ctf/oil_spill
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first

Browse Source
This commit is contained in:
EvilMuffinHa 2023-07-02 03:26:39 -04:00
commit 1d6fa11fcf
10 changed files with 717 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.gitmodules vendored Normal file
View File

@ -0,0 +1,9 @@
[submodule "fgb_sage"]
path = fgb_sage
url = https://github.com/mwageringel/fgb_sage
[submodule "lattice-estimator"]
path = lattice-estimator
url = https://github.com/malb/lattice-estimator
[submodule "multivariate_quadratic_estimator"]
path = multivariate_quadratic_estimator
url = https://github.com/Crypto-TII/multivariate_quadratic_estimator

1
fgb_sage Submodule

@ -0,0 +1 @@
Subproject commit ffeaa4ad3d98f223b4fc1eb697ff7ab6f3c54e5b

76
get_basis.sage Normal file
View File

@ -0,0 +1,76 @@
from random import randint
from tqdm import tqdm
F = GF(3301, names=("z", ))
f_a = list(F)
# m = 32
# n = 80
# m = 44
# n = 112
# m = 72
# n = 184
m = 8
n = 20
# m = 2
# n = 5
O = random_matrix(F, (n - m), m)
output = ""
poly_m = []
z = zero_matrix(F, m, (n - m))
for i in range(m):
P1 = random_matrix(F, (n - m), (n - m))
for j in range(0, len(P1.rows())):
for k in range(0, j):
P1[j, k] = 0
P2 = random_matrix(F, (n - m), m)
P3 = -O.T * P1 * O - O.T * P2
for j in range(0, len(P3.rows())):
for k in range(j+1, len(P3.rows())):
P3[j, k] += P3[k, j]
P3[k, j] = 0
for i in P1:
for j in i:
output += hex(f_a.index(j))[2:]
for i in P2:
for j in i:
output += hex(f_a.index(j))[2:]
for i in P3:
for j in i:
output += hex(f_a.index(j))[2:]
P = block_matrix([ [P1, P2], [z, P3]])
poly_m.append(P)
v = matrix(F, n, 1, [randint(0, 1) for i in range(n)])
oil_basis = block_matrix(F, 2, 1, [O, identity_matrix(F, m)])
hint = [zero_matrix(F, n, 1) for i in range(1)]
value = zero_matrix(F, n, 1)
for i in oil_basis.columns():
for j in range(len(hint)):
hint[j] += F.random_element() * matrix(F, n, 1, list(i))
value += F.random_element() * matrix(F, n, 1, list(i))

85
get_basis.sage.py Normal file
View File

@ -0,0 +1,85 @@
# This file was *autogenerated* from the file get_basis.sage
from sage.all_cmdline import * # import sage library
_sage_const_3301 = Integer(3301); _sage_const_8 = Integer(8); _sage_const_20 = Integer(20); _sage_const_0 = Integer(0); _sage_const_1 = Integer(1); _sage_const_2 = Integer(2)
from random import randint
from tqdm import tqdm
F = GF(_sage_const_3301 , names=("z", ))
f_a = list(F)
# m = 32
# n = 80
# m = 44
# n = 112
# m = 72
# n = 184
m = _sage_const_8
n = _sage_const_20
# m = 2
# n = 5
O = random_matrix(F, (n - m), m)
output = ""
poly_m = []
z = zero_matrix(F, m, (n - m))
for i in range(m):
P1 = random_matrix(F, (n - m), (n - m))
for j in range(_sage_const_0 , len(P1.rows())):
for k in range(_sage_const_0 , j):
P1[j, k] = _sage_const_0
P2 = random_matrix(F, (n - m), m)
P3 = -O.T * P1 * O - O.T * P2
for j in range(_sage_const_0 , len(P3.rows())):
for k in range(j+_sage_const_1 , len(P3.rows())):
P3[j, k] += P3[k, j]
P3[k, j] = _sage_const_0
for i in P1:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
for i in P2:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
for i in P3:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
P = block_matrix([ [P1, P2], [z, P3]])
poly_m.append(P)
v = matrix(F, n, _sage_const_1 , [randint(_sage_const_0 , _sage_const_1 ) for i in range(n)])
oil_basis = block_matrix(F, _sage_const_2 , _sage_const_1 , [O, identity_matrix(F, m)])
hint = [zero_matrix(F, n, _sage_const_1 ) for i in range(_sage_const_1 )]
value = zero_matrix(F, n, _sage_const_1 )
for i in oil_basis.columns():
for j in range(len(hint)):
hint[j] += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
value += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
for P in poly_m:
print(value.T * (P + P.T) * hint[_sage_const_0 ])

1
lattice-estimator Submodule

@ -0,0 +1 @@
Subproject commit cf36315e7718b1e2e3de271b705697943ebaecf4

1
multivariate_quadratic_estimator Submodule

@ -0,0 +1 @@
Subproject commit ee5c7fe0aa0df737870bd4395003d9d83698fd21

159
recover_o.sage Normal file
View File

@ -0,0 +1,159 @@
from random import randint
from tqdm import tqdm
f_size = 3301
F = GF(f_size, names=("z", ))
f_a = list(F)
# m = 32
# n = 80
m = 44
n = 112
# m = 72
# n = 184
# m = 8
# n = 20
# m = 2
# n = 5
O = random_matrix(F, (n - m), m)
output = ""
poly_m = []
d = n / (m * log(f_size, 2).n())
N = ceil(sqrt((n + 1)/4)) + 1
print("d: ", d)
print("N: ", N)
z = zero_matrix(F, m, (n - m))
for i in tqdm(range(m)):
P1 = random_matrix(F, (n - m), (n - m))
for j in range(0, len(P1.rows())):
for k in range(0, j):
P1[j, k] = 0
P2 = random_matrix(F, (n - m), m)
P3 = -O.T * P1 * O - O.T * P2
for j in range(0, len(P3.rows())):
for k in range(j+1, len(P3.rows())):
P3[j, k] += P3[k, j]
P3[k, j] = 0
for i in P1:
for j in i:
output += hex(f_a.index(j))[2:]
for i in P2:
for j in i:
output += hex(f_a.index(j))[2:]
for i in P3:
for j in i:
output += hex(f_a.index(j))[2:]
P = block_matrix([ [P1, P2], [z, P3]])
poly_m.append(P)
v = matrix(F, n, 1, [randint(0, 1) for i in range(n)])
oil_basis = block_matrix(F, 2, 1, [O, identity_matrix(F, m)])
o1 = zero_matrix(F, n, 1)
o2 = zero_matrix(F, n, 1)
for i in oil_basis.columns():
o1 += F.random_element() * matrix(F, n, 1, list(i))
o2 += F.random_element() * matrix(F, n, 1, list(i))
o_hat1 = v + o1
# o_hat2 = v + o2
print("o1 :", [i[0] for i in o1])
# print("o2 :", [i[0] for i in o2])
print("v :", [i[0] for i in v])
print("o1+v :", [i[0] for i in o_hat1])
# print("o2+v :", [i[0] for i in o_hat2])
print()
# for P in poly_m:
# print("oPo:", o1.T * P * o1)
# print("vPv:", v.T * P * v)
# print("qPq:", o_hat.T * P * o_hat)
# correction = o_hat.T * (P.T + P) * v
# print("oPx:", correction)
# print("tot:", v.T * P * v + o_hat.T * P * o_hat - correction)
# print()
# print()
# P = poly_m[0]
vec = [[(o_hat1.T * (P.T + P))[0][i] for i in range(n)] for P in poly_m]
s = [(v.T * P * v + o_hat1.T * P * o_hat1)[0][0] for P in poly_m]
# print("s: ", (v.T * P * v + o_hat.T * P * o_hat)[0][0])
# print("k: ", vec)
# out = 0
# for i in range(len(vec)):
# out += int(vec[i]) * int(v[i][0])
#
# t = matrix(QQ, 1, len(vec) + 2, [int(i[0]) for i in v] + [-(out // 3301), -1])
# print("t: ", t)
d = n / (m * log(f_size, 2).n())
N = ceil(sqrt((n + 1)/4)) + 1
print("d: ", d)
print("N: ", N)
b1 = identity_matrix(QQ, n)
b2 = zero_matrix(QQ, n, 1)
b3 = matrix(QQ, m, n, [[N * int(i) for i in j] for j in vec]).T
b4 = zero_matrix(QQ, m, n)
b5 = zero_matrix(QQ, m, 1)
b6 = N * f_size * identity_matrix(QQ, m)
b7 = matrix(QQ, 1, n, [1/2]*n)
b8 = matrix(QQ, 1, 1, [1/2])
b9 = matrix(QQ, 1, m, [N * int(i) for i in s])
B = block_matrix([[b1, b2, b3], [b4, b5, b6], [b7, b8, b9]])
print(B)
print()
BH = B.LLL()
BH = matrix(ZZ, 2 * BH)
print(BH)
for beta in tqdm(range(0, 10)):
BH = BH.BKZ(block_size=beta + 1, fp='rr', precision=200)
BH = 1/2 * matrix(QQ, BH)
print(BH)
print()
for out_vec in BH:
if abs(out_vec[-(m + 1)]) == 1/2:
if out_vec[-(m + 1)] == -1/2:
testvec = [i + 1/2 for i in out_vec]
else:
testvec = [i + 1/2 for i in -out_vec]
print(testvec)
print()
print([i[0] for i in v])

164
recover_o.sage.py Normal file
View File

@ -0,0 +1,164 @@
# This file was *autogenerated* from the file recover_o.sage
from sage.all_cmdline import * # import sage library
_sage_const_3301 = Integer(3301); _sage_const_44 = Integer(44); _sage_const_112 = Integer(112); _sage_const_2 = Integer(2); _sage_const_1 = Integer(1); _sage_const_4 = Integer(4); _sage_const_0 = Integer(0); _sage_const_10 = Integer(10); _sage_const_200 = Integer(200)
from random import randint
from tqdm import tqdm
F = GF(_sage_const_3301 , names=("z", ))
f_a = list(F)
# m = 32
# n = 80
m = _sage_const_44
n = _sage_const_112
# m = 72
# n = 184
# m = 8
# n = 20
# m = 2
# n = 5
O = random_matrix(F, (n - m), m)
output = ""
poly_m = []
d = n / (m * log(_sage_const_3301 , _sage_const_2 ).n())
N = ceil(sqrt((n + _sage_const_1 )/_sage_const_4 )) + _sage_const_1
print("d: ", d)
print("N: ", N)
z = zero_matrix(F, m, (n - m))
for i in tqdm(range(m)):
P1 = random_matrix(F, (n - m), (n - m))
for j in range(_sage_const_0 , len(P1.rows())):
for k in range(_sage_const_0 , j):
P1[j, k] = _sage_const_0
P2 = random_matrix(F, (n - m), m)
P3 = -O.T * P1 * O - O.T * P2
for j in range(_sage_const_0 , len(P3.rows())):
for k in range(j+_sage_const_1 , len(P3.rows())):
P3[j, k] += P3[k, j]
P3[k, j] = _sage_const_0
for i in P1:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
for i in P2:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
for i in P3:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
P = block_matrix([ [P1, P2], [z, P3]])
poly_m.append(P)
v = matrix(F, n, _sage_const_1 , [randint(_sage_const_0 , _sage_const_1 ) for i in range(n)])
oil_basis = block_matrix(F, _sage_const_2 , _sage_const_1 , [O, identity_matrix(F, m)])
o1 = zero_matrix(F, n, _sage_const_1 )
o2 = zero_matrix(F, n, _sage_const_1 )
for i in oil_basis.columns():
o1 += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
o2 += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
o_hat1 = v + o1
# o_hat2 = v + o2
print("o1 :", [i[_sage_const_0 ] for i in o1])
# print("o2 :", [i[0] for i in o2])
print("v :", [i[_sage_const_0 ] for i in v])
print("o1+v :", [i[_sage_const_0 ] for i in o_hat1])
# print("o2+v :", [i[0] for i in o_hat2])
print()
# for P in poly_m:
# print("oPo:", o1.T * P * o1)
# print("vPv:", v.T * P * v)
# print("qPq:", o_hat.T * P * o_hat)
# correction = o_hat.T * (P.T + P) * v
# print("oPx:", correction)
# print("tot:", v.T * P * v + o_hat.T * P * o_hat - correction)
# print()
# print()
# P = poly_m[0]
vec = [[(o_hat1.T * (P.T + P))[_sage_const_0 ][i] for i in range(n)] for P in poly_m]
s = [(v.T * P * v + o_hat1.T * P * o_hat1)[_sage_const_0 ][_sage_const_0 ] for P in poly_m]
# print("s: ", (v.T * P * v + o_hat.T * P * o_hat)[0][0])
# print("k: ", vec)
# out = 0
# for i in range(len(vec)):
# out += int(vec[i]) * int(v[i][0])
#
# t = matrix(QQ, 1, len(vec) + 2, [int(i[0]) for i in v] + [-(out // 3301), -1])
# print("t: ", t)
d = n / (m * log(_sage_const_3301 , _sage_const_2 ).n())
N = ceil(sqrt((n + _sage_const_1 )/_sage_const_4 )) + _sage_const_1
print("d: ", d)
print("N: ", N)
b1 = identity_matrix(QQ, n)
b2 = zero_matrix(QQ, n, _sage_const_1 )
b3 = matrix(QQ, m, n, [[N * int(i) for i in j] for j in vec]).T
b4 = zero_matrix(QQ, m, n)
b5 = zero_matrix(QQ, m, _sage_const_1 )
b6 = N * _sage_const_3301 * identity_matrix(QQ, m)
b7 = matrix(QQ, _sage_const_1 , n, [_sage_const_1 /_sage_const_2 ]*n)
b8 = matrix(QQ, _sage_const_1 , _sage_const_1 , [_sage_const_1 /_sage_const_2 ])
b9 = matrix(QQ, _sage_const_1 , m, [N * int(i) for i in s])
B = block_matrix([[b1, b2, b3], [b4, b5, b6], [b7, b8, b9]])
print(B)
print()
BH = B.LLL()
BH = matrix(ZZ, _sage_const_2 * BH)
print(BH)
for beta in tqdm(range(_sage_const_0 , _sage_const_10 )):
BH = BH.BKZ(block_size=beta + _sage_const_1 , fp='rr', precision=_sage_const_200 )
BH = _sage_const_1 /_sage_const_2 * matrix(QQ, BH)
print(BH)
print()
for out_vec in BH:
if abs(out_vec[-(m + _sage_const_1 )]) == _sage_const_1 /_sage_const_2 :
if out_vec[-(m + _sage_const_1 )] == -_sage_const_1 /_sage_const_2 :
testvec = [i + _sage_const_1 /_sage_const_2 for i in out_vec]
else:
testvec = [i + _sage_const_1 /_sage_const_2 for i in -out_vec]
print(testvec)
print()
print([i[_sage_const_0 ] for i in v])

107
test_f5.sage Normal file
View File

@ -0,0 +1,107 @@
from random import randint
from tqdm import tqdm
from sage.rings.polynomial.msolve import variety as msolve_variety
F = GF(3301, names=("z", ))
f_a = list(F)
# m = 32
# n = 80
# m = 44
# n = 112
# m = 72
# n = 184
# m = 8
# n = 20
# m = 2
# n = 5
m = 44
n = 112
print("vars: ", n)
print("eqns: ", m)
print("actual vars: ", n - m)
print("actual eqns: ", m + m)
O = random_matrix(F, (n - m), m)
output = ""
poly_m = []
z = zero_matrix(F, m, (n - m))
for i in tqdm(range(m)):
P1 = random_matrix(F, (n - m), (n - m))
for j in range(0, len(P1.rows())):
for k in range(0, j): P1[j, k] = 0
P2 = random_matrix(F, (n - m), m)
P3 = -O.T * P1 * O - O.T * P2
for j in range(0, len(P3.rows())):
for k in range(j+1, len(P3.rows())):
P3[j, k] += P3[k, j]
P3[k, j] = 0
for i in P1:
for j in i:
output += hex(f_a.index(j))[2:]
for i in P2:
for j in i:
output += hex(f_a.index(j))[2:]
for i in P3:
for j in i:
output += hex(f_a.index(j))[2:]
P = block_matrix([ [P1, P2], [z, P3]])
poly_m.append(P)
v = matrix(F, n, 1, [randint(0, 1) for i in range(n)])
oil_basis = block_matrix(F, 2, 1, [O, identity_matrix(F, m)])
var_list = ','.join([f'x{i}' for i in range(n - m)])
R = PolynomialRing(F, var_list)
value = zero_matrix(R, n, 1)
hint = zero_matrix(R, n, 1)
hint2 = zero_matrix(R, n, 1)
for i in oil_basis.columns():
value += F.random_element() * matrix(F, n, 1, list(i))
hint += F.random_element() * matrix(F, n, 1, list(i))
hint2 += F.random_element() * matrix(F, n, 1, list(i))
print(value)
print()
print(n - m)
print()
for i in range(n - m):
value[i] = R(f'x{i}')
polys = []
for i in poly_m:
polys.append((value.T * i * value)[0][0])
polys.append((value.T * (i + i.T) * hint)[0][0])
polys.append((value.T * (i + i.T) * hint2)[0][0])
I = R.ideal(*polys)
print(msolve_variety(I, F, proof=False))

114
test_f5.sage.py Normal file
View File

@ -0,0 +1,114 @@
# This file was *autogenerated* from the file test_f5.sage
from sage.all_cmdline import * # import sage library
_sage_const_3301 = Integer(3301); _sage_const_44 = Integer(44); _sage_const_112 = Integer(112); _sage_const_0 = Integer(0); _sage_const_1 = Integer(1); _sage_const_2 = Integer(2)
from random import randint
from tqdm import tqdm
from sage.rings.polynomial.msolve import variety as msolve_variety
F = GF(_sage_const_3301 , names=("z", ))
f_a = list(F)
# m = 32
# n = 80
# m = 44
# n = 112
# m = 72
# n = 184
# m = 8
# n = 20
# m = 2
# n = 5
m = _sage_const_44
n = _sage_const_112
print("vars: ", n)
print("eqns: ", m)
print("actual vars: ", n - m)
print("actual eqns: ", m + m)
O = random_matrix(F, (n - m), m)
output = ""
poly_m = []
z = zero_matrix(F, m, (n - m))
for i in tqdm(range(m)):
P1 = random_matrix(F, (n - m), (n - m))
for j in range(_sage_const_0 , len(P1.rows())):
for k in range(_sage_const_0 , j): P1[j, k] = _sage_const_0
P2 = random_matrix(F, (n - m), m)
P3 = -O.T * P1 * O - O.T * P2
for j in range(_sage_const_0 , len(P3.rows())):
for k in range(j+_sage_const_1 , len(P3.rows())):
P3[j, k] += P3[k, j]
P3[k, j] = _sage_const_0
for i in P1:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
for i in P2:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
for i in P3:
for j in i:
output += hex(f_a.index(j))[_sage_const_2 :]
P = block_matrix([ [P1, P2], [z, P3]])
poly_m.append(P)
v = matrix(F, n, _sage_const_1 , [randint(_sage_const_0 , _sage_const_1 ) for i in range(n)])
oil_basis = block_matrix(F, _sage_const_2 , _sage_const_1 , [O, identity_matrix(F, m)])
var_list = ','.join([f'x{i}' for i in range(n - m)])
R = PolynomialRing(F, var_list)
value = zero_matrix(R, n, _sage_const_1 )
hint = zero_matrix(R, n, _sage_const_1 )
hint2 = zero_matrix(R, n, _sage_const_1 )
for i in oil_basis.columns():
value += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
hint += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
hint2 += F.random_element() * matrix(F, n, _sage_const_1 , list(i))
print(value)
print()
print(n - m)
print()
for i in range(n - m):
value[i] = R(f'x{i}')
polys = []
for i in poly_m:
polys.append((value.T * i * value)[_sage_const_0 ][_sage_const_0 ])
polys.append((value.T * (i + i.T) * hint)[_sage_const_0 ][_sage_const_0 ])
polys.append((value.T * (i + i.T) * hint2)[_sage_const_0 ][_sage_const_0 ])
I = R.ideal(*polys)
print(msolve_variety(I, F, proof=False))