{"id":20600168,"url":"https://github.com/malb/dgs","last_synced_at":"2026-03-04T23:03:18.920Z","repository":{"id":15025955,"uuid":"17751713","full_name":"malb/dgs","owner":"malb","description":"MIRROR: Discrete Gaussians over the Integers","archived":false,"fork":false,"pushed_at":"2018-06-29T12:58:16.000Z","size":120,"stargazers_count":19,"open_issues_count":2,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-08-25T07:27:04.715Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://bitbucket.org/malb/dgs","language":"C","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"gavinbunney/Toucan","license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/malb.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-03-14T16:02:43.000Z","updated_at":"2025-07-14T19:08:50.000Z","dependencies_parsed_at":"2022-09-16T21:11:45.805Z","dependency_job_id":null,"html_url":"https://github.com/malb/dgs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/malb/dgs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malb%2Fdgs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malb%2Fdgs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malb%2Fdgs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malb%2Fdgs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/malb","download_url":"https://codeload.github.com/malb/dgs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/malb%2Fdgs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30098106,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-04T22:49:54.894Z","status":"ssl_error","status_checked_at":"2026-03-04T22:49:48.883Z","response_time":59,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-16T08:37:13.562Z","updated_at":"2026-03-04T23:03:18.881Z","avatar_url":"https://github.com/malb.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Discrete Gaussians over the Integers #\n\n[![Build Status](https://travis-ci.com/malb/dgs.svg?branch=master)](https://travis-ci.com/malb/dgs) [![Build Status](https://img.shields.io/bitbucket/pipelines/malb/dgs.svg)](https://bitbucket.org/malb/dgs/addon/pipelines/home) \n\n\n\nA discrete Gaussian distribution on the Integers is a distribution where the integer $x$ is sampled with probability proportional to $exp(-(x-c)²/(2σ²))$. It is denoted by $D_{σ,c}$ where `σ` is the width parameter (close to the standard deviation) and $c$ is the center.\n\nThis library samples from this distributions.\n\n**WARNING: This library does not provide constant time implementations. Pull requests welcome.**\n\n## Installation ##\n\nClone this repository then do\n\n    autoreconf -i\n    ./configure\n    make\n    make check\n\n## Algorithms ##\n\nThe library provides two types of algorithms to sample from discrete Gaussians.\n\n### Samplers\n\nThis type of algorithm is useful to produce a large number of samples from the same distribution, i.e. with fixed parameters. The parameters need to be provided during initialization. Available algorithms are:\n\n  - `DGS_DISC_GAUSS_UNIFORM_TABLE` - classical rejection sampling, sampling from the uniform distribution and accepted with probability proportional to $\\exp(-(x-c)²/(2σ²))$ where $\\exp(-(x-c)²/(2σ²))$ is precomputed and stored in a table. Any real-valued `c` is supported.\n\n  - `DGS_DISC_GAUSS_UNIFORM_LOGTABLE` - samples are drawn from a uniform distribution and accepted with probability proportional to $\\exp(-(x-c)²/(2σ²))$ where $\\exp(-(x-c)²/(2σ²))$ is computed using logarithmically many calls to Bernoulli distributions. Only integer-valued $c$ are supported.\n\n  - `DGS_DISC_GAUSS_UNIFORM_ONLINE` - samples are drawn from a uniform distribution and accepted with probability proportional to $\\exp(-(x-c)²/(2σ²))$ where $\\exp(-(x-c)²/(2σ²))$ is computed in each invocation. Typically this is very slow. Any real-valued $c$ is accepted.\n\n  - `DGS_DISC_SIGMA2_LOGTABLE` - samples are drawn from an easily samplable distribution with $σ = k·σ₂$ where $σ₂ := \\sqrt{1/(2\\log 2)}$ and accepted with probability proportional to $\\exp(-(x-c)²/(2σ²))$ where $\\exp(-(x-c)²/(2σ²))$ is computed using logarithmically many calls to Bernoulli distributions (but no calls to $\\exp$). Note that this sampler adjusts sigma to match $σ₂·k$ for some integer $k$. Only integer-valued $c$ are supported.\n\n  - `DGS_DISC_GAUSS_ALIAS` - uses the [alias method](https://en.wikipedia.org/wiki/Alias_method). Setup costs are roughly $σ²$ (as currently implemented) and table sizes linear in $σ$, but sampling is then just a randomized lookup. Any real-valued $c$ is accepted.\n  \n  - `DGS_DISC_GAUSS_CONVOLUTION` - Applies the convolution technique to alias sampling in order to reduce memory overhead and setup cost at the cost of running time. This is suitable for large $σ$. Any real-valued $c$ is accepted.\n    \nAlgorithm 2-4 are described in:\n\n  Léo Ducas, Alain Durmus, Tancrède Lepoint and Vadim Lyubashevsky. *Lattice Signatures and Bimodal Gaussians*; in Advances in Cryptology – CRYPTO 2013; Lecture Notes in Computer Science Volume 8042, 2013, pp 40-56 [(PDF)](http://www.di.ens.fr/~lyubash/papers/bimodal.pdf)\n  \nAlgorithm 6 is described in:\n  \n  Thomas Pöppelmann, Léo Ducas, Tim Güneysu. *Enhanced Lattice-Based Signatures on Reconfigurable Hardware*; in Cryptographic Hardware and Embedded Systems – CHES 2014; Lecture Notes in Computer Science Volume 8731, 2014, pp 353-370 [(PDF)](https://eprint.iacr.org/2014/254.pdf)\n  \n  Daniele Micciancio, Michael Walter. *Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time*; in Advances in Cryptology – CRYPTO 2017; Lecture Notes in Computer Science Volume 10402, 2017, pp 455-485 [(PDF)](https://eprint.iacr.org/2017/259.pdf)\n\n### Randomized rounders\n\nThis type of algorithm is useful to produce samples where the parameters of the discrete Gaussian can change for every query, i.e. the center is randomly rounded to a nearby integer. Parameters are provided for every query. Available algorithms are:\n\n  - `DGS_RROUND_UNIFORM_ONLINE` - essentially the same as the sampler `DGS_DISC_GAUSS_UNIFORM_ONLINE`, where the very little parameter dependent precomputation (upper bounds on samples, etc) is now done online.\n  \n  - `DGS_RROUND_KARNEY` - Karney's algorithm, similar in spirit to the sampler `DGS_DISC_SIGMA2_LOGTABLE`, but without the need to precompute log tables and without restriction on the center.\n  \n  - `DGS_RROUND_CONVOLUTION` - Reduces the rounding problem to the sampling problem and invokes alias sampling.\n  \n  Karney's algorithm is described in:\n  \n  Charles F. F. Karney. *Sampling Exactly from the Normal Distribution*; in ACM Trans. Mathematical Software 42(1), 3:1-14 (Jan. 2016) [(PDF)](https://arxiv.org/pdf/1303.6257)\n  \nThe convolution approach to randomized rounding is described in\n  \n  Daniele Micciancio, Michael Walter. *Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time*; in Advances in Cryptology – CRYPTO 2017; Lecture Notes in Computer Science Volume 10402, 2017, pp 455-485 [(PDF)](https://eprint.iacr.org/2017/259.pdf)\n\n## Precisions ##\n\n- `mp` - multi-precision using [MPFR](http://www.mpfr.org/), cf. `dgs_gauss_mp.c`\n\n- `dp` - double precision using machine doubles, cf. `dgs_gauss_dp.c`.\n\nFor readers unfamiliar with the implemented algorithms it makes sense to start with ``dgs_gauss_dp.c`` which implements the same algorithms as ``dgs_gauss_mp.c`` but should be easier to read.\n\n## Typical usage ##\n\n    dgs_disc_gauss_dp_t *D = dgs_disc_gauss_dp_init(\u003csigma\u003e, \u003cc\u003e, \u003ctau\u003e, \u003calgorithm\u003e);\n    D-\u003ecall(D); // as often as needed\n    dgs_disc_gauss_dp_clear(D);\n\n    dgs_rround_dp_t *D = dgs_rround_dp_init(\u003ctau\u003e, \u003calgorithm\u003e);\n    D-\u003ecall(D, \u003csigma\u003e, \u003cc\u003e); // as often as needed\n    dgs_rround_dp_clear(D);\n\n## Contributors\n\nThe following people have contributed to dgs:\n\n- Martin Albrecht\n- Shai Halevi\n- Michael Walter\n\n## How to cite\n\n\t@unpublished{dgs,\n\t    author = {Martin R. Albrecht and Michael Walter},\n\t    title = {{dgs}, {D}iscrete {G}aussians over the {I}ntegers},\n\t    year = 2018,\n\t    note = {Available at \\url{https://bitbucket.org/malb/dgs}},\n\t    url = {https://bitbucket.org/malb/dgs}\n\t}\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalb%2Fdgs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmalb%2Fdgs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmalb%2Fdgs/lists"}