# Hydra Polynomial Model Demonstration
Usage example of the Hydra polynomial system.

In [1]:
using Oscar
include("Hydra.jl")
include("Hydra_polynomial_model.jl")



non_linear_variable_substitution_Hydra_polynomial_system (generic function with 1 method)

## Hydra Instance
Create a Hydra instance, generate a master key a nonce and a key stream.

In [2]:
K = GF(10007)
rounds_head = 4
m = 2

hydra = Hydra_constructor(field=K, 
                          rounds_head=rounds_head);

Hydra parameters
Field: Prime field of characteristic 10007
Rounds body E_1: 2
Rounds body E_2: 4
Rounds body I: 42
Rounds head: 4
d: 3
Matrix body E:
[3 2 1 1; 1 3 2 1; 1 1 3 2; 2 1 1 3]
Matrix body I:
[1 1 1 1; 1 4 1 1; 3 1 3 1; 4 1 1 2]
Matrix head:
[3 1 1 1 1 1 1 1; 7 3 1 1 1 1 1 1; 4 1 4 1 1 1 1 1; 3 1 1 8 1 1 1 1; 7 1 1 1 7 1 1 1; 8 1 1 1 1 5 1 1; 5 1 1 1 1 1 2 1; 4 1 1 1 1 1 1 6]
Constants body:
[1909 6423 6551 5438 4613 9197 8882 758 5577 212 1747 1866 3271 4805 4511 3390 2181 598 1175 1147 5865 3151 6515 490 7072 4721 4305 4675 2742 6636 5987 2761 2409 7473 463 8804 6945 304 6405 3419 1136 1581 5792 8985 994 8432 3933 8836; 4533 1074 6957 1218 871 6314 9598 9324 6110 3481 7876 340 7951 1602 4962 6184 9550 6252 2195 3223 9830 1303 103 9133 5392 9218 94 1137 993 8160 1040 9447 4257 4286 6714 1597 1157 7931 1498 274 7437 695 9314 3337 4900 2594 1828 5706; 2055 9836 3263 6623 8190 7225 3575 5288 4537 8506 1518 1874 2963 3666 8935 2319 6028 3708 6935 663 5966 5466 7560 8918 2129 92

In [3]:
nonce = rand(K)

In [4]:
key = matrix(map(x -> rand(K), 1:4))

In [5]:
out = key_stream(nonce, key, hydra, m=m)

16-element Vector{FqFieldElem}:
 586
 3620
 6974
 5155
 1772
 3651
 5171
 9740
 4196
 8967
 7419
 7648
 5772
 9833
 9320
 3974

## Hydra Polynomial model
Generate the Hydra polynomial model, and compute a DRL Gröbner basis.

In [6]:
polys = generate_Hydra_polynomials_m_samples(hydra=hydra, 
                                             nonce=nonce, 
                                             samples=out);

sep = repeat("-", 70)
println(sep)

for i in 1:(2 * rounds_head + 1)
    for j in 1:8
        println(polys[3 * (i - 1) + j])
    end
    println(sep)
end

Nonce: 8904
Number of samples: 2
Samples:
FqFieldElem[586, 3620, 6974, 5155, 1772, 3651, 5171, 9740, 4196, 8967, 7419, 7648, 5772, 9833, 9320, 3974]
Term order: degrevlex
----------------------------------------------------------------------
10*y_b1^2 + 20*y_b1*y_b2 + 10*y_b2^2 + 20*y_b1*y_b3 + 20*y_b2*y_b3 + 10*y_b3^2 + 20*y_b1*y_b4 + 20*y_b2*y_b4 + 20*y_b3*y_b4 + 10*y_b4^2 + 9987*y_b1*z_b1 + 9987*y_b2*z_b1 + 9987*y_b3*z_b1 + 9987*y_b4*z_b1 + 10*z_b1^2 + 9987*y_b1*z_b2 + 9987*y_b2*z_b2 + 9987*y_b3*z_b2 + 9987*y_b4*z_b2 + 20*z_b1*z_b2 + 10*z_b2^2 + 9987*y_b1*z_b3 + 9987*y_b2*z_b3 + 9987*y_b3*z_b3 + 9987*y_b4*z_b3 + 20*z_b1*z_b3 + 20*z_b2*z_b3 + 10*z_b3^2 + 9987*y_b1*z_b4 + 9987*y_b2*z_b4 + 9987*y_b3*z_b4 + 9987*y_b4*z_b4 + 20*z_b1*z_b4 + 20*z_b2*z_b4 + 20*z_b3*z_b4 + 10*z_b4^2 + 3*y_b1 + y_b2 + y_b3 + y_b4 + z_b1 + z_b2 + z_b3 + z_b4 + 10006*x_s1_b1_r1 + k_b1 + 7312
16*y_b1^2 + 32*y_b1*y_b2 + 16*y_b2^2 + 32*y_b1*y_b3 + 32*y_b2*y_b3 + 16*y_b3^2 + 32*y_b1*y_b4 + 32*y_b2*y_b4 + 32*y_b3*y_

In [7]:
gb = groebner_basis_f4(ideal(polys), nr_thrds=16, info_level=2);


Legend for f4 information
--------------------------------------------------------
deg       current degree of pairs selected in this round
sel       number of pairs selected in this round
pairs     total number of pairs in pair list
mat       matrix dimensions (# rows x # columns)
density   density of the matrix
new data  # new elements for basis in this round
          # zero reductions during linear algebra
time(rd)  time of the current f4 round in seconds given
          for real and cpu time
--------------------------------------------------------

deg     sel   pairs        mat          density            new data         time(rd) in sec (real|cpu)
------------------------------------------------------------------------------------------------------
  2      63      64      72 x 357        12.73%       63 new       0 zero         0.15 | 2.27         
  2      10      10     717 x 735         1.15%       10 new       0 zero         0.03 | 0.44         
  3      20      20      66


--------------- INPUT DATA ---------------
#variables                      68
#equations                      72
#invalid equations               0
field characteristic         10007
homogeneous input?               0
signature-based computation      0
monomial order                 DRL
basis hash table resetting     OFF
linear algebra option            2
initial hash table size     131072 (2^17)
max pair selection             ALL
reduce gb                        1
#threads                        16
info level                       2
generate pbm files               0
------------------------------------------

---------------- TIMINGS ----------------
overall(elapsed)        0.46 sec
overall(cpu)            6.89 sec
select                  0.00 sec   0.0%
symbolic prep.          0.00 sec   0.0%
update                  0.00 sec   0.0%
convert                 0.00 sec   0.0%
linear algebra          0.00 sec   0.0%
reduce gb               0.00 sec   0.0%
--------------------------------

In [8]:
gens(gb)[1:4]

4-element Vector{FqMPolyRingElem}:
 k_b4 + 4790
 k_b3 + 6184
 k_b2 + 458
 k_b1 + 3615

In [9]:
-key

### Change Of Coordinates

In [10]:
affine_polys, polys_subs, polys_downsized_subs = non_linear_variable_substitution_Hydra_polynomial_system(hydra, 
                                                                                                          polys, 
                                                                                                          m);

Number of non-linear variables: 6
Number of polynomials in substituted downsized Hydra polynomial system: 10
(x_subs_1^2, ..., x_subs_n^2) contained in leading terms of substituted polynomials: true
All terms of donwiszed polynomial system contained in (x_subs_1, ..., x_subs_n): true


In [11]:
for poly in polys_downsized_subs
    println(poly)
    println(sep)
end

9268*x_subs_i1^2 + 7330*x_subs_i1*x_subs_i2 + 4370*x_subs_i2^2 + 7786*x_subs_i1*x_subs_i3 + 4014*x_subs_i2*x_subs_i3 + 4936*x_subs_i3^2 + 8602*x_subs_i1*x_subs_i4 + 7144*x_subs_i2*x_subs_i4 + 8241*x_subs_i3*x_subs_i4 + 4312*x_subs_i4^2 + 5874*x_subs_i1*x_subs_i5 + 9434*x_subs_i2*x_subs_i5 + 6728*x_subs_i3*x_subs_i5 + 1359*x_subs_i4*x_subs_i5 + 5877*x_subs_i5^2 + 9638*x_subs_i1*x_subs_i6 + 3956*x_subs_i2*x_subs_i6 + 5925*x_subs_i3*x_subs_i6 + 5235*x_subs_i4*x_subs_i6 + 478*x_subs_i5*x_subs_i6 + 1738*x_subs_i6^2 + 2754*x_subs_i1 + 5319*x_subs_i2 + 2990*x_subs_i3 + 1460*x_subs_i4 + 9011*x_subs_i5 + 8676*x_subs_i6 + 9233
----------------------------------------------------------------------
4221*x_subs_i1^2 + 8933*x_subs_i1*x_subs_i2 + 4165*x_subs_i2^2 + 3370*x_subs_i1*x_subs_i3 + 5318*x_subs_i2*x_subs_i3 + 5931*x_subs_i3^2 + 165*x_subs_i1*x_subs_i4 + 5932*x_subs_i2*x_subs_i4 + 1531*x_subs_i3*x_subs_i4 + 327*x_subs_i4^2 + 2306*x_subs_i1*x_subs_i5 + 4607*x_subs_i2*x_subs_i5 + 8782*x_subs_i3

In [12]:
gb = groebner_basis_f4(ideal(affine_polys) + ideal(polys_subs) + ideal(polys_downsized_subs), nr_thrds=16, info_level=2);


Legend for f4 information
--------------------------------------------------------
deg       current degree of pairs selected in this round
sel       number of pairs selected in this round
pairs     total number of pairs in pair list
mat       matrix dimensions (# rows x # columns)
density   density of the matrix
new data  # new elements for basis in this round
          # zero reductions during linear algebra
time(rd)  time of the current f4 round in seconds given
          for real and cpu time
--------------------------------------------------------

deg     sel   pairs        mat          density            new data         time(rd) in sec (real|cpu)
------------------------------------------------------------------------------------------------------
  2       4       4      10 x 28         57.14%        4 new       0 zero         0.02 | 0.31         
  3      12      12      69 x 83         17.11%       12 new       0 zero         0.04 | 0.56         
  3      24      41      81


--------------- INPUT DATA ---------------
#variables                      74
#equations                      78
#invalid equations               0
field characteristic         10007
homogeneous input?               0
signature-based computation      0
monomial order                 DRL
basis hash table resetting     OFF
linear algebra option            2
initial hash table size     131072 (2^17)
max pair selection             ALL
reduce gb                        1
#threads                        16
info level                       2
generate pbm files               0
------------------------------------------

---------------- TIMINGS ----------------
overall(elapsed)        0.30 sec
overall(cpu)            4.37 sec
select                  0.00 sec   0.0%
symbolic prep.          0.00 sec   0.0%
update                  0.00 sec   0.0%
convert                 0.00 sec   0.0%
linear algebra          0.00 sec   0.0%
reduce gb               0.00 sec   0.0%
--------------------------------

In [13]:
gens(gb)[2 * rounds_head - 1:2 * rounds_head + 2]

4-element Vector{FqMPolyRingElem}:
 k_b4 + 4790
 k_b3 + 6184
 k_b2 + 458
 k_b1 + 3615

In [14]:
-key