-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathWholeMsg.ec
114 lines (93 loc) · 3.04 KB
/
WholeMsg.ec
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
pragma Goals:printall.
require import Distr DBool AllCore List.
type message, ain.
op m1, m2 : message.
axiom m1_and_m2_diff : m1 <> m2.
module type Tail = {
proc main(m : message, a : ain) : bool
}.
module W(T : Tail) = {
proc main(a : ain) = {
var m, r;
m <$ duniform [m1; m2];
r <@ T.main(m,a);
return r;
}
}.
section.
declare module T <: Tail.
local module W' = {
var m : message
proc main(a:ain) = {
var r;
m <$ duniform [m1; m2];
r <@ T.main(m,a);
return r;
}
}.
local lemma scx1 &m x:
Pr[ W'.main(x) @ &m : res /\ W'.m = m1 ]
= 1%r/2%r * Pr[ T.main(m1,x) @ &m : res ].
proof. byphoare (_: (glob T) = (glob T){m} /\ a = x ==> _) => //.
proc.
pose z := (Pr[ T.main(m1,x) @ &m : res ]).
seq 1 : (W'.m = m1) (1%r/2%r) z (1%r/2%r) 0%r ((glob T) = (glob T){m} /\ a = x).
rnd. skip. progress.
rnd. skip. progress. rewrite duniformE =>//=.
have : m1 <> m2. apply m1_and_m2_diff. progress.
case(m1 = m2) => //. progress. rewrite eq_sym in H0. rewrite H0. smt.
have phr : phoare[ T.main : (glob T) = (glob T){m} /\ arg = (m1, x) ==> res ] = Pr[ T.main(m1,x) @ &m : res ].
bypr. progress. byequiv.
proc*. call (_:true). skip.
progress. auto. smt. smt. auto. auto.
call phr. skip. progress.
hoare. call (_:true). skip. progress. rewrite H =>//=.
rewrite /z =>//.
qed.
local lemma scx2 &m x:
Pr[ W'.main(x) @ &m : res /\ W'.m = m2 ]
= 1%r/2%r * Pr[ T.main(m2,x) @ &m : res ].
proof. byphoare (_: (glob T) = (glob T){m} /\ a = x ==> _) =>//.
proc.
pose z := (Pr[ T.main(m2,x) @ &m : res ]).
seq 1 : (W'.m = m2) (1%r/2%r) z (1%r/2%r) 0%r ((glob T) = (glob T){m} /\ a = x).
rnd. skip. auto.
rnd. skip. progress. rewrite duniformE =>//=.
have : m1 <> m2. apply m1_and_m2_diff. progress.
case(m1 = m2) => //. progress. rewrite H0. smt.
have phr : phoare[ T.main : (glob T) = (glob T){m} /\ arg = (m2, x) ==> res ] = Pr[ T.main(m2,x) @ &m : res ].
bypr. progress. byequiv.
proc*. call (_:true). skip.
progress. smt. smt. auto. auto.
call phr. skip. progress.
hoare. call (_:true). skip. progress. rewrite H =>//.
rewrite /z =>//.
qed.
local lemma spc &m x :
Pr[ W'.main(x) @ &m : res ]
= Pr[ T.main(m1,x) @ &m : res ] / 2%r
+ Pr[ T.main(m2,x) @ &m : res ] / 2%r.
proof.
have ->: Pr[ W'.main(x) @ &m : res ] =
Pr[ W'.main(x) @ &m : res /\ W'.m = m1 ] + Pr[ W'.main(x) @ &m : res /\ W'.m = m2 ].
rewrite Pr[mu_split W'.m = m1].
have ->: Pr[W'.main(x) @ &m : res /\ W'.m <> m1] = Pr[W'.main(x) @ &m : res /\ W'.m = m2].
byequiv(_: _ ==> _) => //. proc. inline*.
call(_:true). rnd.
skip. progress.
rewrite supp_duniform mem_seq2 in H.
elim H => [mL1 | mL2] => //.
have : m1 <> m2. apply m1_and_m2_diff. progress. rewrite eq_sym in H2. apply H2.
reflexivity.
rewrite scx1 scx2 =>//.
qed.
lemma splitcases &m x :
Pr[ W(T).main(x) @ &m : res ]
= Pr[ T.main(m1,x) @ &m : res ] / 2%r
+ Pr[ T.main(m2,x) @ &m : res ] / 2%r.
proof.
have ->: Pr[ W(T).main(x) @ &m : res ] = Pr[ W'.main(x) @ &m : res ].
byequiv. proc*. inline*. sim. auto. auto.
apply spc.
qed.
end section.