You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi !
I found some issues with the estimator when I deal with a LWR instance with rounding from Q=2^q to P=2^p. The secret is taken uniformly between 0 and Q-1 and the error follows an uniform distribution with standard deviation (std) being a function of Q/P.
Some issues pop up for any q and others when the std of those distributions becomes important.
1) For any q
Some attacks (rough estimates, primal_hybrid, primal_usvp) fail when n is small (i.e. <32).
from estimator import *
Q = 2**10
X_s = ND.UniformMod(Q)
P=2**6
X_e = ND.UniformMod(Q/P)
n_list = [10,15,20,30,40,50]
for n in n_list:
print("\nn = {}\n".format(n))
LWR = LWE.Parameters(tag="LWR",n=n,q=Q, Xs=X_s, Xe=X_e)
print(repr(LWE.estimate.rough(LWR,jobs=10)))
print(repr(LWE.estimate(LWR,jobs=10)))
2) For higher q
a) The rough estimates gives unexpected results
The security estimates of dual_hybrid exhibit a sawtooth pattern as n increases.
Hi !
I found some issues with the estimator when I deal with a LWR instance with rounding from Q=2^q to P=2^p. The secret is taken uniformly between 0 and Q-1 and the error follows an uniform distribution with standard deviation (std) being a function of Q/P.
Some issues pop up for any q and others when the std of those distributions becomes important.
1) For any q
Some attacks (rough estimates, primal_hybrid, primal_usvp) fail when n is small (i.e. <32).
2) For higher q
a) The rough estimates gives unexpected results
b) Primal_bdd does not pass sanity check when the std of both distributons become important
The text was updated successfully, but these errors were encountered: