# Ciminion Polynomial model
Usage example of the Ciminion polynomial model.

In [1]:
load("Ciminion.sage")
load("Ciminion_polynomial_model.sage")

## Ciminion Instance
Create a Ciminion instance, generate a key and perform an encryption with Ciminion.

In [2]:
ciminion = Ciminion(rounds_C=3,
                    rounds_E=3,
                    info_level=1)

Ciminion parameters
Field: Finite Field of size 170141183460469231731687303715884105773
Rounds_C: 3
Rounds_E: 3
Constants_C: [[14470186132911135630809615057392219482, 27701369472518856574558465703335886337, 29103835629349173926611910501949604505, 71393381862208461199418079381731777388], [7094406292288981304310361600769886359, 54641524966110202635349143727333857382, 104612922291336776403706384653881959209, 82293608114913789480597310708101452029], [98896512153771759479858407791408749547, 32673007850077043718229207132336121461, 445749841547998326523491697001374643, 111143275646131887650445793852661848771]]
Constants_E: [[170099963913782986840978216606593963052, 95165883432637218546375781552585637861, 81500765613750178255422053044406712282, 30708274202592859273872308309636502101], [4037779726317581507598025028520551398, 42121600887619608671379423928145241796, 8460452759954009581916059234534814808, 50024236397128564124487989678053170222], [156667679415448147866194843656371198012, 2858659709

In [3]:
nonce = ciminion.field.random_element()
nonce

22876843475306059084070528330139575859

In [4]:
key = [ciminion.field.random_element(), ciminion.field.random_element()]
key

[125680402828495123579681701131255044988,
 56322037782525130116645900702535971136]

In [5]:
plain = [ciminion.field.random_element(), ciminion.field.random_element()]
plain

[22171118846680906602193666404424955252,
 137174586734253504602855572546498900015]

In [6]:
cipher = ciminion.encrypt(plain, key, nonce)
cipher

[144975568642776780286571230388837727837,
 99324071221543001881937310436432094198]

In [7]:
ciminion.decrypt(cipher, key, nonce) == plain

True

## Ciminion Polynomial model
Generate the Ciminion polynomial model, and compute a DRL Gröbner basis.

In [8]:
polys = generate_Ciminion_polynomials(ciminion=ciminion, plain=plain, cipher=cipher, nonce=nonce)

P = polys[0].parent()

Plaintext: [22171118846680906602193666404424955252, 137174586734253504602855572546498900015]
Nonce: 22876843475306059084070528330139575859
Ciphertext: [144975568642776780286571230388837727837, 99324071221543001881937310436432094198]
Term order: degrevlex


In [9]:
sep = 100 * "-"

for poly in polys:
    print(poly)
    print(sep)

-x_C_1__1 + 22876843475306059084070528330139575859*y_1 + y_2 + 14470186132911135630809615057392219482
----------------------------------------------------------------------------------------------------
-x_C_2__1 + 122105315132033831477183255762000128750*y_1 + 71393381862208461199418079381731777388*y_2 + 50578212947824915658628994033475462196
----------------------------------------------------------------------------------------------------
-x_C_3__1 + 22876843475306059084070528330139575860*y_1 + y_2 + 29103835629349173926611910501949604505
----------------------------------------------------------------------------------------------------
x_C_1__1*x_C_2__1 + x_C_3__1 - x_C_1__2 + 7094406292288981304310361600769886359
----------------------------------------------------------------------------------------------------
82293608114913789480597310708101452029*x_C_1__1*x_C_2__1 + x_C_1__1 + 82293608114913789480597310708101452029*x_C_2__1 + 82293608114913789480597310708101452029*x_C_3__1 - 

In [10]:
gb = ideal(polys).groebner_basis()

In [11]:
sep = 100 * "-"

for poly in gb:
    print(poly)
    print(sep)

y_2^5 + 157242067769709478785975868521311413374*y_2^4*x + 92201003254257556104836460892137900900*y_2^4 + 81712122435814370789490665601594542850*x_E_3__2*y_2^2*x + 69767142342533938134306590776683300537*x_E_3__3*y_2^2*x + 55867934323613952242124018469643398228*y_1*y_2^2*x + 151355656355280679415313903597183809081*y_2^3*x + 132903450761359640551985277027866016002*x_E_3__2*y_2^2 + 90361424412047812986586815910216223193*x_E_3__3*y_2^2 + 105400944024561555763464058336924017888*y_1*y_2^2 + 107546596928297622881155234315265882659*y_2^3 + 45295844948486353407757586520009482592*x_E_3__2*y_1*x + 110120645784559359634979653874797762041*x_E_3__3*y_1*x + 10681305364588679936851273623118976879*x_E_3__2*y_2*x + 108771799341690182061158286750889760400*x_E_3__3*y_2*x + 24822608782363984749234893675359417447*y_1*y_2*x + 32916036944778293700593640078614023129*y_2^2*x + 97675029537773682922726923402010531970*x_E_3__2*y_1 + 11150938835092429501447384329408490587*x_E_3__3*y_1 + 48659176330529362638103676485

## Change Of Term Order
Change to a more efficient DRL term order and recompute the DRL Gröbner basis.

In [12]:
f = efficient_Ciminion_termorder(ciminion, P)
f

Ring morphism:
  From: Multivariate Polynomial Ring in x_C_1__1, x_C_2__1, x_C_3__1, x_C_1__2, x_C_2__2, x_C_3__2, x_E_1__1, x_E_2__1, x_E_3__1, x_E_1__2, x_E_2__2, x_E_3__2, x_E_1__3, x_E_2__3, x_E_3__3, y_1, y_2, x over Finite Field of size 170141183460469231731687303715884105773
  To:   Multivariate Polynomial Ring in y_1, y_2, x_C_1__1, x_C_2__1, x_C_3__1, x_C_1__2, x_C_2__2, x_C_3__2, x_E_1__1, x_E_2__1, x_E_3__1, x_E_1__2, x_E_2__2, x_E_3__2, x_E_1__3, x_E_2__3, x_E_3__3, x over Finite Field of size 170141183460469231731687303715884105773
  Defn: x_C_1__1 |--> x_C_1__1
        x_C_2__1 |--> x_C_2__1
        x_C_3__1 |--> x_C_3__1
        x_C_1__2 |--> x_C_1__2
        x_C_2__2 |--> x_C_2__2
        x_C_3__2 |--> x_C_3__2
        x_E_1__1 |--> x_E_1__1
        x_E_2__1 |--> x_E_2__1
        x_E_3__1 |--> x_E_3__1
        x_E_1__2 |--> x_E_1__2
        x_E_2__2 |--> x_E_2__2
        x_E_3__2 |--> x_E_3__2
        x_E_1__3 |--> x_E_1__3
        x_E_2__3 |--> x_E_2__3
        x_E_3__

In [13]:
gb_f = f(ideal(polys)).groebner_basis()

In [14]:
sep = 100 * "-"

for poly in gb_f:
    print(poly)
    print(sep)

x_C_3__2^2 + 49663648869847368205517505713590999125*x_C_3__2*x_E_3__1 + 37678943645772363308102312485198293744*x_C_3__2*x_E_3__2 + 11455390379155955320440298461017679424*x_C_3__2*x_E_3__3 + 43958663953903612599480931634640563056*x_C_3__2*x + 115859625966841630261577088698139247694*x_C_3__2 + 157152457445487008466633775608729365930*x_E_3__1 + 132837979695017103198327500951764662769*x_E_3__2 + 111868747776879159215883293639778893842*x_E_3__3 + 60573606310736955122961868870877355902*x + 93916858893867986554058554387573370133
----------------------------------------------------------------------------------------------------
x_E_3__1^2 + 35454582001897891533290044727443416421*x_E_3__1*x_E_3__2 + 130219505839668483942664229009262825493*x_E_3__1*x_E_3__3 + 74699861188980680509078284995233486588*x_E_3__1*x + 4746307799305032259417736417806914320*x_C_3__2 + 139611648824163983167230996742107894256*x_E_3__1 + 129302458657113530875525840284274878958*x_E_3__2 + 185207470187754078151353142639677010