estimator.ntru_primal.NTRUPrimalUSVP#
- class estimator.ntru_primal.NTRUPrimalUSVP[source]#
- __call__(params: ~estimator.ntru_parameters.NTRUParameters, red_cost_model=<estimator.reduction.MATZOV object>, red_shape_model='gsa', optimize_d=True, log_level=1, **kwds)[source]#
Estimate cost of solving NTRU via uSVP reduction.
- Parameters:
params – NTRU parameters.
red_cost_model – How to cost lattice reduction.
red_shape_model – How to model the shape of a reduced basis.
optimize_d – Attempt to find minimal d, too.
- Returns:
A cost dictionary.
The returned cost dictionary has the following entries:
rop: Total number of word operations (≈ CPU cycles).red: Number of word operations in lattice reduction.δ: Root-Hermite factor targeted by lattice reduction.β: BKZ block size.d: Lattice dimension.
EXAMPLE:
>>> from estimator import * >>> NTRU.primal_usvp(schemes.NTRUHPS2048509Enc) rop: ≈2^134.6, red: ≈2^134.6, δ: 1.004179, β: 373, d: 929, tag: usvp >>> params = NTRU.Parameters(n=200, q=127, Xs=ND.UniformMod(3), Xe=ND.UniformMod(3)) >>> NTRU.primal_usvp(params, red_shape_model="cn11") rop: ≈2^87.2, red: ≈2^87.2, δ: 1.006132, β: 208, d: 374, tag: usvp >>> NTRU.primal_usvp(params, red_shape_model=Simulator.CN11) rop: ≈2^87.2, red: ≈2^87.2, δ: 1.006132, β: 208, d: 374, tag: usvp >>> NTRU.primal_usvp(params, red_shape_model=Simulator.CN11, optimize_d=False) rop: ≈2^87.4, red: ≈2^87.4, δ: 1.006132, β: 208, d: 399, tag: usvp
The success condition was formulated in [USENIX:ADPS16] and studied/verified in [AC:AGVW17], [C:DDGR20], [PKC:PosVir21]. The treatment of small secrets is from [ACISP:BaiGal14].
Methods
__init__()Attributes