Révision 247 pobysoPythonSage/src/sageSLZ/sageSLZ.sage
| sageSLZ.sage (revision 247) | ||
|---|---|---|
| 371 | 371 |
return ccReducedPolynomialsList |
| 372 | 372 |
# End slz_compute_coppersmith_reduced_polynomials_gram |
| 373 | 373 |
# |
| 374 |
def slz_compute_coppersmith_reduced_polynomials_proj(inputPolynomial, |
|
| 375 |
alpha, |
|
| 376 |
N, |
|
| 377 |
iBound, |
|
| 378 |
tBound, |
|
| 379 |
debug = False): |
|
| 380 |
""" |
|
| 381 |
For a given set of arguments (see below), compute a list |
|
| 382 |
of "reduced polynomials" that could be used to compute roots |
|
| 383 |
of the inputPolynomial. |
|
| 384 |
INPUT: |
|
| 385 |
|
|
| 386 |
- "inputPolynomial" -- (no default) a bivariate integer polynomial; |
|
| 387 |
- "alpha" -- the alpha parameter of the Coppersmith algorithm; |
|
| 388 |
- "N" -- the modulus; |
|
| 389 |
- "iBound" -- the bound on the first variable; |
|
| 390 |
- "tBound" -- the bound on the second variable. |
|
| 391 |
|
|
| 392 |
OUTPUT: |
|
| 393 |
|
|
| 394 |
A list of bivariate integer polynomial obtained using the Coppersmith |
|
| 395 |
algorithm. The polynomials correspond to the rows of the LLL-reduce |
|
| 396 |
reduced base that comply with the Coppersmith condition. |
|
| 397 |
""" |
|
| 398 |
#@par Changes from runSLZ-113.sage |
|
| 399 |
# LLL reduction is not performed on the matrix itself but rather on the |
|
| 400 |
# product of the matrix with a uniform random matrix. |
|
| 401 |
# The reduced matrix obtained is discarded but the transformation matrix |
|
| 402 |
# obtained is used to multiply the original matrix in order to reduced it. |
|
| 403 |
# If a sufficient level of reduction is obtained, we stop here. If not |
|
| 404 |
# the product matrix obtained above is LLL reduced. But as it has been |
|
| 405 |
# pre-reduced at the above step, reduction is supposed to be much faster. |
|
| 406 |
# |
|
| 407 |
# Arguments check. |
|
| 408 |
if iBound == 0 or tBound == 0: |
|
| 409 |
return None |
|
| 410 |
# End arguments check. |
|
| 411 |
nAtAlpha = N^alpha |
|
| 412 |
## Building polynomials for matrix. |
|
| 413 |
polyRing = inputPolynomial.parent() |
|
| 414 |
# Whatever the 2 variables are actually called, we call them |
|
| 415 |
# 'i' and 't' in all the variable names. |
|
| 416 |
(iVariable, tVariable) = inputPolynomial.variables()[:2] |
|
| 417 |
#print polyVars[0], type(polyVars[0]) |
|
| 418 |
initialPolynomial = inputPolynomial.subs({iVariable:iVariable * iBound,
|
|
| 419 |
tVariable:tVariable * tBound}) |
|
| 420 |
if debug: |
|
| 421 |
polynomialsList = \ |
|
| 422 |
spo_polynomial_to_polynomials_list_8(initialPolynomial, |
|
| 423 |
alpha, |
|
| 424 |
N, |
|
| 425 |
iBound, |
|
| 426 |
tBound, |
|
| 427 |
20) |
|
| 428 |
else: |
|
| 429 |
polynomialsList = \ |
|
| 430 |
spo_polynomial_to_polynomials_list_8(initialPolynomial, |
|
| 431 |
alpha, |
|
| 432 |
N, |
|
| 433 |
iBound, |
|
| 434 |
tBound, |
|
| 435 |
0) |
|
| 436 |
#print "Polynomials list:", polynomialsList |
|
| 437 |
## Building the proto matrix. |
|
| 438 |
knownMonomials = [] |
|
| 439 |
protoMatrix = [] |
|
| 440 |
if debug: |
|
| 441 |
for poly in polynomialsList: |
|
| 442 |
spo_add_polynomial_coeffs_to_matrix_row(poly, |
|
| 443 |
knownMonomials, |
|
| 444 |
protoMatrix, |
|
| 445 |
20) |
|
| 446 |
else: |
|
| 447 |
for poly in polynomialsList: |
|
| 448 |
spo_add_polynomial_coeffs_to_matrix_row(poly, |
|
| 449 |
knownMonomials, |
|
| 450 |
protoMatrix, |
|
| 451 |
0) |
|
| 452 |
matrixToReduce = spo_proto_to_row_matrix(protoMatrix) |
|
| 453 |
#print matrixToReduce |
|
| 454 |
## Reduction and checking. |
|
| 455 |
### Reduction with projection |
|
| 456 |
(reducedMatrix1, reductionMatrix1) = \ |
|
| 457 |
slz_reduce_lll_proj(matrixToReduce, 2^16) |
|
| 458 |
#print "Reduced matrix:" |
|
| 459 |
matrixIsReducedEnough = reducedMatrix1.is_LLL_reduced() |
|
| 460 |
# |
|
| 461 |
if not matrixIsReducedEnough: |
|
| 462 |
reducedMatrix = reducedMatrix1.LLL(algorithm='fpLLL:wrapper') |
|
| 463 |
isLLLReduced = reducedMatrix.is_LLL_reduced() |
|
| 464 |
else: |
|
| 465 |
reducedMatrix = reducedMatrix1 |
|
| 466 |
isLLLReduced = matrixIsReducedEnough |
|
| 467 |
#for row in reducedMatrix.rows(): |
|
| 468 |
# print row |
|
| 469 |
if not isLLLReduced: |
|
| 470 |
return None |
|
| 471 |
monomialsCount = len(knownMonomials) |
|
| 472 |
monomialsCountSqrt = sqrt(monomialsCount) |
|
| 473 |
#print "Monomials count:", monomialsCount, monomialsCountSqrt.n() |
|
| 474 |
#print reducedMatrix |
|
| 475 |
## Check the Coppersmith condition for each row and build the reduced |
|
| 476 |
# polynomials. |
|
| 477 |
ccReducedPolynomialsList = [] |
|
| 478 |
for row in reducedMatrix.rows(): |
|
| 479 |
l2Norm = row.norm(2) |
|
| 480 |
if (l2Norm * monomialsCountSqrt) < nAtAlpha: |
|
| 481 |
#print (l2Norm * monomialsCountSqrt).n() |
|
| 482 |
#print l2Norm.n() |
|
| 483 |
ccReducedPolynomial = \ |
|
| 484 |
slz_compute_reduced_polynomial(row, |
|
| 485 |
knownMonomials, |
|
| 486 |
iVariable, |
|
| 487 |
iBound, |
|
| 488 |
tVariable, |
|
| 489 |
tBound) |
|
| 490 |
if not ccReducedPolynomial is None: |
|
| 491 |
ccReducedPolynomialsList.append(ccReducedPolynomial) |
|
| 492 |
else: |
|
| 493 |
#print l2Norm.n() , ">", nAtAlpha |
|
| 494 |
pass |
|
| 495 |
if len(ccReducedPolynomialsList) < 2: |
|
| 496 |
print "Less than 2 Coppersmith condition compliant vectors." |
|
| 497 |
return () |
|
| 498 |
#print ccReducedPolynomialsList |
|
| 499 |
return ccReducedPolynomialsList |
|
| 500 |
# End slz_compute_coppersmith_reduced_polynomials_proj |
|
| 501 |
# |
|
| 374 | 502 |
def slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(inputPolynomial, |
| 375 | 503 |
alpha, |
| 376 | 504 |
N, |
| ... | ... | |
| 1941 | 2069 |
# abs(quasiExactRF(roundedValuePrecPlusOnePrev) - quasiExactValue).n(prec=100).str(base=2) |
| 1942 | 2070 |
return False |
| 1943 | 2071 |
# End slz_is_htrn |
| 1944 |
|
|
| 2072 |
# |
|
| 2073 |
def slz_pm1(): |
|
| 2074 |
""" |
|
| 2075 |
Compute a uniform RV in {-1, 1}.
|
|
| 2076 |
""" |
|
| 2077 |
## function getrandbits(N) generates a long int with N random bits. |
|
| 2078 |
return getrandbits(1) * 2-1 |
|
| 2079 |
# End slz_pm1. |
|
| 2080 |
# |
|
| 2081 |
def slz_random_proj_pm1(r, c): |
|
| 2082 |
""" |
|
| 2083 |
r x c matrix with \pm 1 ({-1, 1}) coefficients
|
|
| 2084 |
""" |
|
| 2085 |
M = matrix(r, c) |
|
| 2086 |
for i in range(0, r): |
|
| 2087 |
for j in range (0, c): |
|
| 2088 |
M[i,j] = slz_pm1() |
|
| 2089 |
return M |
|
| 2090 |
# End random_proj_pm1. |
|
| 2091 |
# |
|
| 2092 |
def slz_random_proj_uniform(n, r, c): |
|
| 2093 |
""" |
|
| 2094 |
r x c integer matrix with uniform n-bit integer coefficients |
|
| 2095 |
""" |
|
| 2096 |
M = matrix(r, c) |
|
| 2097 |
for i in range(0, r): |
|
| 2098 |
for j in range (0, c): |
|
| 2099 |
M[i,j] = slz_uniform(n) |
|
| 2100 |
return M |
|
| 2101 |
# End slz_random_proj_uniform. |
|
| 2102 |
# |
|
| 1945 | 2103 |
def slz_rat_poly_of_int_to_poly_for_coppersmith(ratPolyOfInt, |
| 1946 | 2104 |
precision, |
| 1947 | 2105 |
targetHardnessToRound, |
| ... | ... | |
| 2054 | 2212 |
return ccComplientRowsList |
| 2055 | 2213 |
# End slz_reduce_and_test_base |
| 2056 | 2214 |
|
| 2215 |
def slz_reduce_lll_proj(matToReduce, n): |
|
| 2216 |
""" |
|
| 2217 |
Compute the transformation matrix that realizes an LLL reduction on |
|
| 2218 |
the random uniform projected matrix. |
|
| 2219 |
Return both the initial matrix "reduced" by the transformation matrix and |
|
| 2220 |
the transformation matrix itself. |
|
| 2221 |
""" |
|
| 2222 |
## Compute the projected matrix. |
|
| 2223 |
matProjector = slz_random_proj_uniform(n, |
|
| 2224 |
matToReduce.ncols(), |
|
| 2225 |
matToReduce.nrows()) |
|
| 2226 |
matProjected = matToReduce * matProjector |
|
| 2227 |
## Build the argument matrix for LLL in such a way that the transformation |
|
| 2228 |
# matrix is also returned. This matrix is obtained at almost no extra |
|
| 2229 |
# cost. An identity matrix must be appended to |
|
| 2230 |
# the left of the initial matrix. The transformation matrix will |
|
| 2231 |
# will be recovered at the same location from the returned matrix . |
|
| 2232 |
idMat = identity_matrix(matProjected.nrows()) |
|
| 2233 |
augmentedMatToReduce = idMat.augment(matProjected) |
|
| 2234 |
reducedProjMat = \ |
|
| 2235 |
augmentedMatToReduce.LLL(algorithm='fpLLL:wrapper') |
|
| 2236 |
## Recover the transformation matrix (the left part of the reduced matrix). |
|
| 2237 |
# We discard the reduced matrix itself. |
|
| 2238 |
transMat = reducedProjMat.submatrix(0, |
|
| 2239 |
0, |
|
| 2240 |
reducedProjMat.nrows(), |
|
| 2241 |
reducedProjMat.nrows()) |
|
| 2242 |
## Return the initial matrix "reduced" and the transformation matrix tuple. |
|
| 2243 |
return (transMat * matToReduce, transMat) |
|
| 2244 |
# End slz_reduce_lll_proj. |
|
| 2245 |
# |
|
| 2057 | 2246 |
def slz_resultant(poly1, poly2, elimVar, debug = False): |
| 2058 | 2247 |
""" |
| 2059 | 2248 |
Compute the resultant for two polynomials for a given variable |
| ... | ... | |
| 2098 | 2287 |
return (poly1, poly2, resultantInElimVar) |
| 2099 | 2288 |
# End slz_resultant_tuple. |
| 2100 | 2289 |
# |
| 2290 |
def slz_uniform(n): |
|
| 2291 |
""" |
|
| 2292 |
Compute a uniform RV in {-1, 1}.
|
|
| 2293 |
""" |
|
| 2294 |
## function getrandbits(n) generates a long int with n random bits. |
|
| 2295 |
return getrandbits(n) - 2^(n-1) |
|
| 2296 |
# End slz_uniform. |
|
| 2297 |
# |
|
| 2101 | 2298 |
sys.stderr.write("\t...sageSLZ loaded\n")
|
| 2102 | 2299 |
|
Formats disponibles : Unified diff