diff --git a/gen_values.py b/gen_values.py new file mode 100644 index 0000000..f5ab69a --- /dev/null +++ b/gen_values.py @@ -0,0 +1,6 @@ +from random import randint +p = randint(100,1000) +a = ["Integer::from("+str(p*randint(1,100)+randint(0,20))+"), " for _ in range(200)] +for b in a: + print(b) +print(p) diff --git a/src/agcd.rs b/src/agcd.rs new file mode 100644 index 0000000..8c0dda4 --- /dev/null +++ b/src/agcd.rs @@ -0,0 +1,35 @@ +use rug::Integer; +use crate::matrix::Matrix; +use crate::utils::abs; +use lll_rs::l2::bigl2; + +pub fn agcd(ciphertexts: Vec, noise_bits: usize) -> Integer { + // 1. Build lattice matrix basis + let basis_matrix = Matrix::new_lattice(noise_bits, ciphertexts.clone()).unwrap(); + + // 2. reduce with LLL + let mut lll_matrix = basis_matrix.to_lll_matrix(); + println!("basis: {:?}", lll_matrix); + bigl2::lattice_reduce(&mut lll_matrix, 0.51, 0.75); + println!("basis after reduction: {:?}", lll_matrix); + + // 3. Extract shortest vector + let shortest_vector = &lll_matrix[0]; + println!("Shortest vector: {:?}", shortest_vector); + + // 4. q0 candidate + let q0 = &shortest_vector[0] / (Integer::from(1) << (noise_bits + 1)); + println!("q0: {}", q0); + + // 5. Find p + // compute r0 = x0 (mod q0) + // and p = (x0 − r0)/q0. + let x0 = &ciphertexts[0]; + println!("x0: {}", x0); + let r0 = x0 % q0.clone(); + println!("r0: {}", r0); + let p_guess = abs((x0 - r0) / q0); + + println!("Recovered p: {}", p_guess); + p_guess +} diff --git a/src/main.rs b/src/main.rs index 52bc502..8d64b9c 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,55 +1,32 @@ use rug::Integer; -use crate::matrix::Matrix; -use lll_rs::l2::bigl2; mod lll; mod matrix; - -fn abs(i: Integer) -> Integer { - if i < 0 { - -i - } else { - i - } -} +mod utils; +mod agcd; +use crate::agcd::agcd; fn main() { // 1. Build lattice matrix basis let ciphertexts = vec![ -Integer::from(37459), -Integer::from(8227), -Integer::from(44119), -Integer::from(22575), -Integer::from(9249), -Integer::from(38483), -Integer::from(26181), +Integer::from(32219), +Integer::from(21254), +Integer::from(16764), +Integer::from(338), +Integer::from(29960), +Integer::from(23516), +Integer::from(7084), +Integer::from(26735), +Integer::from(23195), +Integer::from(11928), +Integer::from(985), +Integer::from(11916), +Integer::from(13217), +Integer::from(29966), +Integer::from(14171), +Integer::from(13211), +Integer::from(23514), +Integer::from(19643) ]; let noise_bits = 2; - let basis_matrix = Matrix::new_lattice(noise_bits, ciphertexts.clone()).unwrap(); - - // println!("matrix: {:?}", basis_matrix); - - // 2. reduce with LLL - let mut lll_matrix = basis_matrix.to_lll_matrix(); - println!("matrix: {:?}", lll_matrix); - bigl2::lattice_reduce(&mut lll_matrix, 0.51, 0.75); - println!("matrix: {:?}", lll_matrix); - - // 3. Extract shortest vector - let shortest_vector = &lll_matrix[0]; - println!("Shortest vector: {:?}", shortest_vector); - - // 4. q0 candidate - let q0 = &shortest_vector[0] / (Integer::from(1) << (noise_bits + 1)); - println!("q0: {}", q0); - - // 5. Find p - // compute r0 = x0 (mod q0) - // and p = (x0 − r0)/q0. - let x0 = &ciphertexts[0]; - println!("x0: {}", x0); - let r0 = x0 % q0.clone(); - println!("r0: {}", r0); - let p_guess = abs((x0 - r0) / q0); - - println!("Recovered p: {}", p_guess); + let _ = agcd(ciphertexts, noise_bits); } diff --git a/src/utils.rs b/src/utils.rs new file mode 100644 index 0000000..526d5ee --- /dev/null +++ b/src/utils.rs @@ -0,0 +1,9 @@ +use rug::Integer; + +pub fn abs(i: Integer) -> Integer { + if i < 0 { + -i + } else { + i + } +}