1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
/*
* (C) Copyright Projet SECRET, INRIA, Rocquencourt
* (C) Bhaskar Biswas and Nicolas Sendrier
* (C) 2014 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*
*/
#include <botan/mceliece.h>
#include <botan/internal/bit_ops.h>
#include <cmath>
namespace Botan {
namespace {
double binomial(size_t n, size_t k)
{
double x = 1;
for(size_t i = 0; i != k; ++i)
{
x *= n - i;
x /= k -i;
}
return x;
}
double log_binomial(size_t n, size_t k)
{
double x = 0;
for(size_t i = 0; i != k; ++i)
{
x += std::log(n - i);
x -= std::log(k - i);
}
return x / std::log(2);
}
double nb_iter(size_t n, size_t k, size_t w, size_t p, size_t l)
{
double x = 2 * log_binomial(k / 2, p);
x += log_binomial(n - k - l, w - 2 * p);
x = log_binomial(n, w) - x;
return x;
}
double cout_iter(size_t n, size_t k, size_t p, size_t l)
{
double x = binomial(k / 2, p);
const size_t i = static_cast<size_t>(std::log(x) / std::log(2));
double res = 2 * p * (n - k - l) * std::ldexp(x * x, -static_cast<int>(l));
// x <- binomial(k/2,p)*2*(2*l+log[2](binomial(k/2,p)))
x *= 2 * (2 * l + i);
// res <- k*(n-k)/2 +
// binomial(k/2,p)*2*(2*l+log[2](binomial(k/2,p))) +
// 2*p*(n-k-l)*binomial(k/2,p)^2/2^l
res += x + k * ((n - k) / 2.0);
return std::log(res) / std::log(2); // convert to bits
}
double cout_total(size_t n, size_t k, size_t w, size_t p, size_t l)
{
return nb_iter(n, k, w, p, l) + cout_iter(n, k, p, l);
}
double best_wf(size_t n, size_t k, size_t w, size_t p)
{
if(p >= k / 2)
return -1;
double min = cout_total(n, k, w, p, 0);
for(size_t l = 1; l < n - k; ++l)
{
const double lwf = cout_total(n, k, w, p, l);
if(lwf < min)
min = lwf;
else
break;
}
return min;
}
}
size_t mceliece_work_factor(size_t n, size_t t)
{
const size_t k = n - ceil_log2(n) * t;
double min = cout_total(n, k, t, 0, 0); // correspond a p=1
for(size_t p = 0; p != t / 2; ++p)
{
double lwf = best_wf(n, k + 1, t, p);
if(lwf < 0)
break;
min = std::min(min, lwf);
}
return static_cast<size_t>(min);
}
}
|
