From e22409ad258b016056fa1a9a155ec7fef4a04243 Mon Sep 17 00:00:00 2001 From: Joe Rowell <joerowell4@gmail.com> Date: Thu, 1 Dec 2022 14:34:02 +0000 Subject: [PATCH 1/2] Export all the scheme names. --- estimator/__init__.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/estimator/__init__.py b/estimator/__init__.py index cb9b202..7647faf 100644 --- a/estimator/__init__.py +++ b/estimator/__init__.py @@ -16,4 +16,28 @@ NTRUHPS2048677Enc, NTRUHPS4096821Enc, NTRUHRSS701Enc, + Frodo640, + Frodo976, + Frodo1344, + HESv111024128error, + HESv111024128ternary, + HESv11, + TFHE630, + TFHE1024, + Concrete_TFHE586, + Concrete_TFHE512, + TFHE16_500, + TFHE16_1024, + TFHE20_612, + TFHE20_1024, + FHEW, + SEAL20_1024, + SEAL20_2048, + SEAL20_4096, + SEAL20_8192, + SEAL20_16384, + SEAL22_4096, + SEAL22_8192, + SEAL22_16384, + SEAL22_32768, ) From d543953e1ace211151c4fa41c409eaab5637ce7d Mon Sep 17 00:00:00 2001 From: Joe Rowell <joerowell4@gmail.com> Date: Thu, 1 Dec 2022 16:35:16 +0000 Subject: [PATCH 2/2] Remove all the schemes from the global namespace. --- README.rst | 8 +++---- docs/schemes/nist-pqc-round-3.rst | 40 +++++++++++++++---------------- estimator/__init__.py | 37 ---------------------------- estimator/lwe.py | 4 ++-- estimator/lwe_bkw.py | 6 ++--- estimator/lwe_dual.py | 4 ++-- estimator/lwe_guess.py | 4 ++-- estimator/lwe_parameters.py | 8 +++---- estimator/lwe_primal.py | 10 ++++---- estimator/util.py | 3 ++- 10 files changed, 44 insertions(+), 80 deletions(-) diff --git a/README.rst b/README.rst index 8f2a578..62a6b49 100644 --- a/README.rst +++ b/README.rst @@ -19,17 +19,17 @@ Quick Start .. code-block:: python >>> from estimator import * - >>> Kyber512 + >>> schemes.Kyber512 LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512') - >>> LWE.primal_usvp(Kyber512) + >>> LWE.primal_usvp(schemes.Kyber512) rop: ≈2^143.8, red: ≈2^143.8, δ: 1.003941, β: 406, d: 998, tag: usvp - >>> r = LWE.estimate.rough(Kyber512) + >>> r = LWE.estimate.rough(schemes.Kyber512) usvp :: rop: ≈2^118.6, red: ≈2^118.6, δ: 1.003941, β: 406, d: 998, tag: usvp dual_hybrid :: rop: ≈2^121.9, mem: ≈2^116.8, m: 512, β: 417, d: 1013, ↻: 1, ζ: 11, tag: dual_hybrid - >>> r = LWE.estimate(Kyber512) + >>> r = LWE.estimate(schemes.Kyber512) bkw :: rop: ≈2^178.8, m: ≈2^166.8, mem: ≈2^167.8, b: 14, t1: 0, t2: 16, ℓ: 13, #cod: 448, #top: 0, #test: 64, tag: coded-bkw usvp :: rop: ≈2^143.8, red: ≈2^143.8, δ: 1.003941, β: 406, d: 998, tag: usvp bdd :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, d: 1013, tag: bdd diff --git a/docs/schemes/nist-pqc-round-3.rst b/docs/schemes/nist-pqc-round-3.rst index fdec0a7..e78f0f3 100644 --- a/docs/schemes/nist-pqc-round-3.rst +++ b/docs/schemes/nist-pqc-round-3.rst @@ -6,25 +6,25 @@ NIST PQC Round 3 Finalists :: >>> from estimator import * - >>> Kyber512 + >>> schemes.Kyber512 LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512') - >>> LWE.primal_bdd(Kyber512) + >>> LWE.primal_bdd(schemes.Kyber512) rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, d: 1013, tag: bdd :: >>> from estimator import * - >>> Kyber768 + >>> schemes.Kyber768 LWEParameters(n=768, q=3329, Xs=D(σ=1.00), Xe=D(σ=1.00), m=768, tag='Kyber 768') - >>> LWE.primal_bdd(Kyber768) + >>> LWE.primal_bdd(schemes.Kyber768) rop: ≈2^201.0, red: ≈2^200.0, svp: ≈2^200.0, β: 606, η: 641, d: 1425, tag: bdd :: >>> from estimator import * - >>> Kyber1024 + >>> schemes.Kyber1024 LWEParameters(n=1024, q=3329, Xs=D(σ=1.00), Xe=D(σ=1.00), m=1024, tag='Kyber 1024') - >>> LWE.primal_bdd(Kyber1024) + >>> LWE.primal_bdd(schemes.Kyber1024) rop: ≈2^270.8, red: ≈2^269.9, svp: ≈2^269.7, β: 855, η: 890, d: 1873, tag: bdd `Saber <https://www.esat.kuleuven.be/cosic/pqcrypto/saber/files/saberspecround3.pdf>`__ @@ -32,25 +32,25 @@ NIST PQC Round 3 Finalists :: >>> from estimator import * - >>> LightSaber + >>> schemes.LightSaber LWEParameters(n=512, q=8192, Xs=D(σ=1.58), Xe=D(σ=2.29, μ=-0.50), m=512, tag='LightSaber') - >>> LWE.primal_bdd(LightSaber) + >>> LWE.primal_bdd(schemes.LightSaber) rop: ≈2^140.1, red: ≈2^139.5, svp: ≈2^138.5, β: 390, η: 420, d: 1025, tag: bdd :: >>> from estimator import * - >>> Saber + >>> schemes.Saber LWEParameters(n=768, q=8192, Xs=D(σ=1.41), Xe=D(σ=2.29, μ=-0.50), m=768, tag='Saber') - >>> LWE.primal_bdd(Saber) + >>> LWE.primal_bdd(schemes.Saber) rop: ≈2^208.2, red: ≈2^207.0, svp: ≈2^207.3, β: 631, η: 667, d: 1478, tag: bdd :: >>> from estimator import * - >>> FireSaber + >>> schemes.FireSaber LWEParameters(n=1024, q=8192, Xs=D(σ=1.22), Xe=D(σ=2.29, μ=-0.50), m=1024, tag='FireSaber') - >>> LWE.primal_bdd(FireSaber) + >>> LWE.primal_bdd(schemes.FireSaber) rop: ≈2^275.8, red: ≈2^274.9, svp: ≈2^274.7, β: 873, η: 908, d: 1894, tag: bdd @@ -59,31 +59,31 @@ NIST PQC Round 3 Finalists :: >>> from estimator import * - >>> NTRUHPS2048509Enc + >>> schemes.NTRUHPS2048509Enc LWEParameters(n=508, q=2048, Xs=D(σ=0.82), Xe=D(σ=0.71), m=508, tag='NTRUHPS2048509Enc') - >>> LWE.primal_bdd(NTRUHPS2048509Enc) + >>> LWE.primal_bdd(schemes.NTRUHPS2048509Enc) rop: ≈2^131.1, red: ≈2^130.1, svp: ≈2^130.2, β: 357, η: 390, d: 916, tag: bdd :: >>> from estimator import * - >>> NTRUHPS2048677Enc + >>> schemes.NTRUHPS2048677Enc LWEParameters(n=676, q=2048, Xs=D(σ=0.82), Xe=D(σ=0.61), m=676, tag='NTRUHPS2048677Enc') - >>> LWE.primal_bdd(NTRUHPS2048677Enc) + >>> LWE.primal_bdd(schemes.NTRUHPS2048677Enc) rop: ≈2^170.8, red: ≈2^169.6, svp: ≈2^169.9, β: 498, η: 533, d: 1179, tag: bdd :: >>> from estimator import * - >>> NTRUHPS4096821Enc + >>> schemes.NTRUHPS4096821Enc LWEParameters(n=820, q=4096, Xs=D(σ=0.82), Xe=D(σ=0.79), m=820, tag='NTRUHPS4096821Enc') - >>> LWE.primal_bdd(NTRUHPS4096821Enc) + >>> LWE.primal_bdd(schemes.NTRUHPS4096821Enc) rop: ≈2^199.7, red: ≈2^198.7, svp: ≈2^198.6, β: 601, η: 636, d: 1485, tag: bdd :: >>> from estimator import * - >>> NTRUHRSS701Enc + >>> schemes.NTRUHRSS701Enc LWEParameters(n=700, q=8192, Xs=D(σ=0.82), Xe=D(σ=0.82), m=700, tag='NTRUHRSS701') - >>> LWE.primal_bdd(NTRUHRSS701Enc) + >>> LWE.primal_bdd(schemes.NTRUHRSS701Enc) rop: ≈2^158.9, red: ≈2^157.9, svp: ≈2^158.0, β: 455, η: 490, d: 1294, tag: bdd diff --git a/estimator/__init__.py b/estimator/__init__.py index 7647faf..599d2c3 100644 --- a/estimator/__init__.py +++ b/estimator/__init__.py @@ -4,40 +4,3 @@ from .reduction import RC # noqa from . import simulator as Simulator # noqa from . import lwe as LWE # noqa - -from .schemes import ( # noqa - Kyber512, - Kyber768, - Kyber1024, - LightSaber, - Saber, - FireSaber, - NTRUHPS2048509Enc, - NTRUHPS2048677Enc, - NTRUHPS4096821Enc, - NTRUHRSS701Enc, - Frodo640, - Frodo976, - Frodo1344, - HESv111024128error, - HESv111024128ternary, - HESv11, - TFHE630, - TFHE1024, - Concrete_TFHE586, - Concrete_TFHE512, - TFHE16_500, - TFHE16_1024, - TFHE20_612, - TFHE20_1024, - FHEW, - SEAL20_1024, - SEAL20_2048, - SEAL20_4096, - SEAL20_8192, - SEAL20_16384, - SEAL22_4096, - SEAL22_8192, - SEAL22_16384, - SEAL22_32768, -) diff --git a/estimator/lwe.py b/estimator/lwe.py index eb9e1cc..9ea850c 100644 --- a/estimator/lwe.py +++ b/estimator/lwe.py @@ -36,7 +36,7 @@ def rough(cls, params, jobs=1, catch_exceptions=True): EXAMPLE :: >>> from estimator import * - >>> _ = lwe.estimate.rough(Kyber512) + >>> _ = lwe.estimate.rough(schemes.Kyber512) usvp :: rop: ≈2^118.6, red: ≈2^118.6, δ: 1.003941, β: 406, d: 998, tag: usvp dual_hybrid :: rop: ≈2^121.9, mem: ≈2^116.8, m: 512, β: 417, d: 1013, ↻: 1, ζ: 11... @@ -114,7 +114,7 @@ def __call__( EXAMPLE :: >>> from estimator import * - >>> _ = lwe.estimate(Kyber512) + >>> _ = lwe.estimate(schemes.Kyber512) bkw :: rop: ≈2^178.8, m: ≈2^166.8, mem: ≈2^167.8, b: 14, t1: 0, t2: 16, ℓ: 13, #cod: 448... usvp :: rop: ≈2^143.8, red: ≈2^143.8, δ: 1.003941, β: 406, d: 998, tag: usvp bdd :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, d: 1013, tag: bdd diff --git a/estimator/lwe_bkw.py b/estimator/lwe_bkw.py index 2628a81..22e9739 100644 --- a/estimator/lwe_bkw.py +++ b/estimator/lwe_bkw.py @@ -268,16 +268,16 @@ def __call__( >>> from sage.all import oo >>> from estimator import * - >>> LWE.coded_bkw(LightSaber.updated(m=oo)) + >>> LWE.coded_bkw(schemes.LightSaber.updated(m=oo)) rop: ≈2^171.7, m: ≈2^159.4, mem: ≈2^160.4, b: 12, t1: 3, t2: 18, ℓ: 11, #cod: 423, #top: 1... We may need to amplify the number of samples, which modifies the noise distribution:: >>> from sage.all import oo >>> from estimator import * - >>> Kyber512 + >>> schemes.Kyber512 LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512') - >>> cost = LWE.coded_bkw(Kyber512); cost + >>> cost = LWE.coded_bkw(schemes.Kyber512); cost rop: ≈2^178.8, m: ≈2^166.8, mem: ≈2^167.8, b: 14, t1: 0, t2: 16, ℓ: 13, #cod: 448, #top: 0, #test: 64, ... >>> cost["problem"] LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=6.24), m=..., tag='Kyber 512') diff --git a/estimator/lwe_dual.py b/estimator/lwe_dual.py index 3466bd2..29dd555 100644 --- a/estimator/lwe_dual.py +++ b/estimator/lwe_dual.py @@ -396,13 +396,13 @@ def __call__( >>> LWE.dual_hybrid(params, mitm_optimization=True) rop: ≈2^160.7, mem: ≈2^156.8, m: 1473, k: 25, ↻: 1, β: 456, d: 2472, ζ: 25, tag: dual_mitm_hybrid - >>> LWE.dual_hybrid(NTRUHPS2048509Enc) + >>> LWE.dual_hybrid(schemes.NTRUHPS2048509Enc) rop: ≈2^131.7, mem: ≈2^128.5, m: 436, β: 358, d: 906, ↻: 1, ζ: 38, tag: dual_hybrid >>> LWE.dual(schemes.CHHS_4096_67) rop: ≈2^206.9, mem: ≈2^126.0, m: ≈2^11.8, β: 616, d: 7779, ↻: 1, tag: dual - >>> LWE.dual_hybrid(Kyber512, red_cost_model=RC.GJ21, fft=True) + >>> LWE.dual_hybrid(schemes.Kyber512, red_cost_model=RC.GJ21, fft=True) rop: ≈2^149.6, mem: ≈2^145.7, m: 510, β: 399, t: 76, d: 1000, ↻: 1, ζ: 22, tag: dual_hybrid """ diff --git a/estimator/lwe_guess.py b/estimator/lwe_guess.py index 062f00c..0057801 100644 --- a/estimator/lwe_guess.py +++ b/estimator/lwe_guess.py @@ -135,12 +135,12 @@ def __call__(self, params, log_level=5, **kwds): >>> from estimator import * >>> from estimator.lwe_guess import guess_composition - >>> guess_composition(LWE.primal_usvp)(Kyber512.updated(Xs=ND.SparseTernary(512, 16))) + >>> guess_composition(LWE.primal_usvp)(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16))) rop: ≈2^99.4, red: ≈2^99.4, δ: 1.008705, β: 113, d: 421, tag: usvp, ↻: ≈2^37.5, ζ: 265, |S|: 1, ... Compare:: - >>> LWE.primal_hybrid(Kyber512.updated(Xs=ND.SparseTernary(512, 16))) + >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16))) rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 366, |S|: ≈2^85.1, d: 315, prob: ≈2^-23.4, ... """ diff --git a/estimator/lwe_parameters.py b/estimator/lwe_parameters.py index cc4c3d9..70d9f1c 100644 --- a/estimator/lwe_parameters.py +++ b/estimator/lwe_parameters.py @@ -72,9 +72,9 @@ def updated(self, **kwds): EXAMPLE:: >>> from estimator import * - >>> Kyber512 + >>> schemes.Kyber512 LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512') - >>> Kyber512.updated(m=1337) + >>> schemes.Kyber512.updated(m=1337) LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=1337, tag='Kyber 512') """ @@ -92,9 +92,9 @@ def amplify_m(self, m): >>> from sage.all import binomial, log >>> from estimator import * - >>> Kyber512 + >>> schemes.Kyber512 LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512') - >>> Kyber512.amplify_m(2**100) + >>> schemes.Kyber512.amplify_m(2**100) LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=4.58), m=..., tag='Kyber 512') We can produce 2^100 samples by random ± linear combinations of 12 vectors:: diff --git a/estimator/lwe_primal.py b/estimator/lwe_primal.py index b7fec01..9df3f9d 100644 --- a/estimator/lwe_primal.py +++ b/estimator/lwe_primal.py @@ -157,7 +157,7 @@ def __call__( EXAMPLE:: >>> from estimator import * - >>> LWE.primal_usvp(Kyber512) + >>> LWE.primal_usvp(schemes.Kyber512) rop: ≈2^143.8, red: ≈2^143.8, δ: 1.003941, β: 406, d: 998, tag: usvp >>> params = LWE.Parameters(n=200, q=127, Xs=ND.UniformMod(3), Xe=ND.UniformMod(3)) @@ -502,16 +502,16 @@ def __call__( EXAMPLES:: >>> from estimator import * - >>> LWE.primal_hybrid(Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = False, babai = False) + >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = False, babai = False) rop: ≈2^91.5, red: ≈2^90.7, svp: ≈2^90.2, β: 178, η: 21, ζ: 256, |S|: ≈2^56.6, d: 531, ... - >>> LWE.primal_hybrid(Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = False, babai = True) + >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = False, babai = True) rop: ≈2^88.7, red: ≈2^88.0, svp: ≈2^87.2, β: 98, η: 2, ζ: 323, |S|: ≈2^39.7, d: 346, ... - >>> LWE.primal_hybrid(Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = True, babai = False) + >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = True, babai = False) rop: ≈2^74.1, red: ≈2^73.7, svp: ≈2^71.9, β: 104, η: 16, ζ: 320, |S|: ≈2^77.1, d: 359, ... - >>> LWE.primal_hybrid(Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = True, babai = True) + >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = True, babai = True) rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 366, |S|: ≈2^85.1, d: 315, ... TESTS: diff --git a/estimator/util.py b/estimator/util.py index 672c1e6..0260471 100644 --- a/estimator/util.py +++ b/estimator/util.py @@ -360,7 +360,8 @@ def batch_estimate(params, algorithm, jobs=1, log_level=0, catch_exceptions=True Example:: - >>> from estimator import Kyber512, LWE + >>> from estimator import LWE + >>> from estimator.schemes import Kyber512 >>> _ = batch_estimate(Kyber512, [LWE.primal_usvp, LWE.primal_bdd]) >>> _ = batch_estimate(Kyber512, [LWE.primal_usvp, LWE.primal_bdd], jobs=2)