-to-round:", targetHardnessToRound
|
|
45 |
print
|
|
46 |
## Important constants.
|
|
47 |
### Stretch the interval if no error happens.
|
|
48 |
noErrorIntervalStretch = 1 + 2^(-5)
|
|
49 |
### If no vector validates the Coppersmith condition, shrink the interval
|
|
50 |
# by the following factor.
|
|
51 |
noCoppersmithIntervalShrink = 1/2
|
|
52 |
### If only (or at least) one vector validates the Coppersmith condition,
|
|
53 |
# shrink the interval by the following factor.
|
|
54 |
oneCoppersmithIntervalShrink = 3/4
|
|
55 |
#### If only null resultants are found, shrink the interval by the
|
|
56 |
# following factor.
|
|
57 |
onlyNullResultantsShrink = 3/4
|
|
58 |
## Structures.
|
|
59 |
RRR = RealField(precision)
|
|
60 |
RRIF = RealIntervalField(precision)
|
|
61 |
## Converting input bound into the "right" field.
|
|
62 |
lowerBound = RRR(inputLowerBound)
|
|
63 |
upperBound = RRR(inputUpperBound)
|
|
64 |
## Before going any further, check domain and image binade conditions.
|
|
65 |
print inputFunction(1).n()
|
|
66 |
output = slz_fix_bounds_for_binades(lowerBound, upperBound, inputFunction)
|
|
67 |
if output is None:
|
|
68 |
print "Invalid domain/image binades. Domain:",\
|
|
69 |
lowerBound, upperBound, "Images:", \
|
|
70 |
inputFunction(lowerBound), inputFunction(upperBound)
|
|
71 |
raise Exception("Invalid domain/image binades.")
|
|
72 |
lb = output[0] ; ub = output[1]
|
|
73 |
if lb != lowerBound or ub != upperBound:
|
|
74 |
print "lb:", lb, " - ub:", ub
|
|
75 |
print "Invalid domain/image binades. Domain:",\
|
|
76 |
lowerBound, upperBound, "Images:", \
|
|
77 |
inputFunction(lowerBound), inputFunction(upperBound)
|
|
78 |
raise Exception("Invalid domain/image binades.")
|
|
79 |
#
|
|
80 |
## Progam initialization
|
|
81 |
### Approximation polynomial accuracy and hardness to round.
|
|
82 |
polyApproxAccur = 2^(-(targetHardnessToRound + 1))
|
|
83 |
polyTargetHardnessToRound = targetHardnessToRound + 1
|
|
84 |
### Significand to integer conversion ratio.
|
|
85 |
toIntegerFactor = 2^(precision-1)
|
|
86 |
print "Polynomial approximation required accuracy:", polyApproxAccur.n()
|
|
87 |
### Variables and rings for polynomials and root searching.
|
|
88 |
i=var('i')
|
|
89 |
t=var('t')
|
|
90 |
inputFunctionVariable = inputFunction.variables()[0]
|
|
91 |
function = inputFunction.subs({inputFunctionVariable:i})
|
|
92 |
# Polynomial Rings over the integers, for root finding.
|
|
93 |
Zi = ZZ[i]
|
|
94 |
Zt = ZZ[t]
|
|
95 |
Zit = ZZ[i,t]
|
|
96 |
## Number of iterations limit.
|
|
97 |
maxIter = 100000
|
|
98 |
#
|
|
99 |
## Compute the scaled function and the degree, in their Sollya version
|
|
100 |
# once for all.
|
|
101 |
(scaledf, sdlb, sdub, silb, siub) = \
|
|
102 |
slz_compute_scaled_function(function, lowerBound, upperBound, precision)
|
|
103 |
print "Scaled function:", scaledf._assume_str().replace('_SAGE_VAR_', '')
|
|
104 |
scaledfSo = sollya_lib_parse_string(scaledf._assume_str().replace('_SAGE_VAR_', ''))
|
|
105 |
degreeSo = pobyso_constant_from_int_sa_so(degree)
|
|
106 |
#
|
|
107 |
## Compute the scaling. boundsIntervalRifSa defined out of the loops.
|
|
108 |
domainBoundsInterval = RRIF(lowerBound, upperBound)
|
|
109 |
(unscalingFunction, scalingFunction) = \
|
|
110 |
slz_interval_scaling_expression(domainBoundsInterval, i)
|
|
111 |
#print scalingFunction, unscalingFunction
|
|
112 |
## Set the Sollya internal precision (with an arbitrary minimum of 192).
|
|
113 |
internalSollyaPrec = ceil((RR('1.5') * targetHardnessToRound) / 64) * 64
|
|
114 |
if internalSollyaPrec < 192:
|
|
115 |
internalSollyaPrec = 192
|
|
116 |
pobyso_set_prec_sa_so(internalSollyaPrec)
|
|
117 |
print "Sollya internal precision:", internalSollyaPrec
|
|
118 |
## Some variables.
|
|
119 |
### General variables
|
|
120 |
lb = sdlb
|
|
121 |
ub = sdub
|
|
122 |
nbw = 0
|
|
123 |
intervalUlp = ub.ulp()
|
|
124 |
#### Will be set by slz_interval_and_polynomila_to_sage.
|
|
125 |
ic = 0
|
|
126 |
icAsInt = 0 # Set from ic.
|
|
127 |
solutionsSet = set()
|
|
128 |
tsErrorWidth = []
|
|
129 |
csErrorVectors = []
|
|
130 |
csVectorsResultants = []
|
|
131 |
floatP = 0 # Taylor polynomial.
|
|
132 |
floatPcv = 0 # Ditto with variable change.
|
|
133 |
intvl = "" # Taylor interval
|
|
134 |
terr = 0 # Taylor error.
|
|
135 |
iterCount = 0
|
|
136 |
htrnSet = set()
|
|
137 |
### Timers and counters.
|
|
138 |
wallTimeStart = 0
|
|
139 |
cpuTimeStart = 0
|
|
140 |
taylCondFailedCount = 0
|
|
141 |
coppCondFailedCount = 0
|
|
142 |
resultCondFailedCount = 0
|
|
143 |
coppCondFailed = False
|
|
144 |
resultCondFailed = False
|
|
145 |
globalResultsList = []
|
|
146 |
basisConstructionsCount = 0
|
|
147 |
basisConstructionsFullTime = 0
|
|
148 |
basisConstructionTime = 0
|
|
149 |
reductionsCount = 0
|
|
150 |
reductionsFullTime = 0
|
|
151 |
reductionTime = 0
|
|
152 |
resultantsComputationsCount = 0
|
|
153 |
resultantsComputationsFullTime = 0
|
|
154 |
resultantsComputationTime = 0
|
|
155 |
rootsComputationsCount = 0
|
|
156 |
rootsComputationsFullTime = 0
|
|
157 |
rootsComputationTime = 0
|
|
158 |
print
|
|
159 |
## Global times are started here.
|
|
160 |
wallTimeStart = walltime()
|
|
161 |
cpuTimeStart = cputime()
|
|
162 |
## Main loop.
|
|
163 |
while True:
|
|
164 |
if lb >= sdub:
|
|
165 |
print "Lower bound reached upper bound."
|
|
166 |
break
|
|
167 |
if iterCount == maxIter:
|
|
168 |
print "Reached maxIter. Aborting"
|
|
169 |
break
|
|
170 |
iterCount += 1
|
|
171 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \
|
|
172 |
"log2(numbers)."
|
|
173 |
### Compute a Sollya polynomial that will honor the Taylor condition.
|
|
174 |
prceSo = slz_compute_polynomial_and_interval(scaledfSo,
|
|
175 |
degreeSo,
|
|
176 |
lb,
|
|
177 |
ub,
|
|
178 |
polyApproxAccur)
|
|
179 |
### Convert back the data into Sage space.
|
|
180 |
(floatP, floatPcv, intvl, ic, terr) = \
|
|
181 |
slz_interval_and_polynomial_to_sage((prceSo[0], prceSo[0],
|
|
182 |
prceSo[1], prceSo[2],
|
|
183 |
prceSo[3]))
|
|
184 |
intvl = RRIF(intvl)
|
|
185 |
## Clean-up Sollya stuff.
|
|
186 |
for elem in prceSo:
|
|
187 |
sollya_lib_clear_obj(elem)
|
|
188 |
#print floatP, floatPcv, intvl, ic, terr
|
|
189 |
#print floatP
|
|
190 |
#print intvl.endpoints()[0].n(), \
|
|
191 |
# ic.n(),
|
|
192 |
#intvl.endpoints()[1].n()
|
|
193 |
### Check returned data.
|
|
194 |
#### Is approximation error OK?
|
|
195 |
if terr > polyApproxAccur:
|
|
196 |
exceptionErrorMess = \
|
|
197 |
"Approximation failed - computed error:" + \
|
|
198 |
str(terr) + " - target error: "
|
|
199 |
exceptionErrorMess += \
|
|
200 |
str(polyApproxAccur) + ". Aborting!"
|
|
201 |
raise Exception(exceptionErrorMess)
|
|
202 |
#### Is lower bound OK?
|
|
203 |
if lb != intvl.endpoints()[0]:
|
|
204 |
exceptionErrorMess = "Wrong lower bound:" + \
|
|
205 |
str(lb) + ". Aborting!"
|
|
206 |
raise Exception(exceptionErrorMess)
|
|
207 |
#### Set upper bound.
|
|
208 |
if ub > intvl.endpoints()[1]:
|
|
209 |
ub = intvl.endpoints()[1]
|
|
210 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \
|
|
211 |
"log2(numbers)."
|
|
212 |
taylCondFailedCount += 1
|
|
213 |
#### Is interval not degenerate?
|
|
214 |
if lb >= ub:
|
|
215 |
exceptionErrorMess = "Degenerate interval: " + \
|
|
216 |
"lowerBound(" + str(lb) +\
|
|
217 |
")>= upperBound(" + str(ub) + \
|
|
218 |
"). Aborting!"
|
|
219 |
raise Exception(exceptionErrorMess)
|
|
220 |
#### Is interval center ok?
|
|
221 |
if ic <= lb or ic >= ub:
|
|
222 |
exceptionErrorMess = "Invalid interval center for " + \
|
|
223 |
str(lb) + ',' + str(ic) + ',' + \
|
|
224 |
str(ub) + ". Aborting!"
|
|
225 |
raise Exception(exceptionErrorMess)
|
|
226 |
##### Current interval width and reset future interval width.
|
|
227 |
bw = ub - lb
|
|
228 |
nbw = 0
|
|
229 |
icAsInt = int(ic * toIntegerFactor)
|
|
230 |
#### The following ratio is always >= 1. In case we may want to
|
|
231 |
# enlarge the interval
|
|
232 |
curTaylErrRat = polyApproxAccur / terr
|
|
233 |
### Make the integral transformations.
|
|
234 |
#### Bounds and interval center.
|
|
235 |
intIc = int(ic * toIntegerFactor)
|
|
236 |
intLb = int(lb * toIntegerFactor) - intIc
|
|
237 |
intUb = int(ub * toIntegerFactor) - intIc
|
|
238 |
#
|
|
239 |
#### Polynomials
|
|
240 |
basisConstructionTime = cputime()
|
|
241 |
##### To a polynomial with rational coefficients with rational arguments
|
|
242 |
ratRatP = slz_float_poly_of_float_to_rat_poly_of_rat_pow_two(floatP)
|
|
243 |
##### To a polynomial with rational coefficients with integer arguments
|
|
244 |
ratIntP = \
|
|
245 |
slz_rat_poly_of_rat_to_rat_poly_of_int(ratRatP, precision)
|
|
246 |
##### Ultimately a multivariate polynomial with integer coefficients
|
|
247 |
# with integer arguments.
|
|
248 |
coppersmithTuple = \
|
|
249 |
slz_rat_poly_of_int_to_poly_for_coppersmith(ratIntP,
|
|
250 |
precision,
|
|
251 |
targetHardnessToRound,
|
|
252 |
i, t)
|
|
253 |
#### Recover Coppersmith information.
|
|
254 |
intIntP = coppersmithTuple[0]
|
|
255 |
N = coppersmithTuple[1]
|
|
256 |
nAtAlpha = N^alpha
|
|
257 |
tBound = coppersmithTuple[2]
|
|
258 |
leastCommonMultiple = coppersmithTuple[3]
|
|
259 |
iBound = max(abs(intLb),abs(intUb))
|
|
260 |
basisConstructionsFullTime += cputime(basisConstructionTime)
|
|
261 |
basisConstructionsCount += 1
|
|
262 |
reductionTime = cputime()
|
|
263 |
#### Compute the reduced polynomials.
|
|
264 |
ccReducedPolynomialsList = \
|
|
265 |
slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(intIntP,
|
|
266 |
alpha,
|
|
267 |
N,
|
|
268 |
iBound,
|
|
269 |
tBound)
|
|
270 |
if ccReducedPolynomialsList is None:
|
|
271 |
raise Exception("Reduction failed.")
|
|
272 |
reductionsFullTime += cputime(reductionTime)
|
|
273 |
reductionsCount += 1
|
|
274 |
if len(ccReducedPolynomialsList) < 2:
|
|
275 |
print "Nothing to form resultants with."
|
|
276 |
print
|
|
277 |
coppCondFailedCount += 1
|
|
278 |
coppCondFailed = True
|
|
279 |
##### Apply a different shrink factor according to
|
|
280 |
# the number of compliant polynomials.
|
|
281 |
if len(ccReducedPolynomialsList) == 0:
|
|
282 |
ub = lb + bw * noCoppersmithIntervalShrink
|
|
283 |
else: # At least one compliant polynomial.
|
|
284 |
ub = lb + bw * oneCoppersmithIntervalShrink
|
|
285 |
if ub > sdub:
|
|
286 |
ub = sdub
|
|
287 |
if lb == ub:
|
|
288 |
raise Exception("Cant shrink interval \
|
|
289 |
anymore to get Coppersmith condition.")
|
|
290 |
nbw = 0
|
|
291 |
continue
|
|
292 |
#### We have at least two polynomials.
|
|
293 |
# Let us try to compute resultants.
|
|
294 |
# For each resultant computed, go for the solutions.
|
|
295 |
##### Build the pairs list.
|
|
296 |
polyPairsList = []
|
|
297 |
for polyOuterIndex in xrange(0, len(ccReducedPolynomialsList) - 1):
|
|
298 |
for polyInnerIndex in xrange(polyOuterIndex+1,
|
|
299 |
len(ccReducedPolynomialsList)):
|
|
300 |
polyPairsList.append((ccReducedPolynomialsList[polyOuterIndex],
|
|
301 |
ccReducedPolynomialsList[polyInnerIndex]))
|
|
302 |
#### Actual root search.
|
|
303 |
rootsSet = set()
|
|
304 |
hasNonNullResultant = False
|
|
305 |
for polyPair in polyPairsList:
|
|
306 |
if hasNonNullResultant:
|
|
307 |
break
|
|
308 |
resultantsComputationTime = cputime()
|
|
309 |
currentResultantI = \
|
|
310 |
slz_resultant(polyPair[0],
|
|
311 |
polyPair[1],
|
|
312 |
t)
|
|
313 |
resultantsComputationsCount += 1
|
|
314 |
if currentResultantI is None:
|
|
315 |
resultantsComputationsFullTime += \
|
|
316 |
cputime(resultantsComputationTime)
|
|
317 |
print "Nul resultant"
|
|
318 |
continue # Next polyPair.
|
|
319 |
currentResultantT = \
|
|
320 |
slz_resultant(polyPair[0],
|
|
321 |
polyPair[1],
|
|
322 |
i)
|
|
323 |
resultantsComputationsFullTime += cputime(resultantsComputationTime)
|
|
324 |
resultantsComputationsCount += 1
|
|
325 |
if currentResultantT is None:
|
|
326 |
print "Nul resultant"
|
|
327 |
continue # Next polyPair.
|
|
328 |
else:
|
|
329 |
hasNonNullResultant = True
|
|
330 |
#### We have a non null resultants pair. From now on, whatever the
|
|
331 |
# root search yields, no extra root search is necessary.
|
|
332 |
#### A constant resultant leads to no root. Root search is done.
|
|
333 |
if currentResultantI.degree() < 1:
|
|
334 |
print "Resultant is constant:", currentResultantI
|
|
335 |
break # Next polyPair and should break.
|
|
336 |
if currentResultantT.degree() < 1:
|
|
337 |
print "Resultant is constant:", currentResultantT
|
|
338 |
break # Next polyPair and should break.
|
|
339 |
#### Actual roots computation.
|
|
340 |
rootsComputationTime = cputime()
|
|
341 |
##### Compute i roots
|
|
342 |
iRootsList = Zi(currentResultantI).roots()
|
|
343 |
rootsComputationsCount += 1
|
|
344 |
if len(iRootsList) == 0:
|
|
345 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
|
346 |
print "No roots in \"i\"."
|
|
347 |
break # No roots in i.
|
|
348 |
tRootsList = Zt(currentResultantT).roots()
|
|
349 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
|
350 |
rootsComputationsCount += 1
|
|
351 |
if len(tRootsList) == 0:
|
|
352 |
print "No roots in \"t\"."
|
|
353 |
break # No roots in i.
|
|
354 |
##### For each iRoot, get a tRoot and check against the polynomials.
|
|
355 |
for iRoot in iRootsList:
|
|
356 |
####### Roots returned by roots() are (value, multiplicity)
|
|
357 |
# tuples.
|
|
358 |
#print "iRoot:", iRoot
|
|
359 |
for tRoot in tRootsList:
|
|
360 |
###### Use the tRoot against each polynomial, alternatively.
|
|
361 |
if polyPair[0](iRoot[0],tRoot[0]) != 0:
|
|
362 |
continue
|
|
363 |
if polyPair[1](iRoot[0],tRoot[0]) != 0:
|
|
364 |
continue
|
|
365 |
rootsSet.add((iRoot[0], tRoot[0]))
|
|
366 |
# End of roots computation.
|
|
367 |
# End loop for polyPair in polyParsList. Will break at next iteration.
|
|
368 |
# since a non null resultant was found.
|
|
369 |
#### Prepare for results for the current interval..
|
|
370 |
intervalResultsList = []
|
|
371 |
intervalResultsList.append((lb, ub))
|
|
372 |
#### Check roots.
|
|
373 |
rootsResultsList = []
|
|
374 |
for root in rootsSet:
|
|
375 |
specificRootResultsList = []
|
|
376 |
failingBounds = []
|
|
377 |
intIntPdivN = intIntP(root[0], root[1]) / N
|
|
378 |
if int(intIntPdivN) != intIntPdivN:
|
|
379 |
continue # Next root
|
|
380 |
# Root qualifies for modular equation, test it for hardness to round.
|
|
381 |
hardToRoundCaseAsFloat = RRR((icAsInt + root[0]) / toIntegerFactor)
|
|
382 |
#print "Before unscaling:", hardToRoundCaseAsFloat.n(prec=precision)
|
|
383 |
#print scalingFunction
|
|
384 |
scaledHardToRoundCaseAsFloat = \
|
|
385 |
scalingFunction(hardToRoundCaseAsFloat)
|
|
386 |
print "Candidate HTRNc at x =", \
|
|
387 |
scaledHardToRoundCaseAsFloat.n().str(base=2),
|
|
388 |
if slz_is_htrn(scaledHardToRoundCaseAsFloat,
|
|
389 |
function,
|
|
390 |
2^-(targetHardnessToRound),
|
|
391 |
RRR):
|
|
392 |
print hardToRoundCaseAsFloat, "is HTRN case."
|
|
393 |
if lb <= hardToRoundCaseAsFloat and hardToRoundCaseAsFloat <= ub:
|
|
394 |
print "Found in interval."
|
|
395 |
else:
|
|
396 |
print "Found out of interval."
|
|
397 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2))
|
|
398 |
# Check the root is in the bounds
|
|
399 |
if abs(root[0]) > iBound or abs(root[1]) > tBound:
|
|
400 |
print "Root", root, "is out of bounds for modular equation."
|
|
401 |
if abs(root[0]) > iBound:
|
|
402 |
print "root[0]:", root[0]
|
|
403 |
print "i bound:", iBound
|
|
404 |
failingBounds.append('i')
|
|
405 |
failingBounds.append(root[0])
|
|
406 |
failingBounds.append(iBound)
|
|
407 |
if abs(root[1]) > tBound:
|
|
408 |
print "root[1]:", root[1]
|
|
409 |
print "t bound:", tBound
|
|
410 |
failingBounds.append('t')
|
|
411 |
failingBounds.append(root[1])
|
|
412 |
failingBounds.append(tBound)
|
|
413 |
if len(failingBounds) > 0:
|
|
414 |
specificRootResultsList.append(failingBounds)
|
|
415 |
else: # From slz_is_htrn...
|
|
416 |
print "is not an HTRN case."
|
|
417 |
if len(specificRootResultsList) > 0:
|
|
418 |
rootsResultsList.append(specificRootResultsList)
|
|
419 |
if len(rootsResultsList) > 0:
|
|
420 |
intervalResultsList.append(rootsResultsList)
|
|
421 |
### Check if a non null resultant was found. If not shrink the interval.
|
|
422 |
if not hasNonNullResultant:
|
|
423 |
print "Only null resultants for this reduction, shrinking interval."
|
|
424 |
resultCondFailed = True
|
|
425 |
resultCondFailedCount += 1
|
|
426 |
### Shrink interval for next iteration.
|
|
427 |
ub = lb + bw * onlyNullResultantsShrink
|
|
428 |
if ub > sdub:
|
|
429 |
ub = sdub
|
|
430 |
nbw = 0
|
|
431 |
continue
|
|
432 |
#### An intervalResultsList has at least the bounds.
|
|
433 |
globalResultsList.append(intervalResultsList)
|
|
434 |
#### Compute an incremented width for next upper bound, only
|
|
435 |
# if not Coppersmith condition nor resultant condition
|
|
436 |
# failed at the previous run.
|
|
437 |
if not coppCondFailed and not resultCondFailed:
|
|
438 |
nbw = noErrorIntervalStretch * bw
|
|
439 |
else:
|
|
440 |
nbw = bw
|
|
441 |
##### Reset the failure flags. They will be raised
|
|
442 |
# again if needed.
|
|
443 |
coppCondFailed = False
|
|
444 |
resultCondFailed = False
|
|
445 |
#### For next iteration (at end of loop)
|
|
446 |
#print "nbw:", nbw
|
|
447 |
lb = ub
|
|
448 |
ub += nbw
|
|
449 |
if ub > sdub:
|
|
450 |
ub = sdub
|
|
451 |
print
|
|
452 |
# End while True
|
|
453 |
## Main loop just ended.
|
|
454 |
globalWallTime = walltime(wallTimeStart)
|
|
455 |
globalCpuTime = cputime(cpuTimeStart)
|
|
456 |
## Output results
|
|
457 |
print ; print "Intervals and HTRNs" ; print
|
|
458 |
for intervalResultsList in globalResultsList:
|
|
459 |
print "[", intervalResultsList[0][0], ",",intervalResultsList[0][1], "]",
|
|
460 |
if len(intervalResultsList) > 1:
|
|
461 |
rootsResultsList = intervalResultsList[1]
|
|
462 |
for specificRootResultsList in rootsResultsList:
|
|
463 |
print "\t", specificRootResultsList[0],
|
|
464 |
if len(specificRootResultsList) > 1:
|
|
465 |
print specificRootResultsList[1],
|
|
466 |
print ; print
|
|
467 |
#print globalResultsList
|
|
468 |
#
|
|
469 |
print "Timers and counters"
|
|
470 |
print
|
|
471 |
print "Number of iterations:", iterCount
|
|
472 |
print "Taylor condition failures:", taylCondFailedCount
|
|
473 |
print "Coppersmith condition failures:", coppCondFailedCount
|
|
474 |
print "Resultant condition failures:", resultCondFailedCount
|
|
475 |
print "Iterations count: ", iterCount
|
|
476 |
print "Number of intervals:", len(globalResultsList)
|
|
477 |
print "Number of basis constructions:", basisConstructionsCount
|
|
478 |
print "Total CPU time spent in basis constructions:", \
|
|
479 |
basisConstructionsFullTime
|
|
480 |
if basisConstructionsCount != 0:
|
|
481 |
print "Average basis construction CPU time:", \
|
|
482 |
basisConstructionsFullTime/basisConstructionsCount
|
|
483 |
print "Number of reductions:", reductionsCount
|
|
484 |
print "Total CPU time spent in reductions:", reductionsFullTime
|
|
485 |
if reductionsCount != 0:
|
|
486 |
print "Average reduction CPU time:", \
|
|
487 |
reductionsFullTime/reductionsCount
|
|
488 |
print "Number of resultants computation rounds:", \
|
|
489 |
resultantsComputationsCount
|
|
490 |
print "Total CPU time spent in resultants computation rounds:", \
|
|
491 |
resultantsComputationsFullTime
|
|
492 |
if resultantsComputationsCount != 0:
|
|
493 |
print "Average resultants computation round CPU time:", \
|
|
494 |
resultantsComputationsFullTime/resultantsComputationsCount
|
|
495 |
print "Number of root finding rounds:", rootsComputationsCount
|
|
496 |
print "Total CPU time spent in roots finding rounds:", \
|
|
497 |
rootsComputationsFullTime
|
|
498 |
if rootsComputationsCount != 0:
|
|
499 |
print "Average roots finding round CPU time:", \
|
|
500 |
rootsComputationsFullTime/rootsComputationsCount
|
|
501 |
print "Global Wall time:", globalWallTime
|
|
502 |
print "Global CPU time:", globalCpuTime
|
|
503 |
## Output counters
|
|
504 |
# End srs_compute_lattice_volume
|
|
505 |
|
|
506 |
"""
|
| 2 |
507 |
SLZ runtime function.
|
| 3 |
508 |
"""
|
| 4 |
509 |
|
| ... | ... | |
| 1431 |
1936 |
## Output counters
|
| 1432 |
1937 |
# End srs_runSLZ-v03
|
| 1433 |
1938 |
|
| 1434 |
|
def srs_compute_lattice_volume(inputFunction,
|
|
1939 |
def srs_run_SLZ_v04(inputFunction,
|
| 1435 |
1940 |
inputLowerBound,
|
| 1436 |
1941 |
inputUpperBound,
|
| 1437 |
1942 |
alpha,
|
| ... | ... | |
| 1442 |
1947 |
targetHardnessToRound,
|
| 1443 |
1948 |
debug = False):
|
| 1444 |
1949 |
"""
|
|
1950 |
Changes from V3:
|
|
1951 |
Root search is changed again:
|
|
1952 |
- only resultants in i are computed;
|
|
1953 |
- root are searched for;
|
|
1954 |
- if any, they are tested for hardness-to-round.
|
| 1445 |
1955 |
Changes from V2:
|
| 1446 |
1956 |
Root search is changed:
|
| 1447 |
1957 |
- we compute the resultants in i and in t;
|
| ... | ... | |
| 1684 |
2194 |
reductionTime = cputime()
|
| 1685 |
2195 |
#### Compute the reduced polynomials.
|
| 1686 |
2196 |
ccReducedPolynomialsList = \
|
| 1687 |
|
slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(intIntP,
|
| 1688 |
|
alpha,
|
| 1689 |
|
N,
|
| 1690 |
|
iBound,
|
| 1691 |
|
tBound)
|
|
2197 |
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
|
2198 |
alpha,
|
|
2199 |
N,
|
|
2200 |
iBound,
|
|
2201 |
tBound)
|
| 1692 |
2202 |
if ccReducedPolynomialsList is None:
|
| 1693 |
2203 |
raise Exception("Reduction failed.")
|
| 1694 |
2204 |
reductionsFullTime += cputime(reductionTime)
|
| ... | ... | |
| 1722 |
2232 |
polyPairsList.append((ccReducedPolynomialsList[polyOuterIndex],
|
| 1723 |
2233 |
ccReducedPolynomialsList[polyInnerIndex]))
|
| 1724 |
2234 |
#### Actual root search.
|
| 1725 |
|
rootsSet = set()
|
|
2235 |
iRootsSet = set()
|
| 1726 |
2236 |
hasNonNullResultant = False
|
| 1727 |
2237 |
for polyPair in polyPairsList:
|
| 1728 |
|
if hasNonNullResultant:
|
| 1729 |
|
break
|
| 1730 |
2238 |
resultantsComputationTime = cputime()
|
| 1731 |
2239 |
currentResultantI = \
|
| 1732 |
2240 |
slz_resultant(polyPair[0],
|
| 1733 |
2241 |
polyPair[1],
|
| 1734 |
2242 |
t)
|
| 1735 |
2243 |
resultantsComputationsCount += 1
|
|
2244 |
resultantsComputationsFullTime += \
|
|
2245 |
cputime(resultantsComputationTime)
|
|
2246 |
#### Function slz_resultant returns None both for None and O
|
|
2247 |
# resultants.
|
| 1736 |
2248 |
if currentResultantI is None:
|
| 1737 |
|
resultantsComputationsFullTime += \
|
| 1738 |
|
cputime(resultantsComputationTime)
|
| 1739 |
2249 |
print "Nul resultant"
|
| 1740 |
2250 |
continue # Next polyPair.
|
| 1741 |
|
currentResultantT = \
|
| 1742 |
|
slz_resultant(polyPair[0],
|
| 1743 |
|
polyPair[1],
|
| 1744 |
|
i)
|
| 1745 |
|
resultantsComputationsFullTime += cputime(resultantsComputationTime)
|
| 1746 |
|
resultantsComputationsCount += 1
|
| 1747 |
|
if currentResultantT is None:
|
| 1748 |
|
print "Nul resultant"
|
| 1749 |
|
continue # Next polyPair.
|
| 1750 |
|
else:
|
| 1751 |
|
hasNonNullResultant = True
|
| 1752 |
|
#### We have a non null resultants pair. From now on, whatever the
|
|
2251 |
## We deleted the currentResultantI computation.
|
|
2252 |
#### We have a non null resultant. From now on, whatever this
|
| 1753 |
2253 |
# root search yields, no extra root search is necessary.
|
|
2254 |
hasNonNullResultant = True
|
| 1754 |
2255 |
#### A constant resultant leads to no root. Root search is done.
|
| 1755 |
2256 |
if currentResultantI.degree() < 1:
|
| 1756 |
2257 |
print "Resultant is constant:", currentResultantI
|
| 1757 |
|
break # Next polyPair and should break.
|
| 1758 |
|
if currentResultantT.degree() < 1:
|
| 1759 |
|
print "Resultant is constant:", currentResultantT
|
| 1760 |
|
break # Next polyPair and should break.
|
| 1761 |
|
#### Actual roots computation.
|
| 1762 |
|
rootsComputationTime = cputime()
|
| 1763 |
|
##### Compute i roots
|
|
2258 |
break # There is no root.
|
|
2259 |
#### Actual iroots computation.
|
|
2260 |
rootsComputationTime = cputime()
|
| 1764 |
2261 |
iRootsList = Zi(currentResultantI).roots()
|
| 1765 |
2262 |
rootsComputationsCount += 1
|
|
2263 |
rootsComputationsFullTime = cputime(rootsComputationTime)
|
| 1766 |
2264 |
if len(iRootsList) == 0:
|
| 1767 |
|
rootsComputationsFullTime = cputime(rootsComputationTime)
|
| 1768 |
2265 |
print "No roots in \"i\"."
|
| 1769 |
2266 |
break # No roots in i.
|
| 1770 |
|
tRootsList = Zt(currentResultantT).roots()
|
| 1771 |
|
rootsComputationsFullTime = cputime(rootsComputationTime)
|
| 1772 |
|
rootsComputationsCount += 1
|
| 1773 |
|
if len(tRootsList) == 0:
|
| 1774 |
|
print "No roots in \"t\"."
|
| 1775 |
|
break # No roots in i.
|
| 1776 |
|
##### For each iRoot, get a tRoot and check against the polynomials.
|
| 1777 |
|
for iRoot in iRootsList:
|
| 1778 |
|
####### Roots returned by roots() are (value, multiplicity)
|
| 1779 |
|
# tuples.
|
| 1780 |
|
#print "iRoot:", iRoot
|
| 1781 |
|
for tRoot in tRootsList:
|
| 1782 |
|
###### Use the tRoot against each polynomial, alternatively.
|
| 1783 |
|
if polyPair[0](iRoot[0],tRoot[0]) != 0:
|
| 1784 |
|
continue
|
| 1785 |
|
if polyPair[1](iRoot[0],tRoot[0]) != 0:
|
| 1786 |
|
continue
|
| 1787 |
|
rootsSet.add((iRoot[0], tRoot[0]))
|
| 1788 |
|
# End of roots computation.
|
| 1789 |
|
# End loop for polyPair in polyParsList. Will break at next iteration.
|
| 1790 |
|
# since a non null resultant was found.
|
|
2267 |
else:
|
|
2268 |
for iRoot in iRootsList:
|
|
2269 |
# A root is given as a (value, multiplicity) tuple.
|
|
2270 |
iRootsSet.add(iRoot[0])
|
|
2271 |
# End loop for polyPair in polyParsList. We only loop again if a
|
|
2272 |
# None or zero resultant is found.
|
| 1791 |
2273 |
#### Prepare for results for the current interval..
|
| 1792 |
2274 |
intervalResultsList = []
|
| 1793 |
2275 |
intervalResultsList.append((lb, ub))
|
| 1794 |
2276 |
#### Check roots.
|
| 1795 |
2277 |
rootsResultsList = []
|
| 1796 |
|
for root in rootsSet:
|
|
2278 |
for iRoot in iRootsSet:
|
| 1797 |
2279 |
specificRootResultsList = []
|
| 1798 |
|
failingBounds = []
|
| 1799 |
|
intIntPdivN = intIntP(root[0], root[1]) / N
|
| 1800 |
|
if int(intIntPdivN) != intIntPdivN:
|
| 1801 |
|
continue # Next root
|
|
2280 |
failingBounds = []
|
| 1802 |
2281 |
# Root qualifies for modular equation, test it for hardness to round.
|
| 1803 |
|
hardToRoundCaseAsFloat = RRR((icAsInt + root[0]) / toIntegerFactor)
|
|
2282 |
hardToRoundCaseAsFloat = RRR((icAsInt + iRoot) / toIntegerFactor)
|
| 1804 |
2283 |
#print "Before unscaling:", hardToRoundCaseAsFloat.n(prec=precision)
|
| 1805 |
2284 |
#print scalingFunction
|
| 1806 |
2285 |
scaledHardToRoundCaseAsFloat = \
|
| ... | ... | |
| 1812 |
2291 |
2^-(targetHardnessToRound),
|
| 1813 |
2292 |
RRR):
|
| 1814 |
2293 |
print hardToRoundCaseAsFloat, "is HTRN case."
|
|
2294 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2))
|
| 1815 |
2295 |
if lb <= hardToRoundCaseAsFloat and hardToRoundCaseAsFloat <= ub:
|
| 1816 |
2296 |
print "Found in interval."
|
| 1817 |
2297 |
else:
|
| 1818 |
2298 |
print "Found out of interval."
|
| 1819 |
|
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2))
|
| 1820 |
|
# Check the root is in the bounds
|
| 1821 |
|
if abs(root[0]) > iBound or abs(root[1]) > tBound:
|
| 1822 |
|
print "Root", root, "is out of bounds for modular equation."
|
| 1823 |
|
if abs(root[0]) > iBound:
|
| 1824 |
|
print "root[0]:", root[0]
|
| 1825 |
|
print "i bound:", iBound
|
| 1826 |
|
failingBounds.append('i')
|
| 1827 |
|
failingBounds.append(root[0])
|
| 1828 |
|
failingBounds.append(iBound)
|
| 1829 |
|
if abs(root[1]) > tBound:
|
| 1830 |
|
print "root[1]:", root[1]
|
| 1831 |
|
print "t bound:", tBound
|
| 1832 |
|
failingBounds.append('t')
|
| 1833 |
|
failingBounds.append(root[1])
|
| 1834 |
|
failingBounds.append(tBound)
|
|
2299 |
# Check the i root is within the i bound.
|
|
2300 |
if abs(iRoot) > iBound:
|
|
2301 |
print "IRoot", iRoot, "is out of bounds for modular equation."
|
|
2302 |
print "i bound:", iBound
|
|
2303 |
failingBounds.append('i')
|
|
2304 |
failingBounds.append(iRoot)
|
|
2305 |
failingBounds.append(iBound)
|
| 1835 |
2306 |
if len(failingBounds) > 0:
|
| 1836 |
2307 |
specificRootResultsList.append(failingBounds)
|
| 1837 |
2308 |
else: # From slz_is_htrn...
|
| ... | ... | |
| 1923 |
2394 |
print "Global Wall time:", globalWallTime
|
| 1924 |
2395 |
print "Global CPU time:", globalCpuTime
|
| 1925 |
2396 |
## Output counters
|
| 1926 |
|
# End srs_compute_lattice_volume
|
| 1927 |
|
|
|
2397 |
# End srs_runSLZ-v04
|
|
2398 |
|