+ All Categories
Home > Documents > Formalising and Reusing of Proofs

Formalising and Reusing of Proofs

Date post: 25-Mar-2022
Category:
Upload: others
View: 8 times
Download: 0 times
Share this document with a friend
41
Motivation: formalisation - proofs & deduction Formalisations versus programs Reusing formalisations Conclusions and Future Work Formalising and Reusing of Proofs Mauricio Ayala-Rinc´ on Grupo de Teoria da Computa¸ ao, Universidade de Bras´ ılia (UnB) Bras´ ılia D.F., Brazil Research funded by Brazilian Research Agencies: CNPq, CAPES and FAPDF July 14 th , 2012 Mauricio Ayala-Rinc´ on http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medell´ ın 2012 1/41
Transcript

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Formalising and Reusing of Proofs

Mauricio Ayala-Rincon

Grupo de Teoria da Computacao, Universidade de Brasılia (UnB)

Brasılia D.F., Brazil

Research funded by

Brazilian Research Agencies: CNPq, CAPES and FAPDF

July 14th, 2012

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 1/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Talk’s Plan

1 Motivation: formalisation - proofs & deduction

2 Formalisations versus programsThe Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

3 Reusing formalisations

4 Conclusions and Future Work

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 2/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Mathematical proofs - logic & deduction

Table: Rules of natural deduction for propositional logic

introduction rules elimination rules

ϕ ψ

ϕ ∧ ψ(∧i )

ϕ ∧ ψϕ

(∧e )

ϕ

ϕ ∨ ψ(∨i )

ϕ ∨ ψ

[ϕ]u

.

.

[ψ]v

.

.

χ(∨e ), u, v

[ϕ]u

.

.

ϕ→ ψ(→i ), u

ϕ ϕ→ ψ

ψ(→e )

[¬ϕ]u

.

.

.⊥ϕ

(⊥e ), u

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 3/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Mathematical proofs - logic & deduction

Table: Rules of Natural Deduction for Predicate logic with equality

introduction elimination

t = t(=i )

t1 = t2 ϕ[x/t1]

ϕ[x/t2](=e)

y indep.

...ϕ[x/y ]

∀x ϕ (∀i )∀x ϕϕ[x/t]

(∀e)

ϕ[x/t]

∃x ϕ (∃i )∃x ϕ

[ϕ[x/y ]]u

y indep.

...χ

χ (∃e), u

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 4/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Mathematical proofs - logic & deduction

Table: Encoding ¬ - Rules of natural deduction forclassical logic

introduction rules elimination rules

[ϕ]u

...⊥¬ϕ (¬i ), u

ϕ ¬ϕ⊥ (¬e)

[ϕ]u

...⊥

ϕ→ ⊥ (→i ), uϕ ϕ→ ⊥⊥ (→e)

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 5/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Mathematical proofs - logic & deduction

Interchangeable rules:

¬¬φφ

(¬¬e)φ ∨ ¬φ

(lem)

[¬φ]a

...⊥φ

(¬e), a

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 6/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Mathematical proofs - logic & deduction

Examples of deductions. Assuming (¬¬e), LEM holds:

[¬(φ ∨ ¬φ)]x

[¬(φ ∨ ¬φ)]x[φ]u

φ ∨ ¬φ(∨i )

⊥(¬e)

¬φ(¬i ), u

φ ∨ ¬φ(∨i )

⊥(¬e)

¬¬(φ ∨ ¬φ)(¬i ), x

φ ∨ ¬φ(¬¬e)

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 7/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Mathematical proofs - logic & deduction

A derivation of Peirce’s law, ((φ→ ψ)→ φ)→ φ:

[¬φ]u[((φ→ ψ)→ φ)]x

[¬φ]u

¬ψ → ¬φ→i , ∅

[¬ψ]v

¬φ(→e)

[φ]w

⊥(¬e)

ψ(PBC), v

φ→ ψ(→i ),w

φ(→e)

⊥(¬e)

φ(PBC), u

((φ→ ψ)→ φ)→ φ(→i ), x

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 8/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

A very little list of related work

Reusing proofs (T.Kolbe & C.Walter, 1994): fixing successful proofstrategies through learning methods;

Reuse of proofs in software verification (Wolfgang Reif & Kurt Stenzel,1993): reusing proofs and proof attempts after software modifications;

Similarities and Reuse of Proofs in Formal Software Verification (EricaMelis & Axel Schairer, 1998): reusing subproofs;

How mathematicians prove theorems?

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 9/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Learning from how mathematicians prove theorems

ψ

>>>>>

|||||

ψ

OOOOOOOOO

ooooooooo

φ

!

ψ

BBBBB

�����

ψ

RRRRRRRRR

lllllllll

QQQQQQQQ

mmmmmmmm

π

Figure: Inference of Lemmas

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 10/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Learning from how mathematicians prove theorems

DDDzzz

PPPPPPnnnnnn

???��� DDD

zzz

OOOOOllllll ???

���

RRRRRRRR

llllllll

φ

;

/o/o/o/o#c

#c{;

{;

/o/o/o/o/o/o/o/o

(h(h(hv6 v6 v6

/o/o/o�_ �?

/o/o/o/o#c

#c{;

{;

/o/o/o/o/o/o/o/o

'g'g'gu5 u5 u5 u5 /o/o/o

�_ �?

/o/o/o/o/o/o/o/o/o/o/o

)i)i)i)i)i

u5 u5 u5 u5 u5

φ′

Figure: Analogy

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 11/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Learning from how mathematicians prove theorems

VVVVVVVVVjjjjjjjj

???ssss KKKK

ssssNNNNN

ppppp

???ssss KKKK

��� UUUUUUUUUgggggggggg

???���

OOOOOooooo

WWWWWWWWWWWWjjjjjjjj

φ[S ] S = R

φ[R]

Figure: Equational reasoning

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 12/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

The Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

The Prototype Verification System - PVS

PVS is a verification system, developed by the SRI InternationalComputer Science Laboratory, which consists of

1 a specification language:

based on higher-order logic;a type system based on Church’s simple theory of typesaugmented with subtypes and dependent types.

2 an interactive theorem prover:

based on sequent calculus; that is, goals in PVS are sequentsof the form Γ ` ∆, where Γ and ∆ are finite sequences offormulae, with the usual Gentzen semantics.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 13/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

The Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

GTC/Universidade de Brasılia & PVS

Term Rewriting Systems PVS library trs AR & Galdino UnB

First-Order Unification PVS library unification AR &Avelar UnB

Group theory PVS library groups Galdino UFG

All them available in the NASA LaRC PVS libraries:http://shemesh.larc.nasa.gov/fm/ftp/larc/PVS-library/pvslib.html

Air traffic CD&R (KB2D ; ACCoRD) AR & Galdino, Munoz(NIA/NASA LaRC)

Automating termination AR & Goodloe & Munoz (NASA LaRC)

Cryptography AR & Rego, Nantes & Fernandez (King’s College London)

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 14/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

The Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

Formal methods in cryptography

Why proving mathematically security requirements?

Authentication protocol of Needham-Schroeder

was considered during 17 years to be secure.but Lowe detected a “man-in-the-middle” vulnerability in thisprotocol [Lowe 95,6].

Example: formalisation of the security of the Dolev-Yaotwo-party cascade protocol [Dolev-Yao 83].

Joint work with Rodrigo Nogueira [2010] and Yuri Santos Rego[2012].

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 15/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

The Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

Cryptographic operations over monoids

Any user u ∈ U owns Eu and Du.

E = {Eu | u ∈ U}D = {Du | u ∈ U}

Σ = E ∪ D

Σ∗ set of words over Σ.

Monoid freely generated by Σ and congruences:

EuDu = λ DuEu = λ, ∀u ∈ U (1)

Eu(Du(M)) = Du(Eu(M)) = M,∀M plain text.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 16/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

The Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

Formalisation of security for cascade protocols

Theorem (Characterisation of security)

A cascade protocol P is secure iff,

(i) it satisfies the initial security property and(ii) it is balanced.

Formalisation in PVStheorem1 : THEOREM FORALL (prot : welldefined protocol,

x : U, y : U | x /= y, z : U | z /= x AND z /= y) :

secure protocol?(prot, x, y, z) IFF

( alpha0ContainsE?(prot, x, y) AND balanced cascade protocol?(prot) )

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 17/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

The Prototype Verification System - PVSA case study: Security of Cryptographic Protocols

Structure of the PVS formalisation

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 18/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs

Why?

Formalising is an exhaustive process that takes years.

Our case study on the DY security takes more than two years!Size of the specification: 1.651 lines (80 KB), butSize of the Formalisation: 55.300 lines (3.8 MB)!

Small changes in the specification, implies rebuilding proofsfrom scratch.

As well, use of alternative data structures, implies rebuildingproofs from scratch.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 19/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs - changing data structures

Instead sequences, use lists

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 20/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs

Definition (Isomrphism between poly-sorted signatures)

Let 〈A,F ,R〉 and 〈B,G,P〉 be signatures consisting of families of setsA = {A1, . . . ,An} and B = {B1, . . . ,Bn}, functions F = {f1, . . . , fk} andG = {g1, . . . , gk} and relations R = {r1, . . . , rl} and P = {p1, . . . , pl}. Anisomorphism between these structures, ı is a bijective mapping from thefamilies of sets, and from functions into functions and relations into relations,such that the following preservation properties hold:

For all f ∈ F , and m-tuple of well-typed arguments for f , x1, . . . , xm,supposing f is an m-ary function, ı(f (x1, . . . , xm)) = f ı(ı(x1), . . . , ı(xm));

For all p ∈ P, and m-tuple of well-typed arguments for p, x1, . . . , xm,supposing p is an m-ary predicate,ı(p(x1, . . . , xm)) if and only if ıh(ı(x1), . . . , ı(xm)).

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 21/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs

〈A,F ,R〉 ı // 〈B,G,P〉

A ∈ Ax 7→ ıA(x) // B ∈ B

f ∈ F f 7→ f ı // f ı ∈ G

ı(f (x1, . . . , xm)) = f ı(ı(x1), . . . , ı(xm))

p ∈ Rp 7→ pı // pı ∈ P

ı(p(x1, . . . , xm))⇔ pı(ı(x1), . . . , ı(xm))

Figure: Isomorphism between poly-sorted signatures

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 22/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Examples

〈R,+, 0, >〉 ı // 〈R+,×, 1, >〉

Rx 7→ ı(x):=exp(x) // R+

++ 7→ +ı:=× // ×

00 7→ 0ı:=1 // 1

>> 7→ >ı:=> // >

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 23/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Examples

ı is the function ln. Thus, one has two useful lemmas:

Lemma (isomorphism 1) ı ◦ ı is the identity in RLemma (isomorphism 2) ı ◦ ı is the identity in R+

Homeomorphic properties for the isomorphism and its inverse:

Lemma (preservation of +) ∀x , y : R. ı(x + y) = ı(x) +ı ı(y)

Lemma (preservation of >1) ∀x , y : R. x > y ⇔ ı(x) >ı ı(y)

Lemma (preservation of ×) ∀x , y : R+. ı(x × y) = ı(x)×ı ı(y)

Lemma (preservation of >2) ∀x , y : R + . x > y ⇔ ı(x) >ı ı(y)

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 24/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Examples

Theorem (additive inverse) ∀x : R. x + (−x) = 0

Theorem (ln of mult. inverses) ∀x : R+. ln(x−1) = − ln(x)

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 25/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Examples

Theorem (multiplicative inverse) ∀x : R+. x × x−1 = 1

can be proved as follows:

1 x × x−1 = exp ◦ ln(x × x−1), by Lemma isomorphism 2;

2 exp ◦ ln(x × x−1) = exp(ln(x) + ln(x−1)), by preservation of×;

3 exp(ln(x) + ln(x−1)) = exp(ln(x) +− ln(x)), by Theorem ofln of mult. inverses;

4 exp(ln(x) +− ln(x)) = exp(0), by Theorem of additive inverse;

5 exp(0) = 1, by application of the isomorphism exp.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 26/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

Changing sequences for lists in the formalisation of security ofcryptographic protocols, implies construction of several operators:

(length : nat, seq : [0, length− 1]− > CryOp)

ı

��list[CryOp] but also,

ı

OO

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 27/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

For illustration, consider reusing the proof of

Theorem(length of empty sequences)

s‘length = 0 IFF s = empty seq

to prove that the following analogous result over lists.

Theorem(length of null list)

length(l) = 0 IFF l = null

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 28/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

〈{CryOp, seq[CryOp],N,N, . . .}, {‘length, ‘seq, . . .}, {=seq[CryOp], . . .}〉

ı

��〈{CryOp, list[CryOp],N,N+, . . .}, {length, ı( ‘seq) . . .}, {=list[CryOp], . . .}〉

CryOptop 7→ op // CryOpt

seq[CryOpt]s 7→ ı(s) // list[CryOpt]

Nn 7→ n // N

N(index)n 7→ n+1 // N+(position)

‘lengths‘length 7→ length(ı(s)) // length( )

‘seq

s‘seq 7→ λ(i:[1,length]). nth(i,ı(s))// ı( ‘seq)

.

.

.

.

.

.

Figure: Isomorphism between sequences and lists of CryOps

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 29/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

(length : nat, seq : [0, length− 1]− > CryOp)

ı

��list[CryOp]

Specification transformation from Sequences to lists:

ı(s : seq[CryOp]) RECURSIVE : list[CryOp] =IF s‘length = 0 THEN nullELSE cons(s‘seq(0), ı(s(1, s‘length - 1))ENDIFMEASURE seq‘length

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 30/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

Homeomorphic properties should be formalized as, for instance:

Lemma A1 ı(s‘length) = length(ı(s))

Lemma A2 ı(s‘seq) = λ(i:[1,s‘length]).nth(i, ı(s))

Lemma A3 ı(s‘seq(k)) = (λ(i:[1,s‘length]).nth(i, ı(s)))ı(k)

Observe, that one has:(λ(i:[1,s‘length]).nth(i, ı(s)))ı(k) →β

(λ(i:[1,s‘length]).nth(i, ı(s)))(k + 1) →β nth(k + 1, ı(s)),thus, by lemma A3, ı(s‘seq(k)) = nth(k + 1, ı(s)).

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 31/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

(length : nat, seq : [0, length− 1]− > CryOp)

list[CryOp]

ı

OO

Specification transformation from lists to Sequences:

ı(l : list[CryOp]) : seq[CryOp] =(# length = length(l),

seq = λ(i:[0,length(l)−1]).nth(i+1, l) #)

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 32/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

Also, homeomorphic properties should be formalized, as forinstance:

Lemma B1 ı(length(l)) = (ı(l))‘length

Lemma B2 ı(nth(k, l)) = (ı(l))‘seq(ı(k))

Notice thatλ(i:[0,length(l)−1]). nth(i + 1, l))(ı(k)) =λ(i:[0,length(l)−1]). nth(i + 1, l))(k− 1) →β nth(k, l).

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 33/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

Formalisation of isomorphic properties is necessary:

Lemma isomorphism 1 ∀s : seq[CryOp]. ı ◦ ı(s) = s

Lemma isomorphism 2 ∀l : list[CryOp]. ı ◦ ı(l) = l

The presented properties are not exhaustive!

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 34/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

Reusing Theorem s‘length = 0 IFF s = empty seq to proveTheorem length(l) = 0 IFF l = null:

length(l) = 0⇔ appl. of isomorphism operatorı(length(l) = 0)⇔ isomorphism propertiesı(length(l)) = ı(0)⇔ isomorphism propertiesı(length(l)) = 0⇔ isomorphism propertiesı(l)‘length = 0 IFF reuse of Theoremı(l) = empty seq⇔ application of isomorphismı(ı(l) = empty seq)⇔ isomorphism propertiesı(ı(l)) = ı(empty seq)⇔ isomorphism propertiesl = ı(empty seq)⇔ isomorphism propertiesl = null 2

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 35/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

Summarizing, the approach to reuse formalizations throughisomorphic transformations involves two main steps:

1 Construction and formalization of isomorphisms:1 Construction of isomorphic transformations between data

structures, functions and relations;2 Formalization of isomorphic and homeomorphic properties;

2 Reuse of proofs.

Once the first step is completed, proofs by reusing formalizationsof equational and relational theorems follow the sketches in Fig. 6and 7, respectively.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 36/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

f(x1, . . . , xn)KSı ı

��isomorphisms

fı(ı(x1), . . . , ı(xn))

= Theorem

g(y1, . . . , ym)KSı ı

��isomorphisms

gı(ı(y1), . . . , ı(ym))

Theorem f(x1, . . . , xn) = gı(ı(y1), . . . , ı(ym))

Figure: General sketch of reusing equational proofs by isomorphisms

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 37/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Reusing proofs — Case of study

p(x1, . . . , xn)KSı ı

��isomorphisms

pı(ı(x1), . . . , ı(xn)) Theorem

Theorem p(x1, . . . , xn)

Figure: General sketch for reusing relational proofs by isomorphisms

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 38/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Conclusions

Reusing proofs is not straightforward.

Building poly-sorted isomorphisms works well, but is anexhaustive task.

Although this, after specifying isomorphism operators andhaving proved all mundane isomorphic properties complexproofs can be reused.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 39/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

Future Work

As a case study the formalisation of security of the Dolev-Yaomodel is being translated to other data structures.

More abstract approaches are possible: starting frommathematical properties proved over algebraic structures tryingto work independently of any data structure.The size of the formalisation should be big enough in order tohave a relatively small part related with isomorphisms. Forexample, the formalisation on D-Y security has size ca 80 KBand 3.8 MB specification and formalisation, respectively.

Several related academic projects involving generation of PVSlivraries are to be supervised in the GTC at the UnB.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 40/41

Motivation: formalisation - proofs & deductionFormalisations versus programs

Reusing formalisationsConclusions and Future Work

References

D. Dolev and A. C. Yao.

On the Security of Public Key Protocols.IEEE Transactions on Information Theory, 29(2):198–208, 1983.

G. Lowe.

An Attack on the Needham-Schroeder Public-Key Authentication Protocol.Information Processing Letters, 56(3):131–133, 1995.

G. Lowe.

Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR.Software - Concepts and Tools, 17(3):93–102, 1996.

R.B. Nogueira, M. Ayala-Rincon, A. Nascimento, and F. L.C. de Moura.

Formalization of security proofs using PVS in the Dolev-Yao model.In Computability in Europe, 2010.

Y.S. Rego and M. Ayala-Rincon.

Formalization in PVS of Balancing Properties Necessary for the Security of the Dolev-Yao Cascade ProtocolModelSBL 2011 full version available, 2012.

Mauricio Ayala-Rincon http://ayala.mat.unb.br - GTC/UnB Formalising & Reusing Proofs LACREST Medellın 2012 41/41


Recommended