Révision 274
| pobysoPythonSage/src/sageSLZ/sageSLZ.sage (revision 274) | ||
|---|---|---|
| 521 | 521 |
else: |
| 522 | 522 |
return ccReducedPolynomialsList |
| 523 | 523 |
# End slz_compute_coppersmith_reduced_polynomials_proj |
| 524 |
def slz_compute_weak_coppersmith_reduced_polynomials_proj(inputPolynomial, |
|
| 525 |
alpha, |
|
| 526 |
N, |
|
| 527 |
iBound, |
|
| 528 |
tBound, |
|
| 529 |
debug = False): |
|
| 530 |
""" |
|
| 531 |
For a given set of arguments (see below), compute a list |
|
| 532 |
of "reduced polynomials" that could be used to compute roots |
|
| 533 |
of the inputPolynomial. |
|
| 534 |
INPUT: |
|
| 535 |
|
|
| 536 |
- "inputPolynomial" -- (no default) a bivariate integer polynomial; |
|
| 537 |
- "alpha" -- the alpha parameter of the Coppersmith algorithm; |
|
| 538 |
- "N" -- the modulus; |
|
| 539 |
- "iBound" -- the bound on the first variable; |
|
| 540 |
- "tBound" -- the bound on the second variable. |
|
| 541 |
|
|
| 542 |
OUTPUT: |
|
| 543 |
|
|
| 544 |
A list of bivariate integer polynomial obtained using the Coppersmith |
|
| 545 |
algorithm. The polynomials correspond to the rows of the LLL-reduce |
|
| 546 |
reduced base that comply with the weak version of Coppersmith condition. |
|
| 547 |
""" |
|
| 548 |
#@par Changes from runSLZ-113.sage |
|
| 549 |
# LLL reduction is not performed on the matrix itself but rather on the |
|
| 550 |
# product of the matrix with a uniform random matrix. |
|
| 551 |
# The reduced matrix obtained is discarded but the transformation matrix |
|
| 552 |
# obtained is used to multiply the original matrix in order to reduced it. |
|
| 553 |
# If a sufficient level of reduction is obtained, we stop here. If not |
|
| 554 |
# the product matrix obtained above is LLL reduced. But as it has been |
|
| 555 |
# pre-reduced at the above step, reduction is supposed to be much faster. |
|
| 556 |
# |
|
| 557 |
# Arguments check. |
|
| 558 |
if iBound == 0 or tBound == 0: |
|
| 559 |
return None |
|
| 560 |
# End arguments check. |
|
| 561 |
nAtAlpha = N^alpha |
|
| 562 |
## Building polynomials for matrix. |
|
| 563 |
polyRing = inputPolynomial.parent() |
|
| 564 |
# Whatever the 2 variables are actually called, we call them |
|
| 565 |
# 'i' and 't' in all the variable names. |
|
| 566 |
(iVariable, tVariable) = inputPolynomial.variables()[:2] |
|
| 567 |
#print polyVars[0], type(polyVars[0]) |
|
| 568 |
initialPolynomial = inputPolynomial.subs({iVariable:iVariable * iBound,
|
|
| 569 |
tVariable:tVariable * tBound}) |
|
| 570 |
if debug: |
|
| 571 |
polynomialsList = \ |
|
| 572 |
spo_polynomial_to_polynomials_list_8(initialPolynomial, |
|
| 573 |
alpha, |
|
| 574 |
N, |
|
| 575 |
iBound, |
|
| 576 |
tBound, |
|
| 577 |
20) |
|
| 578 |
else: |
|
| 579 |
polynomialsList = \ |
|
| 580 |
spo_polynomial_to_polynomials_list_8(initialPolynomial, |
|
| 581 |
alpha, |
|
| 582 |
N, |
|
| 583 |
iBound, |
|
| 584 |
tBound, |
|
| 585 |
0) |
|
| 586 |
#print "Polynomials list:", polynomialsList |
|
| 587 |
## Building the proto matrix. |
|
| 588 |
knownMonomials = [] |
|
| 589 |
protoMatrix = [] |
|
| 590 |
if debug: |
|
| 591 |
for poly in polynomialsList: |
|
| 592 |
spo_add_polynomial_coeffs_to_matrix_row(poly, |
|
| 593 |
knownMonomials, |
|
| 594 |
protoMatrix, |
|
| 595 |
20) |
|
| 596 |
else: |
|
| 597 |
for poly in polynomialsList: |
|
| 598 |
spo_add_polynomial_coeffs_to_matrix_row(poly, |
|
| 599 |
knownMonomials, |
|
| 600 |
protoMatrix, |
|
| 601 |
0) |
|
| 602 |
matrixToReduce = spo_proto_to_row_matrix(protoMatrix) |
|
| 603 |
#print matrixToReduce |
|
| 604 |
## Reduction and checking. |
|
| 605 |
### Reduction with projection |
|
| 606 |
(reducedMatrixStep1, reductionMatrixStep1) = \ |
|
| 607 |
slz_reduce_lll_proj(matrixToReduce,16) |
|
| 608 |
#print "Reduced matrix:" |
|
| 609 |
#print reducedMatrixStep1 |
|
| 610 |
#for row in reducedMatrix.rows(): |
|
| 611 |
# print row |
|
| 612 |
monomialsCount = len(knownMonomials) |
|
| 613 |
monomialsCountSqrt = sqrt(monomialsCount) |
|
| 614 |
#print "Monomials count:", monomialsCount, monomialsCountSqrt.n() |
|
| 615 |
#print reducedMatrix |
|
| 616 |
## Check the Coppersmith condition for each row and build the reduced |
|
| 617 |
# polynomials. |
|
| 618 |
ccReducedPolynomialsList = [] |
|
| 619 |
for row in reducedMatrixStep1.rows(): |
|
| 620 |
l1Norm = row.norm(1) |
|
| 621 |
l2Norm = row.norm(2) |
|
| 622 |
if l2Norm * monomialsCountSqrt < l1Norm: |
|
| 623 |
print "l1norm is smaller than l2norm*sqrt(w)." |
|
| 624 |
else: |
|
| 625 |
print "l1norm is NOT smaller than l2norm*sqrt(w)." |
|
| 626 |
print (l2Norm * monomialsCountSqrt).n(), 'vs ', l1Norm.n() |
|
| 627 |
if l1Norm < nAtAlpha: |
|
| 628 |
#print l2Norm.n() |
|
| 629 |
ccReducedPolynomial = \ |
|
| 630 |
slz_compute_reduced_polynomial(row, |
|
| 631 |
knownMonomials, |
|
| 632 |
iVariable, |
|
| 633 |
iBound, |
|
| 634 |
tVariable, |
|
| 635 |
tBound) |
|
| 636 |
if not ccReducedPolynomial is None: |
|
| 637 |
ccReducedPolynomialsList.append(ccReducedPolynomial) |
|
| 638 |
else: |
|
| 639 |
#print l2Norm.n() , ">", nAtAlpha |
|
| 640 |
pass |
|
| 641 |
if len(ccReducedPolynomialsList) < 2: # Insufficient reduction. |
|
| 642 |
print "Less than 2 Coppersmith condition compliant vectors." |
|
| 643 |
print "Extra reduction starting..." |
|
| 644 |
reducedMatrix = reducedMatrixStep1.LLL(algorithm='fpLLL:wrapper') |
|
| 645 |
### If uncommented, the following statement avoids performing |
|
| 646 |
# an actual LLL reduction. This allows for demonstrating |
|
| 647 |
# the behavior of our pseudo-reduction alone. |
|
| 648 |
#return () |
|
| 649 |
else: |
|
| 650 |
print "First step of reduction afforded enough vectors" |
|
| 651 |
return ccReducedPolynomialsList |
|
| 652 |
#print ccReducedPolynomialsList |
|
| 653 |
## Check again the Coppersmith condition for each row and build the reduced |
|
| 654 |
# polynomials. |
|
| 655 |
ccReducedPolynomialsList = [] |
|
| 656 |
for row in reducedMatrix.rows(): |
|
| 657 |
l2Norm = row.norm(2) |
|
| 658 |
if (l2Norm * monomialsCountSqrt) < nAtAlpha: |
|
| 659 |
#print (l2Norm * monomialsCountSqrt).n() |
|
| 660 |
#print l2Norm.n() |
|
| 661 |
ccReducedPolynomial = \ |
|
| 662 |
slz_compute_reduced_polynomial(row, |
|
| 663 |
knownMonomials, |
|
| 664 |
iVariable, |
|
| 665 |
iBound, |
|
| 666 |
tVariable, |
|
| 667 |
tBound) |
|
| 668 |
if not ccReducedPolynomial is None: |
|
| 669 |
ccReducedPolynomialsList.append(ccReducedPolynomial) |
|
| 670 |
else: |
|
| 671 |
#print l2Norm.n() , ">", nAtAlpha |
|
| 672 |
pass |
|
| 673 |
if len(ccReducedPolynomialsList) < 2: # Insufficient reduction. |
|
| 674 |
print "Less than 2 Coppersmith condition compliant vectors after extra reduction." |
|
| 675 |
return () |
|
| 676 |
else: |
|
| 677 |
return ccReducedPolynomialsList |
|
| 678 |
# End slz_compute_coppersmith_reduced_polynomials_proj |
|
| 524 | 679 |
# |
| 525 | 680 |
def slz_compute_coppersmith_reduced_polynomials_with_lattice_volume(inputPolynomial, |
| 526 | 681 |
alpha, |
Formats disponibles : Unified diff