Revision 2efb9e74ca457ea89e6e28e00d7fdbc97d3fa581 authored by François Dupressoir on 10 February 2020, 09:50:13 UTC, committed by François Dupressoir on 10 February 2020, 09:50:13 UTC
Including weak PRP-PRF switching lemma, but not its strong version
Squashed commit of the following:
commit 005342f19a55b0ae01c88c0c729fdbad3f2519ff
Merge: 5407570b 7325ae6d
Author: François Dupressoir <fdupress@gmail.com>
Date: Mon Feb 10 09:48:54 2020 +0000
Merge branch '1.0' into deploy-simpler-rp
commit 5407570bbdeaee7b725f57fcdbbf764ff301ac9e
Author: François Dupressoir <fdupress@gmail.com>
Date: Fri Jan 24 12:00:21 2020 +0000
move towards merging PRF and RO
also clean assignment notation
commit 65e0c4eb8c702729500148e34900dc5971e583a7
Author: François Dupressoir <fdupress@gmail.com>
Date: Tue Jan 21 14:14:29 2020 +0000
Integrate PRP-PRF switching lemma into PRP lib
Not done for the strong version yet
commit 456a7c96e40fa6827d92fbc36d8cd75fdd8abab1
Author: François Dupressoir <fdupress@gmail.com>
Date: Tue Jan 21 09:40:25 2020 +0000
Simplifying the PRF interface
No keys are needed for the ideal RP,
The raw interface can be defined separately as needed.
commit e7dea73e6eae21f192efc45f42e9cdc9e5ec4eb8
Author: François Dupressoir <fdupress@gmail.com>
Date: Tue Jan 21 09:19:04 2020 +0000
Some nits
commit 8bb90549b6084ea8189e3a4067a155f977ccd34a
Author: François Dupressoir <fdupress@gmail.com>
Date: Mon Jan 20 16:38:30 2020 +0000
Cleanup PRP/PRF and PRP-PRF
1 parent 7325ae6
Dice4_6.ec
require import Int Real Distr List FSet.
require import DInterval Dexcepted.
pragma +implicits.
pragma -oldip.
clone WhileSamplingFixedTest as D4_6 with
type t <- int,
type input <- unit,
op dt (i:unit) <- [1..6],
op test (i:unit) <- fun r=> !1 <= r <= 4
proof *.
module D4 = {
proc sample () : int = {
var r : int;
r <$ [1..4];
return r;
}
}.
lemma prD4 : forall k &m, Pr[D4.sample() @ &m : res = k] =
if 1 <= k <= 4 then 1%r/4%r else 0%r.
proof.
move=> k &m; byphoare=> //.
by proc; rnd; auto=> />; rewrite dinter1E.
qed.
module D6 = {
proc sample () : int = {
var r <- 5;
while (5 <= r) r <$ [1..6];
return r;
}
}.
equiv D4_Sample: D4.sample ~ D4_6.SampleE.sample: true ==> ={res}.
proof.
proc; rnd; auto=> />; split=> [r|_ r].
+ rewrite supp_dexcepted supp_dinter=> /= - [] _ r_bounds.
rewrite dexcepted1E /= r_bounds /=.
rewrite weight_dinter /= !dinter1E dinterE size_filter.
rewrite /range /= (@iotaS 1 5) //= (@iotaS 2 4) //= (@iotaS 3 3) //=.
rewrite (@iotaS 4 2) //= (@iotaS 5 1) //= (@iotaS 6 0) //= (@iota0 7 0) //=.
by rewrite /b2i /max /#.
by rewrite supp_dinter supp_dexcepted supp_dinter /= /#.
qed.
equiv D6_Sample: D6.sample ~ D4_6.SampleWi.sample: r{2} = 5 ==> ={res}.
proof.
proc=> /=; while (={r}).
+ by rnd; auto=> /> &2 _ + r; rewrite supp_dinter /#.
by auto.
qed.
lemma D4_D6 (f finv : int -> int) :
(forall i, 1 <= i <= 4 <=> 1 <= f i <= 4) =>
(forall i, 1 <= i <= 4 => f (finv i) = i /\ finv (f i) = i) =>
equiv [D4.sample ~ D6.sample : true ==> res{1} = finv res{2}].
proof.
move=> Hbound Hbij.
transitivity D4_6.SampleE.sample (true ==> ={res})
(true ==> res{1} = finv res{2})=> //.
+ exact/D4_Sample.
transitivity D4_6.SampleWi.sample (r{2} = 5 ==> res{1} = finv res{2})
(r{1} = 5 ==> res{2} = res{1})=> //.
+ by move=> />; exists ((),5).
transitivity D4_6.SampleE.sample (true ==> res{1} = finv res{2})
(r{2} = 5 ==> ={res})=> //.
(* TODO: This is generic and should be extracted in a clean way. *)
+ proc; rnd f finv; auto=> />; split=> [r|_].
+ by rewrite supp_dexcepted supp_dinter /#.
split=> [r|_ r].
+ rewrite supp_dexcepted supp_dinter=> - /= [] _ r_bounds.
apply/dexcepted_uni.
+ exact/dinter_uni.
+ by rewrite supp_dexcepted supp_dinter /#.
by rewrite supp_dexcepted supp_dinter /#.
by rewrite 2!supp_dexcepted 2!supp_dinter/#.
+ conseq D4_6.sampleE_sampleWi=> //=.
by move=> &2 ->; rewrite dinter_ll //= /predC mem_oflist mem_range.
by symmetry; exact/D6_Sample.
qed.
lemma prD6 : forall k &m, Pr[D6.sample() @ &m : res = k] =
if 1 <= k <= 4 then 1%r/4%r else 0%r.
proof.
move=> k &m.
rewrite -(: Pr[D4.sample() @ &m: res = k] = Pr[D6.sample() @ &m: res = k]).
+ by byequiv (D4_D6 (fun x=> x) (fun x=> x) _ _).
exact/(@prD4 k &m).
qed.
Computing file changes ...
