[mdwtools] / crypto.dtx

% \begin{meta-comment} <general public licence>
%%
%% crypto package -- useful macros for typesetting crypto papers
%% Copyright (c) 2001--2003, 2006 Mark Wooding
%%
%% This file is part of the `mdwtools' LaTeX package collection.
%%
%% `mdwtools' is free software: you can redistribute it and/or modify it
%% under the terms of the GNU General Public License as published by the
%% Free Software Foundation; either version 2 of the License, or (at your
%% option) any later version.
%%
%% `mdwtools' is distributed in the hope that it will be useful, but
%% WITHOUT ANY WARRANTY; without even the implied warranty of
%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%% General Public License for more details.
%%
%% You should have received a copy of the GNU General Public License
%% along with `mdwtools'.  If not, write to the Free Software Foundation,
%% Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
%%
% \end{meta-comment}
%
% \begin{meta-comment} <Package preambles>
%<+package>\NeedsTeXFormat{LaTeX2e}
%<+package>\ProvidesPackage{crypto}
%<+package>                [2020/09/06 1.14.0 Crypto typesetting]
% \end{meta-comment}
%
% \CheckSum{258}
%% \CharacterTable
%%  {Upper-case    \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z
%%   Lower-case    \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
%%   Digits        \0\1\2\3\4\5\6\7\8\9
%%   Exclamation   \!     Double quote  \"     Hash (number) \#
%%   Dollar        \$     Percent       \%     Ampersand     \&
%%   Acute accent  \'     Left paren    \(     Right paren   \)
%%   Asterisk      \*     Plus          \+     Comma         \,
%%   Minus         \-     Point         \.     Solidus       \/
%%   Colon         \:     Semicolon     \;     Less than     \<
%%   Equals        \=     Greater than  \>     Question mark \?
%%   Commercial at \@     Left bracket  \[     Backslash     \\
%%   Right bracket \]     Circumflex    \^     Underscore    \_
%%   Grave accent  \`     Left brace    \{     Vertical bar  \|
%%   Right brace   \}     Tilde         \~}
%%
%
% \begin{meta-comment}
%
%<*driver>
\input{mdwtools}
\describespackage{crypto}
\mdwdoc
%</driver>
%
% \end{meta-comment}
%
%^^A-------------------------------------------------------------------------
% \section{User guide}
%
% \subsection{Algorithm typesetting}
%
% A lot of provable-security papers need to be able to typeset algorithms
% describing adversaries, schemes, oracle behaviour, etc.  There is a
% (relatively) standard format for doing this which we support.
%
% \DescribeEnv{program}
% The \env{program} environment provides handy notation for describing
% algorithms formally.  It gives a \env{tabbing} environment, so that things
% can be laid out nicely, and allows fragments of algorithms to be laid out
% in columns or rows, with separating rules.
%
% \DescribeMacro\next
% Within the \env{program} environment, the |\next| command stops typesetting
% the current column, typesets a vertical separator rule, and starts a new
% column.  Adjacent columns are spaced out evenly across the page, with equal
% space around the rules rules and at the current margins.  This means that
% the rules don't line up, but it still seems to provide a pleasing effect.
%
% \DescribeMacro\newline
% The |\newline| macro begins a new row of algorithm typesetting.  A page
% break is possible at a |\newline|.
%
% \DescribeMacro\kw
% A number of standard keywords are available, as shown in
% table~\ref{tab:kw}.  The typsetting of these is done by the |\kw| command,
% which usually sets its argument in text bold face, but can be redefined.
% The standard definition uses |\xspace| so that you don't need to remember
% to say \verb*+\ + after a keyword command.
% \begin{table}
%   \centering
%   \def\row#1{\texttt{\string#1} & #1 \\}
%   \begin{tabular}{ll}
%     \textbf{Command} & \textbf{Keyword} \\
%     \row\RETURN
%     \row\IF
%     \row\THEN
%     \row\ELSE
%     \row\REPEAT
%     \row\WHILE
%     \row\UNTIL
%     \row\FOREVER
%     \row\DO
%     \row\FOR
%     \row\FOREACH
%     \row\FROM
%     \row\IN
%     \row\TO
%     \row\ABORT
%     \row\PARSE
%     \row\NEW
%     \row\AS
%   \end{tabular}
%   \caption{Keywords available for algorithm typesetting}
%   \label{tab:kw}
% \end{table}
%
% \DescribeMacro\ind
% Within a \env{program} environment, the |\ind| command shunts the indent
% level 1\,em to the right.
%
% \DescribeMacro\gets
% \DescribeMacro\getsr
% \DescribeMacro\inr
% Assignment can be represented using the standard command |\gets|, which
% typesets a left-pointing arrow `$\gets$'.  Random sampling -- the selection
% of a random element from a set or probability distribution -- can be
% represented using the new command |\getsr|, which typesets an arrow with a
% little `R' above it `$\getsr$'.  Random membership -- showing that
% something is a random variable with some distribution -- can be represented
% using the |\inr| command, which just typesets an $\in$ sign with a
% subscript `R': `$\inr$'.
%
% Should one wish, one can use a different character than `R' to denote
% randomness.  Some authors use `\$', for example.  I know of one
% (cheapskate?) author who has used `\rlap/c'.  Redefining the |\random|
% command lets you do this.  For example, you can say
% |\newcommand{\random}{\$}| should you so wish.
%
% \DescribeMacro\id
% Long identifiers can be typeset using the |\id| command. giving the
% identifier name as an argument.  The |\id| command is only valid in maths
% mode.  As currently set up, |\id| sets its argument in \emph{text} italics;
% this seems to look better in documents which use a PostScript body face and
% Computer Modern for maths.
%
% \DescribeMacro\Xid
% It's handy to be able to glue a bit of (possibly fancy) maths typesetting
% to an identifier, e.g., to construct $\Xid{H'}{list}$, or
% $\Xid{\mathcal{E}}{CTR$\$$}^F$.  This is done using
% \syntax{"\\Xid{"<maths>"}{"<text>"}"}.  The two bits are joined by a text
% hyphen `-'.
%
% \DescribeMacro\cookie
% Sometimes textual names are used for special `symbols', which have meaning
% to algorithms, e.g., the symbols $\cookie{find}$ and $\cookie{guess}$ in
% the standard indistinguishability game.  These can be typeset using the
% |\cookie| command.
%
% \subsection{Other stuff}
%
% \DescribeMacro\Thing
% In the quantifiable-security world, there are standard symbols for
% advantage, success probability, insecurity, etc.  The generic `style hook'
% for these is \syntax{"\\Thing{"<name>"}{"<notion>"}{"scheme"}"}, which
% typesets $\Thing{name}{notion}{scheme}$.  It helps a lot if you have the
% \package{amstext} package loaded.
%
% \DescribeMacro\Succ
% \DescribeMacro\Adv
% \DescribeMacro\InSec
% \DescribeMacro\Expt
% \DescribeMacro\Game
% \begin{synshorts}
% Some standard `things' are provided: "\\Succ{"<notion>"}{"<scheme>"}",
% "\\Adv{"<notion>"}{"<scheme>"}", "\\InSec{"<notion>"}",
% "\\Expt{"<notion>"}{"<scheme>"}", and "\\Game{"<notion>"}{"<scheme>"}".
% \end{synshorts}
%
% \DescribeMacro\G
% In proofs which proceed by varying the rules of the game played by the
% adversary and bounding the probability of it noticing at each step, game
% names are usually typeset as $\G n$ for small numbers $n$.  The command
% \syntax{"\\G{"<n>"}"} command does this typesetting.  There's an optional
% argument, which is a symbol to write instead of `G'.
%
% \DescribeMacro\Func
% \DescribeMacro\Perm
% When dealing with finite PRFs and PRPs, we need to talk about the set of
% \emph{all} functions (or permutations) over particular sets, usually
% $n$-vectors of bits.  The macros \syntax{"\\Func{"<l>"}{"<L>"}"} and
% \syntax{"\\Perm{"<L>"}"} typeset $\Func{l}{L}$ and $\Perm{L}$ respectively,
% and are intended to denote the sets of all functions $F\colon \{0, 1\}^l
% \to \{0, 1\}^L$ and all permutations $\Pi\colon \{0, 1\}^L \to \{0, 1\}^L$
% respectively.
%
% \DescribeMacro\PKCS
% Finally, the |\PKCS| macro typesets `\PKCS{$n$}', allowing you to name RSA
% Security Inc.'s Public Key Cryptography Standards in a relatively nice way.
%
% \implementation
%
%
%^^A-------------------------------------------------------------------------
% \section{Implementation}
%
% We need David Carlisle's handy \package{xspace} package and the AMS |\text|
% command.
%
%    \begin{macrocode}
%<*package>
\RequirePackage{amstext}
\RequirePackage{xspace}
%    \end{macrocode}
%
% \subsection{Algorithm typsetting}
%
% \begin{macro}{\cookie}
% \begin{macro}{\kw}
% \begin{macro}{\id}
%
% First, some style issues.  Note the |\xspace| at the end of |\kw|.
%
%    \begin{macrocode}
\def\cookie#1{\text{\normalfont\sffamily\/#1\/}}
\def\kw#1{\text{\normalfont\bfseries\/#1\/}\xspace}
\def\id#1{\text{\normalfont\itshape\/#1\/}}
%    \end{macrocode}
%
% \end{macro}
% \end{macro}
% \end{macro}
%
% \begin{macro}{\getsr}
% \begin{macro}{\inr}
%
% The symbols for random selection and membership are fairly easy.  The `R'
% over $\getsr$ is actually in scriptscript style, because that seems to look
% nicer.
%
%    \begin{macrocode}
\providecommand\random{R}
\def\inr{\mathrel{\in_{\random}}}
\def\getsr{\mathrel{\mathop{\gets}\limits^{\scriptscriptstyle\random}}}
%    \end{macrocode}
%
% \end{macro}
% \end{macro}
%
% \begin{macro}{\Xid}
%
% The compound identifiers set by |\Xid| are easy.
%
%    \begin{macrocode}
\def\Xid#1#2{\id{$#1$-#2}}
%    \end{macrocode}
%
% \end{macro}
%
% Now for the various keywords.  These are trivial, but useful.
%
%    \begin{macrocode}
\def\RETURN{\kw{return}}
\def\IF{\kw{if}}
\def\THEN{\kw{then}}
\def\ELSE{\kw{else}}
\def\REPEAT{\kw{repeat}}
\def\WHILE{\kw{while}}
\def\UNTIL{\kw{until}}
\def\FOREVER{\kw{forever}}
\def\DO{\kw{do}}
\def\FOR{\kw{for}}
\def\FOREACH{\kw{for\,each}}
\def\FROM{\kw{from}}
\def\IN{\kw{in}}
\def\TO{\kw{to}}
\def\ABORT{\kw{abort}}
\def\PARSE{\kw{parse}}
\def\AS{\kw{as}}
\def\NEW{\ifmmode\mathop{\kw{new}}\else\kw{new}\fi}
\def\SEND{\kw{send}}
\def\OUTPUT{\kw{output}}
\def\STOP{\kw{stop}}
%    \end{macrocode}
%
% \begin{environment}{program}
% \begin{macro}{\next}
% \begin{macro}{\newline}
% \begin{macro}{\ind}
%
% Now for the \env{program} environment and its associated twiddling.  This
% is actually a little fiddly.
%
% At the beginning, if we're in vertical mode -- i.e., there was a paragraph
% break before the start of the environment -- then remember this, because it
% affects the typesetting at the end.  Set up |\next| and |\newline| in terms
% of the underlying machinery, and start a row of algorithm.
%
%    \begin{macrocode}
\def\program{%
  \normalfont%
  \@tempswatrue\ifvmode\@tempswafalse\fi%
  \def\next{\program@end\vrule\program@begin}%
  \def\newline{\program@endline\medskip\program@startline}%
  \def\ind{\quad\=\+\kill}%
  \ifdim\topsep<\parskip\topsep\parskip\fi%
  \ifdim\@topsepadd<\z@\@topsepadd\z@\fi%
  \begingroup\trivlist%
  \advance\@topsep-\parskip\advance\@topsepadd-\parskip\item%
  \program@startline%
}
%    \end{macrocode}
%
% Ending the environment is easy-ish.  We stop the current row and leave a
% gap, matching the one that |\poem@startline| adds automatically.  If we
% were initially in horizontal mode, then don't indent the next paragraph,
% and ignore spaces after the |\end{program}| command.
%
%    \begin{macrocode}
\def\endprogram{%
  \program@endline\endtrivlist\endgroup%
  \if@tempswa\@endparenv\fi\@ignoretrue%
}
%    \end{macrocode}
%
% Now for the guts of all of this.  First of all, we turn to the typesetting
% of a column, which is just hfil glue, a \env{minipage} with zero width and
% a \env{tabbing} environment.  The first tab is already set 1\,em in from
% the margin.  We use \env{minipage} to set up the list parameters correctly
% and manage the initial and final spacing.  The zero width is OK because
% \env{tabbing} sets a list of hboxes rather than using outer horizontal
% mode, so the |\hsize| is irrelevant.
%
%    \begin{macrocode}
\def\program@begin{%
  \begingroup%
  \hfil%
  \minipage[t]\z@%
    \topsep\z@%
    \itemsep\z@%
    \parskip\z@\parsep\z@%
    \partopsep\z@%
    \tabbing%
%    \end{macrocode}
%
% This is rather messy.  The |\item| from the \env{trivlist} messes up the
% spacing.  We remove the box, and fix |\prevdepth| to ensure that there's no
% glue at the top.
%
%    \begin{macrocode}
      \quad\=dummy\\%
      \@stopfield%
      \begingroup%
        \setbox\z@\lastbox\unskip\unskip\unskip\setbox\z@\lastbox\unskip%
      \endgroup%
      \prevdepth-\@m\p@%
      \@startfield\strut\ignorespaces%
}
%    \end{macrocode}
%
% Ending a program has no discernable subtlety.
%
%    \begin{macrocode}
\def\program@end{%
    \endtabbing%
  \endminipage%
  \hfil%
  \endgroup%
}
%    \end{macrocode}
%
% Finally, the row setting is fairly easy.  We have to ensure that we obey
% the prevailing list parameters.
%
%    \begin{macrocode}
\def\program@startline{%
  \moveright\@totalleftmargin%
  \hb@xt@\linewidth\bgroup%
    \program@begin%
}
\def\program@endline{%
    \program@end%
  \egroup%
}
%    \end{macrocode}
%
% \end{macro}
% \end{macro}
% \end{macro}
% \end{environment}
%
% \subsection{Other stuff}
%
% \begin{macro}{\Thing}
% \begin{macro}{\Succ}
% \begin{macro}{\Adv}
% \begin{macro}{\InSec}
% \begin{macro}{\Expt}
% \begin{macro}{\Game}
%
% Typesetting |\Thing| is easy.  This acts as a style hook for the rest of
% these things.
%
%    \begin{macrocode}
\def\Thing#1#2#3{\text{\normalfont\bfseries#1}^{\text{\normalfont#2}}_{#3}}
%    \end{macrocode}
%
% And now here they are.
%
%    \begin{macrocode}
\def\Succ{\Thing{Succ}}
\def\Adv{\Thing{Adv}}
\def\InSec#1{\Thing{InSec}{#1}{}}
\def\Expt{\Thing{Expt}}
\def\Game{\Thing{Game}}
%    \end{macrocode}
%
% \end{macro}
% \end{macro}
% \end{macro}
% \end{macro}
% \end{macro}
% \end{macro}
%
% \begin{macro}{\G}
%
% The name of a game is typeset simply as
%
%    \begin{macrocode}
\newcommand\G[2][G]{\mathbf{#1}_{#2}}
%    \end{macrocode}
%
% \end{macro}
%
% \begin{macro}{\Func}
% \begin{macro}{\Perm}
%
% The finite sets of functions and permutations are just a style choice.  We
% choose to buck the standard trends and use caligraphic letters.
%
%    \begin{macrocode}
\def\Func#1#2{\mathcal{F}^{#1,#2}}
\def\Perm#1{\mathcal{P}^{#1}}
%    \end{macrocode}
%
% \end{macro}
% \end{macro}
%
% \begin{macro}{\PKCS}
%
% Finally, I find that \PKCS{$n$} looks best typeset like this:
%
%    \begin{macrocode}
\def\PKCS#1{PKCS\,\##1}
%    \end{macrocode}
%
% \end{macro}
%
% \vskip\parskip\vbox{ ^^A The best way I could find of keeping this lot
%                      ^^A together, I'm afraid.
% That's all there is.  Byebye.
%
%    \begin{macrocode}
%</package>
%    \end{macrocode}
% \nopagebreak
%
% \hfill Mark Wooding, \today
% }
% \Finale
%
\endinput
Commit	Line	Data
86f6a31e	1	% \begin{meta-comment} <general public licence>
	2	%%
	3	%% crypto package -- useful macros for typesetting crypto papers
8bc5bdd2	4	%% Copyright (c) 2001--2003, 2006 Mark Wooding
86f6a31e	5	%%
3d509049	6	%% This file is part of the `mdwtools' LaTeX package collection.
e8e9e5d8	7	%%
3d509049 MW	8	%% `mdwtools' is free software: you can redistribute it and/or modify it
	9	%% under the terms of the GNU General Public License as published by the
	10	%% Free Software Foundation; either version 2 of the License, or (at your
	11	%% option) any later version.
	12	%%
	13	%% `mdwtools' is distributed in the hope that it will be useful, but
	14	%% WITHOUT ANY WARRANTY; without even the implied warranty of
	15	%% MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	%% General Public License for more details.
e8e9e5d8	17	%%
86f6a31e	18	%% You should have received a copy of the GNU General Public License
3d509049	19	%% along with `mdwtools'. If not, write to the Free Software Foundation,
86f6a31e	20	%% Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
3d509049	21	%%
86f6a31e	22	% \end{meta-comment}
	23	%
	24	% \begin{meta-comment} <Package preambles>
	25	%<+package>\NeedsTeXFormat{LaTeX2e}
	26	%<+package>\ProvidesPackage{crypto}
af8af7eb	27	%<+package> [2020/09/06 1.14.0 Crypto typesetting]
86f6a31e	28	% \end{meta-comment}
86f6a31e	29	%
be0a3c9b	30	% \CheckSum{258}
86f6a31e	31	%% \CharacterTable
	32	%% {Upper-case \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z
	33	%% Lower-case \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z
	34	%% Digits \0\1\2\3\4\5\6\7\8\9
	35	%% Exclamation \! Double quote \" Hash (number) \#
	36	%% Dollar \$ Percent \% Ampersand \&
	37	%% Acute accent \' Left paren \( Right paren \)
	38	%% Asterisk \* Plus \+ Comma \,
	39	%% Minus \- Point \. Solidus \/
	40	%% Colon \: Semicolon \; Less than \<
	41	%% Equals \= Greater than \> Question mark \?
	42	%% Commercial at \@ Left bracket \[ Backslash \\
	43	%% Right bracket \] Circumflex \^ Underscore \_
	44	%% Grave accent \` Left brace \{ Vertical bar \\|
	45	%% Right brace \} Tilde \~}
	46	%%
	47	%
	48	% \begin{meta-comment}
	49	%
	50	%<*driver>
	51	\input{mdwtools}
	52	\describespackage{crypto}
	53	\mdwdoc
	54	%</driver>
	55	%
	56	% \end{meta-comment}
	57	%
	58	%^^A-------------------------------------------------------------------------
	59	% \section{User guide}
	60	%
	61	% \subsection{Algorithm typesetting}
	62	%
	63	% A lot of provable-security papers need to be able to typeset algorithms
	64	% describing adversaries, schemes, oracle behaviour, etc. There is a
	65	% (relatively) standard format for doing this which we support.
	66	%
	67	% \DescribeEnv{program}
	68	% The \env{program} environment provides handy notation for describing
	69	% algorithms formally. It gives a \env{tabbing} environment, so that things
	70	% can be laid out nicely, and allows fragments of algorithms to be laid out
	71	% in columns or rows, with separating rules.
	72	%
	73	% \DescribeMacro\next
	74	% Within the \env{program} environment, the \|\next\| command stops typesetting
	75	% the current column, typesets a vertical separator rule, and starts a new
	76	% column. Adjacent columns are spaced out evenly across the page, with equal
	77	% space around the rules rules and at the current margins. This means that
	78	% the rules don't line up, but it still seems to provide a pleasing effect.
	79	%
	80	% \DescribeMacro\newline
	81	% The \|\newline\| macro begins a new row of algorithm typesetting. A page
	82	% break is possible at a \|\newline\|.
	83	%
	84	% \DescribeMacro\kw
	85	% A number of standard keywords are available, as shown in
	86	% table~\ref{tab:kw}. The typsetting of these is done by the \|\kw\| command,
	87	% which usually sets its argument in text bold face, but can be redefined.
	88	% The standard definition uses \|\xspace\| so that you don't need to remember
e653827a	89	% to say \verb*+\ + after a keyword command.
86f6a31e	90	% \begin{table}
	91	% \centering
	92	% \def\row#1{\texttt{\string#1} & #1 \\}
	93	% \begin{tabular}{ll}
	94	% \textbf{Command} & \textbf{Keyword} \\
	95	% \row\RETURN
	96	% \row\IF
	97	% \row\THEN
	98	% \row\ELSE
	99	% \row\REPEAT
	100	% \row\WHILE
	101	% \row\UNTIL
	102	% \row\FOREVER
	103	% \row\DO
	104	% \row\FOR
	105	% \row\FOREACH
	106	% \row\FROM
	107	% \row\IN
	108	% \row\TO
	109	% \row\ABORT
	110	% \row\PARSE
e653827a	111	% \row\NEW
86f6a31e	112	% \row\AS
	113	% \end{tabular}
	114	% \caption{Keywords available for algorithm typesetting}
	115	% \label{tab:kw}
	116	% \end{table}
	117	%
e653827a	118	% \DescribeMacro\ind
	119	% Within a \env{program} environment, the \|\ind\| command shunts the indent
	120	% level 1\,em to the right.
	121	%
86f6a31e	122	% \DescribeMacro\gets
	123	% \DescribeMacro\getsr
	124	% \DescribeMacro\inr
	125	% Assignment can be represented using the standard command \|\gets\|, which
	126	% typesets a left-pointing arrow `$\gets$'. Random sampling -- the selection
	127	% of a random element from a set or probability distribution -- can be
	128	% represented using the new command \|\getsr\|, which typesets an arrow with a
	129	% little `R' above it `$\getsr$'. Random membership -- showing that
	130	% something is a random variable with some distribution -- can be represented
	131	% using the \|\inr\| command, which just typesets an $\in$ sign with a
	132	% subscript `R': `$\inr$'.
	133	%
34c694a8 MW	134	% Should one wish, one can use a different character than `R' to denote
	135	% randomness. Some authors use `\$', for example. I know of one
	136	% (cheapskate?) author who has used `\rlap/c'. Redefining the \|\random\|
	137	% command lets you do this. For example, you can say
	138	% \|\newcommand{\random}{\$}\| should you so wish.
	139	%
86f6a31e	140	% \DescribeMacro\id
	141	% Long identifiers can be typeset using the \|\id\| command. giving the
	142	% identifier name as an argument. The \|\id\| command is only valid in maths
	143	% mode. As currently set up, \|\id\| sets its argument in \emph{text} italics;
	144	% this seems to look better in documents which use a PostScript body face and
	145	% Computer Modern for maths.
	146	%
	147	% \DescribeMacro\Xid
	148	% It's handy to be able to glue a bit of (possibly fancy) maths typesetting
	149	% to an identifier, e.g., to construct $\Xid{H'}{list}$, or
	150	% $\Xid{\mathcal{E}}{CTR$\$$}^F$. This is done using
	151	% \syntax{"\\Xid{"<maths>"}{"<text>"}"}. The two bits are joined by a text
	152	% hyphen `-'.
	153	%
	154	% \DescribeMacro\cookie
	155	% Sometimes textual names are used for special `symbols', which have meaning
	156	% to algorithms, e.g., the symbols $\cookie{find}$ and $\cookie{guess}$ in
	157	% the standard indistinguishability game. These can be typeset using the
	158	% \|\cookie\| command.
	159	%
	160	% \subsection{Other stuff}
	161	%
	162	% \DescribeMacro\Thing
	163	% In the quantifiable-security world, there are standard symbols for
	164	% advantage, success probability, insecurity, etc. The generic `style hook'
	165	% for these is \syntax{"\\Thing{"<name>"}{"<notion>"}{"scheme"}"}, which
	166	% typesets $\Thing{name}{notion}{scheme}$. It helps a lot if you have the
	167	% \package{amstext} package loaded.
	168	%
	169	% \DescribeMacro\Succ
	170	% \DescribeMacro\Adv
	171	% \DescribeMacro\InSec
	172	% \DescribeMacro\Expt
e653827a	173	% \DescribeMacro\Game
86f6a31e	174	% \begin{synshorts}
86f6a31e	175	% Some standard `things' are provided: "\\Succ{"<notion>"}{"<scheme>"}",
e8e9e5d8	176	% "\\Adv{"<notion>"}{"<scheme>"}", "\\InSec{"<notion>"}",
e653827a	177	% "\\Expt{"<notion>"}{"<scheme>"}", and "\\Game{"<notion>"}{"<scheme>"}".
86f6a31e	178	% \end{synshorts}
	179	%
	180	% \DescribeMacro\G
	181	% In proofs which proceed by varying the rules of the game played by the
	182	% adversary and bounding the probability of it noticing at each step, game
	183	% names are usually typeset as $\G n$ for small numbers $n$. The command
	184	% \syntax{"\\G{"<n>"}"} command does this typesetting. There's an optional
	185	% argument, which is a symbol to write instead of `G'.
	186	%
	187	% \DescribeMacro\Func
	188	% \DescribeMacro\Perm
	189	% When dealing with finite PRFs and PRPs, we need to talk about the set of
	190	% \emph{all} functions (or permutations) over particular sets, usually
	191	% $n$-vectors of bits. The macros \syntax{"\\Func{"<l>"}{"<L>"}"} and
	192	% \syntax{"\\Perm{"<L>"}"} typeset $\Func{l}{L}$ and $\Perm{L}$ respectively,
	193	% and are intended to denote the sets of all functions $F\colon \{0, 1\}^l
	194	% \to \{0, 1\}^L$ and all permutations $\Pi\colon \{0, 1\}^L \to \{0, 1\}^L$
e8e9e5d8	195	% respectively.
86f6a31e	196	%
	197	% \DescribeMacro\PKCS
	198	% Finally, the \|\PKCS\| macro typesets `\PKCS{$n$}', allowing you to name RSA
	199	% Security Inc.'s Public Key Cryptography Standards in a relatively nice way.
e8e9e5d8	200	%
86f6a31e	201	% \implementation
	202	%
	203	%
	204	%^^A-------------------------------------------------------------------------
	205	% \section{Implementation}
	206	%
	207	% We need David Carlisle's handy \package{xspace} package and the AMS \|\text\|
	208	% command.
	209	%
	210	% \begin{macrocode}
	211	%<*package>
	212	\RequirePackage{amstext}
	213	\RequirePackage{xspace}
	214	% \end{macrocode}
34c694a8	215	%
86f6a31e	216	% \subsection{Algorithm typsetting}
	217	%
	218	% \begin{macro}{\cookie}
	219	% \begin{macro}{\kw}
	220	% \begin{macro}{\id}
	221	%
	222	% First, some style issues. Note the \|\xspace\| at the end of \|\kw\|.
	223	%
	224	% \begin{macrocode}
	225	\def\cookie#1{\text{\normalfont\sffamily\/#1\/}}
	226	\def\kw#1{\text{\normalfont\bfseries\/#1\/}\xspace}
	227	\def\id#1{\text{\normalfont\itshape\/#1\/}}
	228	% \end{macrocode}
	229	%
	230	% \end{macro}
	231	% \end{macro}
	232	% \end{macro}
	233	%
	234	% \begin{macro}{\getsr}
	235	% \begin{macro}{\inr}
	236	%
	237	% The symbols for random selection and membership are fairly easy. The `R'
	238	% over $\getsr$ is actually in scriptscript style, because that seems to look
	239	% nicer.
	240	%
	241	% \begin{macrocode}
34c694a8 MW	242	\providecommand\random{R}
	243	\def\inr{\mathrel{\in_{\random}}}
	244	\def\getsr{\mathrel{\mathop{\gets}\limits^{\scriptscriptstyle\random}}}
86f6a31e	245	% \end{macrocode}
	246	%
	247	% \end{macro}
	248	% \end{macro}
	249	%
	250	% \begin{macro}{\Xid}
	251	%
	252	% The compound identifiers set by \|\Xid\| are easy.
	253	%
	254	% \begin{macrocode}
	255	\def\Xid#1#2{\id{$#1$-#2}}
	256	% \end{macrocode}
	257	%
	258	% \end{macro}
	259	%
	260	% Now for the various keywords. These are trivial, but useful.
	261	%
	262	% \begin{macrocode}
	263	\def\RETURN{\kw{return}}
	264	\def\IF{\kw{if}}
	265	\def\THEN{\kw{then}}
	266	\def\ELSE{\kw{else}}
	267	\def\REPEAT{\kw{repeat}}
	268	\def\WHILE{\kw{while}}
	269	\def\UNTIL{\kw{until}}
	270	\def\FOREVER{\kw{forever}}
	271	\def\DO{\kw{do}}
	272	\def\FOR{\kw{for}}
	273	\def\FOREACH{\kw{for\,each}}
	274	\def\FROM{\kw{from}}
	275	\def\IN{\kw{in}}
e653827a	276	\def\TO{\kw{to}}
86f6a31e	277	\def\ABORT{\kw{abort}}
	278	\def\PARSE{\kw{parse}}
	279	\def\AS{\kw{as}}
e653827a	280	\def\NEW{\ifmmode\mathop{\kw{new}}\else\kw{new}\fi}
be0a3c9b MW	281	\def\SEND{\kw{send}}
	282	\def\OUTPUT{\kw{output}}
	283	\def\STOP{\kw{stop}}
86f6a31e	284	% \end{macrocode}
	285	%
	286	% \begin{environment}{program}
	287	% \begin{macro}{\next}
	288	% \begin{macro}{\newline}
e653827a	289	% \begin{macro}{\ind}
86f6a31e	290	%
	291	% Now for the \env{program} environment and its associated twiddling. This
	292	% is actually a little fiddly.
	293	%
	294	% At the beginning, if we're in vertical mode -- i.e., there was a paragraph
	295	% break before the start of the environment -- then remember this, because it
	296	% affects the typesetting at the end. Set up \|\next\| and \|\newline\| in terms
	297	% of the underlying machinery, and start a row of algorithm.
	298	%
	299	% \begin{macrocode}
	300	\def\program{%
	301	\normalfont%
	302	\@tempswatrue\ifvmode\@tempswafalse\fi%
	303	\def\next{\program@end\vrule\program@begin}%
	304	\def\newline{\program@endline\medskip\program@startline}%
e653827a	305	\def\ind{\quad\=\+\kill}%
	306	\ifdim\topsep<\parskip\topsep\parskip\fi%
	307	\ifdim\@topsepadd<\z@\@topsepadd\z@\fi%
86f6a31e	308	\begingroup\trivlist%
	309	\advance\@topsep-\parskip\advance\@topsepadd-\parskip\item%
	310	\program@startline%
	311	}
	312	% \end{macrocode}
	313	%
	314	% Ending the environment is easy-ish. We stop the current row and leave a
	315	% gap, matching the one that \|\poem@startline\| adds automatically. If we
	316	% were initially in horizontal mode, then don't indent the next paragraph,
	317	% and ignore spaces after the \|\end{program}\| command.
	318	%
	319	% \begin{macrocode}
	320	\def\endprogram{%
	321	\program@endline\endtrivlist\endgroup%
e653827a	322	\if@tempswa\@endparenv\fi\@ignoretrue%
86f6a31e	323	}
	324	% \end{macrocode}
	325	%
	326	% Now for the guts of all of this. First of all, we turn to the typesetting
	327	% of a column, which is just hfil glue, a \env{minipage} with zero width and
	328	% a \env{tabbing} environment. The first tab is already set 1\,em in from
	329	% the margin. We use \env{minipage} to set up the list parameters correctly
	330	% and manage the initial and final spacing. The zero width is OK because
	331	% \env{tabbing} sets a list of hboxes rather than using outer horizontal
	332	% mode, so the \|\hsize\| is irrelevant.
	333	%
	334	% \begin{macrocode}
	335	\def\program@begin{%
	336	\begingroup%
	337	\hfil%
	338	\minipage[t]\z@%
	339	\topsep\z@%
	340	\itemsep\z@%
	341	\parskip\z@\parsep\z@%
	342	\partopsep\z@%
	343	\tabbing%
	344	% \end{macrocode}
	345	%
	346	% This is rather messy. The \|\item\| from the \env{trivlist} messes up the
	347	% spacing. We remove the box, and fix \|\prevdepth\| to ensure that there's no
	348	% glue at the top.
	349	%
	350	% \begin{macrocode}
	351	\quad\=dummy\\%
	352	\@stopfield%
	353	\begingroup%
	354	\setbox\z@\lastbox\unskip\unskip\unskip\setbox\z@\lastbox\unskip%
	355	\endgroup%
	356	\prevdepth-\@m\p@%
e653827a	357	\@startfield\strut\ignorespaces%
86f6a31e	358	}
	359	% \end{macrocode}
	360	%
	361	% Ending a program has no discernable subtlety.
	362	%
	363	% \begin{macrocode}
	364	\def\program@end{%
	365	\endtabbing%
	366	\endminipage%
	367	\hfil%
	368	\endgroup%
	369	}
	370	% \end{macrocode}
	371	%
	372	% Finally, the row setting is fairly easy. We have to ensure that we obey
	373	% the prevailing list parameters.
	374	%
	375	% \begin{macrocode}
	376	\def\program@startline{%
	377	\moveright\@totalleftmargin%
	378	\hb@xt@\linewidth\bgroup%
	379	\program@begin%
	380	}
	381	\def\program@endline{%
	382	\program@end%
	383	\egroup%
	384	}
	385	% \end{macrocode}
	386	%
	387	% \end{macro}
	388	% \end{macro}
e653827a	389	% \end{macro}
86f6a31e	390	% \end{environment}
	391	%
	392	% \subsection{Other stuff}
	393	%
	394	% \begin{macro}{\Thing}
	395	% \begin{macro}{\Succ}
	396	% \begin{macro}{\Adv}
	397	% \begin{macro}{\InSec}
	398	% \begin{macro}{\Expt}
e653827a	399	% \begin{macro}{\Game}
86f6a31e	400	%
86f6a31e	401	% Typesetting \|\Thing\| is easy. This acts as a style hook for the rest of
e653827a	402	% these things.
86f6a31e	403	%
	404	% \begin{macrocode}
	405	\def\Thing#1#2#3{\text{\normalfont\bfseries#1}^{\text{\normalfont#2}}_{#3}}
	406	% \end{macrocode}
	407	%
	408	% And now here they are.
	409	%
	410	% \begin{macrocode}
	411	\def\Succ{\Thing{Succ}}
	412	\def\Adv{\Thing{Adv}}
	413	\def\InSec#1{\Thing{InSec}{#1}{}}
	414	\def\Expt{\Thing{Expt}}
e653827a	415	\def\Game{\Thing{Game}}
86f6a31e	416	% \end{macrocode}
	417	%
	418	% \end{macro}
e653827a	419	% \end{macro}
86f6a31e	420	% \end{macro}
	421	% \end{macro}
	422	% \end{macro}
	423	% \end{macro}
	424	%
	425	% \begin{macro}{\G}
	426	%
	427	% The name of a game is typeset simply as
	428	%
	429	% \begin{macrocode}
	430	\newcommand\G[2][G]{\mathbf{#1}_{#2}}
	431	% \end{macrocode}
	432	%
	433	% \end{macro}
	434	%
	435	% \begin{macro}{\Func}
	436	% \begin{macro}{\Perm}
	437	%
	438	% The finite sets of functions and permutations are just a style choice. We
	439	% choose to buck the standard trends and use caligraphic letters.
	440	%
	441	% \begin{macrocode}
	442	\def\Func#1#2{\mathcal{F}^{#1,#2}}
	443	\def\Perm#1{\mathcal{P}^{#1}}
	444	% \end{macrocode}
	445	%
	446	% \end{macro}
	447	% \end{macro}
	448	%
	449	% \begin{macro}{\PKCS}
	450	%
	451	% Finally, I find that \PKCS{$n$} looks best typeset like this:
	452	%
	453	% \begin{macrocode}
	454	\def\PKCS#1{PKCS\,\##1}
	455	% \end{macrocode}
	456	%
	457	% \end{macro}
	458	%
	459	% \vskip\parskip\vbox{ ^^A The best way I could find of keeping this lot
	460	% ^^A together, I'm afraid.
	461	% That's all there is. Byebye.
	462	%
	463	% \begin{macrocode}
	464	%</package>
	465	% \end{macrocode}
	466	% \nopagebreak
	467	%
	468	% \hfill Mark Wooding, \today
	469	% }
	470	% \Finale
	471	%
	472	\endinput