perf(prob): improve performance of hybrid bdd

[bencrts]

Use erf, sqrt, exp from numpy for faster computation in the mitm probability for the hybrid-decoding attack.

We see an improvement for primal_hybrid from 113 seconds down to 25 seconds, which is about ~4.5x. Similar improvements are seen for the other parameter sets that I have tried.

Leaving some performance stats below for future reference.

Test code:

from estimator import *

params = LWE.Parameters(n=4096, q = 2**64, Xs = ND.CenteredBinomial(1), Xe = ND.CenteredBinomial(1))
from time import time
start = time()
est = LWE.primal_hybrid(params)
end = time()
print(end - start)
print(est)

New stats

25.026100873947144
         rop: ≈2^309.0
         red: ≈2^308.1
         svp: ≈2^307.8
           β:      653
           η:        2
           ζ:      280
         |S|: ≈2^380.1
           d:     7773
        prob: ≈2^-89.7
           ↻: ≈2^91.9
         tag:   hybrid
         16101142 function calls (16062506 primitive calls) in 27.260 seconds

   Ordered by: internal time

   ncalls  tottime  percall  cumtime  percall filename:lineno(function)
      241    6.943    0.029    7.393    0.031 simulator.py:112(<listcomp>)
      221    4.770    0.022    6.058    0.027 prob.py:117(<listcomp>)
      241    4.249    0.018    4.677    0.019 simulator.py:111(<listcomp>)
      345    2.432    0.007    2.432    0.007 {built-in method numpy.array}
  5858932    1.223    0.000    1.758    0.000 <frozen importlib._bootstrap>:389(parent)
    15675    0.832    0.000    0.832    0.000 other.py:756(_do_sqrt)
      451    0.818    0.002    0.820    0.002 {built-in method _imp.create_dynamic}
    15221    0.641    0.000    1.083    0.000 prob.py:121(drop)
  5872433    0.538    0.000    0.538    0.000 {method 'rpartition' of 'str' objects}
  1405891    0.438    0.000    0.438    0.000 {method 'cum_distribution_fu
[...]

Current main branch stats

113.00009608268738
         rop: ≈2^309.0
         red: ≈2^308.1
         svp: ≈2^307.8
           β:      653
           η:        2
           ζ:      280
         |S|: ≈2^380.1
           d:     7773
        prob: ≈2^-89.7
           ↻: ≈2^91.9
         tag:   hybrid
         46425857 function calls (46387217 primitive calls) in 114.957 seconds

   Ordered by: internal time

   ncalls  tottime  percall  cumtime  percall filename:lineno(function)
  1320601   78.111    0.000   85.956    0.000 prob.py:97(<genexpr>)
      241    6.745    0.028    7.210    0.030 simulator.py:112(<listcomp>)
      221    5.051    0.023    6.313    0.029 prob.py:109(<listcomp>)
      241    3.999    0.017    4.435    0.018 simulator.py:111(<listcomp>)
 13774164    3.429    0.000    4.839    0.000 <frozen importlib._bootstrap>:389(parent)
      219    2.712    0.012    4.025    0.018 prob.py:96(<listcomp>)
  1314149    2.045    0.000    2.045    0.000 {method 'pi' of 'sage.rings.real_mpfr.RealField_class' objects}
  1320788    1.832    0.000    1.832    0.000 {method 'sqrt' of 'sage.symbolic.expression.Expression' objects}
 13787665    1.413    0.000    1.413    0.000 {method 'rpartition' of 'str' objects}
  2656858    1.335    0.000    4.518    0.000 other.py:814(sqrt)
    15675    0.842    0.000    0.842    0.000 other.py:756(_do_sqrt)
      451    0.842    0.002    0.843    0.002 {built-in method _imp.create_dynamic}
    15221    0.654    0.000    1.116    0.000 prob.py:113(drop)
      440    0.498    0.001   86.454    0.196 {sage.misc.misc_c.prod}

[bencrts]

@malb are you against using numpy in general? I think I can also speed-up the simulator/s using a similar trick.

[malb]

NumPy only does double precision, right? If that's all we need then I think it makes sense to call it (given that it is shipped with Sage anyways)