Hybrid-dual speed

[bencrts]

hybrid-dual is a bit slow after the move to make MATZOV techniques default, e.g.:

sage: %time LWE.dual_hybrid(schemes.CHHS_4096_67)
CPU times: user 10.3 s, sys: 124 ms, total: 10.4 s
Wall time: 10.8 s
rop: ≈2^198.3, red: ≈2^198.3, guess: ≈2^193.5, β: 585, p: 2, ζ: 0, t: 175, β': 589, N: ≈2^119.6, m: ≈2^12.0

sage: %time LWE.dual_hybrid(schemes.TFHE1024)
CPU times: user 11.8 s, sys: 170 ms, total: 12 s
Wall time: 12 s
rop: ≈2^122.0, red: ≈2^121.9, guess: ≈2^118.1, β: 318, p: 2, ζ: 10, t: 85, β': 331, N: ≈2^68.6, m: 1024

sage: %time LWE.dual_hybrid(schemes.SEAL22_32768)
CPU times: user 15.6 s, sys: 202 ms, total: 15.8 s
Wall time: 15.8 s
rop: ≈2^125.9, red: ≈2^125.9, guess: ≈2^105.5, β: 313, p: 3, ζ: 0, t: 55, β': 345, N: ≈2^59.6, m: ≈2^15.0

Changing the max blocksize to 1754 (RC.ADPS16(1754,1754) ~ 512, I think we made this change somewhere else as well), and increasing the step-size from 5 to 10 in the searches increases things reasonably.

sage: %time LWE.dual_hybrid(schemes.CHHS_4096_67)
CPU times: user 4.52 s, sys: 46.3 ms, total: 4.57 s
Wall time: 4.67 s
rop: ≈2^198.6, red: ≈2^198.6, guess: ≈2^188.4, β: 586, p: 2, ζ: 0, t: 170, β': 590, N: ≈2^119.2, m: ≈2^12.0

sage: %time LWE.dual_hybrid(schemes.TFHE1024)
CPU times: user 3.38 s, sys: 31.5 ms, total: 3.41 s
Wall time: 3.41 s
rop: ≈2^122.2, red: ≈2^122.1, guess: ≈2^117.9, β: 319, p: 2, ζ: 0, t: 100, β': 332, N: ≈2^68.5, m: 1024

sage: %time LWE.dual_hybrid(schemes.SEAL22_32768)
CPU times: user 4.47 s, sys: 73.9 ms, total: 4.55 s
Wall time: 4.7 s
rop: ≈2^125.9, red: ≈2^125.9, guess: ≈2^97.4, β: 313, p: 3, ζ: 0, t: 50, β': 345, N: ≈2^61.1, m: ≈2^15.0

Maybe there's a better way to cut the search space without degrading the estimates, I'll leave this as a draft and see if I can think of anything.

[bencrts]

The tests don't seem too bad to me, will fix them now. Open for suggestions on how to do this better.

[malb]

yeah, I think this approach makes sense

[bencrts]

Ok! I'll sort out the tests.

[bencrts]

Have updated tests and they all pass now.

[bencrts]

@malb since you previously gave the OK I will just merge this PR myself now -- let me know if you prefer that I don't do this.