Fix reference in simulator.py, and make SIS norm param conform to API…

… in tests
malb · Jan 31, 2024 · 62481a5 · 62481a5
1 parent d637252
commit 62481a5
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/docs/algorithms/sis-lattice.rst b/docs/algorithms/sis-lattice.rst
@@ -6,7 +6,7 @@ SIS Lattice Attacks
 We construct an (easy) example SIS instance::
 
     from estimator import *
-    params = SIS.Parameters(n=113, q=2048, length_bound=512, norm="l2") 
+    params = SIS.Parameters(n=113, q=2048, length_bound=512, norm=2) 
     params
 
 The simplest (and quickest to estimate) model is solving for the SIS instance with a euclidian norm length bound and assuming the Gaussian heuristic [CheNgu12]_.Then, we can solve for the required root hermite factor [EC:GamNgu08]_ that will guarantee BKZ outputs a short enough vector::
@@ -17,7 +17,7 @@ The exact reduction shape model doesn't matter when using euclidian norm bounds,
 
 For infinity norm length bounds, we have two separate analyses. Both follow the same basic strategy. We use the worst case euclidian norm bound as a lower bound on the hardness. Then, we analyze the probability of obtaining a short vector where every coordinate meets the infinity norm constraint. When sqrt(m)*length_bound is less than the modulus q, we follow the analysis of the MATZOV report ([MATZOV22]_ P.18). We simulate the cost of generating *many* short vectors and treat each coordinate of the vector as an i.i.d Gaussian random variable with standard deviation equal to the length(s) of these short vectors divided by the square root of the dimension.::
 
-    params = SIS.Parameters(n=113, q=2048, length_bound=50, norm="linf")
+    params = SIS.Parameters(n=113, q=2048, length_bound=50, norm=oo)
     SIS.lattice(params)
 
 When sqrt(m)*length_bound is **greater than** the modulus, we follow the analysis present in the NIST round 3 Dilithium specification ([Dilithium21]_ P.35). Here, since BKZ can now produce q vectors at the given length bound (which will always satisfy the bound), we explicitly account for the q-ary structure of the lattice. Every coordinate corresponding to a q-vector yields uniformly random values, while the middle region of the basis produces Gaussian random variables as above. To explicitly account for this q-ary structure, use the ``ZGSA`` simulator.:: 

diff --git a/estimator/simulator.py b/estimator/simulator.py
@@ -271,7 +271,7 @@ def LGSA(d, n, q, beta, xi=1, tau=1, dual=False):
         >>> print(["{0:0.2f}".format(RR(log(r_ , 2))) for r_ in LGSA(d, n, q, beta, xi, tau)])
         ['4.82', '4.69', '4.57', '4.44', '4.32', '4.19', '4.07', '3.94', '3.82', '3.69', '3.57', '3.44']
 
-    The CN11 simulator is supposed to be the most accurate shape estimator, comming from [ChenNgu12]_.
+    The CN11 simulator is supposed to be the most accurate shape estimator, comming from [CheNgu12]_.
         >>> print(["{0:0.2f}".format(RR(log(r_ , 2))) for r_ in CN11(d, n, q, beta, xi, tau)])
         ['4.94', '4.79', '4.62', '4.45', '4.27', '4.10', '3.95', '3.83', '3.73', '3.66', '3.61', '3.60']
 

diff --git a/estimator/sis_parameters.py b/estimator/sis_parameters.py
@@ -35,9 +35,9 @@ def updated(self, **kwds):  # TODO Add docstrings for SIS scheme parameters base
 
             >>> from estimator import *
             >>> schemes.Dilithium3_MSIS_WkUnf
-            SISParameters(n=1536, q=8380417, length_bound=724481, m=3072, norm='linf', tag='Dilithium3_MSIS_WkUnf')
+            SISParameters(n=1536, q=8380417, length_bound=724481, m=3072, norm=+Infinity, tag='Dilithium3_MSIS_WkUnf')
             >>> schemes.Dilithium3_MSIS_WkUnf.updated(m=4096)
-            SISParameters(n=1536, q=8380417, length_bound=724481, m=4096, norm='linf', tag='Dilithium3_MSIS_WkUnf')
+            SISParameters(n=1536, q=8380417, length_bound=724481, m=4096, norm=+Infinity, tag='Dilithium3_MSIS_WkUnf')
 
         """
         d = dict(self.__dict__)