Révision 213 pobysoPythonSage/src/sageSLZ/sageRunSLZ.sage
| sageRunSLZ.sage (revision 213) | ||
|---|---|---|
| 1 |
r""" |
|
| 2 |
Main SLZ algorithm body in several versions. |
|
| 3 |
|
|
| 4 |
AUTHORS: |
|
| 5 |
- S.T. (2015-10-10): initial version |
|
| 6 |
|
|
| 7 |
Examples: |
|
| 8 |
TODO |
|
| 1 | 9 |
""" |
| 10 |
print "sageRationalOperations loading..." |
|
| 11 |
|
|
| 12 |
def srs_compute_lattice_volume(inputFunction, |
|
| 13 |
inputLowerBound, |
|
| 14 |
inputUpperBound, |
|
| 15 |
alpha, |
|
| 16 |
degree, |
|
| 17 |
precision, |
|
| 18 |
emin, |
|
| 19 |
emax, |
|
| 20 |
targetHardnessToRound, |
|
| 21 |
debug = False): |
|
| 22 |
""" |
|
| 23 |
Changes from V2: |
|
| 24 |
Root search is changed: |
|
| 25 |
- we compute the resultants in i and in t; |
|
| 26 |
- we compute the roots set of each of these resultants; |
|
| 27 |
- we combine all the possible pairs between the two sets; |
|
| 28 |
- we check these pairs in polynomials for correctness. |
|
| 29 |
Changes from V1: |
|
| 30 |
1- check for roots as soon as a resultant is computed; |
|
| 31 |
2- once a non null resultant is found, check for roots; |
|
| 32 |
3- constant resultant == no root. |
|
| 33 |
""" |
|
| 34 |
|
|
| 35 |
if debug: |
|
| 36 |
print "Function :", inputFunction |
|
| 37 |
print "Lower bound :", inputLowerBound |
|
| 38 |
print "Upper bounds :", inputUpperBound |
|
| 39 |
print "Alpha :", alpha |
|
| 40 |
print "Degree :", degree |
|
| 41 |
print "Precision :", precision |
|
| 42 |
print "Emin :", emin |
|
| 43 |
print "Emax :", emax |
|
| 44 |
print "Target hardness-to-round:", targetHardnessToRound |
|
| 45 |
|
|
| 46 |
## Important constants. |
|
| 47 |
### Stretch the interval if no error happens. |
|
| 48 |
noErrorIntervalStretch = 1 + 2^(-5) |
|
| 49 |
### If no vector validates the Coppersmith condition, shrink the interval |
|
| 50 |
# by the following factor. |
|
| 51 |
noCoppersmithIntervalShrink = 1/2 |
|
| 52 |
### If only (or at least) one vector validates the Coppersmith condition, |
|
| 53 |
# shrink the interval by the following factor. |
|
| 54 |
oneCoppersmithIntervalShrink = 3/4 |
|
| 55 |
#### If only null resultants are found, shrink the interval by the |
|
| 56 |
# following factor. |
|
| 57 |
onlyNullResultantsShrink = 3/4 |
|
| 58 |
## Structures. |
|
| 59 |
RRR = RealField(precision) |
|
| 60 |
RRIF = RealIntervalField(precision) |
|
| 61 |
## Converting input bound into the "right" field. |
|
| 62 |
lowerBound = RRR(inputLowerBound) |
|
| 63 |
upperBound = RRR(inputUpperBound) |
|
| 64 |
## Before going any further, check domain and image binade conditions. |
|
| 65 |
print inputFunction(1).n() |
|
| 66 |
output = slz_fix_bounds_for_binades(lowerBound, upperBound, inputFunction) |
|
| 67 |
if output is None: |
|
| 68 |
print "Invalid domain/image binades. Domain:",\ |
|
| 69 |
lowerBound, upperBound, "Images:", \ |
|
| 70 |
inputFunction(lowerBound), inputFunction(upperBound) |
|
| 71 |
raise Exception("Invalid domain/image binades.")
|
|
| 72 |
lb = output[0] ; ub = output[1] |
|
| 73 |
if lb != lowerBound or ub != upperBound: |
|
| 74 |
print "lb:", lb, " - ub:", ub |
|
| 75 |
print "Invalid domain/image binades. Domain:",\ |
|
| 76 |
lowerBound, upperBound, "Images:", \ |
|
| 77 |
inputFunction(lowerBound), inputFunction(upperBound) |
|
| 78 |
raise Exception("Invalid domain/image binades.")
|
|
| 79 |
# |
|
| 80 |
## Progam initialization |
|
| 81 |
### Approximation polynomial accuracy and hardness to round. |
|
| 82 |
polyApproxAccur = 2^(-(targetHardnessToRound + 1)) |
|
| 83 |
polyTargetHardnessToRound = targetHardnessToRound + 1 |
|
| 84 |
### Significand to integer conversion ratio. |
|
| 85 |
toIntegerFactor = 2^(precision-1) |
|
| 86 |
print "Polynomial approximation required accuracy:", polyApproxAccur.n() |
|
| 87 |
### Variables and rings for polynomials and root searching. |
|
| 88 |
i=var('i')
|
|
| 89 |
t=var('t')
|
|
| 90 |
inputFunctionVariable = inputFunction.variables()[0] |
|
| 91 |
function = inputFunction.subs({inputFunctionVariable:i})
|
|
| 92 |
# Polynomial Rings over the integers, for root finding. |
|
| 93 |
Zi = ZZ[i] |
|
| 94 |
Zt = ZZ[t] |
|
| 95 |
Zit = ZZ[i,t] |
|
| 96 |
## Number of iterations limit. |
|
| 97 |
maxIter = 100000 |
|
| 98 |
# |
|
| 99 |
## Compute the scaled function and the degree, in their Sollya version |
|
| 100 |
# once for all. |
|
| 101 |
(scaledf, sdlb, sdub, silb, siub) = \ |
|
| 102 |
slz_compute_scaled_function(function, lowerBound, upperBound, precision) |
|
| 103 |
print "Scaled function:", scaledf._assume_str().replace('_SAGE_VAR_', '')
|
|
| 104 |
scaledfSo = sollya_lib_parse_string(scaledf._assume_str().replace('_SAGE_VAR_', ''))
|
|
| 105 |
degreeSo = pobyso_constant_from_int_sa_so(degree) |
|
| 106 |
# |
|
| 107 |
## Compute the scaling. boundsIntervalRifSa defined out of the loops. |
|
| 108 |
domainBoundsInterval = RRIF(lowerBound, upperBound) |
|
| 109 |
(unscalingFunction, scalingFunction) = \ |
|
| 110 |
slz_interval_scaling_expression(domainBoundsInterval, i) |
|
| 111 |
#print scalingFunction, unscalingFunction |
|
| 112 |
## Set the Sollya internal precision (with an arbitrary minimum of 192). |
|
| 113 |
internalSollyaPrec = ceil((RR('1.5') * targetHardnessToRound) / 64) * 64
|
|
| 114 |
if internalSollyaPrec < 192: |
|
| 115 |
internalSollyaPrec = 192 |
|
| 116 |
pobyso_set_prec_sa_so(internalSollyaPrec) |
|
| 117 |
print "Sollya internal precision:", internalSollyaPrec |
|
| 118 |
## Some variables. |
|
| 119 |
### General variables |
|
| 120 |
lb = sdlb |
|
| 121 |
ub = sdub |
|
| 122 |
nbw = 0 |
|
| 123 |
intervalUlp = ub.ulp() |
|
| 124 |
#### Will be set by slz_interval_and_polynomila_to_sage. |
|
| 125 |
ic = 0 |
|
| 126 |
icAsInt = 0 # Set from ic. |
|
| 127 |
solutionsSet = set() |
|
| 128 |
tsErrorWidth = [] |
|
| 129 |
csErrorVectors = [] |
|
| 130 |
csVectorsResultants = [] |
|
| 131 |
floatP = 0 # Taylor polynomial. |
|
| 132 |
floatPcv = 0 # Ditto with variable change. |
|
| 133 |
intvl = "" # Taylor interval |
|
| 134 |
terr = 0 # Taylor error. |
|
| 135 |
iterCount = 0 |
|
| 136 |
htrnSet = set() |
|
| 137 |
### Timers and counters. |
|
| 138 |
wallTimeStart = 0 |
|
| 139 |
cpuTimeStart = 0 |
|
| 140 |
taylCondFailedCount = 0 |
|
| 141 |
coppCondFailedCount = 0 |
|
| 142 |
resultCondFailedCount = 0 |
|
| 143 |
coppCondFailed = False |
|
| 144 |
resultCondFailed = False |
|
| 145 |
globalResultsList = [] |
|
| 146 |
basisConstructionsCount = 0 |
|
| 147 |
basisConstructionsFullTime = 0 |
|
| 148 |
basisConstructionTime = 0 |
|
| 149 |
reductionsCount = 0 |
|
| 150 |
reductionsFullTime = 0 |
|
| 151 |
reductionTime = 0 |
|
| 152 |
resultantsComputationsCount = 0 |
|
| 153 |
resultantsComputationsFullTime = 0 |
|
| 154 |
resultantsComputationTime = 0 |
|
| 155 |
rootsComputationsCount = 0 |
|
| 156 |
rootsComputationsFullTime = 0 |
|
| 157 |
rootsComputationTime = 0 |
|
| 158 |
|
|
| 159 |
## Global times are started here. |
|
| 160 |
wallTimeStart = walltime() |
|
| 161 |
cpuTimeStart = cputime() |
|
| 162 |
## Main loop. |
|
| 163 |
while True: |
|
| 164 |
if lb >= sdub: |
|
| 165 |
print "Lower bound reached upper bound." |
|
| 166 |
break |
|
| 167 |
if iterCount == maxIter: |
|
| 168 |
print "Reached maxIter. Aborting" |
|
| 169 |
break |
|
| 170 |
iterCount += 1 |
|
| 171 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \ |
|
| 172 |
"log2(numbers)." |
|
| 173 |
### Compute a Sollya polynomial that will honor the Taylor condition. |
|
| 174 |
prceSo = slz_compute_polynomial_and_interval(scaledfSo, |
|
| 175 |
degreeSo, |
|
| 176 |
lb, |
|
| 177 |
ub, |
|
| 178 |
polyApproxAccur) |
|
| 179 |
### Convert back the data into Sage space. |
|
| 180 |
(floatP, floatPcv, intvl, ic, terr) = \ |
|
| 181 |
slz_interval_and_polynomial_to_sage((prceSo[0], prceSo[0], |
|
| 182 |
prceSo[1], prceSo[2], |
|
| 183 |
prceSo[3])) |
|
| 184 |
intvl = RRIF(intvl) |
|
| 185 |
## Clean-up Sollya stuff. |
|
| 186 |
for elem in prceSo: |
|
| 187 |
sollya_lib_clear_obj(elem) |
|
| 188 |
#print floatP, floatPcv, intvl, ic, terr |
|
| 189 |
#print floatP |
|
| 190 |
#print intvl.endpoints()[0].n(), \ |
|
| 191 |
# ic.n(), |
|
| 192 |
#intvl.endpoints()[1].n() |
|
| 193 |
### Check returned data. |
|
| 194 |
#### Is approximation error OK? |
|
| 195 |
if terr > polyApproxAccur: |
|
| 196 |
exceptionErrorMess = \ |
|
| 197 |
"Approximation failed - computed error:" + \ |
|
| 198 |
str(terr) + " - target error: " |
|
| 199 |
exceptionErrorMess += \ |
|
| 200 |
str(polyApproxAccur) + ". Aborting!" |
|
| 201 |
raise Exception(exceptionErrorMess) |
|
| 202 |
#### Is lower bound OK? |
|
| 203 |
if lb != intvl.endpoints()[0]: |
|
| 204 |
exceptionErrorMess = "Wrong lower bound:" + \ |
|
| 205 |
str(lb) + ". Aborting!" |
|
| 206 |
raise Exception(exceptionErrorMess) |
|
| 207 |
#### Set upper bound. |
|
| 208 |
if ub > intvl.endpoints()[1]: |
|
| 209 |
ub = intvl.endpoints()[1] |
|
| 210 |
print "[", lb, ",", ub, "]", ((ub - lb) / intervalUlp).log2().n(), \ |
|
| 211 |
"log2(numbers)." |
|
| 212 |
taylCondFailedCount += 1 |
|
| 213 |
#### Is interval not degenerate? |
|
| 214 |
if lb >= ub: |
|
| 215 |
exceptionErrorMess = "Degenerate interval: " + \ |
|
| 216 |
"lowerBound(" + str(lb) +\
|
|
| 217 |
")>= upperBound(" + str(ub) + \
|
|
| 218 |
"). Aborting!" |
|
| 219 |
raise Exception(exceptionErrorMess) |
|
| 220 |
#### Is interval center ok? |
|
| 221 |
if ic <= lb or ic >= ub: |
|
| 222 |
exceptionErrorMess = "Invalid interval center for " + \ |
|
| 223 |
str(lb) + ',' + str(ic) + ',' + \ |
|
| 224 |
str(ub) + ". Aborting!" |
|
| 225 |
raise Exception(exceptionErrorMess) |
|
| 226 |
##### Current interval width and reset future interval width. |
|
| 227 |
bw = ub - lb |
|
| 228 |
nbw = 0 |
|
| 229 |
icAsInt = int(ic * toIntegerFactor) |
|
| 230 |
#### The following ratio is always >= 1. In case we may want to |
|
| 231 |
# enlarge the interval |
|
| 232 |
curTaylErrRat = polyApproxAccur / terr |
|
| 233 |
### Make the integral transformations. |
|
| 234 |
#### Bounds and interval center. |
|
| 235 |
intIc = int(ic * toIntegerFactor) |
|
| 236 |
intLb = int(lb * toIntegerFactor) - intIc |
|
| 237 |
intUb = int(ub * toIntegerFactor) - intIc |
|
| 238 |
# |
|
| 239 |
#### Polynomials |
|
| 240 |
basisConstructionTime = cputime() |
|
| 241 |
##### To a polynomial with rational coefficients with rational arguments |
|
| 242 |
ratRatP = slz_float_poly_of_float_to_rat_poly_of_rat_pow_two(floatP) |
|
| 243 |
##### To a polynomial with rational coefficients with integer arguments |
|
| 244 |
ratIntP = \ |
|
| 245 |
slz_rat_poly_of_rat_to_rat_poly_of_int(ratRatP, precision) |
|
| 246 |
##### Ultimately a multivariate polynomial with integer coefficients |
|
| 247 |
# with integer arguments. |
|
| 248 |
coppersmithTuple = \ |
|
| 249 |
slz_rat_poly_of_int_to_poly_for_coppersmith(ratIntP, |
|
| 250 |
precision, |
|
| 251 |
targetHardnessToRound, |
|
| 252 |
i, t) |
|
| 253 |
#### Recover Coppersmith information. |
|
| 254 |
intIntP = coppersmithTuple[0] |
|
| 255 |
N = coppersmithTuple[1] |
|
| 256 |
nAtAlpha = N^alpha |
|
| 257 |
tBound = coppersmithTuple[2] |
|
| 258 |
leastCommonMultiple = coppersmithTuple[3] |
|
| 259 |
iBound = max(abs(intLb),abs(intUb)) |
|
| 260 |
basisConstructionsFullTime += cputime(basisConstructionTime) |
|
| 261 |
basisConstructionsCount += 1 |
|
| 262 |
reductionTime = cputime() |
|
| 263 |
#### Compute the reduced polynomials. |
|
| 264 |
ccReducedPolynomialsList = \ |
|
| 265 |
slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(intIntP, |
|
| 266 |
alpha, |
|
| 267 |
N, |
|
| 268 |
iBound, |
|
| 269 |
tBound) |
|
| 270 |
if ccReducedPolynomialsList is None: |
|
| 271 |
raise Exception("Reduction failed.")
|
|
| 272 |
reductionsFullTime += cputime(reductionTime) |
|
| 273 |
reductionsCount += 1 |
|
| 274 |
if len(ccReducedPolynomialsList) < 2: |
|
| 275 |
print "Nothing to form resultants with." |
|
| 276 |
|
|
| 277 |
coppCondFailedCount += 1 |
|
| 278 |
coppCondFailed = True |
|
| 279 |
##### Apply a different shrink factor according to |
|
| 280 |
# the number of compliant polynomials. |
|
| 281 |
if len(ccReducedPolynomialsList) == 0: |
|
| 282 |
ub = lb + bw * noCoppersmithIntervalShrink |
|
| 283 |
else: # At least one compliant polynomial. |
|
| 284 |
ub = lb + bw * oneCoppersmithIntervalShrink |
|
| 285 |
if ub > sdub: |
|
| 286 |
ub = sdub |
|
| 287 |
if lb == ub: |
|
| 288 |
raise Exception("Cant shrink interval \
|
|
| 289 |
anymore to get Coppersmith condition.") |
|
| 290 |
nbw = 0 |
|
| 291 |
continue |
|
| 292 |
#### We have at least two polynomials. |
|
| 293 |
# Let us try to compute resultants. |
|
| 294 |
# For each resultant computed, go for the solutions. |
|
| 295 |
##### Build the pairs list. |
|
| 296 |
polyPairsList = [] |
|
| 297 |
for polyOuterIndex in xrange(0, len(ccReducedPolynomialsList) - 1): |
|
| 298 |
for polyInnerIndex in xrange(polyOuterIndex+1, |
|
| 299 |
len(ccReducedPolynomialsList)): |
|
| 300 |
polyPairsList.append((ccReducedPolynomialsList[polyOuterIndex], |
|
| 301 |
ccReducedPolynomialsList[polyInnerIndex])) |
|
| 302 |
#### Actual root search. |
|
| 303 |
rootsSet = set() |
|
| 304 |
hasNonNullResultant = False |
|
| 305 |
for polyPair in polyPairsList: |
|
| 306 |
if hasNonNullResultant: |
|
| 307 |
break |
|
| 308 |
resultantsComputationTime = cputime() |
|
| 309 |
currentResultantI = \ |
|
| 310 |
slz_resultant(polyPair[0], |
|
| 311 |
polyPair[1], |
|
| 312 |
t) |
|
| 313 |
resultantsComputationsCount += 1 |
|
| 314 |
if currentResultantI is None: |
|
| 315 |
resultantsComputationsFullTime += \ |
|
| 316 |
cputime(resultantsComputationTime) |
|
| 317 |
print "Nul resultant" |
|
| 318 |
continue # Next polyPair. |
|
| 319 |
currentResultantT = \ |
|
| 320 |
slz_resultant(polyPair[0], |
|
| 321 |
polyPair[1], |
|
| 322 |
i) |
|
| 323 |
resultantsComputationsFullTime += cputime(resultantsComputationTime) |
|
| 324 |
resultantsComputationsCount += 1 |
|
| 325 |
if currentResultantT is None: |
|
| 326 |
print "Nul resultant" |
|
| 327 |
continue # Next polyPair. |
|
| 328 |
else: |
|
| 329 |
hasNonNullResultant = True |
|
| 330 |
#### We have a non null resultants pair. From now on, whatever the |
|
| 331 |
# root search yields, no extra root search is necessary. |
|
| 332 |
#### A constant resultant leads to no root. Root search is done. |
|
| 333 |
if currentResultantI.degree() < 1: |
|
| 334 |
print "Resultant is constant:", currentResultantI |
|
| 335 |
break # Next polyPair and should break. |
|
| 336 |
if currentResultantT.degree() < 1: |
|
| 337 |
print "Resultant is constant:", currentResultantT |
|
| 338 |
break # Next polyPair and should break. |
|
| 339 |
#### Actual roots computation. |
|
| 340 |
rootsComputationTime = cputime() |
|
| 341 |
##### Compute i roots |
|
| 342 |
iRootsList = Zi(currentResultantI).roots() |
|
| 343 |
rootsComputationsCount += 1 |
|
| 344 |
if len(iRootsList) == 0: |
|
| 345 |
rootsComputationsFullTime = cputime(rootsComputationTime) |
|
| 346 |
print "No roots in \"i\"." |
|
| 347 |
break # No roots in i. |
|
| 348 |
tRootsList = Zt(currentResultantT).roots() |
|
| 349 |
rootsComputationsFullTime = cputime(rootsComputationTime) |
|
| 350 |
rootsComputationsCount += 1 |
|
| 351 |
if len(tRootsList) == 0: |
|
| 352 |
print "No roots in \"t\"." |
|
| 353 |
break # No roots in i. |
|
| 354 |
##### For each iRoot, get a tRoot and check against the polynomials. |
|
| 355 |
for iRoot in iRootsList: |
|
| 356 |
####### Roots returned by roots() are (value, multiplicity) |
|
| 357 |
# tuples. |
|
| 358 |
#print "iRoot:", iRoot |
|
| 359 |
for tRoot in tRootsList: |
|
| 360 |
###### Use the tRoot against each polynomial, alternatively. |
|
| 361 |
if polyPair[0](iRoot[0],tRoot[0]) != 0: |
|
| 362 |
continue |
|
| 363 |
if polyPair[1](iRoot[0],tRoot[0]) != 0: |
|
| 364 |
continue |
|
| 365 |
rootsSet.add((iRoot[0], tRoot[0])) |
|
| 366 |
# End of roots computation. |
|
| 367 |
# End loop for polyPair in polyParsList. Will break at next iteration. |
|
| 368 |
# since a non null resultant was found. |
|
| 369 |
#### Prepare for results for the current interval.. |
|
| 370 |
intervalResultsList = [] |
|
| 371 |
intervalResultsList.append((lb, ub)) |
|
| 372 |
#### Check roots. |
|
| 373 |
rootsResultsList = [] |
|
| 374 |
for root in rootsSet: |
|
| 375 |
specificRootResultsList = [] |
|
| 376 |
failingBounds = [] |
|
| 377 |
intIntPdivN = intIntP(root[0], root[1]) / N |
|
| 378 |
if int(intIntPdivN) != intIntPdivN: |
|
| 379 |
continue # Next root |
|
| 380 |
# Root qualifies for modular equation, test it for hardness to round. |
|
| 381 |
hardToRoundCaseAsFloat = RRR((icAsInt + root[0]) / toIntegerFactor) |
|
| 382 |
#print "Before unscaling:", hardToRoundCaseAsFloat.n(prec=precision) |
|
| 383 |
#print scalingFunction |
|
| 384 |
scaledHardToRoundCaseAsFloat = \ |
|
| 385 |
scalingFunction(hardToRoundCaseAsFloat) |
|
| 386 |
print "Candidate HTRNc at x =", \ |
|
| 387 |
scaledHardToRoundCaseAsFloat.n().str(base=2), |
|
| 388 |
if slz_is_htrn(scaledHardToRoundCaseAsFloat, |
|
| 389 |
function, |
|
| 390 |
2^-(targetHardnessToRound), |
|
| 391 |
RRR): |
|
| 392 |
print hardToRoundCaseAsFloat, "is HTRN case." |
|
| 393 |
if lb <= hardToRoundCaseAsFloat and hardToRoundCaseAsFloat <= ub: |
|
| 394 |
print "Found in interval." |
|
| 395 |
else: |
|
| 396 |
print "Found out of interval." |
|
| 397 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2)) |
|
| 398 |
# Check the root is in the bounds |
|
| 399 |
if abs(root[0]) > iBound or abs(root[1]) > tBound: |
|
| 400 |
print "Root", root, "is out of bounds for modular equation." |
|
| 401 |
if abs(root[0]) > iBound: |
|
| 402 |
print "root[0]:", root[0] |
|
| 403 |
print "i bound:", iBound |
|
| 404 |
failingBounds.append('i')
|
|
| 405 |
failingBounds.append(root[0]) |
|
| 406 |
failingBounds.append(iBound) |
|
| 407 |
if abs(root[1]) > tBound: |
|
| 408 |
print "root[1]:", root[1] |
|
| 409 |
print "t bound:", tBound |
|
| 410 |
failingBounds.append('t')
|
|
| 411 |
failingBounds.append(root[1]) |
|
| 412 |
failingBounds.append(tBound) |
|
| 413 |
if len(failingBounds) > 0: |
|
| 414 |
specificRootResultsList.append(failingBounds) |
|
| 415 |
else: # From slz_is_htrn... |
|
| 416 |
print "is not an HTRN case." |
|
| 417 |
if len(specificRootResultsList) > 0: |
|
| 418 |
rootsResultsList.append(specificRootResultsList) |
|
| 419 |
if len(rootsResultsList) > 0: |
|
| 420 |
intervalResultsList.append(rootsResultsList) |
|
| 421 |
### Check if a non null resultant was found. If not shrink the interval. |
|
| 422 |
if not hasNonNullResultant: |
|
| 423 |
print "Only null resultants for this reduction, shrinking interval." |
|
| 424 |
resultCondFailed = True |
|
| 425 |
resultCondFailedCount += 1 |
|
| 426 |
### Shrink interval for next iteration. |
|
| 427 |
ub = lb + bw * onlyNullResultantsShrink |
|
| 428 |
if ub > sdub: |
|
| 429 |
ub = sdub |
|
| 430 |
nbw = 0 |
|
| 431 |
continue |
|
| 432 |
#### An intervalResultsList has at least the bounds. |
|
| 433 |
globalResultsList.append(intervalResultsList) |
|
| 434 |
#### Compute an incremented width for next upper bound, only |
|
| 435 |
# if not Coppersmith condition nor resultant condition |
|
| 436 |
# failed at the previous run. |
|
| 437 |
if not coppCondFailed and not resultCondFailed: |
|
| 438 |
nbw = noErrorIntervalStretch * bw |
|
| 439 |
else: |
|
| 440 |
nbw = bw |
|
| 441 |
##### Reset the failure flags. They will be raised |
|
| 442 |
# again if needed. |
|
| 443 |
coppCondFailed = False |
|
| 444 |
resultCondFailed = False |
|
| 445 |
#### For next iteration (at end of loop) |
|
| 446 |
#print "nbw:", nbw |
|
| 447 |
lb = ub |
|
| 448 |
ub += nbw |
|
| 449 |
if ub > sdub: |
|
| 450 |
ub = sdub |
|
| 451 |
|
|
| 452 |
# End while True |
|
| 453 |
## Main loop just ended. |
|
| 454 |
globalWallTime = walltime(wallTimeStart) |
|
| 455 |
globalCpuTime = cputime(cpuTimeStart) |
|
| 456 |
## Output results |
|
| 457 |
print ; print "Intervals and HTRNs" ; print |
|
| 458 |
for intervalResultsList in globalResultsList: |
|
| 459 |
print "[", intervalResultsList[0][0], ",",intervalResultsList[0][1], "]", |
|
| 460 |
if len(intervalResultsList) > 1: |
|
| 461 |
rootsResultsList = intervalResultsList[1] |
|
| 462 |
for specificRootResultsList in rootsResultsList: |
|
| 463 |
print "\t", specificRootResultsList[0], |
|
| 464 |
if len(specificRootResultsList) > 1: |
|
| 465 |
print specificRootResultsList[1], |
|
| 466 |
print ; print |
|
| 467 |
#print globalResultsList |
|
| 468 |
# |
|
| 469 |
print "Timers and counters" |
|
| 470 |
|
|
| 471 |
print "Number of iterations:", iterCount |
|
| 472 |
print "Taylor condition failures:", taylCondFailedCount |
|
| 473 |
print "Coppersmith condition failures:", coppCondFailedCount |
|
| 474 |
print "Resultant condition failures:", resultCondFailedCount |
|
| 475 |
print "Iterations count: ", iterCount |
|
| 476 |
print "Number of intervals:", len(globalResultsList) |
|
| 477 |
print "Number of basis constructions:", basisConstructionsCount |
|
| 478 |
print "Total CPU time spent in basis constructions:", \ |
|
| 479 |
basisConstructionsFullTime |
|
| 480 |
if basisConstructionsCount != 0: |
|
| 481 |
print "Average basis construction CPU time:", \ |
|
| 482 |
basisConstructionsFullTime/basisConstructionsCount |
|
| 483 |
print "Number of reductions:", reductionsCount |
|
| 484 |
print "Total CPU time spent in reductions:", reductionsFullTime |
|
| 485 |
if reductionsCount != 0: |
|
| 486 |
print "Average reduction CPU time:", \ |
|
| 487 |
reductionsFullTime/reductionsCount |
|
| 488 |
print "Number of resultants computation rounds:", \ |
|
| 489 |
resultantsComputationsCount |
|
| 490 |
print "Total CPU time spent in resultants computation rounds:", \ |
|
| 491 |
resultantsComputationsFullTime |
|
| 492 |
if resultantsComputationsCount != 0: |
|
| 493 |
print "Average resultants computation round CPU time:", \ |
|
| 494 |
resultantsComputationsFullTime/resultantsComputationsCount |
|
| 495 |
print "Number of root finding rounds:", rootsComputationsCount |
|
| 496 |
print "Total CPU time spent in roots finding rounds:", \ |
|
| 497 |
rootsComputationsFullTime |
|
| 498 |
if rootsComputationsCount != 0: |
|
| 499 |
print "Average roots finding round CPU time:", \ |
|
| 500 |
rootsComputationsFullTime/rootsComputationsCount |
|
| 501 |
print "Global Wall time:", globalWallTime |
|
| 502 |
print "Global CPU time:", globalCpuTime |
|
| 503 |
## Output counters |
|
| 504 |
# End srs_compute_lattice_volume |
|
| 505 |
|
|
| 506 |
""" |
|
| 2 | 507 |
SLZ runtime function. |
| 3 | 508 |
""" |
| 4 | 509 |
|
| ... | ... | |
| 1431 | 1936 |
## Output counters |
| 1432 | 1937 |
# End srs_runSLZ-v03 |
| 1433 | 1938 |
|
| 1434 |
def srs_compute_lattice_volume(inputFunction,
|
|
| 1939 |
def srs_run_SLZ_v04(inputFunction,
|
|
| 1435 | 1940 |
inputLowerBound, |
| 1436 | 1941 |
inputUpperBound, |
| 1437 | 1942 |
alpha, |
| ... | ... | |
| 1442 | 1947 |
targetHardnessToRound, |
| 1443 | 1948 |
debug = False): |
| 1444 | 1949 |
""" |
| 1950 |
Changes from V3: |
|
| 1951 |
Root search is changed again: |
|
| 1952 |
- only resultants in i are computed; |
|
| 1953 |
- root are searched for; |
|
| 1954 |
- if any, they are tested for hardness-to-round. |
|
| 1445 | 1955 |
Changes from V2: |
| 1446 | 1956 |
Root search is changed: |
| 1447 | 1957 |
- we compute the resultants in i and in t; |
| ... | ... | |
| 1684 | 2194 |
reductionTime = cputime() |
| 1685 | 2195 |
#### Compute the reduced polynomials. |
| 1686 | 2196 |
ccReducedPolynomialsList = \ |
| 1687 |
slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(intIntP,
|
|
| 1688 |
alpha, |
|
| 1689 |
N, |
|
| 1690 |
iBound, |
|
| 1691 |
tBound) |
|
| 2197 |
slz_compute_coppersmith_reduced_polynomials(intIntP,
|
|
| 2198 |
alpha,
|
|
| 2199 |
N,
|
|
| 2200 |
iBound,
|
|
| 2201 |
tBound)
|
|
| 1692 | 2202 |
if ccReducedPolynomialsList is None: |
| 1693 | 2203 |
raise Exception("Reduction failed.")
|
| 1694 | 2204 |
reductionsFullTime += cputime(reductionTime) |
| ... | ... | |
| 1722 | 2232 |
polyPairsList.append((ccReducedPolynomialsList[polyOuterIndex], |
| 1723 | 2233 |
ccReducedPolynomialsList[polyInnerIndex])) |
| 1724 | 2234 |
#### Actual root search. |
| 1725 |
rootsSet = set()
|
|
| 2235 |
iRootsSet = set()
|
|
| 1726 | 2236 |
hasNonNullResultant = False |
| 1727 | 2237 |
for polyPair in polyPairsList: |
| 1728 |
if hasNonNullResultant: |
|
| 1729 |
break |
|
| 1730 | 2238 |
resultantsComputationTime = cputime() |
| 1731 | 2239 |
currentResultantI = \ |
| 1732 | 2240 |
slz_resultant(polyPair[0], |
| 1733 | 2241 |
polyPair[1], |
| 1734 | 2242 |
t) |
| 1735 | 2243 |
resultantsComputationsCount += 1 |
| 2244 |
resultantsComputationsFullTime += \ |
|
| 2245 |
cputime(resultantsComputationTime) |
|
| 2246 |
#### Function slz_resultant returns None both for None and O |
|
| 2247 |
# resultants. |
|
| 1736 | 2248 |
if currentResultantI is None: |
| 1737 |
resultantsComputationsFullTime += \ |
|
| 1738 |
cputime(resultantsComputationTime) |
|
| 1739 | 2249 |
print "Nul resultant" |
| 1740 | 2250 |
continue # Next polyPair. |
| 1741 |
currentResultantT = \ |
|
| 1742 |
slz_resultant(polyPair[0], |
|
| 1743 |
polyPair[1], |
|
| 1744 |
i) |
|
| 1745 |
resultantsComputationsFullTime += cputime(resultantsComputationTime) |
|
| 1746 |
resultantsComputationsCount += 1 |
|
| 1747 |
if currentResultantT is None: |
|
| 1748 |
print "Nul resultant" |
|
| 1749 |
continue # Next polyPair. |
|
| 1750 |
else: |
|
| 1751 |
hasNonNullResultant = True |
|
| 1752 |
#### We have a non null resultants pair. From now on, whatever the |
|
| 2251 |
## We deleted the currentResultantI computation. |
|
| 2252 |
#### We have a non null resultant. From now on, whatever this |
|
| 1753 | 2253 |
# root search yields, no extra root search is necessary. |
| 2254 |
hasNonNullResultant = True |
|
| 1754 | 2255 |
#### A constant resultant leads to no root. Root search is done. |
| 1755 | 2256 |
if currentResultantI.degree() < 1: |
| 1756 | 2257 |
print "Resultant is constant:", currentResultantI |
| 1757 |
break # Next polyPair and should break. |
|
| 1758 |
if currentResultantT.degree() < 1: |
|
| 1759 |
print "Resultant is constant:", currentResultantT |
|
| 1760 |
break # Next polyPair and should break. |
|
| 1761 |
#### Actual roots computation. |
|
| 1762 |
rootsComputationTime = cputime() |
|
| 1763 |
##### Compute i roots |
|
| 2258 |
break # There is no root. |
|
| 2259 |
#### Actual iroots computation. |
|
| 2260 |
rootsComputationTime = cputime() |
|
| 1764 | 2261 |
iRootsList = Zi(currentResultantI).roots() |
| 1765 | 2262 |
rootsComputationsCount += 1 |
| 2263 |
rootsComputationsFullTime = cputime(rootsComputationTime) |
|
| 1766 | 2264 |
if len(iRootsList) == 0: |
| 1767 |
rootsComputationsFullTime = cputime(rootsComputationTime) |
|
| 1768 | 2265 |
print "No roots in \"i\"." |
| 1769 | 2266 |
break # No roots in i. |
| 1770 |
tRootsList = Zt(currentResultantT).roots() |
|
| 1771 |
rootsComputationsFullTime = cputime(rootsComputationTime) |
|
| 1772 |
rootsComputationsCount += 1 |
|
| 1773 |
if len(tRootsList) == 0: |
|
| 1774 |
print "No roots in \"t\"." |
|
| 1775 |
break # No roots in i. |
|
| 1776 |
##### For each iRoot, get a tRoot and check against the polynomials. |
|
| 1777 |
for iRoot in iRootsList: |
|
| 1778 |
####### Roots returned by roots() are (value, multiplicity) |
|
| 1779 |
# tuples. |
|
| 1780 |
#print "iRoot:", iRoot |
|
| 1781 |
for tRoot in tRootsList: |
|
| 1782 |
###### Use the tRoot against each polynomial, alternatively. |
|
| 1783 |
if polyPair[0](iRoot[0],tRoot[0]) != 0: |
|
| 1784 |
continue |
|
| 1785 |
if polyPair[1](iRoot[0],tRoot[0]) != 0: |
|
| 1786 |
continue |
|
| 1787 |
rootsSet.add((iRoot[0], tRoot[0])) |
|
| 1788 |
# End of roots computation. |
|
| 1789 |
# End loop for polyPair in polyParsList. Will break at next iteration. |
|
| 1790 |
# since a non null resultant was found. |
|
| 2267 |
else: |
|
| 2268 |
for iRoot in iRootsList: |
|
| 2269 |
# A root is given as a (value, multiplicity) tuple. |
|
| 2270 |
iRootsSet.add(iRoot[0]) |
|
| 2271 |
# End loop for polyPair in polyParsList. We only loop again if a |
|
| 2272 |
# None or zero resultant is found. |
|
| 1791 | 2273 |
#### Prepare for results for the current interval.. |
| 1792 | 2274 |
intervalResultsList = [] |
| 1793 | 2275 |
intervalResultsList.append((lb, ub)) |
| 1794 | 2276 |
#### Check roots. |
| 1795 | 2277 |
rootsResultsList = [] |
| 1796 |
for root in rootsSet:
|
|
| 2278 |
for iRoot in iRootsSet:
|
|
| 1797 | 2279 |
specificRootResultsList = [] |
| 1798 |
failingBounds = [] |
|
| 1799 |
intIntPdivN = intIntP(root[0], root[1]) / N |
|
| 1800 |
if int(intIntPdivN) != intIntPdivN: |
|
| 1801 |
continue # Next root |
|
| 2280 |
failingBounds = [] |
|
| 1802 | 2281 |
# Root qualifies for modular equation, test it for hardness to round. |
| 1803 |
hardToRoundCaseAsFloat = RRR((icAsInt + root[0]) / toIntegerFactor)
|
|
| 2282 |
hardToRoundCaseAsFloat = RRR((icAsInt + iRoot) / toIntegerFactor)
|
|
| 1804 | 2283 |
#print "Before unscaling:", hardToRoundCaseAsFloat.n(prec=precision) |
| 1805 | 2284 |
#print scalingFunction |
| 1806 | 2285 |
scaledHardToRoundCaseAsFloat = \ |
| ... | ... | |
| 1812 | 2291 |
2^-(targetHardnessToRound), |
| 1813 | 2292 |
RRR): |
| 1814 | 2293 |
print hardToRoundCaseAsFloat, "is HTRN case." |
| 2294 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2)) |
|
| 1815 | 2295 |
if lb <= hardToRoundCaseAsFloat and hardToRoundCaseAsFloat <= ub: |
| 1816 | 2296 |
print "Found in interval." |
| 1817 | 2297 |
else: |
| 1818 | 2298 |
print "Found out of interval." |
| 1819 |
specificRootResultsList.append(hardToRoundCaseAsFloat.n().str(base=2)) |
|
| 1820 |
# Check the root is in the bounds |
|
| 1821 |
if abs(root[0]) > iBound or abs(root[1]) > tBound: |
|
| 1822 |
print "Root", root, "is out of bounds for modular equation." |
|
| 1823 |
if abs(root[0]) > iBound: |
|
| 1824 |
print "root[0]:", root[0] |
|
| 1825 |
print "i bound:", iBound |
|
| 1826 |
failingBounds.append('i')
|
|
| 1827 |
failingBounds.append(root[0]) |
|
| 1828 |
failingBounds.append(iBound) |
|
| 1829 |
if abs(root[1]) > tBound: |
|
| 1830 |
print "root[1]:", root[1] |
|
| 1831 |
print "t bound:", tBound |
|
| 1832 |
failingBounds.append('t')
|
|
| 1833 |
failingBounds.append(root[1]) |
|
| 1834 |
failingBounds.append(tBound) |
|
| 2299 |
# Check the i root is within the i bound. |
|
| 2300 |
if abs(iRoot) > iBound: |
|
| 2301 |
print "IRoot", iRoot, "is out of bounds for modular equation." |
|
| 2302 |
print "i bound:", iBound |
|
| 2303 |
failingBounds.append('i')
|
|
| 2304 |
failingBounds.append(iRoot) |
|
| 2305 |
failingBounds.append(iBound) |
|
| 1835 | 2306 |
if len(failingBounds) > 0: |
| 1836 | 2307 |
specificRootResultsList.append(failingBounds) |
| 1837 | 2308 |
else: # From slz_is_htrn... |
| ... | ... | |
| 1923 | 2394 |
print "Global Wall time:", globalWallTime |
| 1924 | 2395 |
print "Global CPU time:", globalCpuTime |
| 1925 | 2396 |
## Output counters |
| 1926 |
# End srs_compute_lattice_volume |
|
| 1927 |
|
|
| 2397 |
# End srs_runSLZ-v04 |
|
| 2398 |
|
|
Formats disponibles : Unified diff