Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add sha3 #1

Open
wants to merge 406 commits into
base: main
Choose a base branch
from
Open

Add sha3 #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
406 commits
Select commit Hold shift + click to select a range
fb0f327
Revert "Pushing a proof back through after oracles got swapped for so…
fdupress Feb 3, 2016
29d88ac
Cleaning up the core bound.
fdupress Feb 3, 2016
643a449
push include paths in tests.config
strub Feb 3, 2016
70c4fcc
Remove old and unused files.
fdupress Feb 4, 2016
b03640b
One more obsolete file.
fdupress Feb 4, 2016
03d5a3c
Merged RP and LazyRP => RP.
alleystoughton Feb 4, 2016
19ce06f
Removing unrestricted smt.
alleystoughton Feb 5, 2016
057ef7e
Shortening of proof.
alleystoughton Feb 5, 2016
729eb29
Simplified statement of
alleystoughton Feb 5, 2016
3f8dec4
Updating top-level scripts to Benjamin's new parameterized module
alleystoughton Feb 19, 2016
0243f3a
Module definitions to type-check.
fdupress Feb 24, 2016
1e8608d
fix proof due to change in few
bgregoir Feb 25, 2016
43501cc
Using new [smt(...)] shorthand :-)
alleystoughton Mar 11, 2016
c91238e
Updating proof scripts to reflect library changes.
fdupress Jun 27, 2016
cbe7314
Trying to get back into the invariant -- First attempt
fdupress Jun 29, 2016
6d0bd77
Retrieving the full invariant with better behaviour w.r.t. case.
fdupress Jul 8, 2016
9787f75
Work in progress on top-level proof; more tomorrow.
alleystoughton Jul 12, 2016
8341f00
More progress on top-level proof.
alleystoughton Jul 12, 2016
e3fc1d8
Forgot part of precondition.
alleystoughton Jul 12, 2016
38440ef
Refactoring.
alleystoughton Jul 12, 2016
ed5db52
More progress on top-level proof.
alleystoughton Jul 13, 2016
a7ecede
Strengthening a core result
fdupress Jul 13, 2016
9c99682
Working toward next step of top-level proof.
alleystoughton Jul 22, 2016
613d5ac
More progress on top-level proof.
alleystoughton Jul 27, 2016
8752c33
Housekeeping.
alleystoughton Jul 27, 2016
5ad71d1
Progress on top-level proof (but some commented-out script that
alleystoughton Jul 27, 2016
f178657
Progress on top-level proof.
alleystoughton Aug 2, 2016
75ef311
More progress on top-level proof.
alleystoughton Aug 3, 2016
0eb7b96
Saving work for today.
alleystoughton Aug 4, 2016
11a6b74
More progress with top-level proof.
alleystoughton Aug 5, 2016
9de12f9
More work on top-level proof.
alleystoughton Aug 5, 2016
77d12f6
Application of DList.Program.
alleystoughton Aug 6, 2016
7f650b8
Fixed Common.ec to track PY's change in ordering of
alleystoughton Aug 6, 2016
284594d
Isolation of last lemma of top-level proof.
alleystoughton Aug 6, 2016
daa984e
Finished top-level proof. :-)
alleystoughton Aug 7, 2016
7ab1eaa
Use inductives for path specifications
fdupress Aug 8, 2016
cca16d5
Goals got reordered. This may need reverted (again).
fdupress Aug 8, 2016
63d0934
Nits.
alleystoughton Aug 8, 2016
91894d3
Almost back to before code change.
fdupress Aug 9, 2016
ab27099
Cleaning up top-level proof.
alleystoughton Aug 9, 2016
6032f95
Simplifications.
alleystoughton Aug 10, 2016
38b1b8c
Fixing scripts in top-level directory wrt PY's new stable ordering.
alleystoughton Aug 11, 2016
684c0b6
Nits.
alleystoughton Aug 11, 2016
e6a0dc8
Simplifying intro patterns with laziness.
fdupress Aug 11, 2016
e38bfc3
Revert "Goals got reordered. This may need reverted (again)."
fdupress Aug 8, 2016
f0bee1d
Updating EC. Proofs not moving forward very fast.
fdupress Aug 19, 2016
5acb9e7
Progress in Core proof.
fdupress Aug 22, 2016
a6d9521
Pushing for discussion with Benjamin.
fdupress Aug 24, 2016
fd319a7
Some progress -- Facts about paths.
fdupress Aug 24, 2016
32d064c
Adding the inversion invariant back in.
fdupress Aug 24, 2016
70f856d
Cleanup.
fdupress Aug 24, 2016
23abfb4
Saving state.
fdupress Aug 24, 2016
17b90a2
Handle: augmenting invariant and finishing lemma 3.
fdupress Aug 25, 2016
e9d8430
Initialization.
fdupress Aug 25, 2016
d386c77
Sorting out the easy things.
fdupress Aug 25, 2016
35bf3dc
some progress, need a lot of simplification
bgregoir Aug 25, 2016
7564791
Moving forward with proof for inversion.
fdupress Aug 25, 2016
a07b0b4
some progress
bgregoir Aug 26, 2016
b1d9d98
Finishing proof for inverse queries.
fdupress Aug 26, 2016
5a407d9
Actually finishing the proof.
fdupress Aug 26, 2016
b9faf66
The lemma Benjamin renamed was used later on, so made the change there.
alleystoughton Aug 26, 2016
4aeea26
Propagating new invariant through.
fdupress Aug 26, 2016
f7c1b75
Starting relation of security of core to security of BlockSponge.
fdupress Aug 29, 2016
0c897f8
Whitespace.
fdupress Aug 29, 2016
0dccdd5
Isolating known statements for the Core Construction.
fdupress Aug 31, 2016
1e62ac0
almost the end of core
bgregoir Aug 31, 2016
82ed12e
Formatting.
alleystoughton Aug 31, 2016
6b1325d
A little more code documentation. Some more to follow.
alleystoughton Aug 31, 2016
7eac6cf
Core.eca slightly more usable.
fdupress Aug 31, 2016
619b6b6
Old stuff.
fdupress Aug 31, 2016
ab714f4
Clean trasnfer of Indifferentiability
fdupress Aug 31, 2016
90a372b
Figuring out abstract gluing: adding query counters.
fdupress Sep 1, 2016
0aa526a
NewCore
fdupress Sep 1, 2016
60d717b
Removing newly obsolete files.
fdupress Sep 1, 2016
5b5475d
NewCore: name fixes.
fdupress Sep 1, 2016
c6659ce
A few documentation things.
alleystoughton Sep 1, 2016
286733f
Implementing change to squeezing loops in BlockSponge/Sponge, avoiding
alleystoughton Sep 1, 2016
86a2bc9
Nit.
alleystoughton Sep 1, 2016
f35b1dd
Pulling out common abstractions in Clean.
fdupress Sep 2, 2016
3c9273a
Progress on NewCore -> BlockSponge.
fdupress Sep 2, 2016
f92176f
Trying to figure things out.
fdupress Sep 6, 2016
4a256a5
Finished documentation of top-level proof.
alleystoughton Sep 6, 2016
218eeb9
Nit.
alleystoughton Sep 7, 2016
8b713ce
The first admit has been killed.
Dec 14, 2017
ab6166f
a little step for the second admit.
Jan 2, 2018
bd0521c
clean
Jan 2, 2018
f73fea5
.
Jan 4, 2018
9250f36
.
Jan 4, 2018
2e6a29a
.
Jan 4, 2018
77a9526
clean/BlockSponge.eca :
Jan 4, 2018
47a5ce4
Brought RndO.ec and Sponge.ec up-to-date with current library.
alleystoughton Jan 4, 2018
7d398d1
.
Jan 5, 2018
8aed835
Merge branch 'master' of ci.easycrypt.info:gitolite/sha3
Jan 5, 2018
da63811
updated existing proof to the last version of EasyCrypt and finish the
Jan 8, 2018
08b91f7
.
Jan 9, 2018
2e2d653
Fix two typos in documentation.
alleystoughton Jan 9, 2018
8e2e767
.
Jan 10, 2018
696df31
Merge branch 'master' of ci.easycrypt.info:gitolite/sha3
Jan 10, 2018
b9e8cdb
.
Jan 12, 2018
09fcb37
.
Jan 15, 2018
e48f07f
.
Jan 16, 2018
ecc07bc
minor fixes
Jan 18, 2018
7068c65
.
Jan 19, 2018
f7329e3
.
Jan 22, 2018
089eac0
.
Jan 23, 2018
8120a0f
.
Feb 7, 2018
cdfd3cf
ConcreteF.eca : completed
Feb 16, 2018
1a13dbd
ConcreteF.eca : reduce the probability of Strong_RP_RF by a factor of…
Feb 20, 2018
217d5d5
miss save
Feb 20, 2018
31918a7
G1(D) ~ CF(D) : completed when greatest common prefix is not counted.
Feb 28, 2018
7a7a6b8
killing last admit in Handle.eca
Feb 28, 2018
aafea8a
An empty list as input was a problem, now it's not.
Mar 1, 2018
a2e942a
Strong_rp_rf added
Mar 12, 2018
303fcfb
.
Mar 26, 2018
d14d0a6
Handle.eca
Mar 29, 2018
7c9b50e
Gconcl.ec : done, cleaning todo
Apr 5, 2018
e62a11e
Gconcl_list.ec : file that contains the transformations from a functi…
Apr 10, 2018
1d0c7fc
Removed print leftover from debugging.
alleystoughton Apr 18, 2018
ca689e3
.
Apr 18, 2018
cf52d34
Merge branch 'master' of gitlab.com:easycrypt/sha3
Apr 18, 2018
8417808
BlockSponge:
Apr 19, 2018
d7757a8
Updating to include smart_counter in EasyCrypt load path.
alleystoughton Apr 19, 2018
11fb73a
Real : 1 step finished, 1 step 90% finished, 1 step todo.
Apr 19, 2018
a581c56
Merge branch 'master' of gitlab.com:easycrypt/sha3
Apr 19, 2018
f01b025
Made upper bound of top-level result more succinct.
alleystoughton Apr 20, 2018
9dd9ed4
Proof of top-level security.
alleystoughton Apr 20, 2018
01cafad
Import NewFMap
strub Apr 24, 2018
5da1a6e
Real : all done. Ideal : TODO.
Apr 24, 2018
532c564
Merge branch 'master' of gitlab.com:easycrypt/sha3
Apr 24, 2018
849f0e8
Ideal : Step 1 : todo, step 2 : 70%, step 3 : todo
Apr 26, 2018
f392ea7
increase timeout for CI
strub May 23, 2018
14fc877
GIdeal : step 1 : todo (easy), step 2,3 : done, step 4 : problem to s…
Apr 27, 2018
d3dd57d
fix include paths
strub May 23, 2018
9e40950
forgot to commit. again.
May 14, 2018
cfb474a
RP.eca is back
strub May 23, 2018
2ddc87b
Proof completed of the transformation : (block list -> block) ==> ((b…
May 16, 2018
34fb9fd
Update PG include path
fdupress May 25, 2018
c5d4101
Proof completed until high-level.
May 17, 2018
672ea3a
Remove large timeout
fdupress May 25, 2018
8fe3c5c
inlined simulator to help the simulator's complexity analysis
May 18, 2018
2fdec22
Fix Strong_rp_rf proof
fdupress Jul 30, 2018
f171f83
Simplify some smt calls in Handle
fdupress May 25, 2018
52fc3bd
CI
strub May 20, 2018
6a4b26b
remove unnecessary files
May 23, 2018
634a0a8
Fix Utils proof
fdupress Jul 30, 2018
3263f85
strub May 25, 2018
6af3134
Merge branch 'master' of gitlab.com:easycrypt/sha3
May 23, 2018
ca0513f
Actually do some fixing on Strong_rp_rf.
fdupress Jul 30, 2018
10d3d68
Merge branch 'master' of gitlab.com:easycrypt/sha3
Jul 20, 2018
07c44bb
Merge branch 'master' of gitlab.com:easycrypt/sha3
Sep 4, 2018
bbaecc4
Remove prints
fdupress Sep 15, 2018
9b4c3ff
push some stuff through with current easycrypt HEAD
fdupress Sep 15, 2018
a6c876a
push ConcreteF through almost
fdupress Sep 17, 2018
ffb59ea
push ConcreteF & Handle : finished
Sep 17, 2018
e507023
push Gcol : beginning
Sep 17, 2018
62e0d7b
Gcol: finish
fdupress Sep 17, 2018
6a2e80c
push Gext
Sep 18, 2018
637ed60
push Gconcl
Sep 18, 2018
2e0e2a1
push Gconcl_list
Sep 18, 2018
ce344d5
push IRO + adding joint map
Sep 18, 2018
90cf57f
removing Utils that is never used
Sep 18, 2018
21603d6
adding MapAux that is used in Sponge
Sep 18, 2018
404c5aa
Clearing my confusion about branches : push Sponge
Sep 18, 2018
6cdae5c
updating complete
Sep 18, 2018
8f88425
cleaning files out and reactivating CI
fdupress Sep 18, 2018
2c13335
repush Handle
Sep 18, 2018
24731c9
undoing CI breakage
fdupress Sep 19, 2018
5e1aada
lowering down the simulator's complexity
Sep 19, 2018
bc59445
The lemmas of MapAux are now in SmtMap on EasyCrypt:deploy-new-prom.
alleystoughton Sep 19, 2018
b575fd9
Making the simulator great again: time complexity improved
Sep 20, 2018
3c79f15
Merge branch 'master' of gitlab.com:easycrypt/sha3
Sep 20, 2018
5323a6f
push on some painful smt calls in Sponge
fdupress Sep 20, 2018
43f1dce
Finally fix CI on SHA3-Security?
fdupress Sep 21, 2018
377f6e3
A secure RO is preimage, second preimage and collision resistant.
Nov 20, 2018
3a771a6
normalizing using RO, not LRO.
Nov 20, 2018
c278e12
make .dir-locals compatible with emacs >= 26
fdupress Apr 8, 2019
e1da3ec
proof of collision probability of SHA3
Apr 10, 2019
96c1252
Merge branch 'master' of gitlab.com:easycrypt/sha3
Apr 10, 2019
b32d44b
SHA3Security.ec : Sponge is :
Apr 11, 2019
8c23891
Common.ec
fdupress Apr 10, 2019
48e4a10
SLCommon and Handle
fdupress Apr 10, 2019
4f68d3d
Sync with deploy-kms head
fdupress Apr 10, 2019
c6f2bdf
replace the "mu _ _" by its value
Apr 11, 2019
dc38700
Improvement of documentation. Removal of redundant tactic application.
alleystoughton Apr 25, 2019
50f53d5
Split CI tasks to make failure reports more granular, tasks more timely
fdupress May 2, 2019
743929a
Fix Sponge proof
fdupress May 2, 2019
54364b3
Standard Sponge is our Sponge
fdupress May 18, 2019
bcb4950
max-provers
strub Aug 5, 2019
e062b6a
Make the CI run over libc
fdupress Aug 5, 2019
b8cae30
CI: reduce parallelism; simplify test suite config
fdupress Aug 6, 2019
47efeec
Reduce parallelism further
fdupress Aug 6, 2019
f6fd6a3
strub Aug 6, 2019
45755c3
add padding of 01, but it's exactly the definition of resistance of SHA3
May 17, 2019
6ae1953
Structure of the properties (preimage, second preimage & collision) f…
May 17, 2019
a4fab77
old attempt to formalize non-fixed output indifferentiability
Aug 12, 2019
ef2e687
modify security model to output types as 'a option
Aug 12, 2019
95ea864
Slight refactoring: Hybrid IROs now have just one procedure (f) in
alleystoughton Aug 15, 2019
3122de6
some work
Aug 19, 2019
aaa64a9
forgot some files.
Aug 19, 2019
99fae63
Security proof in the random permutation model
Aug 22, 2019
89532ea
.
Aug 26, 2019
d57d764
.
Aug 26, 2019
4359226
preimage finished, second preimage to finish to debug, and collision …
Aug 27, 2019
261e641
P1, P2 & coll resistance proven in the random permutation model.
Aug 28, 2019
a2d2290
CI
strub Aug 29, 2019
965c5fe
Fix end of section
bgregoir Aug 29, 2019
2765698
fix SHA3Indiff.ec
Aug 29, 2019
a0caab0
rm SecureIRO.eca
Aug 29, 2019
0f34c29
remove print/search in SHA3_OSecurity.ec
Aug 29, 2019
c5c30c2
update lossless axioms (check)
Aug 30, 2019
a8495b1
remove print/search
Aug 30, 2019
90711b6
clear everything
Aug 30, 2019
2d62ef0
Resolve some problems with conversions between (&&) and (/\).
Aug 30, 2019
3fd0ae1
try to fix a pb
bgregoir Aug 30, 2019
df81cb0
patched smart_counter/Handle.eca
Aug 31, 2019
6499dee
fix handle
bgregoir Sep 2, 2019
23d9006
strub Sep 12, 2019
26281f7
fix sha3 with change in EC
bgregoir Sep 13, 2019
d6c8dc8
CI
strub Sep 15, 2019
06b1762
fix sha3 with the modification of PROM
bgregoir Sep 16, 2019
02d0247
fix intro pattern n?
bgregoir Sep 17, 2019
f1ad34d
misc
strub Oct 14, 2019
db92159
CI: use submodules
strub Oct 14, 2019
753236e
Remove explicit calls to the option "prover"
strub Oct 14, 2019
f034002
This is no longer used. (Its contents (adapted) were moved into SmtMap.)
alleystoughton Oct 14, 2019
36837dd
fix proof with 1.0
bgregoir Dec 9, 2019
0642ceb
fixing proofs to 1.0
bgregoir Dec 16, 2019
57beeed
fix proofs
strub Jan 5, 2020
726a718
fix proofs
strub Jan 6, 2020
498c7ec
Update to follow EasyCrypt 1.0
fdupress Feb 11, 2020
c8ea42e
Update to follow EasyCrypt 1.0
fdupress Feb 11, 2020
bc304d4
Update to follow EasyCrypt 1.0
fdupress Apr 1, 2020
82da587
Follow EasyCrypt 1.0
fdupress Apr 19, 2020
8f37185
Update to follow new ROM libraries
fdupress Apr 1, 2020
eaa3552
Follow 1.0 in sponge proof
fdupress Jul 6, 2020
59946b8
Fix Sponge proof
fdupress Nov 29, 2020
913dfbb
Partial fix for sponge
fdupress Dec 13, 2020
7197ec9
Almost following HEAD
fdupress Mar 2, 2021
8e52e50
Finish fixing Sponge
fdupress Mar 2, 2021
8157378
Update to follow new section mechanism and smt syntax
fdupress Nov 15, 2021
e273054
Folloe EasyCrypt HEAD
fdupress Nov 26, 2021
427a3d8
LRO is now top-level in PROM
fdupress Dec 3, 2021
6c52714
[chore] Uniform use of <@
fdupress Jan 12, 2022
d992af1
follow EasyCrypt HEAD (syntax)
fdupress Apr 8, 2022
80e0247
'stabilise' smt calls post cost merge
fdupress Apr 8, 2022
0c9e84d
Refine some edgy SMT calls
fdupress Jul 11, 2022
4801702
[chore] update to follow main
fdupress Aug 2, 2023
d9e3bbc
[ci] switch to nix-based CI
fdupress Aug 10, 2023
ab5542f
Stabilise SMT the One True Way™
fdupress Sep 12, 2023
e574ada
update SHA3 ci config
fdupress Dec 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ jobs:
strategy:
fail-fast: false
matrix:
target: [ [ 'ci-test', 'config/tests.config', 'all' ] ]
target: [ [ 'ci-test', 'config/tests.config', 'all' ]
, [ 'sha3', 'config/tests.config', 'sha3' ] ]
steps:
- uses: actions/checkout@v4
- name: Compile & Cache EasyCrypt
Expand Down
7 changes: 7 additions & 0 deletions sha3/config/tests.config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
[default]
bin = easycrypt
report = report.log

[test-sha3]
okdirs = proof proof/smart_counter
args = -I proof -I proof/smart_counter -p Z3 -p [email protected]
4 changes: 4 additions & 0 deletions sha3/proof/.dir-locals.el
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
((easycrypt-mode .
((eval .
(cl-flet ((pre (s) (concat (locate-dominating-file buffer-file-name ".dir-locals.el") s)))
(setq easycrypt-load-path `(,(pre ".") ,(pre "smart_counter"))))))))
148 changes: 148 additions & 0 deletions sha3/proof/BlockSponge.ec
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,148 @@
(*-------------------- Padded Block Sponge Construction ----------------*)

require import AllCore Int Real List.
require (*--*) IRO Indifferentiability Gconcl.
require import Common SLCommon.

(*------------------------- Indifferentiability ------------------------*)

clone include Indifferentiability with
type p <- block * capacity,
type f_in <- block list * int,
type f_out <- block list

rename
[module] "Indif" as "Experiment"
[module] "GReal" as "RealIndif"
[module] "GIdeal" as "IdealIndif".

(*------------------------- Ideal Functionality ------------------------*)

clone import IRO as BIRO with
type from <- block list,
type to <- block,
op valid <- valid_block,
op dto <- bdistr.

(*------ Validity and Parsing/Formatting of Functionality Queries ------*)

op format (p : block list) (n : int) = p ++ nseq (n - 1) b0.
op parse: block list -> (block list * int).

axiom formatK bs: format (parse bs).`1 (parse bs).`2 = bs.
axiom parseK p n: 0 < n => valid_block p => parse (format p n) = (p,n).
axiom parse_nil: parse [] = ([],0).

lemma parse_injective: injective parse.
proof.
by move=> bs1 bs2 eq_format; rewrite -formatK eq_format (@formatK bs2).
qed.

lemma parse_valid p: valid_block p => parse p = (p,1).
proof.
move=>h;have{1}->:p=format p 1;2:smt(parseK).
by rewrite/format/=nseq0 cats0.
qed.

(*---------------------------- Restrictions ----------------------------*)

(** The counter for the functionnality counts the number of times the
underlying primitive is called inside the functionality. This
number is equal to the sum of the number of blocks the input
message contains and the number of additional blocks the squeezing
phase has to output.
*)

module C = {
var c : int
proc init() = {
c <- 0;
}
}.

module FC (F : DFUNCTIONALITY) = {
proc init () : unit = {}

proc f (bl : block list, nb : int) = {
var z : block list <- [];
if (C.c + size bl + (max (nb - 1) 0) <= max_size) {
C.c <- C.c + size bl + (max (nb - 1) 0);
z <@ F.f(bl, nb);
}
return z;
}
}.

module PC (P : DPRIMITIVE) = {
proc init() = {}

proc f (a : state) = {
var z : state <- (b0, c0);
if (C.c + 1 <= max_size) {
z <@ P.f(a);
C.c <- C.c + 1;
}
return z;
}

proc fi (a : state) = {
var z : state <- (b0, c0);
if (C.c + 1 <= max_size) {
z <@ P.fi(a);
C.c <- C.c + 1;
}
return z;
}
}.

module DRestr (D : DISTINGUISHER) (F : DFUNCTIONALITY) (P : DPRIMITIVE) = {
proc distinguish () : bool = {
var b : bool;
C.init();
b <@ D(FC(F), PC(P)).distinguish();
return b;
}
}.


(*----------------------------- Simulator ------------------------------*)

module Last (F : DFUNCTIONALITY) : SLCommon.DFUNCTIONALITY = {
proc init() = {}
proc f (p : block list) : block = {
var z : block list <- [];
z <@ F.f(parse p);
return last b0 z;
}
}.

module (Sim : SIMULATOR) (F : DFUNCTIONALITY) = Gconcl.S(Last(F)).

(*------------------------- Sponge Construction ------------------------*)

module (Sponge : CONSTRUCTION) (P : DPRIMITIVE) : FUNCTIONALITY = {
proc init() = {}

proc f(xs : block list, n : int) : block list = {
var z <- [];
var (sa, sc) <- (b0, Capacity.c0);
var i <- 0;

if (valid_block xs) {
(* absorption *)
while (xs <> []) {
(sa, sc) <@ P.f(sa +^ head b0 xs, sc);
xs <- behead xs;
}
(* squeezing *)
while (i < n) {
z <- rcons z sa;
i <- i + 1;
if (i < n) {
(sa, sc) <@ P.f(sa, sc);
}
}
}
return z;
}
}.
Loading