# Hydra Polynomial Model
Usage example of the Hydra polynomial system.

In [1]:
load("Hydra.sage")
load("Hydra_polynomial_model.sage")

## Hydra Instance
Create a Hydra instance, generate a master key a nonce and a key stream.

In [2]:
hydra = Hydra(rounds_head=5,
              info_level=1)

Hydra parameters
Field: Finite Field of size 170141183460469231731687303715884105773
Rounds body E_1: 2
Rounds body E_2: 4
Rounds body I: 42
Rounds head: 5
d: 3
Matrix body E:
[3 2 1 1]
[1 3 2 1]
[1 1 3 2]
[2 1 1 3]
Matrix body I:
[1 1 1 1]
[1 4 1 1]
[3 1 3 1]
[4 1 1 2]
Matrix rolling function:
[1 1 1 1|0 0 0 0]
[1 4 1 1|0 0 0 0]
[3 1 3 1|0 0 0 0]
[4 1 1 2|0 0 0 0]
[-------+-------]
[0 0 0 0|1 1 1 1]
[0 0 0 0|1 4 1 1]
[0 0 0 0|3 1 3 1]
[0 0 0 0|4 1 1 2]
Matrix head:
[3 1 1 1 1 1 1 1]
[7 3 1 1 1 1 1 1]
[4 1 4 1 1 1 1 1]
[3 1 1 8 1 1 1 1]
[7 1 1 1 7 1 1 1]
[8 1 1 1 1 5 1 1]
[5 1 1 1 1 1 2 1]
[4 1 1 1 1 1 1 6]
Constants body: [[93339089092206513695756391384580620503, 94187012447992326570979600401792739237, 31313815617041811806942658582837513733, 22335163850853930358922771966765795625], [84525339447056341881330615528985901355, 47781194073526916778550998462539022965, 106223764569007312693864729002931237199, 12989926581728258040500002363326280344], [20078284372415339229074412458230715601, 20

In [3]:
nonce = hydra.field.random_element()
nonce

68480129214101779315171998764310009897

In [4]:
key = [hydra.field.random_element() for i in range(0, 4)]
key

[67918632690738431748432987948310211168,
 92009990875567588290616563961302814526,
 92769203031849542084456947595900320497,
 111404713526454256061332662523219243572]

In [5]:
out = hydra.key_stream(nonce, key, samples=2)
out

[49819401899186180842152698360267856643,
 4378788883337964021475614454031028098,
 43079886832697840537414294809286355443,
 135256467858700231269729936278325614587,
 139368619484787877156509905664564910300,
 47503261312907963554739976348686408727,
 119379456179391598862605202154747727520,
 96513709505401504579048869255457741823,
 124276306776253389519673993067419313939,
 135441692248333520052153114524507142373,
 110296114161788835543129895156680340372,
 62686238702830516913717273305342929567,
 3335588005672307901649274558846190876,
 17822687453096564272458466463502881743,
 6897143791653854742609203927301313369,
 47224480532113569896912220838337708931]

## Hydra Polynomial model
Generate the Hydra polynomial model, and compute a DRL Gröbner basis.

In [6]:
polys = generate_Hydra_polynomials_m_samples(hydra=hydra, nonce=nonce, samples=out)

Nonce: 68480129214101779315171998764310009897
Number of samples: 2
Samples: [49819401899186180842152698360267856643, 4378788883337964021475614454031028098, 43079886832697840537414294809286355443, 135256467858700231269729936278325614587, 139368619484787877156509905664564910300, 47503261312907963554739976348686408727, 119379456179391598862605202154747727520, 96513709505401504579048869255457741823, 124276306776253389519673993067419313939, 135441692248333520052153114524507142373, 110296114161788835543129895156680340372, 62686238702830516913717273305342929567, 3335588005672307901649274558846190876, 17822687453096564272458466463502881743, 6897143791653854742609203927301313369, 47224480532113569896912220838337708931]
Term order: degrevlex


In [7]:
sep = 100 * "-"

for poly in polys:
    print(poly)
    print(sep)

10*y_b1^2 + 20*y_b1*y_b2 + 10*y_b2^2 + 20*y_b1*y_b3 + 20*y_b2*y_b3 + 10*y_b3^2 + 20*y_b1*y_b4 + 20*y_b2*y_b4 + 20*y_b3*y_b4 + 10*y_b4^2 + 170141183460469231731687303715884105753*y_b1*z_b1 + 170141183460469231731687303715884105753*y_b2*z_b1 + 170141183460469231731687303715884105753*y_b3*z_b1 + 170141183460469231731687303715884105753*y_b4*z_b1 + 10*z_b1^2 + 170141183460469231731687303715884105753*y_b1*z_b2 + 170141183460469231731687303715884105753*y_b2*z_b2 + 170141183460469231731687303715884105753*y_b3*z_b2 + 170141183460469231731687303715884105753*y_b4*z_b2 + 20*z_b1*z_b2 + 10*z_b2^2 + 170141183460469231731687303715884105753*y_b1*z_b3 + 170141183460469231731687303715884105753*y_b2*z_b3 + 170141183460469231731687303715884105753*y_b3*z_b3 + 170141183460469231731687303715884105753*y_b4*z_b3 + 20*z_b1*z_b3 + 20*z_b2*z_b3 + 10*z_b3^2 + 170141183460469231731687303715884105753*y_b1*z_b4 + 170141183460469231731687303715884105753*y_b2*z_b4 + 170141183460469231731687303715884105753*y_b3*z_b4 + 1

In [8]:
gb = ideal(polys).groebner_basis()

Usually, the Gröbner basis is linear.
I.e., one can read of the key from the Gröbner basis.

In [9]:
sep = 100 * "-"

for poly in gb:
    print(poly)
    print(sep)

y_b1 + 19612920969215614709408009380368593510
----------------------------------------------------------------------------------------------------
y_b2 + 159156568297641820104959090134613991752
----------------------------------------------------------------------------------------------------
y_b3 + 52065736019130012030803978858787035657
----------------------------------------------------------------------------------------------------
y_b4 + 147313563315893516790621102135831259340
----------------------------------------------------------------------------------------------------
z_b1 + 23550170311293702027433627714757557767
----------------------------------------------------------------------------------------------------
z_b2 + 113944473892080811272010833452799526922
----------------------------------------------------------------------------------------------------
z_b3 + 105100529908301439629281196256655393307
--------------------------------------------------------------------

In [10]:
gb[-4:]

[k_b1 + 102222550769730799983254315767573894605, k_b2 + 78131192584901643441070739754581291247, k_b3 + 77371980428619689647230356119983785276, k_b4 + 58736469934014975670354641192664862201]

In [11]:
-vector(key)

(102222550769730799983254315767573894605, 78131192584901643441070739754581291247, 77371980428619689647230356119983785276, 58736469934014975670354641192664862201)