forked from WardBeullens/BreakingRainbow
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathSimpleAttackStatistics.sage
More file actions
48 lines (33 loc) · 1.11 KB
/
SimpleAttackStatistics.sage
File metadata and controls
48 lines (33 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# This script generates a key pair, and makes many guesses for D_x, and counts how many are good.
# The secret key is used to efficiently check if a D_x is good or not
load('Rainbow.sage')
q = 16
K = GF(q)
n = 96
m = 64
o2 = 32
attempts = 0
successes = 0
basis_Fn = (K**n).basis()
def Guess(PK, O2):
global attempts, successes
print("successes/attempts: %d / %d" % (successes,attempts))
# pick a random vector x
x = vector([K.random_element() for i in range(n)])
while Eval(PK,x)[0] == 0:
x = vector([K.random_element() for i in range(n)])
# compute linear map D_x = P'(x,.)
D_x = Matrix(K, [ Differential(PK,x,b) for b in basis_Fn ] )
D_x_ker = Matrix(D_x.kernel().basis())
if D_x_ker.rank() != n-m:
print("Kernel too big, resample x")
return Attack(PK,O2)
attempts += 1
# check if ker(D_x) intersects O2
V = K**n
I = V.span(D_x_ker).intersection(V.span(O2.transpose()))
if I.dimension() > 0:
successes += 1
PK, O2, O1, W = Keygen(q,n,m,o2)
while True:
Guess(PK, O2)