# Ciminion Polynomial model
Usage example of the Ciminion polynomial model.

In [1]:
load("Ciminion.sage")
load("Ciminion_polynomial_model.sage")

## Ciminion Instance
Create a Ciminion instance, generate a key and perform an encryption with Ciminion.

In [2]:
ciminion = Ciminion(rounds_C=3,
                    rounds_E=3,
                    info_level=1)

Ciminion parameters
Field: Finite Field of size 170141183460469231731687303715884105773
Rounds_C: 3
Rounds_E: 3
Constants_C: [[52015845651148691101445291779399712906, 58026864550229069940706365765754346520, 67031656071842517102223303961237650133, 149486927338408279430352428209658315260], [50702361844675205296735279965232514065, 48521952067459138316167818052713286603, 99315274167790075122068528177862611987, 87633438014590513026997263064672517657], [40384951155485339845480962387447435063, 162000536830871973307372366065368534156, 14416569223801145948695704776234970356, 92181507704982579153776817064054710609]]
Constants_E: [[169496701517338652038327369352529216965, 71748019118839187821574399310717949055, 129125877211794047175924659717850511778, 105055126301658876113132223083108916855], [51582372625391090543566183390798329407, 63589954266578367509528017301934136473, 3439396145964414375137428201046474211, 161741096713036985992371442629603556604], [43646556253144753896173335068849039547, 9999

In [3]:
nonce = ciminion.field.random_element()
nonce

91404797275300413335956217233497941029

In [4]:
key = [ciminion.field.random_element(), ciminion.field.random_element()]
key

[151794645540186270184173139060455981810,
 83734671475817211393489679453371771656]

In [5]:
plain = [ciminion.field.random_element(), ciminion.field.random_element()]
plain

[170100054031009721698322555692743393642,
 14979889045558103538786608368567142060]

In [6]:
cipher = ciminion.encrypt(plain, key, nonce)
cipher

[55770632437424860794100665260108849425,
 38952748463212720629088463274479934366]

In [7]:
ciminion.decrypt(cipher, key, nonce) == plain

True

## Ciminion Polynomial model
Generate the Ciminion polynomial model, and compute a DRL Gröbner basis.

In [8]:
polys = generate_Ciminion_polynomials(ciminion=ciminion, 
                                      nonce=nonce,
                                      plain=plain, 
                                      cipher=cipher)

P = polys[0].parent()

Plaintext: [170100054031009721698322555692743393642, 14979889045558103538786608368567142060]
Nonce: 91404797275300413335956217233497941029
Ciphertext: [55770632437424860794100665260108849425, 38952748463212720629088463274479934366]
Term order: degrevlex


In [9]:
sep = 100 * "-"

for poly in polys:
    print(poly)
    print(sep)

-x_C_1__1 + 91404797275300413335956217233497941029*y_1 + y_2 + 52015845651148691101445291779399712906
----------------------------------------------------------------------------------------------------
-x_C_2__1 + 161884163813610463609351732997728268330*y_1 + 149486927338408279430352428209658315260*y_2 + 149431661825529483276662582999252287549
----------------------------------------------------------------------------------------------------
-x_C_3__1 + 91404797275300413335956217233497941030*y_1 + y_2 + 67031656071842517102223303961237650133
----------------------------------------------------------------------------------------------------
x_C_1__1*x_C_2__1 + x_C_3__1 - x_C_1__2 + 50702361844675205296735279965232514065
----------------------------------------------------------------------------------------------------
87633438014590513026997263064672517657*x_C_1__1*x_C_2__1 + x_C_1__1 + 87633438014590513026997263064672517657*x_C_2__1 + 87633438014590513026997263064672517657*x_C_3__1

In [10]:
gb = ideal(polys).groebner_basis()

In [11]:
sep = 100 * "-"

for poly in gb:
    print(poly)
    print(sep)

y_2^5 + 10818142218451533025707739962186237973*y_2^4*x + 44007420822925824103172139494649911778*y_2^4 + 23916241016464210700305475476553502533*x_E_3__2*y_2^2*x + 15521289824405381548277433255835980729*x_E_3__3*y_2^2*x + 61357029632676436459671366713669944799*y_1*y_2^2*x + 132356186888646009749868128312218893896*y_2^3*x + 35585551231412041941710724232477012200*x_E_3__2*y_2^2 + 34766532043609875067716315623403541346*x_E_3__3*y_2^2 + 151973822269578094419947826500552102024*y_1*y_2^2 + 90588098010438577096742478372730295356*y_2^3 + 47312011719496165272565540565185528906*x_E_3__2*y_1*x + 159998913568226082137644426940056428819*x_E_3__3*y_1*x + 138732286421170494094042528839132412714*x_E_3__2*y_2*x + 44809782674435180648713851520238980277*x_E_3__3*y_2*x + 99390348110475695863940728527442581739*y_1*y_2*x + 24493869655825455607110195740651112945*y_2^2*x + 112945297540683751436230829999359337246*x_E_3__2*y_1 + 48487554970203027556287681493045489516*x_E_3__3*y_1 + 2473666729536621939255495650966

## Change Of Term Order
Change to a more efficient DRL term order and recompute the DRL Gröbner basis.

In [12]:
f = efficient_Ciminion_termorder(ciminion, P)
f

Ring morphism:
  From: Multivariate Polynomial Ring in x_C_1__1, x_C_2__1, x_C_3__1, x_C_1__2, x_C_2__2, x_C_3__2, x_E_1__1, x_E_2__1, x_E_3__1, x_E_1__2, x_E_2__2, x_E_3__2, x_E_1__3, x_E_2__3, x_E_3__3, y_1, y_2, x over Finite Field of size 170141183460469231731687303715884105773
  To:   Multivariate Polynomial Ring in y_1, y_2, x_C_1__1, x_C_2__1, x_C_3__1, x_C_1__2, x_C_2__2, x_C_3__2, x_E_1__1, x_E_2__1, x_E_3__1, x_E_1__2, x_E_2__2, x_E_3__2, x_E_1__3, x_E_2__3, x_E_3__3, x over Finite Field of size 170141183460469231731687303715884105773
  Defn: x_C_1__1 |--> x_C_1__1
        x_C_2__1 |--> x_C_2__1
        x_C_3__1 |--> x_C_3__1
        x_C_1__2 |--> x_C_1__2
        x_C_2__2 |--> x_C_2__2
        x_C_3__2 |--> x_C_3__2
        x_E_1__1 |--> x_E_1__1
        x_E_2__1 |--> x_E_2__1
        x_E_3__1 |--> x_E_3__1
        x_E_1__2 |--> x_E_1__2
        x_E_2__2 |--> x_E_2__2
        x_E_3__2 |--> x_E_3__2
        x_E_1__3 |--> x_E_1__3
        x_E_2__3 |--> x_E_2__3
        x_E_3__

In [13]:
gb_f = f(ideal(polys)).groebner_basis()

In [14]:
sep = 100 * "-"

for poly in gb_f:
    print(poly)
    print(sep)

x_C_3__2^2 + 80498684020941230168438187022108389741*x_C_3__2*x_E_3__1 + 12182092692124288887199601400747222806*x_C_3__2*x_E_3__2 + 20082910431473594724654491128226870037*x_C_3__2*x_E_3__3 + 101814283542884242059581558221112734765*x_C_3__2*x + 119038289038340546406883551085339831797*x_C_3__2 + 112969741944559731069552171785174471199*x_E_3__1 + 85214689403777111175834877603528774168*x_E_3__2 + 140010106408809023484514121930297847689*x_E_3__3 + 56989680529377732060858206672533486036*x + 29686199266386389970334447138658012243
----------------------------------------------------------------------------------------------------
x_E_3__1^2 + 129525616254862893533498322346508504997*x_E_3__1*x_E_3__2 + 122189687745667355605612870687546098467*x_E_3__1*x_E_3__3 + 44964347571642693674048567016107187703*x_E_3__1*x + 24470489953204017420366099263399588142*x_C_3__2 + 92925351337671719162526554655558547837*x_E_3__1 + 165333254228574224449666467794791259205*x_E_3__2 + 51587172991856094450025150761582159