From e74e264ec10a02ff761d825c3053345150d96ad9 Mon Sep 17 00:00:00 2001
From: shal10w <shal10w@163.com>
Date: Mon, 13 Mar 2023 19:30:10 +0800
Subject: [PATCH 1/3] bug fix: fix constant C

---
 estimator/reduction.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/estimator/reduction.py b/estimator/reduction.py
index f15c419..f24f5d5 100644
--- a/estimator/reduction.py
+++ b/estimator/reduction.py
@@ -716,14 +716,13 @@ def d4f(beta):
         """
         return max(float(beta * log(4 / 3.0) / log(beta / (2 * pi * e))), 0.0)
 
-    def __call__(self, beta, d, B=None, C=5.46):
+    def __call__(self, beta, d, B=None):
         """
         Runtime estimation from [Kyber20]_ and [AC:AGPS20]_.
 
         :param beta: Block size ≥ 2.
         :param d: Lattice dimension.
         :param B: Bit-size of entries.
-        :param C: Progressive overhead lim_{β → ∞} ∑_{i ≤ β} 2^{0.292 i + o(i)}/2^{0.292 β + o(β)}.
 
         EXAMPLE::
 
@@ -738,7 +737,9 @@ def __call__(self, beta, d, B=None, C=5.46):
 
         if beta < 20:  # goes haywire
             return CheNgu12()(beta, d, B)
-
+        
+        # C is progressive overhead lim_{β → ∞} ∑_{i ≤ β} 2^{ai + o(i)}/2^{aβ + o(β)}.
+        C = 1.0 / (1.0 - 2 ** (-self.NN_AGPS[self.nn]["a"]))
         # "The cost of progressive BKZ with sieving up to blocksize b is essentially C · (n − b) ≈
         # 3340 times the cost of sieving for SVP in dimension b." [Kyber20]_
         svp_calls = C * max(d - beta, 1)
@@ -806,7 +807,7 @@ class GJ21(Kyber):
 
     __name__ = "GJ21"
 
-    def short_vectors(self, beta, d, N=None, preprocess=True, B=None, C=5.46, sieve_dim=None):
+    def short_vectors(self, beta, d, N=None, preprocess=True, B=None, sieve_dim=None):
         """
         Cost of outputting many somewhat short vectors according to [AC:GuoJoh21]_.
 
@@ -828,7 +829,6 @@ def short_vectors(self, beta, d, N=None, preprocess=True, B=None, C=5.46, sieve_
         :param preprocess: Include the cost of preprocessing the basis with BKZ-β.
                If ``False`` we assume the basis is already BKZ-β reduced.
         :param B: Bit-size of entries.
-        :param C: Progressive overhead lim_{β → ∞} ∑_{i ≤ β} 2^{0.292 i + o(i)}/2^{0.292 β + o(β)}.
         :param sieve_dim: Explicit sieving dimension.
 
         EXAMPLES::
@@ -842,6 +842,7 @@ def short_vectors(self, beta, d, N=None, preprocess=True, B=None, C=5.46, sieve_
             (1.04228014727497, 5.56224438...19, 36150192, 121)
 
         """
+        C = 1.0 / (1.0 - 2 ** (-self.NN_AGPS[self.nn]["a"]))
         beta_ = beta - floor(self.d4f(beta))
         if sieve_dim is None:
             sieve_dim = beta_

From e751076f7be2c8229f30c554c03ca227b0aeca80 Mon Sep 17 00:00:00 2001
From: shal10w <shal10w@163.com>
Date: Mon, 13 Mar 2023 20:15:06 +0800
Subject: [PATCH 2/3] doctests

---
 README.rst                        |  8 ++++----
 docs/schemes/hes.rst              |  2 +-
 docs/schemes/nist-pqc-round-3.rst | 18 +++++++++---------
 estimator/lwe.py                  |  8 ++++----
 estimator/lwe_dual.py             | 12 ++++++------
 estimator/lwe_guess.py            |  4 ++--
 estimator/lwe_primal.py           | 12 ++++++------
 estimator/reduction.py            | 16 ++++++++--------
 8 files changed, 40 insertions(+), 40 deletions(-)

diff --git a/README.rst b/README.rst
index 7ea5b81..af9afc4 100644
--- a/README.rst
+++ b/README.rst
@@ -32,11 +32,11 @@ Quick Start
     >>> r = LWE.estimate(schemes.Kyber512)
     bkw                  :: rop: ≈2^178.8, m: ≈2^166.8, mem: ≈2^167.8, b: 14, t1: 0, t2: 16, ℓ: 13, #cod: 448, #top: 0, #test: 64, tag: coded-bkw
     usvp                 :: rop: ≈2^143.8, red: ≈2^143.8, δ: 1.003941, β: 406, d: 998, tag: usvp
-    bdd                  :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, d: 1013, tag: bdd
-    bdd_hybrid           :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, ζ: 0, |S|: 1, d: 1016, prob: 1, ↻: 1, tag: hybrid
-    bdd_mitm_hybrid      :: rop: ≈2^260.3, red: ≈2^259.4, svp: ≈2^259.3, β: 405, η: 2, ζ: 102, |S|: ≈2^247.2, d: 923, prob: ≈2^-113.8, ↻: ≈2^116.0, tag: hybrid
+    bdd                  :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.7, β: 391, η: 421, d: 1013, tag: bdd
+    bdd_hybrid           :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.7, β: 391, η: 421, ζ: 0, |S|: 1, d: 1016, prob: 1, ↻: 1, tag: hybrid
+    bdd_mitm_hybrid      :: rop: ≈2^260.5, red: ≈2^259.7, svp: ≈2^259.2, β: 405, η: 2, ζ: 103, |S|: ≈2^246.2, d: 922, prob: ≈2^-114.2, ↻: ≈2^116.4, tag: hybrid
     dual                 :: rop: ≈2^149.9, mem: ≈2^88.0, m: 512, β: 424, d: 1024, ↻: 1, tag: dual
-    dual_hybrid          :: rop: ≈2^145.6, mem: ≈2^140.5, m: 512, β: 408, d: 1004, ↻: 1, ζ: 20, tag: dual_hybrid
+    dual_hybrid          :: rop: ≈2^145.5, mem: ≈2^140.5, m: 512, β: 408, d: 1004, ↻: 1, ζ: 20, tag: dual_hybrid
 
 - `Try it in your browser <https://mybinder.org/v2/gh/malb/lattice-estimator/jupyter-notebooks?labpath=..%2F..%2Ftree%2Fprompt.ipynb>`__.
 - `Read the documentation <https://lattice-estimator.readthedocs.io/en/latest/>`__.
diff --git a/docs/schemes/hes.rst b/docs/schemes/hes.rst
index 415925b..b80d2cb 100644
--- a/docs/schemes/hes.rst
+++ b/docs/schemes/hes.rst
@@ -17,5 +17,5 @@ Homomorphic Encryption Standard
     >>> HESv111024128ternary
     LWEParameters(n=1024, q=134217728, Xs=D(σ=0.82), Xe=D(σ=3.00), m=1024, tag='HESv11ternary')
     >>> LWE.primal_hybrid(HESv111024128ternary)
-    rop: ≈2^182.5, red: ≈2^181.7, svp: ≈2^181.4, β: 345, η: 2, ζ: 134, |S|: ≈2^212.4, d: 1915, prob: ≈2^-51.2, ↻: ≈2^53.4, tag: hybrid
+    rop: ≈2^182.5, red: ≈2^181.6, svp: ≈2^181.4, β: 345, η: 2, ζ: 134, |S|: ≈2^212.4, d: 1915, prob: ≈2^-51.2, ↻: ≈2^53.4, tag: hybrid
    
diff --git a/docs/schemes/nist-pqc-round-3.rst b/docs/schemes/nist-pqc-round-3.rst
index e78f0f3..2dd17c8 100644
--- a/docs/schemes/nist-pqc-round-3.rst
+++ b/docs/schemes/nist-pqc-round-3.rst
@@ -9,7 +9,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.Kyber512
     LWEParameters(n=512, q=3329, Xs=D(σ=1.22), Xe=D(σ=1.22), m=512, tag='Kyber 512')
     >>> LWE.primal_bdd(schemes.Kyber512)
-    rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, d: 1013, tag: bdd
+    rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.7, β: 391, η: 421, d: 1013, tag: bdd
 
 ::
 
@@ -17,7 +17,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.Kyber768
     LWEParameters(n=768, q=3329, Xs=D(σ=1.00), Xe=D(σ=1.00), m=768, tag='Kyber 768')
     >>> LWE.primal_bdd(schemes.Kyber768)
-    rop: ≈2^201.0, red: ≈2^200.0, svp: ≈2^200.0, β: 606, η: 641, d: 1425, tag: bdd
+    rop: ≈2^201.0, red: ≈2^199.9, svp: ≈2^200.0, β: 606, η: 641, d: 1425, tag: bdd
 
 ::
 
@@ -25,7 +25,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.Kyber1024
     LWEParameters(n=1024, q=3329, Xs=D(σ=1.00), Xe=D(σ=1.00), m=1024, tag='Kyber 1024')
     >>> LWE.primal_bdd(schemes.Kyber1024)
-    rop: ≈2^270.8, red: ≈2^269.9, svp: ≈2^269.7, β: 855, η: 890, d: 1873, tag: bdd
+    rop: ≈2^270.7, red: ≈2^269.9, svp: ≈2^269.6, β: 855, η: 890, d: 1873, tag: bdd
 
 `Saber <https://www.esat.kuleuven.be/cosic/pqcrypto/saber/files/saberspecround3.pdf>`__
 
@@ -35,7 +35,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.LightSaber
     LWEParameters(n=512, q=8192, Xs=D(σ=1.58), Xe=D(σ=2.29, μ=-0.50), m=512, tag='LightSaber')
     >>> LWE.primal_bdd(schemes.LightSaber)
-    rop: ≈2^140.1, red: ≈2^139.5, svp: ≈2^138.5, β: 390, η: 420, d: 1025, tag: bdd
+    rop: ≈2^140.0, red: ≈2^139.4, svp: ≈2^138.5, β: 390, η: 420, d: 1025, tag: bdd
 
 ::
 
@@ -43,7 +43,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.Saber
     LWEParameters(n=768, q=8192, Xs=D(σ=1.41), Xe=D(σ=2.29, μ=-0.50), m=768, tag='Saber')
     >>> LWE.primal_bdd(schemes.Saber)
-    rop: ≈2^208.2, red: ≈2^207.0, svp: ≈2^207.3, β: 631, η: 667, d: 1478, tag: bdd
+    rop: ≈2^208.1, red: ≈2^206.9, svp: ≈2^207.3, β: 631, η: 667, d: 1478, tag: bdd
 
 ::
 
@@ -62,7 +62,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.NTRUHPS2048509Enc
     LWEParameters(n=508, q=2048, Xs=D(σ=0.82), Xe=D(σ=0.71), m=508, tag='NTRUHPS2048509Enc')
     >>> LWE.primal_bdd(schemes.NTRUHPS2048509Enc)
-    rop: ≈2^131.1, red: ≈2^130.1, svp: ≈2^130.2, β: 357, η: 390, d: 916, tag: bdd
+    rop: ≈2^131.1, red: ≈2^130.1, svp: ≈2^130.1, β: 357, η: 390, d: 916, tag: bdd
 
 ::
 
@@ -70,7 +70,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.NTRUHPS2048677Enc
     LWEParameters(n=676, q=2048, Xs=D(σ=0.82), Xe=D(σ=0.61), m=676, tag='NTRUHPS2048677Enc')
     >>> LWE.primal_bdd(schemes.NTRUHPS2048677Enc)
-    rop: ≈2^170.8, red: ≈2^169.6, svp: ≈2^169.9, β: 498, η: 533, d: 1179, tag: bdd
+    rop: ≈2^170.7, red: ≈2^169.6, svp: ≈2^169.9, β: 498, η: 533, d: 1179, tag: bdd
 
 ::
 
@@ -78,7 +78,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.NTRUHPS4096821Enc
     LWEParameters(n=820, q=4096, Xs=D(σ=0.82), Xe=D(σ=0.79), m=820, tag='NTRUHPS4096821Enc')
     >>> LWE.primal_bdd(schemes.NTRUHPS4096821Enc)
-    rop: ≈2^199.7, red: ≈2^198.7, svp: ≈2^198.6, β: 601, η: 636, d: 1485, tag: bdd
+    rop: ≈2^199.6, red: ≈2^198.6, svp: ≈2^198.6, β: 601, η: 636, d: 1485, tag: bdd
 
 ::
 
@@ -86,4 +86,4 @@ NIST PQC Round 3 Finalists
     >>> schemes.NTRUHRSS701Enc
     LWEParameters(n=700, q=8192, Xs=D(σ=0.82), Xe=D(σ=0.82), m=700, tag='NTRUHRSS701')
     >>> LWE.primal_bdd(schemes.NTRUHRSS701Enc)
-    rop: ≈2^158.9, red: ≈2^157.9, svp: ≈2^158.0, β: 455, η: 490, d: 1294, tag: bdd
+    rop: ≈2^158.9, red: ≈2^157.9, svp: ≈2^157.9, β: 455, η: 490, d: 1294, tag: bdd
diff --git a/estimator/lwe.py b/estimator/lwe.py
index 924dc4e..86c3767 100644
--- a/estimator/lwe.py
+++ b/estimator/lwe.py
@@ -117,11 +117,11 @@ def __call__(
             >>> _ = LWE.estimate(schemes.Kyber512)
             bkw                  :: rop: ≈2^178.8, m: ≈2^166.8, mem: ≈2^167.8, b: 14, t1: 0, t2: 16, ℓ: 13, #cod: 448...
             usvp                 :: rop: ≈2^143.8, red: ≈2^143.8, δ: 1.003941, β: 406, d: 998, tag: usvp
-            bdd                  :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, d: 1013, tag: bdd
-            bdd_hybrid           :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.8, β: 391, η: 421, ζ: 0, |S|: 1, ...
-            bdd_mitm_hybrid      :: rop: ≈2^260.3, red: ≈2^259.4, svp: ≈2^259.3, β: 405, η: 2, ζ: 102, |S|: ≈2^247.2,...
+            bdd                  :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.7, β: 391, η: 421, d: 1013, tag: bdd
+            bdd_hybrid           :: rop: ≈2^140.3, red: ≈2^139.7, svp: ≈2^138.7, β: 391, η: 421, ζ: 0, |S|: 1, ...
+            bdd_mitm_hybrid      :: rop: ≈2^260.5, red: ≈2^259.7, svp: ≈2^259.2, β: 405, η: 2, ζ: 103, |S|: ≈2^246.2,...
             dual                 :: rop: ≈2^149.9, mem: ≈2^88.0, m: 512, β: 424, d: 1024, ↻: 1, tag: dual
-            dual_hybrid          :: rop: ≈2^145.6, mem: ≈2^140.5, m: 512, β: 408, d: 1004, ↻: 1, ζ: 20, tag: dual_hybrid
+            dual_hybrid          :: rop: ≈2^145.5, mem: ≈2^140.5, m: 512, β: 408, d: 1004, ↻: 1, ζ: 20, tag: dual_hybrid
 
         """
         params = params.normalize()
diff --git a/estimator/lwe_dual.py b/estimator/lwe_dual.py
index 2a60507..ea00b02 100644
--- a/estimator/lwe_dual.py
+++ b/estimator/lwe_dual.py
@@ -375,9 +375,9 @@ def __call__(
             >>> LWE.dual(params)
             rop: ≈2^103.4, mem: ≈2^55.4, m: 904, β: 251, d: 1928, ↻: 1, tag: dual
             >>> LWE.dual_hybrid(params)
-            rop: ≈2^92.1, mem: ≈2^78.2, m: 716, β: 170, d: 1464, ↻: 1989, ζ: 276, h1: 8, tag: dual_hybrid
+            rop: ≈2^92.1, mem: ≈2^77.9, m: 716, β: 170, d: 1463, ↻: 2^11.0, ζ: 277, h1: 8, tag: dual_hybrid
             >>> LWE.dual_hybrid(params, mitm_optimization=True)
-            rop: ≈2^98.2, mem: ≈2^78.6, m: 728, k: 292, ↻: ≈2^18.7, β: 180, d: 1267, ζ: 485, h1: 17, tag: ...
+            rop: ≈2^98.1, mem: ≈2^78.6, m: 728, k: 292, ↻: ≈2^18.7, β: 180, d: 1267, ζ: 485, h1: 17, tag: ...
 
             >>> params = params.updated(Xs=ND.CenteredBinomial(8))
             >>> LWE.dual(params)
@@ -389,9 +389,9 @@ def __call__(
 
             >>> params = params.updated(Xs=ND.DiscreteGaussian(3.0))
             >>> LWE.dual(params)
-            rop: ≈2^116.5, mem: ≈2^64.0, m: 1140, β: 298, d: 2164, ↻: 1, tag: dual
+            rop: ≈2^116.6, mem: ≈2^62.0, m: 1142, β: 299, d: 2166, ↻: 1, tag: dual
             >>> LWE.dual_hybrid(params)
-            rop: ≈2^116.2, mem: ≈2^100.4, m: 1137, β: 297, d: 2155, ↻: 1, ζ: 6, tag: dual_hybrid
+            rop: ≈2^116.2, mem: ≈2^105.8, m: 1137, β: 297, d: 2154, ↻: 1, ζ: 7, tag: dual_hybrid
             >>> LWE.dual_hybrid(params, mitm_optimization=True)
             rop: ≈2^160.7, mem: ≈2^156.8, m: 1473, k: 25, ↻: 1, β: 456, d: 2472, ζ: 25, tag: dual_mitm_hybrid
 
@@ -399,10 +399,10 @@ def __call__(
             rop: ≈2^131.7, mem: ≈2^128.5, m: 436, β: 358, d: 906, ↻: 1, ζ: 38, tag: dual_hybrid
 
             >>> LWE.dual(schemes.CHHS_4096_67)
-            rop: ≈2^206.9, mem: ≈2^126.0, m: ≈2^11.8, β: 616, d: 7779, ↻: 1, tag: dual
+            rop: ≈2^206.8, mem: ≈2^126.0, m: ≈2^11.8, β: 616, d: 7779, ↻: 1, tag: dual
 
             >>> LWE.dual_hybrid(schemes.Kyber512, red_cost_model=RC.GJ21, fft=True)
-            rop: ≈2^149.6, mem: ≈2^145.7, m: 510, β: 399, t: 76, d: 1000, ↻: 1, ζ: 22, tag: dual_hybrid
+            rop: ≈2^149.6, mem: ≈2^147.2, m: 510, β: 399, t: 73, d: 999, ↻: 1, ζ: 23, tag: dual_hybrid
         """
 
         Cost.register_impermanent(
diff --git a/estimator/lwe_guess.py b/estimator/lwe_guess.py
index d3d0604..72e35f3 100644
--- a/estimator/lwe_guess.py
+++ b/estimator/lwe_guess.py
@@ -128,12 +128,12 @@ def __call__(self, params, log_level=5, **kwds):
             >>> from estimator import *
             >>> from estimator.lwe_guess import guess_composition
             >>> guess_composition(LWE.primal_usvp)(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)))
-            rop: ≈2^99.4, red: ≈2^99.4, δ: 1.008705, β: 113, d: 421, tag: usvp, ↻: ≈2^37.5, ζ: 265, |S|: 1, ...
+            rop: ≈2^99.3, red: ≈2^99.3, δ: 1.008705, β: 113, d: 421, tag: usvp, ↻: ≈2^37.5, ζ: 265, |S|: 1, ...
 
         Compare::
 
             >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)))
-            rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 366, |S|: ≈2^85.1, d: 315, prob: ≈2^-23.4, ...
+            rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 366, |S|: ≈2^85.0, d: 317, prob: ≈2^-23.4, ...
 
         """
         params = LWEParameters.normalize(params)
diff --git a/estimator/lwe_primal.py b/estimator/lwe_primal.py
index 62e412c..85b2dec 100644
--- a/estimator/lwe_primal.py
+++ b/estimator/lwe_primal.py
@@ -162,10 +162,10 @@ def __call__(
 
             >>> params = LWE.Parameters(n=200, q=127, Xs=ND.UniformMod(3), Xe=ND.UniformMod(3))
             >>> LWE.primal_usvp(params, red_shape_model="cn11")
-            rop: ≈2^87.6, red: ≈2^87.6, δ: 1.006114, β: 209, d: 388, tag: usvp
+            rop: ≈2^87.5, red: ≈2^87.5, δ: 1.006114, β: 209, d: 388, tag: usvp
 
             >>> LWE.primal_usvp(params, red_shape_model=Simulator.CN11)
-            rop: ≈2^87.6, red: ≈2^87.6, δ: 1.006114, β: 209, d: 388, tag: usvp
+            rop: ≈2^87.5, red: ≈2^87.5, δ: 1.006114, β: 209, d: 388, tag: usvp
 
             >>> LWE.primal_usvp(params, red_shape_model=Simulator.CN11, optimize_d=False)
             rop: ≈2^87.6, red: ≈2^87.6, δ: 1.006114, β: 209, d: 400, tag: usvp
@@ -505,13 +505,13 @@ def __call__(
             rop: ≈2^91.5, red: ≈2^90.7, svp: ≈2^90.2, β: 178, η: 21, ζ: 256, |S|: ≈2^56.6, d: 531, ...
 
             >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = False, babai = True)
-            rop: ≈2^88.7, red: ≈2^88.0, svp: ≈2^87.2, β: 98, η: 2, ζ: 323, |S|: ≈2^39.7, d: 346, ...
+            rop: ≈2^88.6, red: ≈2^88.0, svp: ≈2^87.2, β: 98, η: 2, ζ: 322, |S|: ≈2^39.7, d: 347, ...
 
             >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = True, babai = False)
-            rop: ≈2^74.1, red: ≈2^73.7, svp: ≈2^71.9, β: 104, η: 16, ζ: 320, |S|: ≈2^77.1, d: 359, ...
+            rop: ≈2^73.7, red: ≈2^72.7, svp: ≈2^72.6, β: 108, η: 18, ζ: 316, |S|: ≈2^82.5, d: 370, ...
 
             >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)), mitm = True, babai = True)
-            rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 366, |S|: ≈2^85.1, d: 315, ...
+            rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 364, |S|: ≈2^85.0, d: 317, ...
 
         TESTS:
 
@@ -519,7 +519,7 @@ def __call__(
 
             >>> params = LWE.Parameters(2**10, 2**100, ND.DiscreteGaussian(3.19), ND.DiscreteGaussian(3.19))
             >>> LWE.primal_bdd(params)
-            rop: ≈2^43.7, red: ≈2^43.7, svp: ≈2^22.1, β: 40, η: 2, d: 1516, tag: bdd
+            rop: ≈2^43.6, red: ≈2^43.6, svp: ≈2^22.1, β: 40, η: 2, d: 1516, tag: bdd
 
         """
 
diff --git a/estimator/reduction.py b/estimator/reduction.py
index f24f5d5..1c99e50 100644
--- a/estimator/reduction.py
+++ b/estimator/reduction.py
@@ -729,9 +729,9 @@ def __call__(self, beta, d, B=None):
             >>> from math import log
             >>> from estimator.reduction import RC, Kyber
             >>> log(RC.Kyber(500, 1024), 2.0)
-            176.61534319964488
+            176.55419197058822
             >>> log(Kyber(nn="list_decoding-ge19")(500, 1024), 2.0)
-            172.68208507350872
+            172.89020262269491
 
         """
 
@@ -782,11 +782,11 @@ def short_vectors(self, beta, d, N=None, B=None, preprocess=True):
 
             >>> from estimator.reduction import RC
             >>> RC.Kyber.short_vectors(100, 500, 1)
-            (1.0, 2.7367476128136...19, 100)
+            (1.0, 2.6231697393987...19, 100)
             >>> RC.Kyber.short_vectors(100, 500)
-            (1.1547, 2.7367476128136...19, 176584)
+            (1.1547, 2.6231697393987...19, 176584)
             >>> RC.Kyber.short_vectors(100, 500, 1000)
-            (1.1547, 2.7367476128136...19, 176584)
+            (1.1547, 2.6231697393987...19, 176584)
 
         """
         beta_ = beta - floor(self.d4f(beta))
@@ -835,11 +835,11 @@ def short_vectors(self, beta, d, N=None, preprocess=True, B=None, sieve_dim=None
 
             >>> from estimator.reduction import RC
             >>> RC.GJ21.short_vectors(100, 500, 1)
-            (1.0, 2.7367476128136...19, 1, 100)
+            (1.0, 2.6231697393987...19, 1, 100)
             >>> RC.GJ21.short_vectors(100, 500)
-            (1.04228014727497, 5.56224438...19, 36150192, 121)
+            (1.04228014727497, 5.38941471...19, 36150192, 121)
             >>> RC.GJ21.short_vectors(100, 500, 1000)
-            (1.04228014727497, 5.56224438...19, 36150192, 121)
+            (1.04228014727497, 5.38941471...19, 36150192, 121)
 
         """
         C = 1.0 / (1.0 - 2 ** (-self.NN_AGPS[self.nn]["a"]))

From 1eb7ebca2ce721d5c93b2c0b51ce566fd05d2647 Mon Sep 17 00:00:00 2001
From: shal10w <shal10w@163.com>
Date: Tue, 14 Mar 2023 00:20:31 +0800
Subject: [PATCH 3/3] fix test2

---
 docs/schemes/nist-pqc-round-3.rst | 2 +-
 estimator/lwe_dual.py             | 2 +-
 estimator/lwe_guess.py            | 2 +-
 estimator/reduction.py            | 1 -
 4 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/docs/schemes/nist-pqc-round-3.rst b/docs/schemes/nist-pqc-round-3.rst
index 2dd17c8..6e30617 100644
--- a/docs/schemes/nist-pqc-round-3.rst
+++ b/docs/schemes/nist-pqc-round-3.rst
@@ -25,7 +25,7 @@ NIST PQC Round 3 Finalists
     >>> schemes.Kyber1024
     LWEParameters(n=1024, q=3329, Xs=D(σ=1.00), Xe=D(σ=1.00), m=1024, tag='Kyber 1024')
     >>> LWE.primal_bdd(schemes.Kyber1024)
-    rop: ≈2^270.7, red: ≈2^269.9, svp: ≈2^269.6, β: 855, η: 890, d: 1873, tag: bdd
+    rop: ≈2^270.7, red: ≈2^269.8, svp: ≈2^269.6, β: 855, η: 890, d: 1873, tag: bdd
 
 `Saber <https://www.esat.kuleuven.be/cosic/pqcrypto/saber/files/saberspecround3.pdf>`__
 
diff --git a/estimator/lwe_dual.py b/estimator/lwe_dual.py
index ea00b02..2e33b21 100644
--- a/estimator/lwe_dual.py
+++ b/estimator/lwe_dual.py
@@ -375,7 +375,7 @@ def __call__(
             >>> LWE.dual(params)
             rop: ≈2^103.4, mem: ≈2^55.4, m: 904, β: 251, d: 1928, ↻: 1, tag: dual
             >>> LWE.dual_hybrid(params)
-            rop: ≈2^92.1, mem: ≈2^77.9, m: 716, β: 170, d: 1463, ↻: 2^11.0, ζ: 277, h1: 8, tag: dual_hybrid
+            rop: ≈2^92.1, mem: ≈2^77.9, m: 716, β: 170, d: 1463, ↻: ≈2^11.0, ζ: 277, h1: 8, tag: dual_hybrid
             >>> LWE.dual_hybrid(params, mitm_optimization=True)
             rop: ≈2^98.1, mem: ≈2^78.6, m: 728, k: 292, ↻: ≈2^18.7, β: 180, d: 1267, ζ: 485, h1: 17, tag: ...
 
diff --git a/estimator/lwe_guess.py b/estimator/lwe_guess.py
index 72e35f3..361d397 100644
--- a/estimator/lwe_guess.py
+++ b/estimator/lwe_guess.py
@@ -133,7 +133,7 @@ def __call__(self, params, log_level=5, **kwds):
         Compare::
 
             >>> LWE.primal_hybrid(schemes.Kyber512.updated(Xs=ND.SparseTernary(512, 16)))
-            rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 366, |S|: ≈2^85.0, d: 317, prob: ≈2^-23.4, ...
+            rop: ≈2^85.8, red: ≈2^84.8, svp: ≈2^84.8, β: 105, η: 2, ζ: 364, |S|: ≈2^85.0, d: 317, prob: ≈2^-23.4, ...
 
         """
         params = LWEParameters.normalize(params)
diff --git a/estimator/reduction.py b/estimator/reduction.py
index 1c99e50..cd85d33 100644
--- a/estimator/reduction.py
+++ b/estimator/reduction.py
@@ -737,7 +737,6 @@ def __call__(self, beta, d, B=None):
 
         if beta < 20:  # goes haywire
             return CheNgu12()(beta, d, B)
-        
         # C is progressive overhead lim_{β → ∞} ∑_{i ≤ β} 2^{ai + o(i)}/2^{aβ + o(β)}.
         C = 1.0 / (1.0 - 2 ** (-self.NN_AGPS[self.nn]["a"]))
         # "The cost of progressive BKZ with sieving up to blocksize b is essentially C · (n − b) ≈