estimator.lwe.Estimate.rough#

Estimate.rough(params, jobs=1, catch_exceptions=True)[source]#

This function makes the following somewhat routine assumptions:

The GSA holds.
The Core-SVP model holds.

This function furthermore assumes the following heuristics:

The primal hybrid attack only applies to sparse secrets.
The dual hybrid MITM attack only applies to sparse secrets.
Arora-GB only applies to bounded noise with at least n^2 samples.
BKW is not competitive.

Parameters

params – LWE parameters.
jobs – Use multiple threads in parallel.
catch_exceptions – When an estimate fails, just print a warning.

EXAMPLE

>>> from estimator import *
>>> _ = LWE.estimate.rough(schemes.Kyber512)
usvp                 :: rop: ≈2^118.6, red: ≈2^118.6, δ: 1.003941, β: 406, d: 998, tag: usvp
dual_hybrid          :: rop: ≈2^121.9, mem: ≈2^116.8, m: 512, β: 417, d: 1013, ↻: 1, ζ: 11...

Lattice Estimator 0.1 documentation

estimator.lwe.Estimate.rough

estimator.lwe.Estimate.rough#