proof-frog 0.3.0__tar.gz

proof_frog-0.3.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Ross Evans
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

proof_frog-0.3.0/PKG-INFO

@@ -0,0 +1,202 @@
+Metadata-Version: 2.4
+Name: proof_frog
+Version: 0.3.0
+Summary: A tool for checking transitions in cryptographic game-hopping proofs
+Keywords: cryptography,latex,game-hopping,proofs
+Author-email: Ross Evans <rpevans@uwaterloo.ca>, Douglas Stebila <dstebila@uwaterloo.ca>
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+License-Expression: MIT
+Classifier: Development Status :: 4 - Beta
+Classifier: Intended Audience :: Science/Research
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Programming Language :: Python :: 3.14
+Classifier: Topic :: Security :: Cryptography
+License-File: LICENSE
+Requires-Dist: antlr4-python3-runtime >= 4.13
+Requires-Dist: colorama >= 0.4
+Requires-Dist: z3-solver >= 4.12
+Requires-Dist: sympy >= 1.12
+Requires-Dist: flask >= 3.0
+Requires-Dist: click >= 8.0
+Requires-Dist: mcp[cli] >= 1.0 ; extra == "mcp"
+Project-URL: Documentation, https://prooffrog.github.io
+Project-URL: Release Notes, https://github.com/ProofFrog/ProofFrog/blob/main/RELEASE.md
+Project-URL: Source, https://github.com/ProofFrog/ProofFrog
+Provides-Extra: mcp
+
+<p align="center">
+  <img src="https://github.com/ProofFrog/ProofFrog/blob/main/proof_frog/web/prooffrog.png?raw=true" alt="ProofFrog logo" width="120"/>
+</p>
+
+# ProofFrog
+
+**A tool for checking transitions in cryptographic game-hopping proofs.**
+
+ProofFrog checks the validity of transitions in game-hopping proofs — the standard technique in provable security for showing that a cryptographic scheme satisfies a security property. Proofs are written in FrogLang, a domain-specific language for defining primitives, schemes, security games, and proofs. ProofFrog is designed to handle introductory-level proofs, trading expressivity and power for ease of use. The engine checks each hop by manipulating abstract syntax trees into a canonical form, with some help from other tools like Z3 and SymPy. ProofFrog's engine does not have any formal guarantees: the soundness of its transformations has not been verified.
+
+ProofFrog can be used via a **command-line interface**, a **browser-based editor**, or an **MCP server** for integration with AI coding assistants. More info at [prooffrog.github.io](https://prooffrog.github.io/).
+
+![ProofFrog web interface](https://github.com/ProofFrog/ProofFrog/blob/main/media/screenshot-web.png?raw=true)
+
+## Installation
+
+Requires **Python 3.11+**.
+
+### From PyPI
+
+```
+python3 -m venv .venv
+source .venv/bin/activate
+pip install proof_frog
+```
+
+### From source
+
+```
+git clone https://github.com/ProofFrog/ProofFrog
+cd ProofFrog
+git submodule update --init
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -e .
+pip install -r requirements-dev.txt
+```
+
+## Web Interface
+
+```
+proof_frog web [directory]
+```
+
+Starts a local web server (default port 5173) and opens the editor in your browser. The `[directory]` argument specifies the working directory for proof files; it defaults to the current directory.
+
+The web interface lets you edit ProofFrog files (with syntax highlighting), validate proofs from the web editor, and explore the game state at each hop.
+
+## Command-Line Interface
+
+| Command | Description |
+|---------|-------------|
+| `proof_frog parse <file>` | Parse a file and print its AST representation |
+| `proof_frog check <file>` | Type-check a file for well-formedness |
+| `proof_frog prove <file>` | Verify a game-hopping proof (`-v` for verbose output) |
+| `proof_frog web [dir]` | Launch the browser-based editor |
+
+When installed from source, use `python3 -m proof_frog` instead of `proof_frog`.
+
+## Writing a Proof in ProofFrog
+
+Take a look at the [guide](https://github.com/ProofFrog/ProofFrog/blob/main/docs/guide.md) for writing a proof in ProofFrog.
+
+ProofFrog uses four file types to express the components of a cryptographic proof.
+
+### Primitives (`.primitive`)
+
+A **primitive** defines the interface for a cryptographic operation — its parameters, types, and method signatures. Here's an example of the interface for a pseudorandom generator:
+
+```
+Primitive PRG(Int lambda, Int stretch) {
+    Int lambda = lambda;
+    Int stretch = stretch;
+
+    BitString<lambda + stretch> evaluate(BitString<lambda> x);
+}
+```
+
+### Schemes (`.scheme`)
+
+A **scheme** implements a primitive. Schemes can be built generically from other primitives. Here's an example of the one-time pad symmetric encryption scheme:
+
+```
+Scheme OTP(Int lambda) extends SymEnc {
+    Set Key = BitString<lambda>;
+    Set Message = BitString<lambda>;
+    Set Ciphertext = BitString<lambda>;
+
+    Key KeyGen() {
+        Key k <- Key;
+        return k;
+    }
+
+    Ciphertext Enc(Key k, Message m) {
+        return k + m;
+    }
+
+    Message Dec(Key k, Ciphertext c) {
+        return k + c;
+    }
+}
+```
+
+### Games (`.game`)
+
+A **security property** is defined as a pair of games (Left/Right). An adversary's inability to distinguish between the two games constitutes security. Here's an example of the security game for a PRG:
+
+```
+Game Real(PRG G) {
+    BitString<G.lambda + G.stretch> Query() {
+        BitString<G.lambda> s <- BitString<G.lambda>;
+        return G.evaluate(s);
+    }
+}
+
+Game Random(PRG G) {
+    BitString<G.lambda + G.stretch> Query() {
+        BitString<G.lambda + G.stretch> r <- BitString<G.lambda + G.stretch>;
+        return r;
+    }
+}
+
+export as Security;
+```
+
+### Proofs (`.proof`)
+
+A **proof script** declares assumptions, states a theorem, and lists a sequence of games. Each adjacent pair must be justified as either code-equivalent (verified automatically) or a reduction to an assumed security property. The following snippet shows the basic parts of a proof:
+
+```
+proof:
+
+let:
+    SymEnc proofE = SymEnc(ProofMessageSpace, ProofCiphertextSpace, ProofKeySpace);
+
+assume:
+    OneTimeUniformCiphertexts(proofE);
+
+theorem:
+    OneTimeSecrecy(proofE);
+
+games:
+    OneTimeSecrecy(proofE).Left against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Real compose R1(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Random compose R1(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Random compose R2(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Real compose R2(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeSecrecy(proofE).Right against OneTimeSecrecy(proofE).Adversary;
+```
+
+## Vibe-Coding a Proof
+
+ProofFrog also provides an MCP server for integration with AI coding assistants like Claude Code. See the ProofFrog website for an [example of vibe-coding a ProofFrog proof with Claude Code](https://prooffrog.github.io/hacs-2026/vibe/).
+
+## Examples
+
+The [`examples/`](https://github.com/ProofFrog/examples) repository contains primitives, schemes, games, and proofs largely adapted from [*The Joy of Cryptography*](https://joyofcryptography.com/) by Mike Rosulek. See also the [examples and tutorials on the ProofFrog website](https://prooffrog.github.io/).
+
+## License
+
+ProofFrog is released under the [MIT License](https://github.com/ProofFrog/ProofFrog/blob/main/LICENSE).
+
+## Acknowledgements
+
+ProofFrog was created by Ross Evans and Douglas Stebila, building on the pygamehop tool created by Douglas Stebila and Matthew McKague. For more information about ProofFrog's design, see [Ross Evans' master's thesis](https://uwspace.uwaterloo.ca/bitstream/handle/10012/20441/Evans_Ross.pdf) and [eprint 2025/418](https://eprint.iacr.org/2025/418).
+
+<img src="https://github.com/ProofFrog/ProofFrog/blob/main/media/NSERC.jpg?raw=true" alt="NSERC logo" width="750"/>
+
+We acknowledge the support of the Natural Sciences and Engineering Research Council of Canada (NSERC).
+
+Includes icons from the [vscode-codicons](https://github.com/microsoft/vscode-codicons) project.
+

proof_frog-0.3.0/README.md

@@ -0,0 +1,171 @@
+<p align="center">
+  <img src="https://github.com/ProofFrog/ProofFrog/blob/main/proof_frog/web/prooffrog.png?raw=true" alt="ProofFrog logo" width="120"/>
+</p>
+
+# ProofFrog
+
+**A tool for checking transitions in cryptographic game-hopping proofs.**
+
+ProofFrog checks the validity of transitions in game-hopping proofs — the standard technique in provable security for showing that a cryptographic scheme satisfies a security property. Proofs are written in FrogLang, a domain-specific language for defining primitives, schemes, security games, and proofs. ProofFrog is designed to handle introductory-level proofs, trading expressivity and power for ease of use. The engine checks each hop by manipulating abstract syntax trees into a canonical form, with some help from other tools like Z3 and SymPy. ProofFrog's engine does not have any formal guarantees: the soundness of its transformations has not been verified.
+
+ProofFrog can be used via a **command-line interface**, a **browser-based editor**, or an **MCP server** for integration with AI coding assistants. More info at [prooffrog.github.io](https://prooffrog.github.io/).
+
+![ProofFrog web interface](https://github.com/ProofFrog/ProofFrog/blob/main/media/screenshot-web.png?raw=true)
+
+## Installation
+
+Requires **Python 3.11+**.
+
+### From PyPI
+
+```
+python3 -m venv .venv
+source .venv/bin/activate
+pip install proof_frog
+```
+
+### From source
+
+```
+git clone https://github.com/ProofFrog/ProofFrog
+cd ProofFrog
+git submodule update --init
+python3 -m venv .venv
+source .venv/bin/activate
+pip install -e .
+pip install -r requirements-dev.txt
+```
+
+## Web Interface
+
+```
+proof_frog web [directory]
+```
+
+Starts a local web server (default port 5173) and opens the editor in your browser. The `[directory]` argument specifies the working directory for proof files; it defaults to the current directory.
+
+The web interface lets you edit ProofFrog files (with syntax highlighting), validate proofs from the web editor, and explore the game state at each hop.
+
+## Command-Line Interface
+
+| Command | Description |
+|---------|-------------|
+| `proof_frog parse <file>` | Parse a file and print its AST representation |
+| `proof_frog check <file>` | Type-check a file for well-formedness |
+| `proof_frog prove <file>` | Verify a game-hopping proof (`-v` for verbose output) |
+| `proof_frog web [dir]` | Launch the browser-based editor |
+
+When installed from source, use `python3 -m proof_frog` instead of `proof_frog`.
+
+## Writing a Proof in ProofFrog
+
+Take a look at the [guide](https://github.com/ProofFrog/ProofFrog/blob/main/docs/guide.md) for writing a proof in ProofFrog.
+
+ProofFrog uses four file types to express the components of a cryptographic proof.
+
+### Primitives (`.primitive`)
+
+A **primitive** defines the interface for a cryptographic operation — its parameters, types, and method signatures. Here's an example of the interface for a pseudorandom generator:
+
+```
+Primitive PRG(Int lambda, Int stretch) {
+    Int lambda = lambda;
+    Int stretch = stretch;
+
+    BitString<lambda + stretch> evaluate(BitString<lambda> x);
+}
+```
+
+### Schemes (`.scheme`)
+
+A **scheme** implements a primitive. Schemes can be built generically from other primitives. Here's an example of the one-time pad symmetric encryption scheme:
+
+```
+Scheme OTP(Int lambda) extends SymEnc {
+    Set Key = BitString<lambda>;
+    Set Message = BitString<lambda>;
+    Set Ciphertext = BitString<lambda>;
+
+    Key KeyGen() {
+        Key k <- Key;
+        return k;
+    }
+
+    Ciphertext Enc(Key k, Message m) {
+        return k + m;
+    }
+
+    Message Dec(Key k, Ciphertext c) {
+        return k + c;
+    }
+}
+```
+
+### Games (`.game`)
+
+A **security property** is defined as a pair of games (Left/Right). An adversary's inability to distinguish between the two games constitutes security. Here's an example of the security game for a PRG:
+
+```
+Game Real(PRG G) {
+    BitString<G.lambda + G.stretch> Query() {
+        BitString<G.lambda> s <- BitString<G.lambda>;
+        return G.evaluate(s);
+    }
+}
+
+Game Random(PRG G) {
+    BitString<G.lambda + G.stretch> Query() {
+        BitString<G.lambda + G.stretch> r <- BitString<G.lambda + G.stretch>;
+        return r;
+    }
+}
+
+export as Security;
+```
+
+### Proofs (`.proof`)
+
+A **proof script** declares assumptions, states a theorem, and lists a sequence of games. Each adjacent pair must be justified as either code-equivalent (verified automatically) or a reduction to an assumed security property. The following snippet shows the basic parts of a proof:
+
+```
+proof:
+
+let:
+    SymEnc proofE = SymEnc(ProofMessageSpace, ProofCiphertextSpace, ProofKeySpace);
+
+assume:
+    OneTimeUniformCiphertexts(proofE);
+
+theorem:
+    OneTimeSecrecy(proofE);
+
+games:
+    OneTimeSecrecy(proofE).Left against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Real compose R1(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Random compose R1(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Random compose R2(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeUniformCiphertexts(proofE).Real compose R2(proofE) against OneTimeSecrecy(proofE).Adversary;
+    OneTimeSecrecy(proofE).Right against OneTimeSecrecy(proofE).Adversary;
+```
+
+## Vibe-Coding a Proof
+
+ProofFrog also provides an MCP server for integration with AI coding assistants like Claude Code. See the ProofFrog website for an [example of vibe-coding a ProofFrog proof with Claude Code](https://prooffrog.github.io/hacs-2026/vibe/).
+
+## Examples
+
+The [`examples/`](https://github.com/ProofFrog/examples) repository contains primitives, schemes, games, and proofs largely adapted from [*The Joy of Cryptography*](https://joyofcryptography.com/) by Mike Rosulek. See also the [examples and tutorials on the ProofFrog website](https://prooffrog.github.io/).
+
+## License
+
+ProofFrog is released under the [MIT License](https://github.com/ProofFrog/ProofFrog/blob/main/LICENSE).
+
+## Acknowledgements
+
+ProofFrog was created by Ross Evans and Douglas Stebila, building on the pygamehop tool created by Douglas Stebila and Matthew McKague. For more information about ProofFrog's design, see [Ross Evans' master's thesis](https://uwspace.uwaterloo.ca/bitstream/handle/10012/20441/Evans_Ross.pdf) and [eprint 2025/418](https://eprint.iacr.org/2025/418).
+
+<img src="https://github.com/ProofFrog/ProofFrog/blob/main/media/NSERC.jpg?raw=true" alt="NSERC logo" width="750"/>
+
+We acknowledge the support of the Natural Sciences and Engineering Research Council of Canada (NSERC).
+
+Includes icons from the [vscode-codicons](https://github.com/microsoft/vscode-codicons) project.

proof_frog-0.3.0/proof_frog/__init__.py

@@ -0,0 +1 @@
+from .proof_frog import main

proof_frog-0.3.0/proof_frog/__main__.py

@@ -0,0 +1,3 @@
+from .proof_frog import main
+
+main()

proof_frog-0.3.0/proof_frog/antlr/Game.g4

@@ -0,0 +1,7 @@
+grammar Game;
+
+import Shared;
+
+program: moduleImport* game game gameExport EOF;
+
+gameExport: EXPORT AS ID SEMI;

proof_frog-0.3.0/proof_frog/antlr/Primitive.g4

@@ -0,0 +1,7 @@
+grammar Primitive;
+
+import Shared;
+
+program: PRIMITIVE ID L_PAREN paramList? R_PAREN L_CURLY primitiveBody R_CURLY EOF;
+
+primitiveBody: ((initializedField|methodSignature) SEMI)*;

proof_frog-0.3.0/proof_frog/antlr/Proof.g4

@@ -0,0 +1,46 @@
+grammar Proof;
+
+import Shared;
+
+program: moduleImport* proofHelpers proof EOF;
+
+proofHelpers: (reduction | game)*;
+
+reduction: REDUCTION ID L_PAREN paramList? R_PAREN COMPOSE parameterizedGame AGAINST gameAdversary L_CURLY gameBody R_CURLY;
+
+proof: PROOF COLON (LET COLON lets)? (ASSUME COLON assumptions)? THEOREM COLON theorem  GAMES COLON gameList;
+
+lets: (field SEMI)*;
+
+assumptions: (parameterizedGame SEMI)* (CALLS (LEQ|L_ANGLE) expression SEMI)?;
+
+theorem: parameterizedGame SEMI;
+
+gameList: gameStep SEMI (gameStep SEMI|induction|stepAssumption)*;
+
+gameStep: concreteGame COMPOSE parameterizedGame AGAINST gameAdversary # reductionStep
+	| (concreteGame|parameterizedGame) AGAINST gameAdversary # regularStep
+	;
+
+induction: INDUCTION L_PAREN ID FROM integerExpression TO integerExpression R_PAREN L_CURLY gameList R_CURLY;
+
+stepAssumption: ASSUME expression SEMI;
+
+gameField: (concreteGame | parameterizedGame) PERIOD ID;
+
+concreteGame: parameterizedGame PERIOD ID;
+gameAdversary: parameterizedGame PERIOD ADVERSARY;
+
+
+REDUCTION: 'Reduction';
+AGAINST: 'against';
+ADVERSARY: 'Adversary';
+COMPOSE: 'compose';
+PROOF: 'proof';
+ASSUME: 'assume';
+THEOREM: 'theorem';
+GAMES: 'games';
+LET: 'let';
+CALLS: 'calls';
+INDUCTION: 'induction';
+FROM: 'from';

proof_frog-0.3.0/proof_frog/antlr/Scheme.g4

@@ -0,0 +1,13 @@
+grammar Scheme;
+
+import Shared;
+
+program: moduleImport* scheme EOF;
+
+scheme: SCHEME ID L_PAREN paramList? R_PAREN EXTENDS ID L_CURLY schemeBody R_CURLY;
+
+schemeBody: (REQUIRES expression SEMI)* (field SEMI | method)+;
+
+REQUIRES: 'requires';
+SCHEME: 'Scheme';
+EXTENDS: 'extends';

proof_frog-0.3.0/proof_frog/antlr/Shared.g4

@@ -0,0 +1,174 @@
+grammar Shared;
+
+game: GAME ID L_PAREN paramList? R_PAREN L_CURLY gameBody R_CURLY;
+
+gameBody: (field SEMI)* method+
+	| (field SEMI)* method* gamePhase+;
+
+gamePhase: PHASE L_CURLY (method)+ ORACLES COLON L_SQUARE id (COMMA id)* R_SQUARE SEMI R_CURLY;
+
+field: variable (EQUALS expression)?;
+
+initializedField: variable EQUALS expression;
+
+method: methodSignature block;
+
+block: L_CURLY statement* R_CURLY;
+
+statement: type id SEMI #varDeclStatement
+	| type lvalue EQUALS expression SEMI #varDeclWithValueStatement
+	| type lvalue SAMPLES expression SEMI #varDeclWithSampleStatement
+	| lvalue EQUALS expression SEMI #assignmentStatement
+	| lvalue SAMPLES expression SEMI #sampleStatement
+	| expression L_PAREN argList? R_PAREN SEMI #functionCallStatement
+	| RETURN expression SEMI #returnStatement
+	| IF L_PAREN expression R_PAREN block (ELSE IF L_PAREN expression R_PAREN block )* (ELSE block )? #ifStatement
+	| FOR L_PAREN INTTYPE id EQUALS expression TO expression R_PAREN block #numericForStatement
+	| FOR L_PAREN type id IN expression R_PAREN block #genericForStatement
+	;
+
+lvalue:
+	(id | parameterizedGame) (PERIOD id | L_SQUARE expression R_SQUARE)*;
+
+methodSignature: type id L_PAREN paramList? R_PAREN;
+
+paramList: variable (COMMA variable)*;
+
+expression:
+	expression L_PAREN argList? R_PAREN #fnCallExp
+	| expression L_SQUARE integerExpression COLON integerExpression R_SQUARE #sliceExp
+	| NOT expression #notExp
+	| VBAR expression VBAR #sizeExp
+
+	| expression TIMES expression #multiplyExp
+	| expression DIVIDE expression #divideExp
+	| SUBTRACT expression #minusExp
+	| expression PLUS expression #addExp
+	| expression SUBTRACT expression #subtractExp
+	| expression EQUALSCOMPARE expression #equalsExp
+	| expression NOTEQUALS expression #notEqualsExp
+	| expression R_ANGLE expression # gtExp
+	| expression L_ANGLE expression # ltExp
+	| expression GEQ expression #geqExp
+	| expression LEQ expression #leqExp
+	| expression IN expression #inExp
+	| expression SUBSETS expression #subsetsExp
+
+	| expression AND expression #andExp
+	| expression OR expression #orExp
+	| expression UNION expression #unionExp
+	| expression BACKSLASH expression #setMinusExp
+
+	| lvalue # lvalueExp
+	| L_SQUARE (expression (COMMA expression)*)? R_SQUARE #createTupleExp
+	| L_CURLY (expression (COMMA expression)*)? R_CURLY #createSetExp
+	| type #typeExp
+	| BINARYNUM #binaryNumExp
+	| INT #intExp
+	| bool #boolExp
+	| NONE #noneExp
+	| L_PAREN expression R_PAREN #parenExp
+	;
+
+argList: expression (COMMA expression)*;
+
+variable: type id;
+
+parameterizedGame: ID L_PAREN argList? R_PAREN;
+
+type: type QUESTION #optionalType
+	| set #setType
+	| BOOL #boolType
+	| VOID #voidType
+	| MAP L_ANGLE type COMMA type R_ANGLE #mapType
+	| ARRAY L_ANGLE type COMMA integerExpression R_ANGLE #arrayType
+	| INTTYPE #intType
+	| type (TIMES type)+ #productType
+	| bitstring #bitStringType
+	| lvalue # lvalueType
+	;
+
+integerExpression
+	: integerExpression TIMES integerExpression
+	| integerExpression DIVIDE integerExpression
+	| integerExpression PLUS integerExpression
+	| integerExpression SUBTRACT integerExpression
+	| lvalue
+	| INT
+	| BINARYNUM
+	| L_PAREN integerExpression R_PAREN
+	;
+
+bitstring: BITSTRING L_ANGLE integerExpression R_ANGLE | BITSTRING;
+
+set: SET L_ANGLE type R_ANGLE | SET;
+
+bool: TRUE | FALSE;
+
+moduleImport: IMPORT FILESTRING (AS ID)? SEMI;
+
+id: ID | IN;
+
+L_CURLY: '{';
+R_CURLY: '}';
+L_SQUARE: '[';
+R_SQUARE: ']';
+L_PAREN: '(';
+R_PAREN: ')';
+L_ANGLE: '<';
+R_ANGLE: '>';
+SEMI: ';';
+COLON: ':';
+COMMA: ',';
+PERIOD: '.';
+TIMES: '*';
+EQUALS: '=';
+PLUS: '+';
+SUBTRACT: '-';
+DIVIDE: '/';
+QUESTION: '?';
+EQUALSCOMPARE: '==';
+NOTEQUALS: '!=';
+GEQ: '>=';
+LEQ: '<=';
+OR: '||';
+SAMPLES: '<-';
+AND: '&&';
+BACKSLASH: '\\';
+NOT: '!';
+VBAR: '|';
+
+SET: 'Set';
+BOOL: 'Bool';
+VOID: 'Void';
+INTTYPE: 'Int';
+VOID: 'Void';
+MAP: 'Map';
+RETURN: 'return';
+IMPORT: 'import';
+BITSTRING: 'BitString';
+ARRAY: 'Array';
+PRIMITIVE: 'Primitive';
+SUBSETS: 'subsets';
+IF: 'if';
+FOR: 'for';
+TO: 'to';
+IN: 'in';
+UNION: 'union';
+GAME: 'Game';
+EXPORT: 'export';
+AS: 'as';
+PHASE: 'Phase';
+ORACLES: 'oracles';
+ELSE: 'else';
+NONE: 'None';
+
+TRUE: 'true';
+FALSE: 'false';
+
+BINARYNUM: '0b'[01]+ ;
+INT: [0-9]+ ;
+ID: [a-zA-Z_$][a-zA-Z_0-9$]* ;
+WS: [ \t\r\n]+ -> skip ;
+LINE_COMMENT : '//' .*? '\r'? '\n' -> skip ;
+FILESTRING: '\''[-0-9a-zA-Z_$/.=>< ]+'\'' ;