• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Acre
      • Milawa
      • Smtlink
      • Aleobft
        • Aleobft-static
        • Aleobft-stake2
        • Aleobft-dynamic
        • Aleobft-stake
          • Correctness
            • Unequivocal-dags-def-and-init
            • Same-committees-def-and-implied
            • Signer-records
            • Dag-omni-paths
            • Unequivocal-dags-next
            • Quorum-intersection
            • Previous-quorum-def-and-init-and-next
            • Unequivocal-signed-certificates
              • Not-signer-record-p-when-create-possiblep
              • Unequivocal-signed-certs-p-of-next
              • Signer-record-p-when-author+round-in-signed-certs
              • Unequivocal-signed-certs-p
              • Unequivocal-signed-certs-p-always
              • Unequivocal-signed-certs-p-when-init
            • Same-associated-certificates
            • Nonforking-anchors-def-and-init-and-next
            • Signed-previous-quorum
            • Successor-predecessor-intersection
            • Fault-tolerance
            • Last-anchor-voters-def-and-init-and-next
            • Signer-quorum
            • Committed-redundant-def-and-init-and-next
            • Nonforking-blockchains-def-and-init
            • Dag-committees
            • No-self-messages
            • Blockchain-redundant-def-and-init-and-next
            • Backward-closure
            • Anchors-extension
            • Nonforking-blockchains-next
            • No-self-endorsed
            • Associated-certificates
            • Last-anchor-present
            • No-self-buffer
            • Signed-certificates
            • Last-blockchain-round
            • Dag-certificate-next
            • Omni-paths-def-and-implied
            • Simultaneous-induction
            • Ordered-even-blocks
            • Last-anchor-def-and-init
            • Last-anchor-next
            • Previous-quorum
            • Committed-anchors-sequences
            • Omni-paths
            • Last-anchor-voters
            • Unequivocal-dag
            • Signed-and-associated-cerificates
            • Nonforking-blockchains
            • Nonforking-anchors
            • Committed-redundant
            • Same-committees
            • Blockchain-redundant
          • Definition
        • Library-extensions
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • C
      • Java
      • Taspi
      • Bitcoin
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Riscv
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Bigmems
      • Builtins
      • Axe
      • Execloader
      • Solidity
      • Leo
      • Paco
      • Concurrent-programs
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Correctness

Unequivocal-signed-certificates

Invariant that the certificates signed by a correct validator are unequivocal.

A correct validator signs a certificates under conditions formalized in create-possiblep; recall that create is the only kind of event that generates a new certificate. The conditions for certificate signing include the fact that the signer does not already have a record for a certificate with the same author and round: in other words, in order for the new certificate to be created, and thus be added to the set of certificates signed by the signer, the signer must not have a record of the certificate's author and round. But as proved in signer-records, it is an invariant that each correct validator has a record of all the certificates it has signed. Therefore, a new certificate will be signed, and added to the set of signed certificates, only if it has a different author-round combination from all the existing signed certificates, thus preventing equivocation.

This non-equivocation property is limited to the set of certificates signed by a single validator. There is no quorum intersection argument needed for this: the property comes from the internal consistency tests performed by a correct validator when it signs certificates. This invariant is then used to prove the broader non-equivocation property, which makes use of the quorum intersection argument.

Subtopics

Not-signer-record-p-when-create-possiblep
If create-possiblep holds, then signer-record-p is false for its correct signers.
Unequivocal-signed-certs-p-of-next
Preservation of the invariant: if the invariant holds in a system state, it also holds in the next system state.
Signer-record-p-when-author+round-in-signed-certs
If a certificate with a certain author and round can be obtained from the signed certificates of a validator, then the validator has a record of that author and round.
Unequivocal-signed-certs-p
Definition of the invariant: the set of certificates signed by each correct validator is unequivocal.
Unequivocal-signed-certs-p-always
The invariant holds in every state reachable from an initial state via a sequence of events.
Unequivocal-signed-certs-p-when-init
Establishment of the invariant: the invariant holds in any initial system state.