• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Taspi
      • Bitcoin
      • Riscv
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Bigmems
      • Builtins
      • Execloader
      • Aleo
        • Aleobft
          • Aleobft-static
            • Correctness
              • Invariant-unequivocal-certificates
              • Invariant-same-certificates
              • Invariant-committed-redundant
              • Invariant-signers-have-author-round
              • Property-paths-to-voted-anchor
              • Properties-dags
              • Invariant-no-self-endorsed
              • Properties-certificate-retrieval
              • Invariant-last-anchor-voters
              • Invariant-blockchain-redundant
              • Invariant-previous-are-quorum
              • Invariant-no-self-buffer
              • Invariant-anchors-not-forking
              • Invariant-signers-are-validators
              • Invariant-previous-in-dag
              • Invariant-last-before-current
              • Invariant-last-anchor-present
              • Properties-anchors-extension
              • Invariant-unequivocal-dag
              • Property-paths-to-other-voted-anchor
              • Invariant-no-self-messages
              • Invariant-paths-to-other-last-anchor
              • Invariant-addresses
                • Invariant-faulty-addresses
                • Invariant-correct-addresses
                • Invariant-all-addresses
              • Invariant-last-is-even
              • Invariant-signers-are-quorum
              • Invariant-messages-to-correct
              • Properties-blockchain
              • Invariant-paths-to-last-anchor
              • Invariant-unequivocal-dags
              • Invariant-blockchain-not-forking
              • Operations-additional
              • Invariant-quorum
              • Invariant-dag-previous-are-quorum
              • Properties-anchors
              • Property-committed-anchors-of-next-event
              • Invariant-max-faulty
              • Property-last-anchor-of-next-event
              • Invariant-certificate-retrieval
              • Invariant-fault-tolerance
              • Invariant-dag-authors-are-validators
              • Invariant-causal-histories
            • Definition
          • Aleobft-stake2
          • Aleobft-dynamic
          • Aleobft-stake
          • Aleobft-proposals
          • Library-extensions
        • Leo
      • Solidity
      • Paco
      • Concurrent-programs
      • Bls12-377-curves
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Correctness

Invariant-addresses

Invariant that validator addresses do not change.

The sets of the addresses of all validators, all correct validators, and all faulty validators do not change in the course of the protocol. That is, the identities of validators, and their correct vs. faulty status, remain constant during the protocol, although their internal states may obviously change.

These are transition invariants, i.e. they relate the old and new states of transitions.

The proofs are straightforward, based on how transitions are defined. Transitions only change validator states (the values of the map), but never the validator addresses (the keys of the map). Furthermore, they never change validator states into nil (which would change a correct validator into a faulty one), and never turn nil into some validator state (which would change a faulty validator into a correct one).

Subtopics

Invariant-faulty-addresses
The set of the addresses of all the faulty validators is unchanged by all transitions.
Invariant-correct-addresses
The set of the addresses of all the correct validators is unchanged by all transitions.
Invariant-all-addresses
The set of the addresses of all the validators is unchanged by all transitions.