-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Formalization for SMC protocols #136
Draft
weng-chenghui
wants to merge
138
commits into
affeldt-aist:master
Choose a base branch
from
weng-chenghui:smc_useful_tools
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from 1 commit
Commits
Show all changes
138 commits
Select commit
Hold shift + click to select a range
3275147
lemma 3.1
t6s 4713b10
cleaning
t6s 91cef06
Lemma 3.2
t6s 22e2c29
Lemma 3.3 in a new file probability/smc.v
gregweng 79fee7c
WIP: try to prove Lemma 3.4
gregweng ae6146a
WIP: lemma 3.4
gregweng 4d2a5da
WIP: try prob + uniform dist
gregweng 0438fad
pXY_unif
t6s 7405564
comments
t6s 86a9d01
adapt smc_useful_tools to mc2 (#1)
t6s 1ae2f57
WIP: cpr_eqE_mul
gregweng d11ba90
WIP: progress but not yet finished lemma 3.5
gregweng 5979d82
WIP: lemma 3.5 with a new approach
gregweng 654ba1c
WIP: checking how to prove fdist_cond Y0 |= X' _|_ Z'
gregweng 9571191
By a lemma with graphoid lemmas, prove lemma 3.5
gregweng 2dc2086
clean up lemma_3_5 (#2)
garrigue d39e077
simplify proof of lemma_3_5 (#3)
garrigue 3e13173
Lemma 3.6 and Theorem 3.7, before the entropy part
gregweng 66b7a15
Proved Theorem 3.7 (masked condition removal) entropy version
gregweng 3c9709d
Rebase: unto infotheo master
gregweng 26691ff
WIP: how to handle forall and one instance of it?
gregweng 144f02e
WIP: cannot swap two assumption in one implication?
gregweng d7371ba
WIP: discussed about how to continue proofs
gregweng fd67582
WIP: fun_cond_entropy_eq0
gregweng 3186927
WIP: try to continue fun_cond_entropy_eq0
gregweng 9bb3a81
add some comments
gregweng eb1a3cc
WIP: stuck because associativity in distribution expressions
gregweng 9bc2aa9
WIP: fun cond removal entropy
gregweng ddef3cf
fun_cond_removal_entropy
gregweng 5a67d2e
WIP: want to prove pi2 but need joint_entropy_indeRV first
gregweng 1c178b6
protocol pi2 eq2 is done
gregweng 0dc4e99
WIP: try to prove eq_fin
gregweng dd11e5c
WIP: Found that the type of TX in eq3 may need to be 'I_p
gregweng 081e0f2
WIP: try to prove eq3 with TX is I_m.+2
gregweng f801c63
Proved eq3
gregweng 564237b
Successfully prove two hypothese for eq3 can be provided by lemmas an…
gregweng 865c3ad
WIP: Try to prove eqn4 but vector brings some difficulties
gregweng 703002d
Generalize lemma_3_5
gregweng 98a99d6
Proved eqn4
gregweng ce34562
Proved eqn6
gregweng 4e0542f
WIP: need cond_entropy1 and cond_entropy conversion
gregweng 60464d3
WIP: trying to convert cond_entropy and cond_entropy1_RV
gregweng c20588a
WIP: make the eqn2 proof works again
gregweng 8e7b326
Commit before the meeting
gregweng 96db7ff
WIP: cpr_cond_entropy
gregweng 579303b
cpr_cond_entropy
garrigue da27598
shorten proof of cpr_cond_entropy
garrigue 12eb3ea
small cleanup
garrigue a28d0fe
cleanup
t6s c53ff3c
remove surjective_pairing
garrigue 7cb3296
eqn3 proved after a new version of cpr_cond_entropy with a new hypoth…
gregweng c6b352b
WIP: Stuck at:
gregweng 14abca8
WIP: show function composition results equal to random variables
gregweng bb2ef59
WIP: eqn3 proven with random variables instead of function compositions
gregweng c86a45d
WIP: for eqn4, the problem is if P|= s2 _|_ [%...s2...]
gregweng a50e5e7
Completed the pi2_alice_view_is_leakage_free_proof; inde_RV2_comp st…
gregweng 14d08cc
Fix
gregweng 562e600
For showing premises clearly, Move cpr_cond_entropy to another section
gregweng 9f94801
Change the order in mc_removal_pr,
gregweng aacf39e
Completed eqn6_proof
gregweng 0f2b44f
extra_pr section
t6s 79b5086
Proved eqn8 again
gregweng 4870723
Proved that from Bob's view pi2 is secure
gregweng bfaf0b2
try to use pairwise-like inde generator
gregweng 9515b44
Rename indep hypothese
gregweng b6fead2
WIP: try to unify correct and information leakage but need a better w…
gregweng 1bc5513
SMC scalar product proved again with rV and TX
gregweng ac6d667
Try to connect the algorithm correctness and information leakage free
gregweng d3f312e
Connect algorithm and leakage analysis by proving relations between r…
gregweng 4c6caa1
A comment to summarize the work
gregweng 977f95c
Try to introduce module for encapsulating information-leakage-free pr…
gregweng e4368a3
Commit Jacques' SMC interpreter
gregweng d727199
WIP: try to figure out howto prove pr2_unif (line 747)
gregweng 931b845
Add hypothesis that r1 is uniformly distributed
gregweng 4662dfe
WIP: admitted the working-in-progress fdist_uniformD because it is ne…
gregweng 4d6c274
Admitted pr2_unif before we can prove it; completed bob_view_is_leaka…
gregweng 6746862
Commit the smc_interpreter_v1 as a reference
gregweng cb9af4b
WIP: try to understand where to put log
gregweng a63161f
Add logs
gregweng 9edcacc
Change types in proc scalar_product to RV
gregweng 7bd6aac
Format log lines
gregweng 4cfb4bb
WIP: from logs to alice_view
gregweng 948ea62
WIP: bug in log -- first Send wont appear ; build_alice_view
gregweng d7be3e1
Add two debug proc
gregweng c8a1896
Fixed the logging problem
gregweng 6c0c7bc
Remove debugging procs
gregweng cb51583
Proved general binop of RVs preserves independence in pr_eqM and pr_e…
gregweng 4b40d3b
Debug logs
gregweng b3f9d21
WIP: try to simulate a generator by init but fallback
gregweng a1843d4
WIP: try to instantiate scalar product but failed
gregweng 6eda9a7
WIP: suddeny cannot compare two RV (eq)
gregweng 2f492ae
WIP: smc_interpreter.v - Cannot infer an internal placeholder of type
gregweng 24c9f68
WIP: change smc_interpreter log structure
gregweng 9b9a5b7
WIP: Try to build the big record
gregweng aa5bca3
Can get RV of TX and VX from scalar_product logs
gregweng 28b4caa
get intermediate results from rv inputs
gregweng 3677f24
WIP: try to prove r2 unif (problem: dotproduct_rv is not binop for s1…
gregweng 051d634
pr2_unif proved
gregweng 9fbc692
WIP: try to integrate proofs to smc_interpreter
gregweng 27ec108
Move neg_RV lemmas to a new section
gregweng b06246a
WIP: seperate sections
gregweng 9cdb4b5
WIP: Put variables back to sections
gregweng 4d7286d
Prepare to migrate RVInputs to smc_interpreter
gregweng 160d42b
Prepare for information leakage proof
gregweng e129d1b
Can embed alice_information_leakage_free into scalar_product_informat…
gregweng 0dcd7d5
WIP: bug when proving x1s2_x1'_indep in smc_interpreter
gregweng e6826db
Debugging x2s2_x1'_indep in smc_interpreter.v
gregweng 8ce2d4e
Commit the list-to-tuple change for the information leakage free proof
gregweng 601a2bf
simplify interpreter + wip proving equivalence of traces
garrigue c7d8c8d
prove cond_entropyC and finish proof for Alice view
garrigue e2ff392
remove unneeded funext
garrigue 2515e1d
Added is_scalar_product to the interpreter file
gregweng c7d7e7b
Remove the trace definition before we really need it
gregweng 33c2cb6
Proved is_scalar_product in smc_interpreter.v
gregweng d115195
Simplify the Lemma smc_scalar_productP
gregweng 151ef25
WIP: fail at the ps2_unif in smc_interpreter.v
gregweng d0e7660
Rename in traces_ok
gregweng 392195b
Fix the card of 'rV[TX]_n
gregweng a2054fd
WIP: Encountered type issue between add_RV_unif (finZmodType) and VX …
gregweng dd5cf2f
Renaming some eqn proofs
gregweng fa397f0
Renaming
gregweng b7c2583
WIP: add_RV_unif type issue
gregweng f50c440
Fix interpreter, adding Fail for safety
garrigue cde2fc8
x2s2_x1'_indepP
t6s f6db9b5
Move proba/smc.v to smc/smc_proba.v
gregweng 4d53176
WIP: about how to express mutual independence for arbitrary lengthed …
gregweng b80d33e
WIP: proving bob is leakage free
gregweng 970b544
Ltac1
t6s 5327b2c
WIP: r2 inde of x2 s2 x1 s1
gregweng badbf9f
Add SMC party experiments
gregweng ae6b710
Experiment: inde_between_parties
gregweng f9cbf79
rename
t6s 0e27315
fix
t6s f87f021
WIP: two lemmas in smc_proba.v: RV2_indeC should be provable; not sur…
gregweng ca00aa9
Remove old comments
gregweng eff3a62
WIP: Try x2s2x1s1_r2_indep
gregweng baf98fc
Add some comments
gregweng aecda0e
Finished Alice and Bob information leakage proofs in smc_interpreter.v
gregweng File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -37,6 +37,25 @@ Local Notation "f × g" := | |
| (fun xy => (f xy.1, g xy.2)) (at level 10). | ||
|
|
||
|
|
||
| Lemma RV2_indeC : | ||
| P |= [% X, X] _|_ [% Y, Z] -> | ||
| P |= [% X, Y] _|_ [% X, Z]. | ||
| Proof. | ||
| rewrite /inde_rv => H [x1 y] [x2 z]. | ||
| rewrite pr_eq_pairA. | ||
| transitivity (`Pr[ [% X, X, Y, Z] = (x1, x2, y, z) ]). | ||
| admit. | ||
| (* TODO: spliting events and changing order of RVs are kinda difficult *) | ||
| Admitted. | ||
|
|
||
| Lemma RV2_inde_reduce : | ||
| P |= X _|_ Y -> | ||
| P |= [% X, X] _|_ Y. | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Just use |
||
| Proof. | ||
| (* TODO: [% X, X] = (x1, x2) but x1 could be different from x2 for all x1, x2? *) | ||
| Admitted. | ||
|
|
||
|
|
||
| (* Information-Theoretically Secure Number Protocol*) | ||
| (* Lemma 3.1 *) | ||
| Lemma inde_rv_comp (UB' TB' : finType) (g' : TB' -> UB')(Y' : {RV P -> TB'}): P|= X _|_ Y' -> P|= (f `o X) _|_ (g' `o Y'). | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Certainly not provable: assuming
P |= X _|_ Ywe can deriveP |= [%X, X] _|_ [% Y, Y], butP |= [% X, Y] _|_ [% X, Y]definitely looks impossible.