# MiMC Solving Degree For Attack With All Field Equations
Empirical solving degree for increasing round numbers of MiMC together with all field equations.

Primes: $p \in \{ 5, 11 \}$.

Round numbers: $r \in \{ 3, 4, 5 \}$.

In [1]:
from lazard_gb_algorithm import *
load("MiMC.sage")
load("utilities.sage")

## p = 5, r = 3

In [2]:
p = 5
field = GF(p, "a")

rounds = 3

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 5
r: 3
Constants: [0, 1, 2]

Plain: 3
Key: 2
Cipher: 3

y^3 - y^2 - x_1 + 2*y + 2
x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - 2*x_1^2 + x_1*y - 2*y^2 - 2*x_1 - x_2 - 2*y + 1
x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 + x_2^2 + 2*x_2*y + y^2 + 2*x_2 - 2*y


In [3]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, y over Finite Field of size 5
Input polynomials:
[y^3 - y^2 - x_1 + 2*y + 2, x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - 2*x_1^2 + x_1*y - 2*y^2 - 2*x_1 - x_2 - 2*y + 1, x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 + x_2^2 + 2*x_2*y + y^2 + 2*x_2 - 2*y, x_1^5 - x_1, x_2^5 - x_2, y^5 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.08628678321838379
Computing Macaulay matrix.
Time needed: 2.1457672119140625e-06
Performing Gaussian Elimination.
Time needed: 0.00024008750915527344
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.017948150634765625
Computing Macaulay matrix.
Time needed: 1.6689300537109375e-06
Performing Gaussian Elimination.
Time needed: 0.00015783309936523438
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.001111745834350586
Computing Macaulay matrix.
Time needed: 9.5367431640625e-07
Performing Gaussian Eliminati

[y^2 + 1, x_1 - y + 2, x_2 + 2*y - 1]

In [4]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-5)⊕S(-5)⊕S(-5) <-- S(-8)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9) <-- S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-10)⊕S(-11) <-- 0

In [5]:
cm_regularity(res)

7

## p = 5, r = 4

In [6]:
p = 5
field = GF(p, "a")

rounds = 4

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 5
r: 4
Constants: [3, 1, 1, 1]

Plain: 1
Key: 0
Cipher: 3

y^3 + 2*y^2 - x_1 - 2*y - 1
x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - 2*x_1^2 + x_1*y - 2*y^2 - 2*x_1 - x_2 - 2*y + 1
x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 - 2*x_2^2 + x_2*y - 2*y^2 - 2*x_2 - x_3 - 2*y + 1
x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 - 2*x_3^2 + x_3*y - 2*y^2 - 2*x_3 - y - 2


In [7]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, y over Finite Field of size 5
Input polynomials:
[y^3 + 2*y^2 - x_1 - 2*y - 1, x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - 2*x_1^2 + x_1*y - 2*y^2 - 2*x_1 - x_2 - 2*y + 1, x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 - 2*x_2^2 + x_2*y - 2*y^2 - 2*x_2 - x_3 - 2*y + 1, x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 - 2*x_3^2 + x_3*y - 2*y^2 - 2*x_3 - y - 2, x_1^5 - x_1, x_2^5 - x_2, x_3^5 - x_3, y^5 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0010652542114257812
Computing Macaulay matrix.
Time needed: 1.9073486328125e-06
Performing Gaussian Elimination.
Time needed: 0.00015354156494140625
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0030841827392578125
Computing Macaulay matrix.
Time needed: 3.0994415283203125e-06
Performing Gaussian Elimination.
Time needed: 0.0002465248107910156
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 

[y^2 - 2*y, x_1 - y + 1, x_2 - 2*y, x_3 - y - 1]

In [8]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-5)⊕S(-5)⊕S(-5)⊕S(-5) <-- S(-8)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-7)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-10)⊕S(-10)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-10) <-- S(-10)⊕S(-10)⊕S(-10)⊕S

In [9]:
cm_regularity(res)

9

## p = 5, r = 5

In [10]:
p = 5
field = GF(p, "a")

rounds = 5

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 5
r: 5
Constants: [4, 3, 0, 0, 0]

Plain: 3
Key: 1
Cipher: 1

y^3 + y^2 - x_1 + 2*y - 2
x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - x_1^2 - 2*x_1*y - y^2 + 2*x_1 - x_2 + 2*y + 2
x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 - x_3
x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 - x_4
x_4^3 - 2*x_4^2*y - 2*x_4*y^2 + y^3 + y - 1


In [11]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, x_4, y over Finite Field of size 5
Input polynomials:
[y^3 + y^2 - x_1 + 2*y - 2, x_1^3 - 2*x_1^2*y - 2*x_1*y^2 + y^3 - x_1^2 - 2*x_1*y - y^2 + 2*x_1 - x_2 + 2*y + 2, x_2^3 - 2*x_2^2*y - 2*x_2*y^2 + y^3 - x_3, x_3^3 - 2*x_3^2*y - 2*x_3*y^2 + y^3 - x_4, x_4^3 - 2*x_4^2*y - 2*x_4*y^2 + y^3 + y - 1, x_1^5 - x_1, x_2^5 - x_2, x_3^5 - x_3, x_4^5 - x_4, y^5 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0006506443023681641
Computing Macaulay matrix.
Time needed: 1.9073486328125e-06
Performing Gaussian Elimination.
Time needed: 8.916854858398438e-05
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0014717578887939453
Computing Macaulay matrix.
Time needed: 2.384185791015625e-06
Performing Gaussian Elimination.
Time needed: 0.00018525123596191406
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.0015282630920410156


[x_3^2 + x_3 - 2,
 x_3*y - x_3 - y + 1,
 y^2 - 2*x_3 - 2*y + 2,
 x_1 + 2*x_3 + 2*y,
 x_2 + 2*x_3 + y + 2,
 x_4 + 2*y - 1]

In [12]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-5)⊕S(-5)⊕S(-5)⊕S(-5)⊕S(-5) <-- S(-8)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-7)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-8)⊕S(-9)⊕S(-9) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)

In [13]:
cm_regularity(res)

11

## p = 11, r = 3

In [14]:
p = 11
field = GF(p, "a")

rounds = 3

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 11
r: 3
Constants: [2, 6, 9]

Plain: 3
Key: 10
Cipher: 7

y^3 + 4*y^2 - x_1 - 2*y + 4
x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 4*x_1^2 + 3*x_1*y - 4*y^2 - 2*x_1 - x_2 - 2*y - 4
x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 5*x_2^2 - x_2*y + 5*y^2 + x_2 + 2*y - 4


In [15]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, y over Finite Field of size 11
Input polynomials:
[y^3 + 4*y^2 - x_1 - 2*y + 4, x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 4*x_1^2 + 3*x_1*y - 4*y^2 - 2*x_1 - x_2 - 2*y - 4, x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 5*x_2^2 - x_2*y + 5*y^2 + x_2 + 2*y - 4, x_1^11 - x_1, x_2^11 - x_2, y^11 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0006194114685058594
Computing Macaulay matrix.
Time needed: 1.430511474609375e-06
Performing Gaussian Elimination.
Time needed: 0.00012373924255371094
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0011105537414550781
Computing Macaulay matrix.
Time needed: 1.9073486328125e-06
Performing Gaussian Elimination.
Time needed: 0.0002086162567138672
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2
Time needed: 0.0010061264038085938
Computing Macaulay matrix.
Time needed: 9.5367431640625e-07
Performing Gaussia

[x_1 + 2, x_2 - 5, y + 1]

In [16]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-11)⊕S(-11)⊕S(-11) <-- S(-6)⊕S(-6)⊕S(-6)⊕S(-13)⊕S(-13)⊕S(-13)⊕S(-13)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14) <-- S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-9)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15) <-- S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16) <-- 0

In [17]:
cm_regularity(res)

13

## p = 11, r = 4

In [18]:
p = 11
field = GF(p, "a")

rounds = 4

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 11
r: 4
Constants: [4, 6, 8, 5]

Plain: 2
Key: 7
Cipher: 3

y^3 - 4*y^2 - x_1 - 2*y - 4
x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 4*x_1^2 + 3*x_1*y - 4*y^2 - 2*x_1 - x_2 - 2*y - 4
x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 2*x_2^2 + 4*x_2*y + 2*y^2 + 5*x_2 - x_3 + 5*y - 5
x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 + 4*x_3^2 - 3*x_3*y + 4*y^2 - 2*x_3 - y + 1


In [19]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, y over Finite Field of size 11
Input polynomials:
[y^3 - 4*y^2 - x_1 - 2*y - 4, x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 4*x_1^2 + 3*x_1*y - 4*y^2 - 2*x_1 - x_2 - 2*y - 4, x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 2*x_2^2 + 4*x_2*y + 2*y^2 + 5*x_2 - x_3 + 5*y - 5, x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 + 4*x_3^2 - 3*x_3*y + 4*y^2 - 2*x_3 - y + 1, x_1^11 - x_1, x_2^11 - x_2, x_3^11 - x_3, y^11 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0006384849548339844
Computing Macaulay matrix.
Time needed: 1.1920928955078125e-06
Performing Gaussian Elimination.
Time needed: 8.177757263183594e-05
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0009214878082275391
Computing Macaulay matrix.
Time needed: 1.430511474609375e-06
Performing Gaussian Elimination.
Time needed: 0.00043702125549316406
Is Groebner Basis: False

--- Degree 2 ---
Computing all monomials up to degree: 2


[x_2^2 + 2*x_2 - y - 3,
 x_2*y - 4*x_2 - y - 1,
 y^2 - 5*x_2 - 4*y - 4,
 x_1 + 2*x_2 + 4*y - 1,
 x_3 + 3*y - 4]

In [20]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-11)⊕S(-11)⊕S(-11)⊕S(-11) <-- S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14) <-- S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-

In [21]:
cm_regularity(res)

14

## p = 11, r = 5

In [22]:
p = 11
field = GF(p, "a")

rounds = 5

mimc = MiMC(field=field, rounds=rounds)

print("")

plain = field.random_element()
key = field.random_element()
cipher = mimc.encryption(plain, key)
print("Plain:", plain)
print("Key:", key)
print("Cipher:", cipher)

polys = mimc.generate_polynomials(plain, cipher, info_level=0)
polys_h = [poly.homogenize() for poly in polys]
I = ideal(polys)
variables = polys[0].parent().gens()
fes = [var**field.order() - var for var in variables]
fes_h = [fe.homogenize() for fe in fes]

print("")

for poly in polys:
    print(poly)

MiMC Parameters
Field: Finite Field of size 11
r: 5
Constants: [4, 3, 8, 9, 0]

Plain: 7
Key: 1
Cipher: 6

y^3 - x_1
x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 2*x_1^2 - 4*x_1*y - 2*y^2 + 5*x_1 - x_2 + 5*y + 5
x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 2*x_2^2 + 4*x_2*y + 2*y^2 + 5*x_2 - x_3 + 5*y - 5
x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 + 5*x_3^2 - x_3*y + 5*y^2 + x_3 - x_4 + y + 3
x_4^3 + 3*x_4^2*y + 3*x_4*y^2 + y^3 + y + 5


In [23]:
lazard_gb_algorithm(polys + fes)

Ring: Multivariate Polynomial Ring in x_1, x_2, x_3, x_4, y over Finite Field of size 11
Input polynomials:
[y^3 - x_1, x_1^3 + 3*x_1^2*y + 3*x_1*y^2 + y^3 - 2*x_1^2 - 4*x_1*y - 2*y^2 + 5*x_1 - x_2 + 5*y + 5, x_2^3 + 3*x_2^2*y + 3*x_2*y^2 + y^3 + 2*x_2^2 + 4*x_2*y + 2*y^2 + 5*x_2 - x_3 + 5*y - 5, x_3^3 + 3*x_3^2*y + 3*x_3*y^2 + y^3 + 5*x_3^2 - x_3*y + 5*y^2 + x_3 - x_4 + y + 3, x_4^3 + 3*x_4^2*y + 3*x_4*y^2 + y^3 + y + 5, x_1^11 - x_1, x_2^11 - x_2, x_3^11 - x_3, x_4^11 - x_4, y^11 - y]

--- Degree 0 ---
Computing all monomials up to degree: 0
Time needed: 0.0005729198455810547
Computing Macaulay matrix.
Time needed: 1.1920928955078125e-06
Performing Gaussian Elimination.
Time needed: 7.510185241699219e-05
Is Groebner Basis: False

--- Degree 1 ---
Computing all monomials up to degree: 1
Time needed: 0.0010304450988769531
Computing Macaulay matrix.
Time needed: 1.1920928955078125e-06
Performing Gaussian Elimination.
Time needed: 0.00012755393981933594
Is Groebner Basis: False

--- Degr

[x_4^2 + 3*x_4 - 5*y - 5,
 x_4*y - 2*x_4 - y + 3,
 y^2 - 2*x_4 - 4*y - 4,
 x_1 - x_4 + 1,
 x_2 + 3*x_4 + 1,
 x_3 - 4*x_4 + 5*y - 5]

In [24]:
res = ideal(polys_h + fes_h).graded_free_resolution(algorithm="minimal")
res

S(0) <-- S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-3)⊕S(-11)⊕S(-11)⊕S(-11)⊕S(-11)⊕S(-11) <-- S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-6)⊕S(-15)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-14)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15)⊕S(-15) <-- S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-9)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕S(-16)⊕

In [25]:
cm_regularity(res)

15