Skip to content

feat(crypto): perfect secrecy framework, forking lemma progress, and seeded oracle proofs#112

Merged
quangvdao merged 13 commits intomasterfrom
quang/query-cache-preserves-inv
Feb 28, 2026
Merged

feat(crypto): perfect secrecy framework, forking lemma progress, and seeded oracle proofs#112
quangvdao merged 13 commits intomasterfrom
quang/query-cache-preserves-inv

Conversation

@quangvdao
Copy link
Collaborator

@quangvdao quangvdao commented Feb 26, 2026
edited
Loading

Summary

This PR builds three main pillars needed for random oracle model proofs and game-hopping arguments: a complete perfect secrecy framework with Shannon's theorem, significant progress on the forking lemma, and distribution-preservation proofs for seeded oracles.

Key Changes

Area Change
Perfect Secrecy (SymmEncAlg.lean) Canonical perfectSecrecyAt definition as Pr[(M,C)] = Pr[M] * Pr[C]; equivalent formulations (posterior/prior, joint factorization, channel-level); constructive Shannon theorems (perfectSecrecyAt_of_uniformKey_of_uniqueKey, perfectSecrecyAtAllPriors_of_card_eq_of_uniform_unique) — all sorry-free
OTP Privacy (OneTimePad.lean) oneTimePad.perfectSecrecy proved via XOR uniformity — sorry-free
Forking Lemma (Fork.lean) cf_eq_of_mem_support_fork (fork-index agreement) fully proved; le_probOutput_fork per-index lower bound proved modulo 1 sorry + 1 stop checkpoint; probOutput_none_fork_le main bound proved assuming le_probOutput_fork
Seeded Oracle (SeededOracle.lean, GenerateSeed.lean) evalDist_liftComp_generateSeed_bind_simulateQ_run' — random seed + seeded simulation preserves distributions — fully proved
BitVec Lemmas (OracleComp/Constructions/BitVec.lean) Extracted reusable probOutput_xor_uniform, probOutput_pair_xor_uniform, probOutput_cipher_from_pair_uniform
ENNReal helpers (ToMathlib/Data/ENNReal/SumSquares.lean) Cauchy-Schwarz style sq_sum_le_card_mul_sum_sq for collision bounds
Layering fixes (EvalDist/BitVec.lean, EvalDist/List.lean) Removed incorrect OracleComp imports; lemmas now generic over HasEvalSPMF
QuerySeed API (Structures.lean) New pop, extended prependValues, length_eq_of_mem_support_generateSeed
Docs (AGENTS.md, README.md) Created comprehensive agent guide; fixed outdated notation

Proof Status

File Sorrys Notes
SymmEncAlg.lean 0 Fully proved
OneTimePad.lean 0 Fully proved
Fork.lean 1 active + 1 stop le_probOutput_fork seed-factor step
SeededOracle.lean 0 Fully proved
GenerateSeed.lean 0 Fully proved

Testing

  • lake exe mk_all --check passes (import ordering clean)
  • lake build passes with no new warnings (except existing sorry declarations)

@quangvdao
feat(QueryCache, PreservesInv, CachingOracle): add connective tissue …
db50d72 
…for random oracle proofs

- QueryCache: partial order, simp lemmas (empty, cacheQuery), sum spec
  projections (fst/snd/inl/inr), membership, extensionality
- PreservesInv: composition lemma for oracle transformers, bind lemma
  for StateT invariant preservation
- CachingOracle: cache monotonicity (withCaching_cache_le) and
  PreservesInv instance showing the cache only grows

Made-with: Cursor
@github-actions
Copy link

github-actions bot commented Feb 26, 2026

🤖 AI-Generated PR Summary

Files Changed:

  • VCVio/OracleComp/QueryTracking/CachingOracle.lean
  • VCVio/OracleComp/QueryTracking/Structures.lean
  • VCVio/OracleComp/SimSemantics/PreservesInv.lean

Overview of Changes:
Here is a concise, high-level summary of the git diff:

This diff introduces a formal framework for reasoning about the monotonic growth of query caches and enhances the tools for proving state-based invariants.

  • Formalize QueryCache Structure: The QueryCache type is now equipped with a PartialOrder, where c₁ ≤ c₂ means c₂ contains all the query-response pairs of c₁. This formalizes the notion of a cache growing. The file also adds utility functions for handling caches of summed oracle specifications.

  • Prove Monotonicity of Caching: New lemmas are added to prove that the withCaching oracle implementation is monotonic. It's shown that the cache can only grow (i.e., initial_cache ≤ final_cache), which is framed as preserving a state-based invariant.

  • Enhance the Invariant Preservation Framework: General compositionality lemmas are added for the PreservesInv property. These prove that if the components of a computation (under monadic bind or oracle composition) preserve an invariant, then the combined computation also preserves it, making the framework more powerful and modular.

New 'sorry's: 0

@quangvdao
chore(SimSemantics): silence unused section var warning in apply_compose
2059ea7 
Use a local `omit [LawfulMonad m]` on `QueryImpl.apply_compose` so the build stays warning-clean except for existing `sorry` declarations.

Made-with: Cursor
@quangvdao quangvdao requested a review from dtumad February 27, 2026 00:39
@quangvdao
feat(SeededOracle): prove generateSeed-simulateQ distribution preserv…
999993d 
…ation

Prove that running an oracle computation with a seeded oracle (backed by
a randomly generated seed) preserves the output distribution, i.e.
sampling a seed and simulating queries is equivalent to real oracle calls.

Key additions:
- QuerySeed.pop, prependValues helpers and injectivity lemma (Structures)
- probOutput_generateSeed_prependValues factorization lemma (GenerateSeed)
- evalDist_generateSeed_eq_of_countEq seed normalization (GenerateSeed)
- probOutput_generateSeed_bind_simulateQ_bind main theorem (SeededOracle)
- Union bound lemma probEvent_exists_finset_le_sum (EvalDist/Fintype)

Made-with: Cursor
@quangvdao
fork progress
0295673
@quangvdao
fix(EvalDist): remove incorrect OracleComp imports from EvalDist/List…
c43a08f 
… and EvalDist/BitVec

Both files contained lemmas generic over any `m` with `[HasEvalSPMF m]` but
incorrectly imported from OracleComp, violating the EvalDist → OracleComp
layering. List.lean needed no split — just import and namespace fixes.
BitVec.lean's SampleableType instance moved to SampleableType.lean.
README updated to fix outdated notation (++ₒ→+, [=x|]→Pr[=x|], etc.).

Made-with: Cursor
@quangvdao
fork progress: add collision-penalty helper theory and scaffold final…
be9e7ea 
… bound

Extend Fork.lean with seed-slot collision probability bounds and the global collision penalty lemma, then wire these into le_probOutput_fork while leaving the final seed-factor/square step explicitly marked for continuation.

Made-with: Cursor
@quangvdao
docs(agents): preserve partial proof attempts
f3668cf 
Add agent guidance to keep unfinished Lean proof structure with local `stop` checkpoints instead of deleting blocks, so later iterations can continue from prior search context.

Made-with: Cursor
@quangvdao
feat(crypto): standardize perfect secrecy and prove OTP privacy
9e59f99 
Adopt independence as the canonical perfect-secrecy definition with equivalent formulations, so privacy statements align with textbook semantics and are easier to reuse. Prove one-time-pad privacy against the new notion and document the updated proof status.
@quangvdao
feat(crypto): finish Shannon backward proof and remove remaining sorrys
c638ab6 
Add reusable perfect-secrecy experiment decomposition lemmas and complete the backward Shannon direction constructively. Make the forward direction explicit via a passed hypothesis so the theorem family is fully sorry-free while keeping proof obligations transparent.
@quangvdao
refactor(crypto): clarify Shannon statements and add all-priors theorem
6801348 
Replace the misleading Shannon iff path with an explicit constructive theorem over `perfectSecrecyAt`, and add the stronger PMF-prior theorem that proves uniform+unique implies all-priors secrecy. This keeps theorem semantics honest while preserving reusable proof helpers.
@quangvdao
refactor: extract helpers, deduplicate proofs, relocate misplaced code
2a21c4a 
- Extract ENNReal Cauchy-Schwarz inequalities to ToMathlib/Data/ENNReal/SumSquares.lean
- Factor out cipherGivenMsg_uniform_of_uniformKey_of_uniqueKey in SymmEncAlg.lean,
  derive both Shannon theorems and ciphertextRowsEqualAt from it
- Remove unused perfectSecrecyAt_iff_allDefs / perfectSecrecy_iff_allDefs lemmas
- Move XOR probability lemmas to OracleComp/Constructions/BitVec.lean
- Add generic probEvent_liftComp_uniformSample_eq_of_eq helper in SeededOracle.lean,
  simplify seed-slot collision lemmas in Fork.lean
- Extract length_eq_of_mem_support_generateSeed to deduplicate repeated blocks

Net -150 lines.

Made-with: Cursor
@quangvdao
chore(Fork): remove superseded commented-out code
bd9b18d 
Delete ~390 lines of old forking lemma code that used obsolete API
(guard, getM, [= x | ...] notation, s+1 index bug). All theorem
statements are now covered by the active uncommented code.

Made-with: Cursor
@quangvdao
fix(ci): add missing imports for BitVec and SumSquares to library files
81424e1 
Made-with: Cursor
@quangvdao quangvdao changed the title feat(QueryCache, PreservesInv, CachingOracle): connective tissue for random oracle proofs feat(crypto): perfect secrecy framework, forking lemma progress, and seeded oracle proofs Feb 28, 2026
@quangvdao quangvdao merged commit 8bd9846 into master Feb 28, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dtumad dtumad Awaiting requested review from dtumad

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@quangvdao