diff --git a/chap-proofs.tex b/chap-proofs.tex
index e8787cb..a0479ae 100644
--- a/chap-proofs.tex
+++ b/chap-proofs.tex
@@ -24,21 +24,78 @@ In this field of computer science, research focuses on defining equivalence clas
 In order to define lower bound for the complexity of some problems, a classical way of doing this is to provide a construction that goes from an instance of a problem $A$ to an instance of problem $B$ such that if a solution of $B$ is found, then so is a solution of $A$ as well.
 This amounts to say that problem $B$ is at least as hard as problem $A$ up to the complexity of the transformation.
 For instance, Cook shown that satisfiability of boolean formulas is at least as hard as every problem in $\NP$~\cite{Coo71} up to a polynomial-time transformation.
-Let us now define more formally the notion of reduction, and the notion of computability \textit{via} Turing machines.
 
-\begin{definition}[Turing Machine] \label{de:turing-machine}
-  \newcommand\espace{\ensuremath{\square}\xspace}
+Let us now define more formally the notions of reduction and computability using the computational model of Turing machines.
+
+\begin{definition}[Turing Machine] \label{de:turing-machine} \index{Turing machine}
   A $k$-tape Turing Machine (TM) is described by a triple $M = (\Gamma, Q, \delta)$ containing:
   \begin{itemize}
-    \item A finite set $\Gamma$, called the \textit{tape alphabet}, that contains symbols that the TM uses in its tapes. In particular, $\Gamma$ contains a \textit{blank symbol} ``\espace'', and ``$\triangleright$'' that denotes the beginning of a tape.
+    \item A finite set $\Gamma$, called the \textit{tape alphabet}, that contains symbols that the TM uses in its tapes. In particular, $\Gamma$ contains a \textit{blank symbol} ``$\square$'', and ``$\triangleright$'' that denotes the beginning of a tape.
     \item A finite set $Q$ called the \textit{states} of the TM. It contains special states $q_{start}$, $q_{halt}$, called respectively the \textit{initial state} and the \textit{halt state}.
     \item A function $\delta: (Q \backslash \{q_{halt}\}) \times \Gamma^{k-1} \to Q \times \Gamma^{k-1} \times \{ \leftarrow, \downarrow, \rightarrow \}^k$, called the \textit{transition function}, that describes the behaviour of the internal state of the machine and the TM heads.\\
       \smallskip
       Namely, $\delta(q, a_1, \ldots, a_{k-1}) = (r, b_2, \ldots, b_k, m_1, \ldots, m_k)$ means that upon reading symbols $(a_1, \ldots, a_{k-1})$ on tapes $1$ to $k-1$ (where the first tape is the input tape, and the $k$-th tape is the output tape) on state $q$, the TM will move to state $r$, write $b_2, \ldots, b_k$ on tapes $2$ to $k$ and move its heads according to $m_1, \ldots, m_k$.
   \end{itemize}
 
-  A TM $M$ is said to compute a function $f: \Sigma^\star \to \Gamma^\star$, if for any finite input $x \in \Sigma^\star$ on tape $T_1$, blank tapes $T_2, \ldots, T_k$ with a beginning symbol $\triangleright$ and initial state $q_{start}$, $M$ halts in a finite number of steps with $f(x)$ written on its output tape $T_k$.
+  A TM $M$ is said to \emph{compute} a function $f: \Sigma^\star \to \Gamma^\star$, if for any finite input $x \in \Sigma^\star$ on tape $T_1$, blank tapes $T_2, \ldots, T_k$ with a beginning symbol $\triangleright$ and initial state $q_{start}$, $M$ halts in a finite number of steps with $f(x)$ written on its output tape $T_k$.
+
+  A TM $M$ is said to \emph{recognize} a language $L \subseteq \Sigma^\star$ if on a finite input $x \in \Sigma^\star$ written on its input tape $T_1$, blank tapes $T_2, \ldots, T_k$ with a beginning symbol $\triangleright$ and initial state $q_{start}$, the machine $M$ eventually ends on the state $q_{halt}$ with $1$ written on its output tape if and only if $x \in L$.
+  
+  A TM $M$ is said to run in $T(n)$-time if, on any input $x$, it eventually stops within $T(|x|)$ steps.
+
+  A TM $M$ is said to run in $S(n)$-space if, on any input $x$, it eventually stops and had write at most $S(|x|)$ memory cells in its working tapes.
 \end{definition}
 
+Turing machines are a computational model that proved useful in complexity theory as it is convenient to evaluate the running time of a Turing machine, which amounts to bound the number of steps the machine can make.
+Similarly, the working tapes works analogously to the memory of a program, and then counting the number of cells the machine uses is equivalent to evaluate the amount of memory the program requires.
+
+From these considerations, it is possible to describe the time and space complexity of a program from the definition of Turing machines.
+In our context, we will work with Turing machine that runs in polynomial-time and space, as polynomials benefit from good stability properties (sum, product, composition, \ldots{}).
+
+\begin{definition}[\textsf{P}~\cite{Rab60}] \index{Complexity classes!P@\textsf{P}}
+  The class \textsf{P} describes the set of languages that can be recognized by a Turing machine running in time $T(n) = \bigO(\poly)$.
+\end{definition}
+
+In theoretical computer science, the class \textsf{P} is often considered as the set of ``easy'' problems.
+These problems are considered easy in the sense that the growth of the cost to solve them is asymptotically negligible in front of other functions such as exponential.
+In this context, it is reasonable to consider the computational power of an adversary as polynomial (or quasi-polynomial) in time and space.
+As cryptographic algorithms are not deterministic, we also have to consider the probabilistic version of the computation model.
+
+\begin{definition}[Probabilistic Turing machine] \label{de:probabilistic-tm} \index{Turing machine!Probabilistic Turing machine}
+  A \emph{probabilistic Turing machine} is a Turing machine with two different transition functions $\delta_0$ and $\delta_1$, where at each step, a random coin is tossed to pick $\delta_0$ or $\delta_1$ with probability $1/2$ independently of all the previous choices.
+
+  The machine only outputs \texttt{accept} and \texttt{reject} depending on the content of the output tape at the end of the execution.
+  We denote by $M(x)$ the random variable corresponding to the value $M$ writes on its output tape at the end of its execution.
+\end{definition}
+
+\begin{definition}[\textsf{PP}~{\cite{Gil77}}] \index{Complexity classes!PP@\textsf{PP}}
+  The class \textsf{PP} describes the set of languages $L \subseteq \Sigma^\star$ that a Turing machine $M$ recognizes such that the TM $M$ stops in time $\poly[|x|]$ on every input $x$ and
+  \[ \begin{cases}
+      \Pr\left[ M(x) = 1 \mid x \in L \right] > \frac12\\
+      \Pr\left[ M(x) = 0 \mid x \notin L \right] > \frac12
+  \end{cases}. \]
+
+  In the following $\ppt$ stands for ``probabilistic polynomial time''.
+\end{definition}
+
+We defined complexity classes that corresponds to natural sets of programs that are of interest for us, but now how to work with it?
+That's why we'll now define the principle of polynomial time reduction.
+
+\begin{definition}[Polynomial time reduction] \label{de:pt-reduction} \index{Reduction!Polynomial time}
+  A language $A \subseteq \bit^\star$ is \emph{polynomial-time reducible to} a language $B \subseteq \bit^\star$, denoted by $A \redto B$, if there is a \emph{polynomial-time computable} function $f: \bit^\star \to \bit^\star$ such that for every $x \in \bit^\star$, $x \in A$ if and only if $f(x) \in B$.
+\end{definition}
+
+In other words, a polynomial reduction from $A$ to $B$ is the description of a polynomial time algorithm (also called ``\emph{the reduction}''), that uses an algorithm for $B$ to solve $A$.
+
+\begin{figure}
+  \centering
+  \input fig-poly-red
+  \caption{Illustration of a polynomial-time reduction~{\cite[Fig. 2.1]{AB09}}} \label{fig:poly-reduction}
+\end{figure}
+
+We can notice that \textsf{P} and \textsf{PP} are both closed under polynomial-time reduction.
+
+
 
 \section{Random-Oracle Model, Standard Model and Half-Simulatability}
+