https://github.com/EasyCrypt/easycrypt
Revision 3f4a0bd5596888cd8d28b97687d477942187aa5f authored by Pierre-Yves Strub on 11 June 2022, 06:10:21 UTC, committed by Adrien Koutsos on 13 June 2022, 09:22:31 UTC
Loops' epilogs must now be deterministic and loop/calls-free. This forbids the following unsoundness: ``` require import AllCore DBool. module E = { var i,j : int proc foo () = { var c; i <- 0; j <- 0; c <- false; while (!c) { i <- i + 1; j <- j + 1; c <$ {0,1}; } return i = j; } proc bar () = { var c; i <- 0; j <- 0; c <- false; while (!c) { i <- i + 1; c <$ {0,1}; } c <- false; while (!c) { j <- j + 1; c <$ {0,1}; } return i = j; } }. equiv bad : E.foo ~ E.bar : true ==> ={res}. proof. proc. fission{1} 4!1 @1,2. by sim. qed. ``` Fix #210
1 parent b9af81d
Tip revision: 3f4a0bd5596888cd8d28b97687d477942187aa5f authored by Pierre-Yves Strub on 11 June 2022, 06:10:21 UTC
In loop fusion/fission, add more constraints on the epilog
In loop fusion/fission, add more constraints on the epilog
Tip revision: 3f4a0bd
File | Mode | Size |
---|---|---|
ChaChaPoly | ||
MEE-CBC | ||
UC | ||
cost | ||
cramer-shoup | ||
incomplete | ||
old | ||
plug-and-pray | ||
prg-tutorial | ||
to-port | ||
Dice4_6.ec | -rw-r--r-- | 2.8 KB |
FundamentalLemma.ec | -rw-r--r-- | 2.1 KB |
PIR.ec | -rw-r--r-- | 12.8 KB |
PRG.ec | -rw-r--r-- | 16.9 KB |
Pedersen.ec | -rw-r--r-- | 5.0 KB |
SchnorrPK.ec | -rw-r--r-- | 4.8 KB |
Upto.ec | -rw-r--r-- | 4.8 KB |
WhileSampling.ec | -rw-r--r-- | 702 bytes |
async-while.ec | -rw-r--r-- | 1.8 KB |
br93.ec | -rw-r--r-- | 26.4 KB |
elgamal.ec | -rw-r--r-- | 3.1 KB |
hashed_elgamal_generic.ec | -rw-r--r-- | 8.0 KB |
hashed_elgamal_std.ec | -rw-r--r-- | 6.3 KB |
vonNeumann.eca | -rw-r--r-- | 3.0 KB |
Computing file changes ...