estimator.lwe.Estimate.rough

Estimate.rough(params, jobs=1, catch_exceptions=True)

This function makes the following somewhat routine assumptions:

• The GSA holds.

• The Core-SVP model holds.

This function furthermore assumes the following heuristics:

• The primal hybrid attack only applies to sparse secrets.

• The dual hybrid MITM attack only applies to sparse secrets.

• Arora-GB only applies to bounded noise with at least n^2 samples.

• BKW is not competitive.

Parameters:

• params – LWE parameters.

• jobs – Use multiple threads in parallel.

• catch_exceptions – When an estimate fails, just print a warning.

EXAMPLE

>>> from estimator import *
>>> _ = LWE.estimate.rough(schemes.Kyber512)
usvp                 :: rop: ≈2^118.6, red: ≈2^118.6, δ: 1.003941, β: 406, d: 998, tag: usvp
dual_hybrid          :: rop: ≈2^115.4, red: ≈2^115.3, guess: ≈2^110.0, β: 395, p: 6, ζ: 5, t: 30, β': 395...