# Building the set of inequations for LP solving based on good signatures

## (given the knowledge of $t_0$ )
-------------------------

## Libraries Used
------------------------

Below choose the solver to use between `scipy` and `lpsolve`                                                               

In [None]:
%run -i ../Helper_functions.py

- If `scipy` is used, the inequalities extracted from the signatures are represented a matrix/vector form, such as: 

$\hspace{30pt}\min cx$  
such that $Ax \leq b$  
$\hspace{30pt}l \leq x \leq u$  

The matrix A and the vectors b and c are stored in a `.npz` file.

- If `lpsolve` is used, the inequalities extracted from the signatures are stored in this representation in an `lp` file:


/* Objective function */  
$\min$: ;  

/* Constraints */  
$a_{0, 0}x_0 + \cdots + a_{0, 255}x_0 \leq b_{0}$  
$a_{1, 0}x_0 + \cdots + a_{1, 255}x_0 \geq b_{0}$  
$\hspace{40pt}\cdots $  

/* Variable bounds */  
$-l_{0} \leq x_{0} \leq u_{0};$  
$\hspace{20pt}\cdots $  

/* Integer definitions */  
int $x_{0}, \cdots, x_{255} $

In [None]:
# Set the number of keys tested for the attack, the same as for ./PQCgenKAT_Sign_Modified
NB_Keys_tested = 1

# Set the number of keys tested for the attack, the same as for ./PQCgenSign_keyKAT
TOTAL_NB_Signs = 1250000

In [None]:
# We create the folder with where the .lp files will be stored 
dir_lps = f"{os.path.abspath(os.path.join(__file__ ,'..'))}/Lps"
if not os.path.exists(dir_lps):
    os.mkdir(dir_lps)

if not os.path.exists(f"{dir_lps}/Dilithium{dilithium.MODE}"):
    os.mkdir(f"{dir_lps}/Dilithium{dilithium.MODE}")
    
dir_lps = f"{dir_lps}/Dilithium{dilithium.MODE}"

In [None]:
PK, SK = open_pk_sk(NB_Keys_tested)

In [None]:
%%time
# PK: dict containing the number the pks from the KAT file
# SK: dict containing the number the sks from the KAT file
for key_targeted in range(NB_Keys_tested):
    SIGNS_filtered = open_signs_filtered(key_targeted, TOTAL_NB_Signs)
    
    # Open corresponding pk/sk 
    pk, sk = PK[key_targeted], SK[key_targeted]
    
    rho, t1 = dilithium.unpack_pk(pk)
    
    Antt = dilithium.polyvec_matrix_expand(rho)
    A = dilithium.Antt2Aintt(Antt)

    # Just to compare to the correct values, we unpack the sk
    _, Key, tr, s1, s2, t0 = dilithium.unpack_sk(sk)
    
    ######################### LP file Managing Process #######################
    lps_file_name = f"{dir_lps}/sk_{key_targeted}"
    number_of_inequalities = [0]*dilithium.K
    if SOLVER == "scipy":
        LPs = [[] for _ in range(dilithium.K)]
        Bounds = [[] for _ in range(dilithium.K)]
        C = [0 for _ in range(dilithium.N)]
    elif SOLVER == "lpsolve":  
        LPs = []
        for i in range(dilithium.K):
            lp = Lp(dilithium.N)
            lp.set_verbose(lps.IMPORTANT)
            lp.set_obj_fn([0]*dilithium.N)
            LPs.append(lp)
    else:
        raise ValueError(f"Solver {SOLVER}, used is incorrect")
    total_count = 0
    ######################### LP file Managing Process #######################
    
    for sign_id, infos in SIGNS_filtered.items():
        polynomial_index, coefficient_index = infos['index']//dilithium.N, infos['index']%dilithium.N
        
        r1, r0, c = dilithium.compute_Az_minus_ct(infos["sign"], infos["msg"], pk, Antt, t1, t0)

        ineq_line = [(mult_xi(c, i = i_))[coefficient_index] for i_ in range(dilithium.N)]

        if infos["neg"] == 1:
            diff_ =  1
        else:
            diff_ = -1
           
        bound = diff_*dilithium.GAMMA2 - r0[polynomial_index][coefficient_index]

        if bound >= 0:         
            if SOLVER == "scipy":
                ineq_line = [-elem_ for elem_ in ineq_line]
                bound *= -1
                Bounds[polynomial_index].append(bound)
                LPs[polynomial_index].append(ineq_line)
            elif SOLVER == "lpsolve":
                LPs[polynomial_index].add_constraint(ineq_line, lps.GE, bound)
            else:
                raise ValueError(f"Solver {SOLVER}, used is incorrect")

        elif bound < 0:
            if SOLVER == "scipy":
                Bounds[polynomial_index].append(bound)
                LPs[polynomial_index].append(ineq_line)
            elif SOLVER == "lpsolve":
                LPs[polynomial_index].add_constraint(ineq_line, lps.LE, bound)
            else:
                raise ValueError(f"Solver {SOLVER}, used is incorrect")
                
        
        number_of_inequalities[polynomial_index] += 1 
        total_count += 1
    
        if total_count%500 == 0:
            print(f"{number_of_inequalities}:{total_count}:{TOTAL_NB_Signs}", end = "\r")
                                
    if SOLVER == "scipy":
        for i in range(dilithium.K):
            np.savez_compressed(f"{lps_file_name}_poly{i}", A=LPs[i], b=Bounds[i], c=C )
    elif SOLVER == "lpsolve":
        for i in range(dilithium.K):
            LPs[i].write_lp(f"{lps_file_name}_poly{i}.lp".encode())        
    else:
        raise ValueError(f"Solver {SOLVER}, used is incorrect")
    

In [None]:
if SOLVER == "lpsolve":
    free_all_lps()