Skip to content

Commit

Permalink
fix Saber parameters
Browse files Browse the repository at this point in the history 
reported by Hosein Emamian
  • Loading branch information
@malb
malb committed Dec 1, 2022
1 parent 63fa248 commit 641ec1d
Show file tree
Hide file tree
Showing 3 changed files with 61 additions and 59 deletions.
12 changes: 6 additions & 6 deletions docs/schemes/nist-pqc-round-3.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,25 +33,25 @@ NIST PQC Round 3 Finalists

>>> from estimator import *
>>> LightSaber
LWEParameters(n=512, q=8192, Xs=D(σ=1.58), Xe=D(σ=2.00), m=512, tag='LightSaber')
LWEParameters(n=512, q=8192, Xs=D(σ=1.58), Xe=D(σ=2.29, μ=-0.50), m=512, tag='LightSaber')
>>> LWE.primal_bdd(LightSaber)
rop: ≈2^137.8, red: ≈2^137.3, svp: ≈2^136.3, β: 382, η: 412, d: 1024, tag: bdd
rop: ≈2^140.1, red: ≈2^139.5, svp: ≈2^138.5, β: 390, η: 420, d: 1025, tag: bdd

::

>>> from estimator import *
>>> Saber
LWEParameters(n=768, q=8192, Xs=D(σ=1.41), Xe=D(σ=2.00), m=768, tag='Saber')
LWEParameters(n=768, q=8192, Xs=D(σ=1.41), Xe=D(σ=2.29, μ=-0.50), m=768, tag='Saber')
>>> LWE.primal_bdd(Saber)
rop: ≈2^204.9, red: ≈2^203.9, svp: ≈2^204.0, β: 620, η: 655, d: 1475, tag: bdd
rop: ≈2^208.2, red: ≈2^207.0, svp: ≈2^207.3, β: 631, η: 667, d: 1478, tag: bdd

::

>>> from estimator import *
>>> FireSaber
LWEParameters(n=1024, q=8192, Xs=D(σ=1.22), Xe=D(σ=2.00), m=1024, tag='FireSaber')
LWEParameters(n=1024, q=8192, Xs=D(σ=1.22), Xe=D(σ=2.29, μ=-0.50), m=1024, tag='FireSaber')
>>> LWE.primal_bdd(FireSaber)
rop: ≈2^271.8, red: ≈2^270.7, svp: ≈2^270.8, β: 858, η: 894, d: 1886, tag: bdd
rop: ≈2^275.8, red: ≈2^274.9, svp: ≈2^274.7, β: 873, η: 908, d: 1894, tag: bdd


`NTRU <https://ntru.org/f/ntru-20190330.pdf>`__
Expand Down
14 changes: 8 additions & 6 deletions estimator/lwe_bkw.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,9 @@ def cost(
C0 = 0

# Equation (8)
C1 = sum((params.n + 1 - i * b) * (m - i * ZZ(params.q**b - 1) / 2) for i in range(1, t1 + 1))
C1 = sum(
(params.n + 1 - i * b) * (m - i * ZZ(params.q**b - 1) / 2) for i in range(1, t1 + 1)
)
assert C1 >= 0

# Equation (9)
Expand Down Expand Up @@ -273,12 +275,12 @@ def __call__(
>>> from sage.all import oo
>>> from estimator import *
>>> LightSaber
LWEParameters(n=512, q=8192, Xs=D(σ=1.58), Xe=D(σ=2.00), m=512, tag='LightSaber')
>>> cost = LWE.coded_bkw(LightSaber); cost
rop: ≈2^184.3, m: ≈2^172.2, mem: ≈2^173.2, b: 13, t1: 0, t2: 18, ℓ: 12, #cod: 456, #top: 0...
>>> Kyber512
LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512')
>>> cost = LWE.coded_bkw(Kyber512); cost
rop: ≈2^178.8, m: ≈2^166.8, mem: ≈2^167.8, b: 14, t1: 0, t2: 16, ℓ: 13, #cod: 448, #top: 0, #test: 64, ...
>>> cost["problem"]
LWEParameters(n=512, q=8192, Xs=D(σ=1.58), Xe=D(σ=10.39), m=..., tag='LightSaber')
LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=6.24), m=..., tag='Kyber 512')
TESTS::
Expand Down
Loading

0 comments on commit 641ec1d

Please sign in to comment.