estimator.lwe_dual.dual

estimator.lwe_dual.dual(params: ~estimator.lwe_parameters.LWEParameters, success_probability: float = 0.99, red_cost_model=<estimator.reduction.MATZOV object>)

Dual attack as in [PQCBook:MicReg09].

Parameters:

• params – LWE parameters.

• success_probability – The success probability to target.

• red_cost_model – How to cost lattice reduction.

The returned cost dictionary has the following entries:

• rop: Total number of word operations (≈ CPU cycles).

• mem: Total amount of memory used by solver (in elements mod q).

• red: Number of word operations in lattice reduction.

• δ: Root-Hermite factor targeted by lattice reduction.

• β: BKZ block size.

• prob: Probability of success in guessing.

• repetitions: How often we are required to repeat the attack.

• d: Lattice dimension.