A Lean 4 formalization of the Oil-and-Vinegar (OV) cryptosystem through the lens of witness/observer duality. This project rigorously proves the mathematical structure underlying OV signatures, connecting concrete cryptographic properties to abstract interrogation theory.
The Oil-and-Vinegar cryptosystem is reconceived as an interrogation structure where:
- Vinegar = Observer's free choice (imaginary side, subjective)
- Oil = Witness's forced response (real side, objective)
- Trapdoor = Coherence operator C, the bridge between them
- Public Map = Complete interrogation protocol (S ∘ F ∘ T)
- Signature = Equilibrium point μ where all constraints close
The unique equilibrium is μ = e^(i·3π/4), which satisfies:
- Energy conservation: |μ| = 1
- Directed balance: -Re(μ) = Im(μ)
- Dissipation: Re(μ) = -1/√2 < 0
- Period-8 cycle: μ⁸ = 1
UOVscheme/
├── OilVinegar.lean # Core definitions and fundamental lemmas
├── DualityStructure.lean # Witness/observer duality framework
├── BalanceHypothesis.lean # Balance constraints and hypotheses
├── UOV.lean # Main theorems connecting OV to duality
├── lakefile.lean # Lake build configuration
├── .github/workflows/ # CI/CD pipeline
│ └── build.yml
└── README.md # This file
Core cryptographic definitions
Defines the fundamental objects:
C : ℝ → ℝ— The coherence trapdoor function: C(r) = 2r/(1+r²)η : ℝ— The Silver Ratio: η = 1/√2μ : ℂ— The equilibrium point: μ = e^(i·3π/4)
Key lemmas:
mu_energy_conserved— Re(μ)² + Im(μ)² = 1mu_pow_eight— μ⁸ = 1coherence_le_one— C(r) ≤ 1 for all r ≥ 0coherence_eq_one_iff— C(r) = 1 ↔ r = 1
Abstract duality framework
Establishes the conceptual architecture:
InterrogationStructure— Type for witness/observer pairswitness_forced_by_observer— Given observer's choice, witness is uniquecoherence_mediates_duality— C bridges the couplingcomplex_duality_principle— Real/imaginary separation of rolesequilibrium_on_unit_circle— Solutions lie on |z| = 1
Fundamental balance equations
Constrains the system:
energy_conservation— |z| = 1directed_balance— -Re(z) = Im(z)coherence_closure— C(1 + 1/η) = ηwitness_dissipation— Re(z) < 0unified_balance— All four constraints force uniqueness
Main theorem collection
Organized into five parts:
-
Vinegar (Observer)
vinegar_observer_freedom— Observer freely chooses framevinegar_V1_energy_conservation— First constraintvinegar_V2_directed_balance— Second constraintvinegar_V3_self_referential_closure— Third constraintvinegar_triple_consistent— All three hold
-
Oil (Witness)
oil_witness_forced_by_vinegar— Witness uniquely determinedoil_witness_bounded— |μ| = 1oil_witness_dissipative— Re(μ) < 0oil_witness_period— μ⁸ = 1oil_determined_by_vinegar— All properties forced
-
Trapdoor (Coherence C)
trapdoor_unique_in_family— C is the unique degree-(1,2) rational with peak at r=1trapdoor_bijection_forward_side— Bijection proof: C(r) = C(s) ⇒ r = s ∨ r = 1/strapdoor_reveals_alignment—C reaches maximum at r = 1trapdoor_hardness_requires_observer_frame— Inverting C needs observer constraint
-
Public Map (Interrogation)
public_map_embedding_T— Embedding vinegar into complex planepublic_map_interrogation_F— Interrogation applies Cpublic_map_composition— Full protocol: P = S ∘ F ∘ Tpublic_map_is_interrogation— P is deterministic interrogation
-
Signature (Equilibrium)
signature_uniqueness— μ is the unique valid signaturesignature_perfect_alignment— C(|μ|) = 1signature_complete_interrogation— Interrogation terminates at μsignature_equilibrium_point— μ is the unique closure point
- Lean 4 (version 4.10.0 or compatible)
- Lake (Lean's package manager)
- git
# Clone the repository
git clone https://github.com/B2Beans/UOVscheme.git
cd UOVscheme
# Build the project
lake build
# Run checks
lake check- Install the Lean 4 extension
- Open the project folder in VS Code
- The extension will automatically download the correct Lean toolchain
The trapdoor operator C(r) = 2r/(1+r²) is the bridge in the duality:
- Maps (0,1] → (0,1] with involution symmetry: C(r) = C(1/r)
- Reaches maximum at r = 1: C(1) = 1
- Establishes bijection except for the r ↔ 1/r symmetry
The value η = 1/√2 appears in the coherence closure property:
- C(1 + √2) = 1/√2 (special case)
- Links the observer's free choice to a periodic solution
- Connects to the period-8 cycle of μ
The complex number μ = e^(i·3π/4) is uniquely determined by:
- Unit circle constraint: |μ| = 1
- Directed balance: -Re(μ) = Im(μ)
- Dissipation: Re(μ) < 0
This forces:
- Re(μ) = -1/√2 (witness dissipative)
- Im(μ) = 1/√2 (observer's free response)
- Angle: 3π/4 radians (135°, second quadrant)
Proves that C is essentially a bijection with one symmetry:
If C(r) = C(s) then r = s ∨ r·s = 1Proof strategy:
- Unfold C: C(r) = 2r/(1+r²)
- Cross-multiply: 2r(1+s²) = 2s(1+r²)
- Factor: 2(r-s)(1-rs) = 0
- Case analysis on roots
Shows the signature achieves maximum coherence:
C(|μ|) = 1 because |μ| = 1The project includes a GitHub Actions CI/CD pipeline that:
- Triggers on push to
mainand pull requests - Installs Lean 4 and Lake
- Runs
lake buildto verify all proofs compile - Status badge:
Contributions are welcome! Areas for enhancement:
- Completing
sorrystatements with full proofs - Adding optimized tactic proofs in alternative style
- Documenting additional cryptographic properties
- Performance benchmarking of verification
- Oil-and-Vinegar Signatures: Matsumoto & Imai, 1988
- Witness/Observer Duality: Original formalization in this project
- Lean 4 Documentation: https://lean-lang.org/
- Mathlib: https://github.com/leanprover-community/mathlib4
This project is licensed under the Creative Commons.
Maintainer: B2Beans
Last Updated: May 2026