estimator.lwe_dual.dual

estimator.lwe_dual.dual(params: estimator.lwe_parameters.LWEParameters, success_probability: float = 0.99, red_cost_model=<estimator.reduction.MATZOV object>, use_lll=True)

Dual hybrid attack as in [PQCBook:MicReg09].

Parameters

• params – LWE parameters.

• success_probability – The success probability to target.

• red_cost_model – How to cost lattice reduction.

• use_lll – use LLL calls to produce more small vectors [EC:Albrecht17].

The returned cost dictionary has the following entries:

• rop: Total number of word operations (≈ CPU cycles).

• mem: Total amount of memory used by solver (in elements mod q).

• red: Number of word operations in lattice reduction.

• δ: Root-Hermite factor targeted by lattice reduction.

• β: BKZ block size.

• prob: Probability of success in guessing.

• repetitions: How often we are required to repeat the attack.

• d: Lattice dimension.