# Hydra Polynomial Model Demonstration

In [1]:
load("Hydra.sage")
load("Hydra_polynomial_model.sage")

## Hydra Instance

In [2]:
field = GF(101)
rounds_body_E_1 = 2
rounds_body_E_2 = 2
rounds_body_I = 2
rounds_head = 4

hydra = Hydra(field=field, 
              rounds_body_E_1=rounds_body_E_1,
              rounds_body_E_2=rounds_body_E_2,
              rounds_body_I=rounds_body_I, 
              rounds_head=rounds_head)

Hydra parameters
Field: Finite Field of size 101
Rounds body E_1: 2
Rounds body E_2: 2
Rounds body I: 2
Rounds head: 4
d: 3
Matrix body E:
[3 2 1 1]
[1 3 2 1]
[1 1 3 2]
[2 1 1 3]
Matrix body I:
[1 1 1 1]
[1 4 1 1]
[3 1 3 1]
[4 1 1 2]
Matrix rolling function:
[1 1 1 1|0 0 0 0]
[1 4 1 1|0 0 0 0]
[3 1 3 1|0 0 0 0]
[4 1 1 2|0 0 0 0]
[-------+-------]
[0 0 0 0|1 1 1 1]
[0 0 0 0|1 4 1 1]
[0 0 0 0|3 1 3 1]
[0 0 0 0|4 1 1 2]
Matrix head:
[3 1 1 1 1 1 1 1]
[7 3 1 1 1 1 1 1]
[4 1 4 1 1 1 1 1]
[3 1 1 8 1 1 1 1]
[7 1 1 1 7 1 1 1]
[8 1 1 1 1 5 1 1]
[5 1 1 1 1 1 2 1]
[4 1 1 1 1 1 1 6]
Constants body: [[62, 12, 62, 94], [77, 26, 73, 78], [1, 62, 13, 95], [0, 14, 64, 78], [34, 9, 52, 4], [72, 25, 62, 49]]
Constants head: [[98, 10, 45, 71, 1, 3, 14, 98], [81, 71, 39, 13, 13, 68, 49, 51], [92, 89, 51, 32, 38, 8, 80, 20], [82, 33, 75, 76, 54, 80, 16, 40]]
Initial value: (0, 0, 0, 0)


In [3]:
nonce = hydra.field.random_element()
nonce

75

In [4]:
key = [hydra.field.random_element() for i in range(0, 4)]
key

[78, 73, 43, 7]

In [5]:
m = 2
out = hydra.key_stream(nonce, key, samples=m)
out

[64, 44, 97, 69, 94, 29, 32, 17, 54, 71, 48, 48, 5, 68, 95, 61]

## Hydra Polynomial Model

In [6]:
polys = generate_Hydra_polynomials_m_samples(hydra=hydra, 
                                             nonce=nonce, 
                                             samples=out)

In [7]:
sep = 100 * "-"

for i in range(0, 2 * hydra.rounds_head + 1):
    for j in range(0, 8):
        print(polys[8 * i + j])
    print(sep)

10*y_b1^2 + 20*y_b1*y_b2 + 10*y_b2^2 + 20*y_b1*y_b3 + 20*y_b2*y_b3 + 10*y_b3^2 + 20*y_b1*y_b4 + 20*y_b2*y_b4 + 20*y_b3*y_b4 + 10*y_b4^2 - 20*y_b1*z_b1 - 20*y_b2*z_b1 - 20*y_b3*z_b1 - 20*y_b4*z_b1 + 10*z_b1^2 - 20*y_b1*z_b2 - 20*y_b2*z_b2 - 20*y_b3*z_b2 - 20*y_b4*z_b2 + 20*z_b1*z_b2 + 10*z_b2^2 - 20*y_b1*z_b3 - 20*y_b2*z_b3 - 20*y_b3*z_b3 - 20*y_b4*z_b3 + 20*z_b1*z_b3 + 20*z_b2*z_b3 + 10*z_b3^2 - 20*y_b1*z_b4 - 20*y_b2*z_b4 - 20*y_b3*z_b4 - 20*y_b4*z_b4 + 20*z_b1*z_b4 + 20*z_b2*z_b4 + 20*z_b3*z_b4 + 10*z_b4^2 + 3*y_b1 + y_b2 + y_b3 + y_b4 + z_b1 + z_b2 + z_b3 + z_b4 - x_s1_b1_r1 + k_b1 - 3
16*y_b1^2 + 32*y_b1*y_b2 + 16*y_b2^2 + 32*y_b1*y_b3 + 32*y_b2*y_b3 + 16*y_b3^2 + 32*y_b1*y_b4 + 32*y_b2*y_b4 + 32*y_b3*y_b4 + 16*y_b4^2 - 32*y_b1*z_b1 - 32*y_b2*z_b1 - 32*y_b3*z_b1 - 32*y_b4*z_b1 + 16*z_b1^2 - 32*y_b1*z_b2 - 32*y_b2*z_b2 - 32*y_b3*z_b2 - 32*y_b4*z_b2 + 32*z_b1*z_b2 + 16*z_b2^2 - 32*y_b1*z_b3 - 32*y_b2*z_b3 - 32*y_b3*z_b3 - 32*y_b4*z_b3 + 32*z_b1*z_b3 + 32*z_b2*z_b3 + 16*z_b3^2 - 32*y_

In [8]:
polys = transform_Hydra_polynomial_system(hydra, polys, m)

for i in range(0, 2 * hydra.rounds_head + 1):
    for j in range(0, 8):
        print(polys[8 * i + j])
    print(sep)

y_b1 - z_b4 - 46*x_s1_b1_r1 + 13*x_s1_b2_r1 - 25*x_s1_b3_r1 + 47*x_s1_b4_r1 + 38*x_s1_b5_r1 - 44*x_s1_b6_r1 + 26*x_s1_b7_r1 - 35*x_s1_b8_r1 + 20*k_b1 - 49*k_b2 + 32*k_b3 + 12*k_b4 - 27
y_b2 - z_b4 - 32*x_s1_b1_r1 - 20*x_s1_b2_r1 - 13*x_s1_b3_r1 - 20*x_s1_b4_r1 + 44*x_s1_b5_r1 - 35*x_s1_b6_r1 - 39*x_s1_b7_r1 - 48*x_s1_b8_r1 - 31*k_b1 + 23*k_b2 + 2*k_b3 + 31*k_b4 + 47
y_b3 - z_b4 - 6*x_s1_b1_r1 + 21*x_s1_b2_r1 - 20*x_s1_b3_r1 + 6*x_s1_b4_r1 + 7*x_s1_b5_r1 - 40*x_s1_b6_r1 + 42*x_s1_b7_r1 + 49*x_s1_b8_r1 - 14*k_b1 - 6*k_b2 + 19*k_b3 - 2*k_b4 + 19
y_b4 - z_b4 + 38*x_s1_b1_r1 + 19*x_s1_b2_r1 - 21*x_s1_b3_r1 - 38*x_s1_b4_r1 + 40*x_s1_b5_r1 - 41*x_s1_b6_r1 + 38*x_s1_b7_r1 + 28*x_s1_b8_r1 - 9*k_b1 - 42*k_b2 + 22*k_b3 - 20*k_b4 - 30
z_b1 - z_b4 + 29*x_s1_b1_r1 + 23*x_s1_b2_r1 + 49*x_s1_b3_r1 + 21*x_s1_b4_r1 - 43*x_s1_b5_r1 - 39*x_s1_b6_r1 + 46*x_s1_b7_r1 - 31*x_s1_b8_r1 - 47*k_b1 - 37*k_b2 - 35*k_b3 - 39*k_b4 + 28
z_b2 - z_b4 - 23*x_s1_b1_r1 - 24*x_s1_b2_r1 - 16*x_s1_b3_r1 + 22*x_s1_b4_r1 - 8*x_

In [9]:
affine_polys, polys_subs, polys_downsized_subs = non_linear_variable_substitution_Hydra_polynomial_system(hydra, 
                                                                                                          polys, 
                                                                                                          m, 
                                                                                                          transformed=True)

Number of non-linear variables: 6
Number of polynomials in substituted downsized Hydra polynomial system: 10
(x_subs_1^2, ..., x_subs_n^2) contained in leading terms of substituted polynomials: True
All terms of substituted polynomial system contained in (x_subs_1, ..., x_subs_n): True


In [10]:
for poly in polys_downsized_subs:
    print(poly)

x_subs_1^2 - 40*x_subs_1*x_subs_2 - 4*x_subs_2^2 + 17*x_subs_1*x_subs_3 - 37*x_subs_2*x_subs_3 + 47*x_subs_3^2 - 23*x_subs_1*x_subs_4 - 45*x_subs_2*x_subs_4 - 44*x_subs_3*x_subs_4 + 6*x_subs_4^2 + 3*x_subs_1*x_subs_5 + 41*x_subs_2*x_subs_5 - 25*x_subs_3*x_subs_5 + 16*x_subs_4*x_subs_5 - 23*x_subs_5^2 + 5*x_subs_1*x_subs_6 + x_subs_2*x_subs_6 - 8*x_subs_3*x_subs_6 - 7*x_subs_4*x_subs_6 - 43*x_subs_5*x_subs_6 - 19*x_subs_6^2 - 35*x_subs_1 - 8*x_subs_2 + 5*x_subs_3 + 34*x_subs_4 - 48*x_subs_5 + 14*x_subs_6 + 46
x_subs_1^2 + 8*x_subs_1*x_subs_2 + 16*x_subs_2^2 - 48*x_subs_1*x_subs_3 + 10*x_subs_2*x_subs_3 - 30*x_subs_3^2 - 21*x_subs_1*x_subs_4 + 17*x_subs_2*x_subs_4 - x_subs_3*x_subs_4 - 16*x_subs_4^2 + 37*x_subs_1*x_subs_5 + 47*x_subs_2*x_subs_5 + 21*x_subs_3*x_subs_5 - 35*x_subs_4*x_subs_5 + 14*x_subs_5^2 - 17*x_subs_1*x_subs_6 + 33*x_subs_2*x_subs_6 + 4*x_subs_3*x_subs_6 + 27*x_subs_4*x_subs_6 + 39*x_subs_5*x_subs_6 + 47*x_subs_6^2 + 4*x_subs_1 - 37*x_subs_2 + 6*x_subs_3 - 5*x_subs_4 - 

In [11]:
gb_subs = polys_downsized_subs[2:hydra.rounds_head] + polys_downsized_subs[hydra.rounds_head + 2:]

for poly in gb_subs:
    print(poly)

x_subs_1^2 + 17*x_subs_1 + 19*x_subs_2 - 26*x_subs_3 - 38*x_subs_4 + 36*x_subs_5 + 21*x_subs_6 + 32
x_subs_2^2 - 4*x_subs_1 - 28*x_subs_2 - 21*x_subs_3 + 6*x_subs_4 - 35*x_subs_5 + 37*x_subs_6 + 12
x_subs_3^2 - 4*x_subs_1 - 3*x_subs_2 + 15*x_subs_3 - 35*x_subs_4 - 20*x_subs_5 - 11*x_subs_6 - 44
x_subs_4^2 - 25*x_subs_1 + 2*x_subs_2 + 36*x_subs_3 - 47*x_subs_4 - 37*x_subs_5 - 8*x_subs_6 - 34
x_subs_5^2 + 32*x_subs_1 + 31*x_subs_2 + 36*x_subs_3 + 34*x_subs_4 + 10*x_subs_5 - 3*x_subs_6 + 20
x_subs_6^2 - 7*x_subs_1 - x_subs_2 + 21*x_subs_3 + 18*x_subs_4 - 43*x_subs_5 + 4*x_subs_6 - 38
