Révision 243
| pobysoPythonSage/src/sageSLZ/sageSLZ.sage (revision 243) | ||
|---|---|---|
| 248 | 248 |
#print ccReducedPolynomialsList |
| 249 | 249 |
return ccReducedPolynomialsList |
| 250 | 250 |
# End slz_compute_coppersmith_reduced_polynomials |
| 251 |
|
|
| 251 |
# |
|
| 252 |
def slz_compute_coppersmith_reduced_polynomials_gram(inputPolynomial, |
|
| 253 |
alpha, |
|
| 254 |
N, |
|
| 255 |
iBound, |
|
| 256 |
tBound, |
|
| 257 |
debug = False): |
|
| 258 |
""" |
|
| 259 |
For a given set of arguments (see below), compute a list |
|
| 260 |
of "reduced polynomials" that could be used to compute roots |
|
| 261 |
of the inputPolynomial. |
|
| 262 |
INPUT: |
|
| 263 |
|
|
| 264 |
- "inputPolynomial" -- (no default) a bivariate integer polynomial; |
|
| 265 |
- "alpha" -- the alpha parameter of the Coppersmith algorithm; |
|
| 266 |
- "N" -- the modulus; |
|
| 267 |
- "iBound" -- the bound on the first variable; |
|
| 268 |
- "tBound" -- the bound on the second variable. |
|
| 269 |
|
|
| 270 |
OUTPUT: |
|
| 271 |
|
|
| 272 |
A list of bivariate integer polynomial obtained using the Coppersmith |
|
| 273 |
algorithm. The polynomials correspond to the rows of the LLL-reduce |
|
| 274 |
reduced base that comply with the Coppersmith condition. |
|
| 275 |
""" |
|
| 276 |
# Arguments check. |
|
| 277 |
if iBound == 0 or tBound == 0: |
|
| 278 |
return None |
|
| 279 |
# End arguments check. |
|
| 280 |
nAtAlpha = N^alpha |
|
| 281 |
## Building polynomials for matrix. |
|
| 282 |
polyRing = inputPolynomial.parent() |
|
| 283 |
# Whatever the 2 variables are actually called, we call them |
|
| 284 |
# 'i' and 't' in all the variable names. |
|
| 285 |
(iVariable, tVariable) = inputPolynomial.variables()[:2] |
|
| 286 |
#print polyVars[0], type(polyVars[0]) |
|
| 287 |
initialPolynomial = inputPolynomial.subs({iVariable:iVariable * iBound,
|
|
| 288 |
tVariable:tVariable * tBound}) |
|
| 289 |
if debug: |
|
| 290 |
polynomialsList = \ |
|
| 291 |
spo_polynomial_to_polynomials_list_8(initialPolynomial, |
|
| 292 |
alpha, |
|
| 293 |
N, |
|
| 294 |
iBound, |
|
| 295 |
tBound, |
|
| 296 |
20) |
|
| 297 |
else: |
|
| 298 |
polynomialsList = \ |
|
| 299 |
spo_polynomial_to_polynomials_list_8(initialPolynomial, |
|
| 300 |
alpha, |
|
| 301 |
N, |
|
| 302 |
iBound, |
|
| 303 |
tBound, |
|
| 304 |
0) |
|
| 305 |
#print "Polynomials list:", polynomialsList |
|
| 306 |
## Building the proto matrix. |
|
| 307 |
knownMonomials = [] |
|
| 308 |
protoMatrix = [] |
|
| 309 |
if debug: |
|
| 310 |
for poly in polynomialsList: |
|
| 311 |
spo_add_polynomial_coeffs_to_matrix_row(poly, |
|
| 312 |
knownMonomials, |
|
| 313 |
protoMatrix, |
|
| 314 |
20) |
|
| 315 |
else: |
|
| 316 |
for poly in polynomialsList: |
|
| 317 |
spo_add_polynomial_coeffs_to_matrix_row(poly, |
|
| 318 |
knownMonomials, |
|
| 319 |
protoMatrix, |
|
| 320 |
0) |
|
| 321 |
matrixToReduce = spo_proto_to_row_matrix(protoMatrix) |
|
| 322 |
#print matrixToReduce |
|
| 323 |
## Reduction and checking. |
|
| 324 |
### In this variant we use the Pari LLL_gram reduction function. |
|
| 325 |
# It works with the Gram matrix instead of the plain matrix. |
|
| 326 |
matrixToReduceTransposed = matrixToReduce.transpose() |
|
| 327 |
matrixToReduceGram = matrixToReduce * matrixToReduceTransposed |
|
| 328 |
### LLL_gram returns a unimodular transformation matrix such that: |
|
| 329 |
# umt.transpose() * matrixToReduce * umt is reduced.. |
|
| 330 |
umt = matrixToReduceGram.LLL_gram() |
|
| 331 |
#print "Unimodular transformation matrix:" |
|
| 332 |
#for row in umt.rows(): |
|
| 333 |
# print row |
|
| 334 |
### The computed transformation matrix is transposed and applied to the |
|
| 335 |
# left side of matrixToReduce. |
|
| 336 |
reducedMatrix = umt.transpose() * matrixToReduce |
|
| 337 |
#print "Reduced matrix:" |
|
| 338 |
#for row in reducedMatrix.rows(): |
|
| 339 |
# print row |
|
| 340 |
isLLLReduced = reducedMatrix.is_LLL_reduced() |
|
| 341 |
#if not isLLLReduced: |
|
| 342 |
# return None |
|
| 343 |
monomialsCount = len(knownMonomials) |
|
| 344 |
monomialsCountSqrt = sqrt(monomialsCount) |
|
| 345 |
#print "Monomials count:", monomialsCount, monomialsCountSqrt.n() |
|
| 346 |
#print reducedMatrix |
|
| 347 |
## Check the Coppersmith condition for each row and build the reduced |
|
| 348 |
# polynomials. |
|
| 349 |
ccReducedPolynomialsList = [] |
|
| 350 |
for row in reducedMatrix.rows(): |
|
| 351 |
l2Norm = row.norm(2) |
|
| 352 |
if (l2Norm * monomialsCountSqrt) < nAtAlpha: |
|
| 353 |
#print (l2Norm * monomialsCountSqrt).n() |
|
| 354 |
#print l2Norm.n() |
|
| 355 |
ccReducedPolynomial = \ |
|
| 356 |
slz_compute_reduced_polynomial(row, |
|
| 357 |
knownMonomials, |
|
| 358 |
iVariable, |
|
| 359 |
iBound, |
|
| 360 |
tVariable, |
|
| 361 |
tBound) |
|
| 362 |
if not ccReducedPolynomial is None: |
|
| 363 |
ccReducedPolynomialsList.append(ccReducedPolynomial) |
|
| 364 |
else: |
|
| 365 |
#print l2Norm.n() , ">", nAtAlpha |
|
| 366 |
pass |
|
| 367 |
if len(ccReducedPolynomialsList) < 2: |
|
| 368 |
print "Less than 2 Coppersmith condition compliant vectors." |
|
| 369 |
return () |
|
| 370 |
#print ccReducedPolynomialsList |
|
| 371 |
return ccReducedPolynomialsList |
|
| 372 |
# End slz_compute_coppersmith_reduced_polynomials_gram |
|
| 373 |
# |
|
| 252 | 374 |
def slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(inputPolynomial, |
| 253 | 375 |
alpha, |
| 254 | 376 |
N, |
Formats disponibles : Unified diff