In [1]:
R=RealField(1000)

In [2]:
def prob_tilde(n,w,w_r):
    ptilde = R(0)
    for l in range(1,min(w,w_r)+1,2):
        ptilde += binomial(n,l)*binomial(n-l,w-l)*binomial(n-w,w_r-l)
    ptilde /= binomial(n,w)*binomial(n,w_r)
    return ptilde

def prob_xor_to_one(p1,p2):
    return p1*(1-p2) + (1-p1)*p2

def prob_star(n,w,w_r,w_e):
    p_tilde = prob_tilde(n,w,w_r)
    p_star = prob_xor_to_one(2*p_tilde*(1-p_tilde),w_e/n)
    return p_star

def prob_star_new(n,w,w_r,w_e):
    # x*r2 - y*r1 + e
    w_h = n//512
    p_xr2 = prob_tilde(n,w,w_r)
    p_yr1 = prob_tilde(n,w,w_h)
    p_star = prob_xor_to_one(prob_xor_to_one(p_xr2,p_yr1),w_h/n)
    
    return p_star

def calculate_A_w(w, n, di):
    di_half = di // 2 
    
    term1 = binomial(n, w)
    
    part1 = R(1)/2 * 255 * binomial(di, di_half) * binomial(di, w - di_half)
    
    part2_sum = sum(binomial(di, j) * binomial(di, w - j) for j in range(di_half + 1, di + 1))
    part2 = 255 * part2_sum

    factor3 = R(1)/2 * binomial(255,2)
    part3_sum = sum(binomial(di_half, j)**3 * binomial(di_half, w - di + j) for j in range(di_half + 1)) 
    part3 = factor3 * part3_sum

    term2 = part1 + part2 + part3

    return min(term1, term2)

def calculate_pi(n, p, di):
    p = R(p) 
    
    di_half = di // 2

    pi_value = sum(calculate_A_w(w, n, di) * p**w * (1 - p)**(n - w) for w in range(di_half, n + 1))
    
    return pi_value

def DFR(n,w,w_r,w_e,n1,k1,d1,n2,k2,d2,ty='old'):
    
    if ty == 'old':
        p=prob_star(n,w,w_r,w_e)
    else:
        p=prob_star_new(n,w,w_r,w_e)
    
    #p=prob_star_new(n,66,75,75)

    p_internal=calculate_pi(n2,p,d2)
    
    p_fail = R(0)
    for i in range(d1+1,n1+1):
        p_fail += binomial(n1,i)*p_internal**i*(1-p_internal)**(n1-i)
    #print('DFR',log(p_fail,2))
    return log(p_fail,2)

def security(n,w):
    rate=1/2
    o1 = log(binomial(n,w)^2 / binomial(2*n,2*w))
    return 2*w*log(1-rate)*(1+o1) - 1/2*log(n,2)

In [3]:
n=17699
w=66
w_r=75
w_e=75
n1=46
k1=16
d1=15
n2=384
k2=8
d2=192
print('DFR',DFR(n,w,w_r,w_e,n1,k1,d1,n2,k2,d2))
print('sec',security(n,w).n())

DFR -133.859310618647599739792099898182495865423448482792922232518844355219479624931667566780151026360088570826302242766744780841886206403149738424533756271091762311260466486490458144201164719859296546821088678247694674691668298164467198642726942608356665258064923488401947431758311388904301423589999390823
sec 145.487158284644


In [4]:
para_128 = {
    'security': 128,
    'n': 17699,       
    'w': 66,          
    'w_r': 75,        
    'w_e': 75,        
    'n1': 46,         
    'k1': 16,         
    'd1': 15,         
    'n2': 384,        
    'k2': 8,          
    'd2': 192,        
}

para_192 = {
    'security': 192,
    'n': 35851,       
    'w': 100,          
    'w_r': 114,        
    'w_e': 114,        
    'n1': 56,         
    'k1': 24,         
    'd1': 16,         
    'n2': 640,        
    'k2': 8,          
    'd2': 320,        
}


para_256 = {
    'security': 256,
    'n': 57637,       
    'w': 131,          
    'w_r': 149,        
    'w_e': 149,        
    'n1': 90,         
    'k1': 32,         
    'd1': 29,         
    'n2': 640,        
    'k2': 8,          
    'd2': 320,        
}


paras_old = [para_128,para_192,para_256]

In [5]:
for para in paras_old:
    n=para['n']
    w=para['w']
    w_r=para['w_r']
    w_e=para['w_e']
    n1=para['n1']
    k1=para['k1']
    d1=para['d1']
    n2=para['n2']
    k2=para['k2']
    d2=para['d2']
    print('para - ',para['security'])
    print('DFR',DFR(n,w,w_r,w_e,n1,k1,d1,n2,k2,d2).n())
    print('sec',security(n,w).n())
    print()

para -  128
DFR -133.859310618648
sec 145.487158284644

para -  192
DFR -193.860905430866
sec 252.338079523842

para -  256
DFR -260.597060332184
sec 357.077877649874



In [6]:
def eval(para):
    n=para['n']
    w=para['w']
    w_r=para['w_r']
    w_e=para['w_e']
    n1=para['n1']
    k1=para['k1']
    d1=para['d1']
    n2=para['n2']
    k2=para['k2']
    d2=para['d2']
    #print('para - ',para['security'])
    dfr = DFR(n,w,w_r,w_e,n1,k1,d1,n2,k2,d2,'new').n()
    sec = security(n,w).n()
    #print('DFR',dfr)
    #print('sec',sec)
    #print()
    return dfr, sec

In [7]:
def search_approx(sec,dfr):
    for d1 in range(10,50):
        k = 255-2*d1
        n1 = 255 - (k - sec//8)
        #print(n1,40,d1)
        n=n1*640
        
        if n%512!=0:
            continue
        
        for _w in range(sec//2 - 100, sec //2 ):
            if security(n,_w).n() > sec:
                w=_w
                break
        
        if n1*640/512 < w:
            continue

        para = {
            'security': sec,
            'n': n1*640,       
            'w': w,          
            'w_r': w,        
            'w_e': w,        
            'n1': n1,         
            'k1': sec//8,         
            'd1': d1,         
            'n2': 640,        
            'k2': 8,          
            'd2': 320,        
        }

        print('running') 
        _dfr,_sec = eval(para)
        if _sec < sec or _dfr > dfr:
            continue
        
        print(para)
        print(_dfr,_sec)
        return 


search_approx(320,-192)       
search_approx(512,-256)       

running
{'security': 320, 'n': 64000, 'w': 121, 'w_r': 121, 'w_e': 121, 'n1': 100, 'k1': 40, 'd1': 30, 'n2': 640, 'k2': 8, 'd2': 320}
-986.164577423995 322.526312313005
running
{'security': 512, 'n': 89600, 'w': 175, 'w_r': 175, 'w_e': 175, 'n1': 140, 'k1': 64, 'd1': 38, 'n2': 640, 'k2': 8, 'd2': 320}
-313.684263255499 514.458068822527


In [8]:
para_320 = {'security': 320, 'n': 64037, 'w': 121, 'w_r': 121, 'w_e': 121, 'n1': 100, 'k1': 40, 'd1': 30, 'n2': 640, 'k2': 8, 'd2': 320}
para_512 = {'security': 512, 'n': 89917, 'w': 175, 'w_r': 175, 'w_e': 175, 'n1': 140, 'k1': 64, 'd1': 38, 'n2': 640, 'k2': 8, 'd2': 320}


print(eval(para_320))
print(eval(para_512))

(-987.598185054184, 322.525987196550)
(-313.684263255499, 514.458068822527)


In [9]:
F = GF(2)
R.<x> = PolynomialRing(F)

st = 640 * 255

for n in range(st,st+1000):
    if not is_prime(n):
        continue

In [10]:
st = 89600

def find_irr(st):
    F = GF(2)
    R.<x> = PolynomialRing(F)



    found = False

    from multiprocessing import Pool, Event
    stop_event = Event()


    def check_irreducible(n):  
        if stop_event.is_set():
            return None
        print('running', n, flush=True)
        poly = (x^n - 1)//(x-1)
        if poly.is_irreducible():
            print('Found',n)
            stop_event.set()
            return (n, True)
        return None


    primes = prime_range(st, st + 640)

    with Pool(15) as pool:
        results = pool.map(check_irreducible, primes)

runningrunningrunningrunningrunning runningrunningrunningrunningrunningrunning runningrunningrunningrunning89627        89653    
 896038967189659897798968989759898338979789819
89891898498991789899












running 89839
running 89681
running 89867
running 89939
running 89897
running 89963
running 89657
running 89809
running 89669
Found 89917


KeyboardInterrupt: 