Botan 3.4.0
Crypto and TLS for C&
mce_workfactor.cpp
Go to the documentation of this file.
1/*
2 * (C) Copyright Projet SECRET, INRIA, Rocquencourt
3 * (C) Bhaskar Biswas and Nicolas Sendrier
4 * (C) 2014 Jack Lloyd
5 *
6 * Botan is released under the Simplified BSD License (see license.txt)
7 *
8 */
9
10#include <botan/mceliece.h>
11
12#include <botan/internal/bit_ops.h>
13#include <cmath>
14
15namespace Botan {
16
17namespace {
18
19double binomial(size_t n, size_t k) {
20 double x = 1;
21
22 for(size_t i = 0; i != k; ++i) {
23 x *= n - i;
24 x /= k - i;
25 }
26
27 return x;
28}
29
30double log_binomial(size_t n, size_t k) {
31 double x = 0;
32
33 for(size_t i = 0; i != k; ++i) {
34 x += std::log(n - i);
35 x -= std::log(k - i);
36 }
37
38 return x / std::log(2);
39}
40
41double nb_iter(size_t n, size_t k, size_t w, size_t p, size_t l) {
42 double x = 2 * log_binomial(k / 2, p);
43 x += log_binomial(n - k - l, w - 2 * p);
44 x = log_binomial(n, w) - x;
45 return x;
46}
47
48double cout_iter(size_t n, size_t k, size_t p, size_t l) {
49 double x = binomial(k / 2, p);
50 const size_t i = static_cast<size_t>(std::log(x) / std::log(2));
51 double res = 2 * p * (n - k - l) * std::ldexp(x * x, -static_cast<int>(l));
52
53 // x <- binomial(k/2,p)*2*(2*l+log[2](binomial(k/2,p)))
54 x *= 2 * (2 * l + i);
55
56 // res <- k*(n-k)/2 +
57 // binomial(k/2,p)*2*(2*l+log[2](binomial(k/2,p))) +
58 // 2*p*(n-k-l)*binomial(k/2,p)^2/2^l
59 res += x + k * ((n - k) / 2.0);
60
61 return std::log(res) / std::log(2); // convert to bits
62}
63
64double cout_total(size_t n, size_t k, size_t w, size_t p, size_t l) {
65 return nb_iter(n, k, w, p, l) + cout_iter(n, k, p, l);
66}
67
68double best_wf(size_t n, size_t k, size_t w, size_t p) {
69 if(p >= k / 2) {
70 return -1;
71 }
72
73 double min = cout_total(n, k, w, p, 0);
74
75 for(size_t l = 1; l < n - k; ++l) {
76 const double lwf = cout_total(n, k, w, p, l);
77 if(lwf < min) {
78 min = lwf;
79 } else {
80 break;
81 }
82 }
83
84 return min;
85}
86
87} // namespace
88
89size_t mceliece_work_factor(size_t n, size_t t) {
90 const size_t k = n - ceil_log2(n) * t;
91
92 double min = cout_total(n, k, t, 0, 0); // correspond a p=1
93 for(size_t p = 0; p != t / 2; ++p) {
94 double lwf = best_wf(n, k + 1, t, p);
95 if(lwf < 0) {
96 break;
97 }
98
99 min = std::min(min, lwf);
100 }
101
102 return static_cast<size_t>(min);
103}
104
105} // namespace Botan
Botan::mceliece_work_factor
size_t mceliece_work_factor(size_t n, size_t t)
Definition mce_workfactor.cpp:89
Botan::ceil_log2
constexpr uint8_t ceil_log2(T x)
Definition bit_ops.h:122
Generated by doxygen 1.10.0