[
[
['5','add','hl'],
['6','add','hl'],
['7','add','hl'],
['56','add','hl'],
['25','remove','slide-up'],
['11','add','slide-down']
],
[
['57','add','hl'],
['57','remove','slide-left'],
['58-slide','remove','slide-left'],
['3','add','hidden'],
['5','remove','hl'],
['5','add','hidden'],
['6','remove','hl'],
['6','add','hidden'],
['7','remove','hl'],
['7','add','hidden'],
['56','remove','hl'],
['56','add','slide-right']
],
[
['57','remove','hl']
],
[
['58-flip','add','flipped'],
['25','add','slide-down']
],
[
['59','add','hl']
],
[
['41','remove','hidden'],
['60','add','hl'],
['60','remove','slide-right'],
['59','remove','hl'],
['59','add','slide-left'],
['58-slide','add','slide-left']
],
[
['60','remove','hl'],
['8','add','hl'],
['62','add','hl'],
['53','remove','slide-up']
],
[
['49','remove','hidden'],
['59','add','hl'],
['59','remove','slide-left'],
['56','add','hl'],
['56','remove','slide-right'],
['63','add','hl'],
['63','remove','slide-left'],
['41','add','hidden'],
['8','remove','hl'],
['8','add','hidden'],
['62','remove','hl'],
['62','add','slide-right']
],
[
['59','remove','hl'],
['56','remove','hl'],
['63','remove','hl']
]
]
The starting point is $\lib{ots-real}$, with the pseudo-OTP algorithms included.
To use the fact that $G$ is a secure PRG, we can apply a three-hop maneuver to replace ``$Y := G(\key)$'' with ``$Y \gets \bits^{\secpar+\ell}$.'' The result of the three-hop maneuver is identical to $\lib{otp-real}$: a library that produces true OTP ciphertexts of length $\secpar+\ell$.\FORMATTINGHACK{\pagebreak}
$\lib{otp-real}$ and $\lib{otp-rand}$ are interchangeable (\claimref{provsec.clm.otp}):
$\lib{ots-real}$
$\lib{otp-real}^{\secpar+\ell}$
$\lib{otp-rand}^{\secpar+\ell}$
$\key \gets \bits^\secpar$
$Y $
${}\gets \bits^{\secpar+\ell}$
$\ctxt $
${}:= Y \oplus \ptxt$
${}\gets \bits^{\secpar+\ell}$
return $\ctxt$
$\link$
$\lib{prg-real}^G$
$\seed \gets \bits^\secpar$
$Y := G(\seed)$
return $Y$
$\lib{prg-rand}^G$
$Y \gets \bits^{\secpar+\ell}$
return $Y$