• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
    • Apt
    • Zfc
    • Acre
    • Milawa
    • Smtlink
    • Abnf
    • Vwsim
    • Isar
    • Wp-gen
    • Dimacs-reader
    • Pfcs
    • Legacy-defrstobj
    • C
    • Proof-checker-array
    • Soft
    • Farray
    • Rp-rewriter
    • Instant-runoff-voting
    • Imp-language
    • Sidekick
    • Ethereum
    • Leftist-trees
    • Java
    • Riscv
    • Taspi
    • Bitcoin
    • Zcash
    • Des
    • X86isa
    • Sha-2
    • Yul
    • Proof-checker-itp13
    • Regex
    • ACL2-programming-language
    • Json
    • Jfkr
    • Equational
    • Cryptography
    • Axe
    • Poseidon
    • Where-do-i-place-my-book
    • Aleo
      • Aleobft
        • Correctness
          • Unequivocal-dags-def-and-init
          • Same-committees-def-and-implied
          • Dag-omni-paths
          • Signer-records
          • Unequivocal-dags-next
          • Quorum-intersection
          • Dag-previous-quorum-def-and-init-and-next
          • Unequivocal-signed-certificates
            • Not-signer-record-p-when-create-possiblep
            • Unequivocal-signed-certs-p-of-next
            • Signer-record-p-when-author+round-in-signed-certs
            • Unequivocal-signed-certs-p
            • Unequivocal-signed-certs-p-when-init
            • Unequivocal-signed-certs-p-of-events-next
            • Unequivocal-signed-certs-p-when-reachable
          • Signed-previous-quorum
          • Nonforking-anchors-def-and-init-and-next
          • Successor-predecessor-intersection
          • Fault-tolerance
          • Last-anchor-voters-def-and-init-and-next
          • Signer-quorum
          • Committed-redundant-def-and-init-and-next
          • Nonforking-blockchains-def-and-init
          • Blockchain-redundant-def-and-init-and-next
          • No-self-endorsed
          • Last-anchor-present
          • Anchors-extension
          • Nonforking-blockchains-next
          • Backward-closure
          • Last-blockchain-round
          • Dag-certificate-next
          • Omni-paths-def-and-implied
          • Ordered-blockchain
          • Simultaneous-induction
          • System-certificates
          • Last-anchor-def-and-init
          • Last-anchor-next
          • Dag-previous-quorum
          • Signed-certificates
          • Committed-anchor-sequences
          • Omni-paths
          • Last-anchor-voters
          • Unequivocal-dags
          • Nonforking-blockchains
          • Nonforking-anchors
          • Committed-redundant
          • Same-committees
          • Blockchain-redundant
        • Definition
        • Library-extensions
      • Aleovm
      • Leo
    • Bigmems
    • Builtins
    • Execloader
    • Solidity
    • Paco
    • Concurrent-programs
    • Bls12-377-curves
  • Debugging
  • Community
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Unequivocal-signed-certificates

Unequivocal-signed-certs-p-of-next

Preservation of the invariant: if the invariant holds in a system state, it also holds in the next system state.

The only kind of event that may change the set of signed certificates is create, which adds the certificate to each signer. To show that no equivocation is introduced, we make use of not-signer-record-p-when-create-possiblep and signer-record-p-when-author+round-in-signed-certs, to effectively derive a contradiction should the new certificate have the same author and round as some existing certificate. The rule certificate-set-unequivocalp-of-insert introduces cert-with-author+round, which is why signer-record-p-when-author+round-in-signed-certs is phrased in terms of that certificate retrieval function.

The other kinds of events do not change the sets of signed certificates, and thus it is easy to prove the preservation of the invariant.

Definitions and Theorems

Theorem: certificate-set-unequivocalp-of-create-next

(defthm certificate-set-unequivocalp-of-create-next
 (implies
   (and (signer-records-p systate)
        (in signer (correct-addresses systate))
        (certificate-set-unequivocalp (signed-certs signer systate))
        (create-possiblep cert systate)
        (no-self-endorsed-p systate))
   (certificate-set-unequivocalp
        (signed-certs signer (create-next cert systate)))))

Theorem: unequivocal-signed-certs-p-of-create-next

(defthm unequivocal-signed-certs-p-of-create-next
  (implies (and (unequivocal-signed-certs-p systate)
                (signer-records-p systate)
                (no-self-endorsed-p systate)
                (create-possiblep cert systate))
           (unequivocal-signed-certs-p (create-next cert systate))))

Theorem: unequivocal-signed-certs-p-of-accept-next

(defthm unequivocal-signed-certs-p-of-accept-next
  (implies (and (unequivocal-signed-certs-p systate)
                (accept-possiblep msg systate))
           (unequivocal-signed-certs-p (accept-next msg systate))))

Theorem: unequivocal-signed-certs-p-of-advance-next

(defthm unequivocal-signed-certs-p-of-advance-next
  (implies (and (unequivocal-signed-certs-p systate)
                (advance-possiblep val systate))
           (unequivocal-signed-certs-p (advance-next val systate))))

Theorem: unequivocal-signed-certs-p-of-commit-next

(defthm unequivocal-signed-certs-p-of-commit-next
  (implies (and (unequivocal-signed-certs-p systate)
                (commit-possiblep val systate))
           (unequivocal-signed-certs-p (commit-next val systate))))

Theorem: unequivocal-signed-certs-p-of-event-next

(defthm unequivocal-signed-certs-p-of-event-next
  (implies (and (unequivocal-signed-certs-p systate)
                (signer-records-p systate)
                (no-self-endorsed-p systate)
                (event-possiblep event systate))
           (unequivocal-signed-certs-p (event-next event systate))))