• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
    • Apt
    • Acre
    • Milawa
    • Smtlink
    • Aleobft
      • Aleobft-static
      • Aleobft-stake2
      • Aleobft-dynamic
      • Aleobft-stake
        • Correctness
          • Unequivocal-dags-def-and-init
          • Same-committees-def-and-implied
          • Signer-records
          • Dag-omni-paths
          • Unequivocal-dags-next
          • Quorum-intersection
          • Previous-quorum-def-and-init-and-next
          • Unequivocal-signed-certificates
          • Same-associated-certificates
          • Nonforking-anchors-def-and-init-and-next
          • Signed-previous-quorum
          • Successor-predecessor-intersection
          • Fault-tolerance
          • Last-anchor-voters-def-and-init-and-next
          • Signer-quorum
            • Signer-quorum-p-of-next
            • Validator-signer-quorum-p
            • Signer-quorum-p
            • Signer-quorum-p-always
            • Signer-quorum-p-when-init
          • Committed-redundant-def-and-init-and-next
          • Nonforking-blockchains-def-and-init
          • Dag-committees
          • No-self-messages
          • Blockchain-redundant-def-and-init-and-next
          • Backward-closure
          • Anchors-extension
          • Nonforking-blockchains-next
          • No-self-endorsed
          • Associated-certificates
          • Last-anchor-present
          • No-self-buffer
          • Signed-certificates
          • Last-blockchain-round
          • Dag-certificate-next
          • Omni-paths-def-and-implied
          • Simultaneous-induction
          • Ordered-even-blocks
          • Last-anchor-def-and-init
          • Last-anchor-next
          • Previous-quorum
          • Committed-anchors-sequences
          • Omni-paths
          • Last-anchor-voters
          • Unequivocal-dag
          • Signed-and-associated-cerificates
          • Nonforking-blockchains
          • Nonforking-anchors
          • Committed-redundant
          • Same-committees
          • Blockchain-redundant
        • Definition
      • Library-extensions
    • Abnf
    • Vwsim
    • Isar
    • Wp-gen
    • Dimacs-reader
    • Pfcs
    • Legacy-defrstobj
    • Proof-checker-array
    • Soft
    • Farray
    • Rp-rewriter
    • Instant-runoff-voting
    • Imp-language
    • Sidekick
    • Leftist-trees
    • C
    • Java
    • Taspi
    • Bitcoin
    • Des
    • Ethereum
    • X86isa
    • Sha-2
    • Riscv
    • Yul
    • Zcash
    • Proof-checker-itp13
    • Regex
    • ACL2-programming-language
    • Json
    • Jfkr
    • Equational
    • Cryptography
    • Poseidon
    • Where-do-i-place-my-book
    • Bigmems
    • Builtins
    • Axe
    • Execloader
    • Solidity
    • Leo
    • Paco
    • Concurrent-programs
  • Debugging
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Signer-quorum

Validator-signer-quorum-p

Check if the signers of a certificate are a subset of the committee for a certificate's round and form a quorum in that committee, where the committee is calculated by a validator (represented by its state).

Signature

(validator-signer-quorum-p cert vstate) → yes/no

Arguments

cert — Guard (certificatep cert).

vstate — Guard (validator-statep vstate).

Returns

yes/no — Type (booleanp yes/no).

This is used by signer-quorum-p to define our invariant. The guard ensures that the validator can calculate the committee.

Definitions and Theorems

Function: validator-signer-quorum-p

(defun validator-signer-quorum-p (cert vstate)
 (declare (xargs :guard (and (certificatep cert)
                             (validator-statep vstate))))
 (declare (xargs :guard (active-committee-at-round
                             (certificate->round cert)
                             (validator-state->blockchain vstate))))
 (let ((__function__ 'validator-signer-quorum-p))
   (declare (ignorable __function__))
   (b*
    (((validator-state vstate) vstate)
     ((certificate cert) cert)
     (commtt
          (active-committee-at-round cert.round vstate.blockchain)))
    (and (subset (certificate->signers cert)
                 (committee-members commtt))
         (>= (committee-members-stake (certificate->signers cert)
                                      commtt)
             (committee-quorum-stake commtt))))))

Theorem: booleanp-of-validator-signer-quorum-p

(defthm booleanp-of-validator-signer-quorum-p
  (b* ((yes/no (validator-signer-quorum-p cert vstate)))
    (booleanp yes/no))
  :rule-classes :rewrite)

Theorem: validator-signer-quorum-p-of-certificate-fix-cert

(defthm validator-signer-quorum-p-of-certificate-fix-cert
  (equal (validator-signer-quorum-p (certificate-fix cert)
                                    vstate)
         (validator-signer-quorum-p cert vstate)))

Theorem: validator-signer-quorum-p-certificate-equiv-congruence-on-cert

(defthm
     validator-signer-quorum-p-certificate-equiv-congruence-on-cert
  (implies (certificate-equiv cert cert-equiv)
           (equal (validator-signer-quorum-p cert vstate)
                  (validator-signer-quorum-p cert-equiv vstate)))
  :rule-classes :congruence)

Theorem: validator-signer-quorum-p-of-validator-state-fix-vstate

(defthm validator-signer-quorum-p-of-validator-state-fix-vstate
  (equal
       (validator-signer-quorum-p cert (validator-state-fix vstate))
       (validator-signer-quorum-p cert vstate)))

Theorem: validator-signer-quorum-p-validator-state-equiv-congruence-on-vstate

(defthm
 validator-signer-quorum-p-validator-state-equiv-congruence-on-vstate
 (implies (validator-state-equiv vstate vstate-equiv)
          (equal (validator-signer-quorum-p cert vstate)
                 (validator-signer-quorum-p cert vstate-equiv)))
 :rule-classes :congruence)