• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Riscv
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Taspi
      • Bitcoin
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Aleo
        • Aleobft
          • Correctness
            • Unequivocal-dags-def-and-init
            • Same-committees-def-and-implied
            • Dag-omni-paths
            • Signer-records
            • Unequivocal-dags-next
            • Quorum-intersection
            • Dag-previous-quorum-def-and-init-and-next
            • Unequivocal-signed-certificates
            • Signed-previous-quorum
            • Nonforking-anchors-def-and-init-and-next
            • Successor-predecessor-intersection
            • Fault-tolerance
            • Last-anchor-voters-def-and-init-and-next
            • Signer-quorum
            • Committed-redundant-def-and-init-and-next
            • Nonforking-blockchains-def-and-init
            • Blockchain-redundant-def-and-init-and-next
            • No-self-endorsed
            • Last-anchor-present
            • Anchors-extension
            • Nonforking-blockchains-next
            • Backward-closure
            • Last-blockchain-round
            • Dag-certificate-next
            • Omni-paths-def-and-implied
            • Ordered-blockchain
            • Simultaneous-induction
            • System-certificates
            • Last-anchor-def-and-init
            • Last-anchor-next
            • Dag-previous-quorum
            • Signed-certificates
              • Signed-certs
              • Signed-certs-of-next
                • Signed-certs-when-init
              • Committed-anchor-sequences
              • Omni-paths
              • Last-anchor-voters
              • Unequivocal-dags
              • Nonforking-blockchains
              • Nonforking-anchors
              • Committed-redundant
              • Same-committees
              • Blockchain-redundant
            • Definition
            • Library-extensions
          • Aleovm
          • Leo
        • Bigmems
        • Builtins
        • Execloader
        • Solidity
        • Paco
        • Concurrent-programs
        • Bls12-377-curves
      • Debugging
      • Std
      • Community
      • Proof-automation
      • Macro-libraries
      • ACL2
      • Interfacing-tools
      • Hardware-verification
      • Software-verification
      • Math
      • Testing-utilities
    • Signed-certificates

    Signed-certs-of-next

    How the certificates signed by a validator change (or not) for each transition.

    The only kind of event that may change the certificates signed by a validator is create, because all the others do not change the set of system certificates, as proved in system-certs-of-next, which are a superset of the signed certificates. Whether the set of signed certificates actually changes depends on whether the validator is a signer of the certificate or not; so our theorem for create has a conditional. The theorems for the other kinds of events assert that there is no change in the set of signed certificates.

    Definitions and Theorems

    Theorem: signed-certs-of-create-next

    (defthm signed-certs-of-create-next
  (implies (in val (correct-addresses systate))
           (equal (signed-certs val (create-next cert systate))
                  (if (in (address-fix val)
                          (certificate->signers cert))
                      (insert (certificate-fix cert)
                              (signed-certs val systate))
                    (signed-certs val systate)))))

    Theorem: signed-certs-of-accept-next

    (defthm signed-certs-of-accept-next
  (implies (and (in val (correct-addresses systate))
                (accept-possiblep msg systate))
           (equal (signed-certs val (accept-next msg systate))
                  (signed-certs val systate))))

    Theorem: signed-certs-of-advance-next

    (defthm signed-certs-of-advance-next
  (implies (and (in val (correct-addresses systate))
                (advance-possiblep val1 systate))
           (equal (signed-certs val (advance-next val1 systate))
                  (signed-certs val systate))))

    Theorem: signed-certs-of-commit-next

    (defthm signed-certs-of-commit-next
  (implies (and (in val (correct-addresses systate))
                (commit-possiblep val1 systate))
           (equal (signed-certs val (commit-next val1 systate))
                  (signed-certs val systate))))