Check if a certificate creation event is possible, from the point of view of a correct signer.
(create-signer-possiblep cert vstate) → yes/no
The input
A certificate is signed by author and endorsers, so the signers are the author and the endorsers; see certificate->signers. A correct (i.e. non-faulty) signer, whether author or endorser, signs a certificate only if certain conditions are met; these conditions are checked against the signer's state. This ACL2 function formalizes the conditions that are common to author and endorsers, i.e. signers in general. Further conditions for the author are formalized in create-author-possiblep; further conditions for the endorsers are formalized in create-endorser-possiblep.
The endorsers only see the proposal, not the whole certificate, so in our model they can only check conditions on the certificate components except the endorser addresses; even though we model certificate creation as an atomic event, we still need to model the right checks at the right times. As a consequence, this predicate only checks conditions on the certificate components except the endorser addresses, since it applies to all signers.
The first condition is that the signer must be able to calculate the active committee at the certificate's round. That is, its local blockchain must be sufficiently far along. If the validator cannot calculate the active committee, it is unable to author or endorse a certificate for that round, so this event cannot happen from the point of view of the validator.
That committee is used to check that the author of the certificate is a member of the committee: only validators in the active committee for a round can create certificates for that round. In the case of the certificate's author, this condition corresponds to the fact that a (correct) author would generate a certificate only if the author knows to be in the active committee. In the case of an endorser, this condition represents a check made by the endorser on the proposal.
The DAG of the signer must not already have a certificate with the given author and round. This is to prevent equivocation, i.e. the existence of two different certificates with the same author and round. Further conditions about this apply to endorsers, but here we are defining conditions common to author and endorsers.
If the round of the certificate is 1, it must have no references to previous certificates, because there is no round 0. If the round of the certificate is not 1, the following additional requirements apply.
There must be at least one reference to a previous certificate. This serves to ensure, indirectly, that the committee at the previous round is not empty, and in general that there are no rounds with an empty active committee. It is an invariant, proved elsewhere, that the authors of certificates in DAGs are members of the active committees at their rounds: thus, the non-emptiness of the set of previous certificate references implies, with this invariant, that the committee at the previous round has at least one member. Note also that, since the committee at the certificate's round is known, it is the case that the committee at the previous round is known too.
The signer's DAG must include
all the previous certificates referenced by the certificate.
These are the certificates at the round just before the certificate's round
whose authors are in the
The total stake of the certificates referenced in the previous round
must be at least the committee quorum stake.
This is the proper generalization from numbers of validators to stake.
It is an invariant, proved elsewhere,
that the authors of the certificates in the previous round
that are referenced in the
Function:
(defun create-signer-possiblep (cert vstate) (declare (xargs :guard (and (certificatep cert) (validator-statep vstate)))) (let ((__function__ 'create-signer-possiblep)) (declare (ignorable __function__)) (b* (((certificate cert) cert) ((validator-state vstate) vstate) (commtt (active-committee-at-round cert.round vstate.blockchain)) ((unless commtt) nil) ((unless (in cert.author (committee-members commtt))) nil) ((when (cert-with-author+round cert.author cert.round vstate.dag)) nil) ((when (= cert.round 1)) (emptyp cert.previous)) ((when (emptyp cert.previous)) nil) ((unless (subset cert.previous (certificate-set->author-set (certs-with-round (1- cert.round) vstate.dag)))) nil) (prev-commtt (active-committee-at-round (1- cert.round) vstate.blockchain)) ((unless (subset cert.previous (committee-members prev-commtt))) nil) ((unless (>= (committee-members-stake cert.previous prev-commtt) (committee-quorum-stake prev-commtt))) nil)) t)))
Theorem:
(defthm booleanp-of-create-signer-possiblep (b* ((yes/no (create-signer-possiblep cert vstate))) (booleanp yes/no)) :rule-classes :rewrite)
Theorem:
(defthm active-committee-at-round-when-create-signer-possiblep (implies (create-signer-possiblep cert vstate) (active-committee-at-round (certificate->round cert) (validator-state->blockchain vstate))) :rule-classes :forward-chaining)
Theorem:
(defthm create-signer-possiblep-of-certificate-fix-cert (equal (create-signer-possiblep (certificate-fix cert) vstate) (create-signer-possiblep cert vstate)))
Theorem:
(defthm create-signer-possiblep-certificate-equiv-congruence-on-cert (implies (certificate-equiv cert cert-equiv) (equal (create-signer-possiblep cert vstate) (create-signer-possiblep cert-equiv vstate))) :rule-classes :congruence)
Theorem:
(defthm create-signer-possiblep-of-validator-state-fix-vstate (equal (create-signer-possiblep cert (validator-state-fix vstate)) (create-signer-possiblep cert vstate)))
Theorem:
(defthm create-signer-possiblep-validator-state-equiv-congruence-on-vstate (implies (validator-state-equiv vstate vstate-equiv) (equal (create-signer-possiblep cert vstate) (create-signer-possiblep cert vstate-equiv))) :rule-classes :congruence)