Programs using random values can either make all choices in advance (eagerly) or sample as needed (lazily). In formal proofs, we focus on indistinguishability between two lazy programs, a common requirement in the random oracle model (ROM). While rearranging sampling instructions often solves this, it gets complex when sampling is spread across procedures. The traditional approach, introduced by Bellare and Rogaway in 2004, converts programs to eager sampling, but requires assuming finite memory, a polynomial bound, and artificial resampling functions. We introduce a novel approach in probabilistic Relational Hoare Logic (pRHL) that directly proves indistinguishability, eliminating the need for conversions and the mentioned assumptions. We also implement this approach in the EasyCrypt theorem prover, showing that it can be a convenient alternative to the traditional method.

中文翻译：

---

概率关系霍尔逻辑中的直接惰性采样证明技术

使用随机值的程序可以提前（热切地）做出所有选择，也可以根据需要进行采样（惰性地）。在形式证明中，我们关注两个惰性程序之间的不可区分性，这是随机预言模型（ROM）中的常见要求。虽然重新排列采样指令通常可以解决这个问题，但当采样分布在各个过程中时，情况就会变得复杂。Bellare 和 Rogaway 在 2004 年提出的传统方法将程序转换为急切采样，但需要假设有限内存、多项式界限和人工重采样函数。我们在概率关系霍尔逻辑（pRHL）中引入了一种新颖的方法，它可以直接证明不可区分性，从而消除了转换和上述假设的需要。我们还在 EasyCrypt 定理证明器中实现了这种方法，表明它可以成为传统方法的便捷替代方案。