|
|
|---|
|
|
|
|---|
Bonded committee at a given round.
(bonded-committee-at-round round blocks) → commtt?
This is the committee that results from updating the genesis committee with all the transactions up to the latest block not after the round. The previous sentence is approximate, so we need to clarify it. First, the bonded committee at round 1 is certainly the genesis committee. If there is a block at round 2, with transactions that change the committee, we have two choices for the bonded committee at round 2: it could be still the genesis committee, or it could be the new committee after the block; this depends on whether we consider the new committee to be bonded at the beginning or at the end of round 2. The same kind of choice applies to any other even round with a block that changes the committee; on the other hand, it is always clear what the bonded committee at an odd round is, and also at even rounds without blocks, or with blocks that do not change the committee.
There seems to be no real criterion to choose between the two options, and it should not matter to correctness, i.e. the protocol should be correct either way. We choose to change committee at the end of the even round. Thus, the bonded committee at round 2 is always the genesis committee, which may change in round 3; and more in general the bonded committee at an even round is always the same as the one at the immediately preceding odd round.
This ACL2 function returns the committee bonded at a given round,
according to the choice explained above,
But note that not every round has a bonded committee:
after a certain round, the bonded committee is unknown,
because there are no blocks yet.
Suppose that the last block is at (even) round
The above also works if we take
So here is how this ACL2 function to calculate the bonded committee works.
First, we calculate the latest round
Since, as explained above, we regard the committe as
changing at the end of the even round of each block,
we need to find the latest block whose round is below
Among other properties, we prove that if a round has a bonded committeed, then every round before that round does as well. We also show that extending a blockchain does not affect the bonded committee at rounds that have a bonded committee calculable from the original blockchain.
Function:
(defun bonded-committee-at-round-loop (round blocks) (declare (xargs :guard (and (posp round) (block-listp blocks)))) (let ((__function__ 'bonded-committee-at-round-loop)) (declare (ignorable __function__)) (b* (((when (> (pos-fix round) (blocks-last-round blocks))) (committee-after-blocks blocks))) (bonded-committee-at-round-loop round (cdr blocks)))))
Theorem:
(defthm committeep-of-bonded-committee-at-round-loop (b* ((commtt (bonded-committee-at-round-loop round blocks))) (committeep commtt)) :rule-classes :rewrite)
Theorem:
(defthm bonded-committee-at-round-loop-when-no-blocks (implies (endp blocks) (equal (bonded-committee-at-round-loop round blocks) (genesis-committee))))
Theorem:
(defthm bonded-committee-at-round-loop-of-round-leq-2 (implies (<= (pos-fix round) 2) (equal (bonded-committee-at-round-loop round blocks) (genesis-committee))))
Theorem:
(defthm bonded-committee-at-round-loop-of-append-no-change (implies (and (blocks-orderedp (append blocks1 blocks)) (or (endp blocks1) (<= (pos-fix round) (block->round (car (last blocks1)))))) (equal (bonded-committee-at-round-loop round (append blocks1 blocks)) (bonded-committee-at-round-loop round blocks))))
Theorem:
(defthm bonded-committee-at-round-loop-of-pos-fix-round (equal (bonded-committee-at-round-loop (pos-fix round) blocks) (bonded-committee-at-round-loop round blocks)))
Theorem:
(defthm bonded-committee-at-round-loop-pos-equiv-congruence-on-round (implies (acl2::pos-equiv round round-equiv) (equal (bonded-committee-at-round-loop round blocks) (bonded-committee-at-round-loop round-equiv blocks))) :rule-classes :congruence)
Theorem:
(defthm bonded-committee-at-round-loop-of-block-list-fix-blocks (equal (bonded-committee-at-round-loop round (block-list-fix blocks)) (bonded-committee-at-round-loop round blocks)))
Theorem:
(defthm bonded-committee-at-round-loop-block-list-equiv-congruence-on-blocks (implies (block-list-equiv blocks blocks-equiv) (equal (bonded-committee-at-round-loop round blocks) (bonded-committee-at-round-loop round blocks-equiv))) :rule-classes :congruence)
Function:
(defun bonded-committee-at-round (round blocks) (declare (xargs :guard (and (posp round) (block-listp blocks)))) (let ((__function__ 'bonded-committee-at-round)) (declare (ignorable __function__)) (b* (((when (> (pos-fix round) (+ 2 (blocks-last-round blocks)))) nil)) (bonded-committee-at-round-loop round blocks))))
Theorem:
(defthm committee-optionp-of-bonded-committee-at-round (b* ((commtt? (bonded-committee-at-round round blocks))) (committee-optionp commtt?)) :rule-classes :rewrite)
Theorem:
(defthm bonded-committee-at-round-when-no-blocks (implies (endp blocks) (b* ((commtt (bonded-committee-at-round round blocks))) (implies commtt (equal commtt (genesis-committee))))))
Theorem:
(defthm bonded-committee-at-round-of-round-leq-2 (implies (<= (pos-fix round) 2) (equal (bonded-committee-at-round round blocks) (genesis-committee))))
Theorem:
(defthm bonded-committee-at-round-of-append-no-change (implies (and (blocks-orderedp (append blocks1 blocks)) (bonded-committee-at-round round blocks)) (equal (bonded-committee-at-round round (append blocks1 blocks)) (bonded-committee-at-round round blocks))))
Theorem:
(defthm bonded-committee-at-earlier-round-when-at-later-round (implies (and (bonded-committee-at-round later blocks) (< (pos-fix earlier) (pos-fix later))) (bonded-committee-at-round earlier blocks)))
Theorem:
(defthm bonded-committee-at-round-iff-round-upper-bound (iff (bonded-committee-at-round round blocks) (<= (pos-fix round) (+ 2 (blocks-last-round blocks)))))
Theorem:
(defthm bonded-committee-at-round-of-pos-fix-round (equal (bonded-committee-at-round (pos-fix round) blocks) (bonded-committee-at-round round blocks)))
Theorem:
(defthm bonded-committee-at-round-pos-equiv-congruence-on-round (implies (acl2::pos-equiv round round-equiv) (equal (bonded-committee-at-round round blocks) (bonded-committee-at-round round-equiv blocks))) :rule-classes :congruence)
Theorem:
(defthm bonded-committee-at-round-of-block-list-fix-blocks (equal (bonded-committee-at-round round (block-list-fix blocks)) (bonded-committee-at-round round blocks)))
Theorem:
(defthm bonded-committee-at-round-block-list-equiv-congruence-on-blocks (implies (block-list-equiv blocks blocks-equiv) (equal (bonded-committee-at-round round blocks) (bonded-committee-at-round round blocks-equiv))) :rule-classes :congruence)