https://github.com/EasyCrypt/easycrypt
Tip revision: 328c0281e3c6fa796120d8d1118a98f4569ccbff authored by Pierre Boutry on 18 January 2022, 18:21:42 UTC
proof of the reduction for GDH_RSR
proof of the reduction for GDH_RSR
Tip revision: 328c028
CCA1.eca
(* --------------------------------------------------------------------
* Copyright (c) - 2012--2016 - IMDEA Software Institute
* Copyright (c) - 2012--2021 - Inria
* Copyright (c) - 2012--2021 - Ecole Polytechnique
*
* Distributed under the terms of the CeCILL-B-V1 license
* -------------------------------------------------------------------- *)
require import Bool Core.
require (*--*) DBool NewSKE.
clone include NewSKE.
module type CCA1 = {
proc enc(p: plain): cipher option
proc dec(c: cipher): plain option
}.
module type Adv_CCA1 (O : CCA1) = {
proc choose(): plain * plain
proc guess(c: cipher): bool { O.enc }
}.
module IND_CCA1 ( S : SKE, A : Adv_CCA1) = {
module O = Wrap(S)
module A = A(O)
proc main(): bool = {
var b, b', c, p0, p1, p;
O.init();
(p0,p1) <@ A.choose();
b <$ {0,1};
p <- b ? p1 : p0; (* FIXME: need to check whether plaintexts are both valid or both invalid *)
c <@ O.enc(p);
b' <@ A.guess(oget c);
return b = b';
}
}.