# Hydra Polynomial Model
Usage example of the Hydra polynomial system.

In [1]:
load("Hydra.sage")
load("Hydra_polynomial_model.sage")

## Hydra Instance
Create a Hydra instance, generate a master key a nonce and a key stream.

In [2]:
hydra = Hydra(rounds_head=5,
              info_level=1)

Hydra parameters
Field: Finite Field of size 170141183460469231731687303715884105773
Rounds body E_1: 2
Rounds body E_2: 4
Rounds body I: 42
Rounds head: 5
d: 3
Matrix body E:
[3 2 1 1]
[1 3 2 1]
[1 1 3 2]
[2 1 1 3]
Matrix body I:
[1 1 1 1]
[1 4 1 1]
[3 1 3 1]
[4 1 1 2]
Matrix rolling function:
[1 1 1 1|0 0 0 0]
[1 4 1 1|0 0 0 0]
[3 1 3 1|0 0 0 0]
[4 1 1 2|0 0 0 0]
[-------+-------]
[0 0 0 0|1 1 1 1]
[0 0 0 0|1 4 1 1]
[0 0 0 0|3 1 3 1]
[0 0 0 0|4 1 1 2]
Matrix head:
[3 1 1 1 1 1 1 1]
[7 3 1 1 1 1 1 1]
[4 1 4 1 1 1 1 1]
[3 1 1 8 1 1 1 1]
[7 1 1 1 7 1 1 1]
[8 1 1 1 1 5 1 1]
[5 1 1 1 1 1 2 1]
[4 1 1 1 1 1 1 6]
Constants body: [[49024927860254018216788808518680984165, 158125741580361658473313638276718015202, 56095141829245115114361896875140078935, 92611707900700939288412035066444314305], [155614800510313934146876691642903368265, 13879749550067221830459948623586794779, 139781560745056902178059488540582133149, 86352889247634943303407603005618891292], [29288054493532507168290656245673605557, 

In [3]:
nonce = hydra.field.random_element()
nonce

65735075998969621247932939079881117457

In [4]:
key = [hydra.field.random_element() for i in range(0, 4)]
key

[109015739266688632312055641183283700615,
 49794808691873611122769595944795628930,
 11673267293906885117920456853182142599,
 169078446058065675333183366568703802078]

In [5]:
out = hydra.key_stream(nonce, key, samples=2)
out

[169050871054602969171003297653766812487,
 25955870848382503348871547103500210490,
 21488623716426116744298734536544624099,
 68403987656951398213426571200626716536,
 37381851592679411606657606990786768941,
 109270768409330923016960844452883201954,
 53603638153467819351133276224035316132,
 141153656472790190161531806897051819644,
 149344232115098928190403532871287261378,
 143576744105409004048752433071394185573,
 82236109488074730073771209686948065390,
 46283289952862709470711302062794158840,
 111349552801270460572100806513615235051,
 162859180920773227914403006820155577134,
 124667860563471742429200307405319306721,
 112853448831701433661686799132089604111]

## Hydra Polynomial model
Generate the Hydra polynomial model, and compute a DRL Gröbner basis.

In [6]:
polys = generate_Hydra_polynomials_m_samples(hydra=hydra, nonce=nonce, samples=out)

In [7]:
sep = 100 * "-"

for poly in polys:
    print(poly)
    print(sep)

10*y_b1^2 + 20*y_b1*y_b2 + 10*y_b2^2 + 20*y_b1*y_b3 + 20*y_b2*y_b3 + 10*y_b3^2 + 20*y_b1*y_b4 + 20*y_b2*y_b4 + 20*y_b3*y_b4 + 10*y_b4^2 + 170141183460469231731687303715884105753*y_b1*z_b1 + 170141183460469231731687303715884105753*y_b2*z_b1 + 170141183460469231731687303715884105753*y_b3*z_b1 + 170141183460469231731687303715884105753*y_b4*z_b1 + 10*z_b1^2 + 170141183460469231731687303715884105753*y_b1*z_b2 + 170141183460469231731687303715884105753*y_b2*z_b2 + 170141183460469231731687303715884105753*y_b3*z_b2 + 170141183460469231731687303715884105753*y_b4*z_b2 + 20*z_b1*z_b2 + 10*z_b2^2 + 170141183460469231731687303715884105753*y_b1*z_b3 + 170141183460469231731687303715884105753*y_b2*z_b3 + 170141183460469231731687303715884105753*y_b3*z_b3 + 170141183460469231731687303715884105753*y_b4*z_b3 + 20*z_b1*z_b3 + 20*z_b2*z_b3 + 10*z_b3^2 + 170141183460469231731687303715884105753*y_b1*z_b4 + 170141183460469231731687303715884105753*y_b2*z_b4 + 170141183460469231731687303715884105753*y_b3*z_b4 + 1

In [8]:
gb = ideal(polys).groebner_basis()

Usually, the Gröbner basis is linear.
I.e., one can read of the key from the Gröbner basis.

In [9]:
sep = 100 * "-"

for poly in gb:
    print(poly)
    print(sep)

y_b1 + 57612877108760956442079412986941424810
----------------------------------------------------------------------------------------------------
y_b2 + 144672978905651010578309505303821110764
----------------------------------------------------------------------------------------------------
y_b3 + 92845813085899835392798046074012256369
----------------------------------------------------------------------------------------------------
y_b4 + 150391482908036251191795001223467328434
----------------------------------------------------------------------------------------------------
z_b1 + 20574660741036386921987273809524432161
----------------------------------------------------------------------------------------------------
z_b2 + 62103474432803961894609918458601897624
----------------------------------------------------------------------------------------------------
z_b3 + 145026409236280825069203958203503475916
---------------------------------------------------------------------

In [10]:
gb[-4:]

[k_b1 + 61125444193780599419631662532600405158, k_b2 + 120346374768595620608917707771088476843, k_b3 + 158467916166562346613766846862701963174, k_b4 + 1062737402403556398503937147180303695]

In [11]:
-vector(key)

(61125444193780599419631662532600405158, 120346374768595620608917707771088476843, 158467916166562346613766846862701963174, 1062737402403556398503937147180303695)