% \usepackage{layout}
\usepackage{amsmath, amsthm, amssymb}
\advance\voffset by -72pt
% \setlength{\oddsidemargin}{36pt}
% \setlength{\evensidemargin}{-36pt}
\newcommand{\titleline}{Programming in Cryptol}
pdftitle = \titleline,
pdfkeywords = {Cryptol, Cryptography, Programming},
pdfauthor = {Levent Erk\"{o}k},
pdfpagemode = UseOutlines
% fonts
%% \setmonofont[Scale=0.85]{Courier}
\newcommand{\todo}[1]{\begin{center}\framebox{\begin{minipage}{0.8\textwidth}{{\bf TODO:} #1}\end{minipage}}\end{center}}
\def\imod#1{\allowbreak\mkern10mu({\operator@font mod}\,\,#1)}
\newcommand{\advanced}{\begin{center}\framebox{\begin{minipage}{0.95\textwidth}{{\bf Note:} The material in this section
is aimed for the more advanced reader. It can be skipped on a first reading without loss of continuity.}\end{minipage}}\end{center}}
\AnswerBoxSectionMark{Section \arabic{chapter}.\arabic{section} #1 (p.\pageref{#2})}%
\AnswerBoxExecute{\addcontentsline{toc}{section}{\texorpdfstring{\parbox{2.3em}{\arabic{chapter}.\arabic{section}\ }}{(\arabic{chapter}.\arabic{section})\ }#1}}%
\renewcommand{\ExerciseHeader}{\textbf{\hspace*{-\parindent}\ExerciseName\ \theExercise.\ }}
\renewcommand{\AnswerHeader}{\textbf{\hspace*{-\parindent}\ExerciseName\ \theExercise.\ }}
% various little text sections:
\newcommand{\lhint}[1]{({\bf Hint.}\ #1)}
\newcommand{\ansref}[1]{{\bf (p.~\pageref{#1})}}
%% \newcommand{\draftdate}{DRAFT of \today}
\renewcommand{\headrulewidth}{0pt} % no line on top
\renewcommand{\footrulewidth}{.5pt} % line on bottom
\fancyfoot[LO,RE]{\fancyplain{}{\textsf{\copyright\ 2010--2013, Galois, Inc.}}}
%% \fancyhead[LE]{\fancyplain{}{\textsf{\draftdate}}}
%% \fancyhead[RO]{\fancyplain{}{\textsf{DO NOT DISTRIBUTE!}}}
\fancyhead[RO,LE]{\fancyplain{}{}} %% outer
\fancyhead[LO,RE]{\fancyplain{}{\textsf{\nouppercase{\rightmark}}}} %% inner
\title{\Huge{\bf \titleline}}
\author{\\$ $\\$ $\\
Levent Erk\"{o}k\\
\\$ $\\
Galois, Inc.\\
421 SW 6th Ave., Suite 300\\Portland, OR 97204}
\vspace*{2cm}$ $\\
% \maketitle
\index{inference|see{type, inference}}
\index{signature|see{type, signature}}
\index{polymorphism|see{type, polymorphism}}
\index{monomorphism|see{type, monomorphism}}
\index{overloading|see{type, overloading}}
\index{undecidable|see{type, undecidable}}
\index{predicates|see{type, predicates}}
\index{defaulting|see{type, defaulting}}
\index{fin@\texttt{fin}|see{type, fin}}
\index{ambiguous constraints|see{type, ambiguous}}
\index{wildcard|see{\texttt{\_} (underscore)}}
\index{lambda expression|see{\ensuremath{\lambda}-expression}}
\index{pdiv@\texttt{pdiv}|see{polynomial, division}}
\index{pmod@\texttt{pmod}|see{polynomial, modulus}}
\index{pmult@\texttt{pmult}|see{polynomial, multiplication}}
\index{000GF28@GF($2^8$)|see{galois field}}
% \layout
%%%%%% PREFACE
%%%%%% TOC
%%%%%% Crash Course
include "../crashCourse/CrashCourse.tex";
%%%%%% Transposition ciphers
include "../classic/Classic.tex";
%%%%%% Enigma
include "../enigma/Enigma.tex";
%%%%%% High assurance
%% TODO - after ticket 96
%% \input{highAssurance/HighAssurance.tex}
%% \commentout{
%% \begin{code}
%% include "../highAssurance/HighAssurance.tex";
%% \end{code}
%% }
%%%%%% DES
% \chapter{DES: The Data Encryption Standard}
%%%%%% AES
include "../aes/AES.tex";
%%%%%% SHA
% \chapter{SHA: The Secure Hash Algorithm}
%\chapter{Advanced proof techniques}
%\section{Assumed equality}
%\section{Uninterpreted functions}
%\section{Proving AES correct}\label{sec:proveaes}
%In Section~\ref{sec:aescorrectattempt}, we wrote down the below Cryptol theorem stating that our AES\indAES encryption/decryption functions work correctly:
% theorem AESCorrect: {msg key}. aesDecrypt (aesEncrypt (msg, key), key) == msg;
% However, we were not able to do an automated proof of this fact, as it is beyond the scope of what SAT-based equivalence checkers can handle. In this
% section we will use our new tools to attack this problem and actually complete the proof in a reasonable amount of time.
%%%%%% SAT solving
% \chapter{Using satisfiability solvers: Solving Sudoku and N-Queens in Cryptol}\label{chap:usingsat}
%%%%%% Hardware
% \chapter{Generating and proving hardware correct}
%%%%%% Pitfalls
% \chapter{Pitfalls}
% \section{Defaulting}\label{sec:pitfall:defaulting}
% \todo{Talk about defaulting gotchas}
% \section{Evaluation order}\label{sec:pitfall:evorder}
% \todo{Talk about there's no short-circuit except for if-then-else, although models might differ.}
% \section{Theorems and safety checking}\label{sec:pitfall:thmexceptions}
% \todo{Talk about safety failures and theorems}
% \todo{Talk about why {\tt implies (x, y) = if x then y else False} is not a substitute for {\tt if-then-else}}
% \todo{Talk about assumeSafe}
%%%%%% Toolbox
% \chapter{Programmer's toolbox}
% \section{Pretty printing using {\tt format}}
% \section{Debugging code using {\tt trace}}
%%%%%% Miscallaneous
% \input{misc/Misc.tex}
% \commentout{
% \begin{code}
% include "../misc/Misc.tex";
% \end{code}
% }
% \fancyhead[LO,RE]{\fancyplain{}{\textsf{\nouppercase{\leftmark}}}}
%%%% Solutions
\chapter{Solutions to selected exercises}
As with any language, there are usually multiple ways to write the same
function in Cryptol. We have tried to use the most idiomatic
Cryptol code segments in our solutions. Note that Cryptol prints
numbers out in hexadecimal by default. In most of the answers below, we
have implicitly used the command {\tt :set base=10} to print numbers
out in decimal for readability.\indSettingBase
%%%% Cryptol primitives
include "../prims/Primitives.tex";
%%%% Enigma code
include "../enigma/EnigmaCode.tex";
%%%% AES code
include "../aes/AESCode.tex";
%%%% Glossary
%%%% Bibliography
%%%% Index
%%%% sanity checks
% \commentout{
% \begin{code}
% isEverythingSane = ~zero == checks
% where checks = [aesEncSanityCheck aesDecSanityCheck];
% \end{code}
% }