\r
\begin{prop} \r
Every client $\mathsf{J}$ who sends a message $\mathsf{t}$ \r
-has $\mathsf{\mathscr{P}_t}$ as its latest stored message, and \r
-$\mathsf{s_t = s_{\mathscr{P}_t} + 1}$. \r
+has parent $\mathsf{p_t}$ as its latest stored message, and \r
+$\mathsf{s_t = s_{p_t} + 1}$. \r
\end{prop}\r
\begin{proof} True by definition, because $J$ sets \r
-$\mathsf{hmac_p(t) = hmac_c(\mathscr{P}_t)}$ and \r
-$\mathsf{s_t = }$ $\mathsf{s_{\mathscr{P}_t + 1}}$ when a message \r
+$\mathsf{hmac_p(t) = hmac_c(p_t)}$ and \r
+$\mathsf{s_t = }$ $\mathsf{s_{p_t + 1}}$ when a message \r
is sent. \r
\end{proof}\r
\r
Then $\mathsf{t}$ is in the path of $\mathsf{u}$. \r
\end{lem}\r
\begin{proof}\r
-Clearly $\mathsf{C}$ will throw an error if $\mathsf{s_t = s_u}$. So \r
-$\mathsf{s_t < s_u}$. Additionally, if $\mathsf{C}$ receives $\mathsf{u}$ before \r
-$\mathsf{t}$, this will cause it to throw an error, so $\mathsf{t}$ is received \r
-before $\mathsf{u}$.\r
+By contradiction, we will prove that if $\mathsf{t}$ is not in the path of \r
+$\mathsf{u}$, then it is impossible for client $\mathsf{C}$ to receive both\r
+messages without throwing any errors. Clearly $\mathsf{C}$ will throw an error \r
+if $\mathsf{s_t = s_u}$. So $\mathsf{s_t < s_u}$. Additionally, if $\mathsf{C}$ \r
+receives $\mathsf{u}$ before $\mathsf{t}$, this will cause it to throw an \r
+error, so $\mathsf{t}$ is received before $\mathsf{u}$.\r
\r
Assume that $\mathsf{t}$ is not in the path of $\mathsf{u}$. Take $\mathsf{u}$ \r
to be the packet of smallest sequence number for which this occurs, and \r
sent $\mathsf{l_1}$. Because no client can send two messages with the same sequence number, and \r
$\mathsf{s_{r_1} = s_{l_1} = s_q + 1}$, $\mathsf{J \neq K}$.\r
\r
-We also know the following three facts: \r
+We also know the following facts: \r
\r
\begin{prop} No client sends both a message in \r
-$\mathsf{(r_2,...,t)}$ and a message in $\mathsf{(l_2,...,u)}$. \end{prop}\r
+$\mathsf{(r_2,...,t)}$ and a message in $\mathsf{(l_2,...,u)}$. \r
+\end{prop}\r
\r
\begin{proof}\r
To send a message $\mathsf{p}$ that is the parent of some other \r
message, one must have received the parent of $\mathsf{p}$. Since \r
$\mathsf{u}$ is the message with smallest sequence number received by any \r
client that violates Lemma 1, no client receives both a message in $\mathsf{r}$ \r
-and a message in $\mathsf{l}$. \end{proof}\r
+and a message in $\mathsf{l}$. \r
+\end{proof}\r
\r
-\begin{prop} $\mathsf{C}$ does not receive any message with \r
-sequence number strictly between $\mathsf{s_t}$ and $\mathsf{s_u}$. \end{prop}\r
+\begin{prop} $\mathsf{C}$ does not receive any message with a\r
+sequence number strictly between $\mathsf{s_t}$ and $\mathsf{s_u}$. \r
+\end{prop}\r
\r
-\begin{proof} If there were such a message with sequence number smaller than $\mathsf{s_u}$, it would contradict the assumption that $\mathsf{u}$ is the message with least sequence number that violates Lemma 1. \end{proof}\r
+\begin{proof} If there were such a message with sequence number smaller than \r
+$\mathsf{s_u}$, it would contradict the assumption that $\mathsf{u}$ is the \r
+message with the least sequence number that violates Lemma 1. \r
+\end{proof}\r
\r
There are two cases:\r
\begin{itemize}\r
projects / iotcloud.git / blobdiff