Verifying the Fisher-Yates Shuffle Algorithm in Dafny

Stefan Zetzsche; Jean-Baptiste Tristan; Tancrede Lepoint; Mikael Mayer

arXiv:2501.06084·cs.CR·January 13, 2025

Verifying the Fisher-Yates Shuffle Algorithm in Dafny

Stefan Zetzsche, Jean-Baptiste Tristan, Tancrede Lepoint, Mikael Mayer

PDF

Open Access

TL;DR

This paper presents a formal verification of the Fisher-Yates shuffle algorithm in Dafny, ensuring its correctness and unbiased distribution through a rigorous proof framework.

Contribution

It introduces a novel verification approach combining functional and imperative models to validate the Fisher-Yates shuffle's correctness and distribution.

Findings

01

Verified the Fisher-Yates shuffle's correctness in Dafny

02

Established the algorithm's unbiased permutation distribution

03

Provided a blueprint for verifying complex algorithms

Abstract

The Fisher-Yates shuffle is a well-known algorithm for shuffling a finite sequence, such that every permutation is equally likely. Despite its simplicity, it is prone to implementation errors that can introduce bias into the generated permutations. We verify its correctness in Dafny as follows. First, we define a functional model that operates on sequences and streams of random bits. Second, we establish that the functional model has the desired distribution. Third, we define an executable imperative implementation that operates on arrays and prove it equivalent to the functional model. The approach may serve as a blueprint for the verification of more complex algorithms.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSimulation Techniques and Applications · Scheduling and Optimization Algorithms · Reinforcement Learning in Robotics