
# P.H.A.N.T.O.M. — LWE Intro Notebook

**Goal:** Walk through a minimal Learning With Errors (LWE) encryption/decryption example used in this project, combining math explanations (LaTeX) and runnable Python (your `src/toy_lwe.py`).

> Tip: Run this notebook from the project root so relative imports work, or adjust `sys.path` below.



## Background (Math, at a glance)

We use a very small **toy** LWE scheme (for pedagogy, not security).

Let:
- $q$ be the modulus (prime recommended),
- $n$ be the dimension,
- $\mathbf{s}\in \mathbb{Z}_q^n$ be the secret vector,
- $\mathbf{A}\in \mathbb{Z}_q^n$ be a public random vector,
- $e$ be a small error/noise term (e.g., from $\{-1,0,1\}$),
- $m\in\{0,1\}$ be the message bit.

**Encryption:**
\[
b \equiv \langle \mathbf{A}, \mathbf{s} \rangle + e + m\cdot \left\lfloor \frac{q}{2}\right\rfloor \pmod{q}.
\]
The ciphertext is $c=(\mathbf{A}, b)$.

**Decryption:**
Compute
\[
\text{inner} \equiv b - \langle \mathbf{A}, \mathbf{s} \rangle \pmod{q}.
\]
Then decide $m$ by thresholding:
- If $\text{inner}$ is "close" to $0$, output $0$,
- If $\text{inner}$ is "close" to $\frac{q}{2}$, output $1$.

In this toy version, we use the rule:
\[
\hat m =
\begin{cases}
0 & \text{if } |\text{inner}| < \frac{q}{4} \\
1 & \text{otherwise.}
\end{cases}
\]

> **Security note:** This small-parameter demo is **not secure**. Real schemes (e.g., Kyber) use large dimensions, structured rings, and carefully chosen noise distributions.


In [None]:

# Setup: imports and path adjustments
import os, sys, math, random
import numpy as np

# Make sure to import from project src/ when running from repo root
if "src" not in sys.path:
    sys.path.append("src")

from toy_lwe import ToyLWE  
print("Imported ToyLWE from src/toy_lwe.py")


## Quick demo: encrypt/decrypt one bit

In [None]:

# Reproducibility
np.random.seed(42)

crypto = ToyLWE(n=4, q=97)
m = 1
ct = crypto.encrypt(m)
dec = crypto.decrypt(ct)

print("Message m:", m)
print("Ciphertext (A, b):", ct)
print("Decrypted:", dec)
assert dec in (0,1)


## Encrypt/decrypt both bits (0 and 1)

In [None]:

for bit in [0,1]:
    ct = crypto.encrypt(bit)
    dec = crypto.decrypt(ct)
    print(f"m={bit}  ->  dec={dec}  |  ct={ct}")



## Threshold intuition

We examine how the decryption rule works by inspecting `inner = (b - <A, s>) mod q`.

If `inner` is near `0`, we decode `0`; if it's near `q/2`, we decode `1`.


In [None]:

def inner_value(crypto, ct):
    A, b = ct
    return int((b - np.dot(A, crypto.s)) % crypto.q)

# Inspect a few samples
samples = []
for bit in [0,1]:
    rows = []
    for _ in range(10):
        ct = crypto.encrypt(bit)
        inn = inner_value(crypto, ct)
        rows.append((bit, inn))
    samples.extend(rows)

print("bit  inner")
for bit, inn in samples:
    print(f"{bit:3d}  {inn:5d}")


## Monte Carlo: decryption reliability at toy parameters

In [None]:

def trial_accuracy(crypto, trials=500):
    ok = 0
    for _ in range(trials):
        m = np.random.randint(0,2)
        ct = crypto.encrypt(m)
        dec = crypto.decrypt(ct)
        ok += int(dec == m)
    return ok / trials

acc = trial_accuracy(ToyLWE(n=4, q=97), trials=1000)
print(f"Toy accuracy over 1000 trials: {acc:.3f}")



## (Optional) Visualize inner-term distribution

This plot helps see how `inner` clusters near `0` (for `m=0`) vs near `q/2` (for `m=1`).


In [None]:

import matplotlib.pyplot as plt

def sample_inners(crypto, bit, N=500):
    xs = []
    for _ in range(N):
        ct = crypto.encrypt(bit)
        xs.append(inner_value(crypto, ct))
    return xs

crypto = ToyLWE(n=4, q=97)
xs0 = sample_inners(crypto, 0, N=500)
xs1 = sample_inners(crypto, 1, N=500)

plt.figure()
plt.hist(xs0, bins=20, alpha=0.6, label="m=0")
plt.hist(xs1, bins=20, alpha=0.6, label="m=1")
plt.title("Toy LWE: inner-term distribution (q=97)")
plt.xlabel("inner value")
plt.ylabel("count")
plt.legend()
plt.show()



## Parameter sensitivity (exercise)

Try changing:
- `n` (dimension),
- `q` (modulus),
- the noise distribution in `ToyLWE.encrypt`.

Observe effects on accuracy and speed. Document your findings here.



## References
- Regev, O. (2005). *On lattices, learning with errors, random linear codes, and cryptography.*
- NIST PQC project: https://csrc.nist.gov/projects/post-quantum-cryptography
- Kyber (CRYSTALS) spec for practical parameters and KEM structure.
