crossbred

class cryptographic_estimators.MQEstimator.MQAlgorithms.crossbred.Crossbred(problem: MQProblem, **kwargs)

Bases: MQAlgorithm

Construct an instance of crossbred estimator.

The Crossbred is an algorithm to solve the MQ problem [JV18]. This algorithm consists of two steps: the preprocessing step and the linearization step. In the preprocessing step, we find a set S of degree-D polynomials in the ideal generated by the initial set of polynomials. Every specialization of the first n-k variables of the polynomials in S results in a set S’ of degree-d polynomials in k variables. Finally, in the linearization step, a solution to S’ is found by direct linearization.

Note

Our complexity estimates are a generalization over any field of size q of the complexity formulas given in [Dua20], which are given either for q=2 or generic fields.

Parameters:

• problem (MQProblem) – MQProblem object including all necessary parameters.

• **kwargs –

  Additional keyword arguments.

  h (int) - External hybridization parameter. Defaults to 0.

  w (float) - Linear algebra constant (2 <= w <= 3). Defaults to 2.81.

  max_D (int) - Upper bound to the parameter D. Defaults to 20.

  memory_access (int) - Specifies the memory access cost model. Defaults to 0. Choices: 0 - constant, 1 - logarithmic, 2 - square-root, 3 - cube-root. Alternatively, deploy a custom function which takes as input the logarithm of the total memory usage.

  complexity_type (int) - Complexity type to consider. Defaults to 0. 0: estimate, 1: tilde O complexity.

Examples

>>> from cryptographic_estimators.MQEstimator.MQAlgorithms.crossbred import Crossbred
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> E = Crossbred(MQProblem(n=10, m=12, q=5))
>>> E
Crossbred estimator for the MQ problem with 10 variables and 12 polynomials

D()

Return the optimal D, i.e. the degree of the initial Macaulay matrix.

Examples

>>> from cryptographic_estimators.MQEstimator.MQAlgorithms.crossbred import Crossbred
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> E = Crossbred(MQProblem(n=10, m=12, q=5), max_D = 10)
>>> E.D()
3

property attack_type

Returns the attack type of the algorithm.

property complexity_type

Returns the attribute _complexity_type.

d()

Return the optimal d, i.e. degree resulting Macaulay matrix.

Examples

>>> from cryptographic_estimators.MQEstimator.MQAlgorithms.crossbred import Crossbred
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> E = Crossbred(MQProblem(n=10, m=12, q=5), max_D = 10)
>>> E.d()
1

get_optimal_parameters_dict()

Returns the optimal parameters dictionary.

get_reduced_parameters()

has_optimal_parameter()

Return True if the algorithm has optimal parameter.

Tests:

>>> from cryptographic_estimators import BaseAlgorithm, BaseProblem
>>> BaseAlgorithm(BaseProblem()).has_optimal_parameter()
False

k()

Return the optimal k, i.e. the number of variables in the resulting system.

Examples

>>> from cryptographic_estimators.MQEstimator.MQAlgorithms.crossbred import Crossbred
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> E = Crossbred(MQProblem(n=10, m=12, q=5))
>>> E.k()
5

linear_algebra_constant()

Returns the linear algebra constant.

Tests:

>>> from cryptographic_estimators.MQEstimator.mq_algorithm import MQAlgorithm
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> MQAlgorithm(MQProblem(n=10, m=5, q=4), w=2).linear_algebra_constant()
2

property max_D

Return the upper bound of the degree of the initial Macaulay matrix.

Examples

>>> from cryptographic_estimators.MQEstimator.MQAlgorithms.crossbred import Crossbred
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> E = Crossbred(MQProblem(n=10, m=12, q=5))
>>> E.max_D
10

property memory_access

Returns the attribute _memory_access.

memory_access_cost(mem: float)

Returns the memory access cost (in logarithmic scale) of the algorithm per basic operation.

Parameters:

mem (float) – Memory consumption of an algorithm.

Returns:

Memory access cost in logarithmic scale.

Return type:

float

Note

memory_access: Specifies the memory access cost model (default: 0, choices: 0 - constant, 1 - logarithmic, 2 - square-root, 3 - cube-root or deploy custom function which takes as input the logarithm of the total memory usage)

memory_complexity(**kwargs)

Return the memory complexity of the algorithm.

Parameters:

**kwargs –

Arbitrary keyword arguments.

optimal_parameters - If for each optimal parameter of the algorithm a value is provided, the computation is done based on those parameters.

npolynomials_reduced()

Return the number of polynomials after applying the Thomae and Wolf strategy.

Returns:

The number of polynomials after applying the Thomae and Wolf strategy.

Return type:

int

Tests:

>>> from cryptographic_estimators.MQEstimator.mq_algorithm import MQAlgorithm
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> MQAlgorithm(MQProblem(n=5, m=10, q=2)).npolynomials_reduced()
10
>>> MQAlgorithm(MQProblem(n=60, m=20, q=2)).npolynomials_reduced()
18

nvariables_reduced()

Return the number of variables after fixing some values.

Tests:

>>> from cryptographic_estimators.MQEstimator.mq_algorithm import MQAlgorithm
>>> from cryptographic_estimators.MQEstimator.mq_problem import MQProblem
>>> MQAlgorithm(MQProblem(n=5, m=10, q=2)).nvariables_reduced()
5
>>> MQAlgorithm(MQProblem(n=25, m=20, q=2)).nvariables_reduced()
20

optimal_parameters()

Return a dictionary of optimal parameters.

Tests:

>>> from cryptographic_estimators import BaseAlgorithm, BaseProblem
>>> BaseAlgorithm(BaseProblem()).optimal_parameters()
{}

parameter_names()

Return the list with the names of the algorithm’s parameters.

Tests:

>>> from cryptographic_estimators import BaseAlgorithm, BaseProblem
>>> BaseAlgorithm(BaseProblem()).parameter_names()
[]

property parameter_ranges

Returns the set ranges for optimal parameter search.

Returns the set ranges in which optimal parameters are searched by the optimization algorithm (used only for complexity type estimate).

reset()

Resets internal state of the algorithm.

set_parameter_ranges(parameter: str, min_value: float, max_value: float)

Set range of specific parameter.

If optimal parameter is already set, it must fall in that range.

Parameters:

• parameter (str) – Name of parameter to set

• min_value (float) – Lowerbound for parameter (inclusive)

• max_value (float) – Upperbound for parameter (inclusive)

set_parameters(parameters: dict)

Set optimal parameters to predifined values.

Parameters:

parameters (dict) – Dictionary including parameters to set (for a subset of optimal_parameters functions)

time_complexity(**kwargs)

Return the time complexity of the algorithm.

Parameters:

**kwargs –

Arbitrary keyword arguments.

optimal_parameters - If for each optimal parameter of the algorithm a value is provided, the computation is done based on those parameters.