# Ciminion_2 Polynomial model
Usage example of the Ciminion_2 polynomial model.

In [1]:
load("Ciminion_2.sage")
load("Ciminion_2_polynomial_model.sage")

## Ciminion_2 Instance
Create a Ciminion_2 instance, generate a key and perform an encryption with Ciminion_2.

In [2]:
ciminion_2 = Ciminion_2(rounds_C=3,
                        rounds_E=3,
                        info_level=1)

Ciminion_2 parameters
Field: Finite Field of size 170141183460469231731687303715884105773
Rounds_C: 3
Rounds_E: 3
Constants_C: [[106105053473155726958191338563125505049, 150713889181775907934375412334074899281, 133699875237676528951794803747873528570, 149958123433642253821926116777191902090], [102275630663498976596130402129965525810, 146512357805533081756718758639473791620, 153229115374420459319018761378622015825, 106483229541092890388661322781641171255], [51704159856209491097125173254280869617, 103545653981622026287361312456294380688, 159096124088609853425820197562671441865, 118117526673512697910594148089534642521]]
Constants_E: [[67952016968065368272762384591284757391, 131674591623243759328804090912363267289, 85011893807615727715784339410401316585, 123603398202403387996682608456063683402], [117831274575202162470440897412267624453, 34001909524550660468808290432059431406, 23300246847513356246673491776323918260, 60332413888878418384648939538363018361], [904014991267987868598129152451391

In [3]:
nonce = ciminion_2.field.random_element()
nonce

158099161457803129651570798030386942495

In [4]:
key = [ciminion_2.field.random_element(), ciminion_2.field.random_element()]
key

[75426595321191424536954126412305633415,
 88586436037912615891252594674508796580]

In [5]:
plain = [ciminion_2.field.random_element(), ciminion_2.field.random_element()]
plain

[120995191936846753026239005268825922742,
 29682962244412978952398529050353745673]

In [6]:
cipher = ciminion_2.encrypt(plain, key, nonce)
cipher

[44413450383968369274839230332845279880,
 159764154895601514468871437202433781597]

In [7]:
ciminion_2.decrypt(cipher, key, nonce) == plain

True

In [8]:
polys = generate_Ciminion_2_polynomials(ciminion_2=ciminion_2, plain=plain, cipher=cipher)

P = polys[0].parent()

Plaintext: [120995191936846753026239005268825922742, 29682962244412978952398529050353745673]
Nonce: 93919431589512155656320695247772185430
Ciphertext: [44413450383968369274839230332845279880, 159764154895601514468871437202433781597]
Term order: degrevlex


In [9]:
gb = ideal(polys).groebner_basis()

In [10]:
sep = 100 * "-"

for el in gb:
    print(el)
    print(sep)

y_2^5 + 5389657042384614020420481509900293143*y_2^4*x + 21402757353956571891881448466237778596*y_2^4 + 51516735360384425164119825003340758438*x_E_3__2*y_2^2*x + 7524503674700543096778989187843848400*x_E_3__3*y_2^2*x + 64259868772826103347994502757864936236*y_1*y_2^2*x + 90633382338386752769277659133812701131*y_2^3*x + 97451301032055459390603755813522515180*x_E_3__2*y_2^2 + 110284534492129510104478324824383386928*x_E_3__3*y_2^2 + 93600479356033683442025759918854631980*y_1*y_2^2 + 35010521015421158949622095129540591121*y_2^3 + 117649125449178078331668489339289137077*x_E_3__2*y_1*x + 59906288245336954302352444581741032475*x_E_3__3*y_1*x + 4868177908656102749751474487813241701*x_E_3__2*y_2*x + 44968856945563084657834988043797413247*x_E_3__3*y_2*x + 48269268520505073998121320961493088257*y_1*y_2*x + 92574071997995513733247051450744361888*y_2^2*x + 118957401029682082022481026829671433714*x_E_3__2*y_1 + 75912056030340614044478544652395020761*x_E_3__3*y_1 + 811603696264244109590672605700842028

## Change Of Term Order
Change to a more efficient DRL term order and recompute the DRL Gröbner basis.

In [11]:
f = efficient_Ciminion_2_termorder(ciminion_2, P)
f

Ring morphism:
  From: Multivariate Polynomial Ring in x_C_1__1, x_C_2__1, x_C_3__1, x_C_1__2, x_C_2__2, x_C_3__2, x_E_1__1, x_E_2__1, x_E_3__1, x_E_1__2, x_E_2__2, x_E_3__2, x_E_1__3, x_E_2__3, x_E_3__3, y_1, y_2, x over Finite Field of size 170141183460469231731687303715884105773
  To:   Multivariate Polynomial Ring in y_1, y_2, x_C_1__1, x_C_2__1, x_C_3__1, x_C_1__2, x_C_2__2, x_C_3__2, x_E_1__1, x_E_2__1, x_E_3__1, x_E_1__2, x_E_2__2, x_E_3__2, x_E_1__3, x_E_2__3, x_E_3__3, x over Finite Field of size 170141183460469231731687303715884105773
  Defn: x_C_1__1 |--> x_C_1__1
        x_C_2__1 |--> x_C_2__1
        x_C_3__1 |--> x_C_3__1
        x_C_1__2 |--> x_C_1__2
        x_C_2__2 |--> x_C_2__2
        x_C_3__2 |--> x_C_3__2
        x_E_1__1 |--> x_E_1__1
        x_E_2__1 |--> x_E_2__1
        x_E_3__1 |--> x_E_3__1
        x_E_1__2 |--> x_E_1__2
        x_E_2__2 |--> x_E_2__2
        x_E_3__2 |--> x_E_3__2
        x_E_1__3 |--> x_E_1__3
        x_E_2__3 |--> x_E_2__3
        x_E_3__

In [12]:
gb_f = f(ideal(polys)).groebner_basis()

In [13]:
sep = 100 * "-"

for poly in gb_f:
    print(poly)
    print(sep)

x_C_3__2^2 + 147155965689827675077400857104740425824*x_C_3__2*x_E_3__1 + 169359937577862505513677826161979449746*x_C_3__2*x_E_3__2 + 80770330555275836180231655162315304109*x_C_3__2*x_E_3__3 + 67760487782144712579432097489789597433*x_C_3__2*x + 4137235130730876972888200265314466726*x_C_3__2 + 14523363819602216665667701643491273006*x_E_3__1 + 6869374123684153778450153284604641998*x_E_3__2 + 42917470811830263130970257038700587892*x_E_3__3 + 20684412756884802533392611410268584749*x + 167367902343003824990435651237724198487
----------------------------------------------------------------------------------------------------
x_E_3__1^2 + 38957621537573271038520522709336333492*x_E_3__1*x_E_3__2 + 94470236708545822887687907026257209735*x_E_3__1*x_E_3__3 + 127770012837043006141281618397051160156*x_E_3__1*x + 40820275110323419084174959849917978040*x_C_3__2 + 87389171952312095707242000493350383836*x_E_3__1 + 27175481325819611393072133437762615284*x_E_3__2 + 78283445627764786728823734110688860047*x