# MiMC Solving Degree For Attack With All Field Equations
Empirical solving degree for increasing round numbers of MiMC together with all field equations.

Primes: $p \in \{ 5, 11 \}$.

Round numbers: $r \in \{ 3, 4, 5 \}$.

In [1]:
from lazard_gb_algorithm import *
load("MiMC.sage")
load("utilities.sage")

## p = 5, r = 3

In [2]:
p = 5
field = GF(p, "a")

rounds = 3

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 5
r: 3
Constants: [3, 4, 4]

Plain: 3
Key: 0
Cipher: 4

y^3 - 2*y^2 - x_1 - 2*y + 1
x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 + 2*x_1^2 - x_1*y + 2*y^2 - 2*x_1 - x_2 - 2*y - 1
x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 + 2*x_2^2 - x_2*y + 2*y^2 - 2*x_2 - y


In [3]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, y over Finite Field of size 5
Input polynomials:
[y^3 - 2*y^2 - x_1 - 2*y + 1, x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 + 2*x_1^2 - x_1*y + 2*y^2 - 2*x_1 - x_2 - 2*y - 1, x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 + 2*x_2^2 - x_2*y + 2*y^2 - 2*x_2 - y, x_1^5 - x_1, x_2^5 - x_2, y^5 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.11740589141845703
Computing Macaulay matrix.
Time needed: 2.384185791015625e-06
Performing Gaussian Elimination.
Time needed: 0.000324249267578125
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.030722618103027344
Computing Macaulay matrix.
Time needed: 2.384185791015625e-06
Performing Gaussian Elimination.
Time needed: 0.0001823902130126953
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.0020694732666015625
Computing Macaulay matrix.
Time needed: 2.1457672119140625e-06
Performing Gaussian Eliminat

[y^3 - 2*y^2 + x_2 - y, x_2^2 - 2*x_2, x_2*y - 2*y, x_1 + x_2 + y - 1]

In [4]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-5)⊕S(-5)⊕S(-5) <-- S(-8)⊕S(-6)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-8)⊕S(-8)⊕S(-8) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9) <-- S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-11) <-- 0

In [5]:
cm_regularity(res)

7

## p = 5, r = 4

In [6]:
p = 5
field = GF(p, "a")

rounds = 4

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 5
r: 4
Constants: [4, 0, 4, 2]

Plain: 3
Key: 2
Cipher: 0

y^3 + y^2 - x_1 + 2*y - 2
x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - x_2
x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 + 2*x_2^2 - x_2*y + 2*y^2 - 2*x_2 - x_3 - 2*y - 1
x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 + x_3^2 + 2*x_3*y + y^2 + 2*x_3 - 2*y - 2


In [7]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, y over Finite Field of size 5
Input polynomials:
[y^3 + y^2 - x_1 + 2*y - 2, x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - x_2, x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 + 2*x_2^2 - x_2*y + 2*y^2 - 2*x_2 - x_3 - 2*y - 1, x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 + x_3^2 + 2*x_3*y + y^2 + 2*x_3 - 2*y - 2, x_1^5 - x_1, x_2^5 - x_2, x_3^5 - x_3, y^5 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0008931159973144531
Computing Macaulay matrix.
Time needed: 2.384185791015625e-06
Performing Gaussian Elimination.
Time needed: 0.00012731552124023438
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.002139568328857422
Computing Macaulay matrix.
Time needed: 2.384185791015625e-06
Performing Gaussian Elimination.
Time needed: 0.00022459030151367188
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.0018966197967529297
Computing Macaulay matr

[x_1 + 1, x_2 - 1, x_3 + 2, y - 2]

In [8]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-5)⊕S(-5)⊕S(-5)⊕S(-5) <-- S(-8)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-7)⊕S(-7)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-10)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9

In [9]:
cm_regularity(res)

9

## p = 5, r = 5

In [10]:
p = 5
field = GF(p, "a")

rounds = 5

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 5
r: 5
Constants: [0, 4, 0, 3, 3]

Plain: 1
Key: 3
Cipher: 4

y^3 - 2*y^2 - x_1 - 2*y + 1
x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 + 2*x_1^2 - x_1*y + 2*y^2 - 2*x_1 - x_2 - 2*y - 1
x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 - x_3
x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 - x_3^2 - 2*x_3*y - y^2 + 2*x_3 - x_4 + 2*y + 2
x_4^3 - 2*x_4^2*y - 2*x_4*y^2 + y^3 - x_4^2 - 2*x_4*y - y^2 + 2*x_4 - 2*y - 2


In [11]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, x_4, y over Finite Field of size 5
Input polynomials:
[y^3 - 2*y^2 - x_1 - 2*y + 1, x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 + 2*x_1^2 - x_1*y + 2*y^2 - 2*x_1 - x_2 - 2*y - 1, x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 - x_3, x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 - x_3^2 - 2*x_3*y - y^2 + 2*x_3 - x_4 + 2*y + 2, x_4^3 - 2*x_4^2*y - 2*x_4*y^2 + y^3 - x_4^2 - 2*x_4*y - y^2 + 2*x_4 - 2*y - 2, x_1^5 - x_1, x_2^5 - x_2, x_3^5 - x_3, x_4^5 - x_4, y^5 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0011591911315917969
Computing Macaulay matrix.
Time needed: 2.86102294921875e-06
Performing Gaussian Elimination.
Time needed: 0.00014019012451171875
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0020203590393066406
Computing Macaulay matrix.
Time needed: 2.6226043701171875e-06
Performing Gaussian Elimination.
Time needed: 0.0002613067626953125
Is Groebner Basis: False

--- Degree

[x_1 + 1, x_2 - 1, x_3 + 1, x_4, y + 2]

In [12]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-5)⊕S(-5)⊕S(-5)⊕S(-5)⊕S(-5) <-- S(-8)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-7)⊕S(-7)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-9)⊕S(-9) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)

In [13]:
cm_regularity(res)

11

## p = 11, r = 3

In [14]:
p = 11
field = GF(p, "a")

rounds = 3

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 11
r: 3
Constants: [8, 3, 10]

Plain: 7
Key: 4
Cipher: 4

y^3 + y^2 - x_1 + 4*y - 2
x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 2*x_1^2 - 4*x_1*y - 2*y^2 + 5*x_1 - x_2 + 5*y + 5
x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 - 3*x_2^2 + 5*x_2*y - 3*y^2 + 3*x_2 + 4*y - 5


In [15]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, y over Finite Field of size 11
Input polynomials:
[y^3 + y^2 - x_1 + 4*y - 2, x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 2*x_1^2 - 4*x_1*y - 2*y^2 + 5*x_1 - x_2 + 5*y + 5, x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 - 3*x_2^2 + 5*x_2*y - 3*y^2 + 3*x_2 + 4*y - 5, x_1^11 - x_1, x_2^11 - x_2, y^11 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.006737232208251953
Computing Macaulay matrix.
Time needed: 3.0994415283203125e-06
Performing Gaussian Elimination.
Time needed: 0.0031898021697998047
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.015495061874389648
Computing Macaulay matrix.
Time needed: 1.9073486328125e-06
Performing Gaussian Elimination.
Time needed: 0.0006608963012695312
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.0025832653045654297
Computing Macaulay matrix.
Time needed: 2.86102294921875e-06
Performing Gaussi

[x_1 + 5, x_2 + 3, y - 4]

In [16]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-11)⊕S(-11)⊕S(-11) <-- S(-6)⊕S(-6)⊕S(-6)⊕S(-13)⊕S(-13)⊕S(-13)⊕S(-13)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14) <-- S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-9)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15) <-- S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16) <-- 0

In [17]:
cm_regularity(res)

13

## p = 11, r = 4

In [18]:
p = 11
field = GF(p, "a")

rounds = 4

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 11
r: 4
Constants: [4, 2, 0, 7]

Plain: 5
Key: 1
Cipher: 1

y^3 + 5*y^2 - x_1 + y + 3
x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 5*x_1^2 + x_1*y - 5*y^2 + x_1 - x_2 + y - 3
x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 - x_3
x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 - x_3^2 - 2*x_3*y - y^2 + 4*x_3 + 5*y + 1


In [19]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, y over Finite Field of size 11
Input polynomials:
[y^3 + 5*y^2 - x_1 + y + 3, x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 5*x_1^2 + x_1*y - 5*y^2 + x_1 - x_2 + y - 3, x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 - x_3, x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 - x_3^2 - 2*x_3*y - y^2 + 4*x_3 + 5*y + 1, x_1^11 - x_1, x_2^11 - x_2, x_3^11 - x_3, y^11 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0007596015930175781
Computing Macaulay matrix.
Time needed: 1.6689300537109375e-06
Performing Gaussian Elimination.
Time needed: 0.00010347366333007812
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0012156963348388672
Computing Macaulay matrix.
Time needed: 1.6689300537109375e-06
Performing Gaussian Elimination.
Time needed: 0.00017213821411132812
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.0015056133270263672
Computing Macaulay 

[y^2 - 1, x_1 - 2*y + 3, x_2 - 3*y - 5, x_3 - y - 2]

In [20]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-11)⊕S(-11)⊕S(-11)⊕S(-11) <-- S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14) <-- S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-

In [21]:
cm_regularity(res)

14

## p = 11, r = 5

In [22]:
p = 11
field = GF(p, "a")

rounds = 5

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 11
r: 5
Constants: [5, 10, 8, 3, 4]

Plain: 2
Key: 5
Cipher: 7

y^3 - y^2 - x_1 + 4*y + 2
x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 3*x_1^2 + 5*x_1*y - 3*y^2 + 3*x_1 - x_2 + 3*y - 1
x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 2*x_2^2 + 4*x_2*y + 2*y^2 + 5*x_2 - x_3 + 5*y - 5
x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 - 2*x_3^2 - 4*x_3*y - 2*y^2 + 5*x_3 - x_4 + 5*y + 5
x_4^3 + 3*x_4^2*y + 3*x_4*y^2 + y^3 + x_4^2 + 2*x_4*y + y^2 + 4*x_4 + 5*y + 2


In [23]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, x_4, y over Finite Field of size 11
Input polynomials:
[y^3 - y^2 - x_1 + 4*y + 2, x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 3*x_1^2 + 5*x_1*y - 3*y^2 + 3*x_1 - x_2 + 3*y - 1, x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 2*x_2^2 + 4*x_2*y + 2*y^2 + 5*x_2 - x_3 + 5*y - 5, x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 - 2*x_3^2 - 4*x_3*y - 2*y^2 + 5*x_3 - x_4 + 5*y + 5, x_4^3 + 3*x_4^2*y + 3*x_4*y^2 + y^3 + x_4^2 + 2*x_4*y + y^2 + 4*x_4 + 5*y + 2, x_1^11 - x_1, x_2^11 - x_2, x_3^11 - x_3, x_4^11 - x_4, y^11 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.000667572021484375
Computing Macaulay matrix.
Time needed: 1.9073486328125e-06
Performing Gaussian Elimination.
Time needed: 8.678436279296875e-05
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0015513896942138672
Computing Macaulay matrix.
Time needed: 1.6689300537109375e-06
Performing Gaussian Elimination.
Time needed: 0.000

[x_1 - 1, x_2 - 4, x_3 + 4, x_4 + 2, y - 5]

In [24]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-11)⊕S(-11)⊕S(-11)⊕S(-11)⊕S(-11) <-- S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-15)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕

In [25]:
cm_regularity(res)

15