\subsection{Client Algorithm}\r
\subsubsection{Reading Slots}\r
\textbf{Data Entry} \\\r
-$de$ is a data entry \\\r
$k$ is key of entry \\\r
$v$ is value of entry \\\r
$kv$ is a key-value entry $\tuple{k,v}$, $kv \in DE$ \\\r
$qs$ is a queue state entry (contains $max$ size of queue), $qs \in DE$ \\\r
$cr$ is a collision resolution entry $\tuple{s_{col},id_{col}}$, \r
s + id of a machine that wins a collision, $cr \in DE$ \\\r
+$de$ is a data entry that can be a $kv$, $ss$, $qs$, or $cr$ \\\r
$DE$ is a set of all data entries, possibly of different types, in a single message \\\r
$s \in SN$ is a sequence number \\\r
$id$ is a machine ID\\\r
$hmac_p$ is the HMAC value of the previous slot \\\r
$hmac_c$ is the HMAC value of the current slot \\\r
+$hmac_{p_g}$ is the HMAC value of the previous slot in procedure $\Call{ProcessSL}{}$ \\\r
+$hmac_{c_g}$ is the HMAC value of the current slot in procedure $\Call{ProcessSL}{}$ \\\r
$Dat_s = \tuple{s,id,hmac_p,DE,hmac_c}$ \\\r
$slot_s = \tuple{s, E(Dat_s)} = \r
\tuple{s, E(\tuple{s,id,hmac_p,DE,hmac_c})}$ \\ \\\r
\textit{$d$ = delta between the last $s$ recorded and the first $s$ received} \\\r
\textit{$id_{self}$ = machine Id of this client} \\\r
\textit{$max_g$ = maximum number of slots (initially $max_g > 0$)} \\\r
-\textit{m = number of slots stored on client (initially $m = 0$)} \\\r
\textit{$sl_{last}$ = info of last slot in queue = \r
$\tuple{s_{last},sv_{last},id_{last}}$ (initially $\emptyset$)} \\\r
\textit{DT = set of $\tuple{k,v}$ on client} \\\r
$SeqN(\tuple{s, sv})=s$ \\\r
$SlotVal(\tuple{s, sv})=sv$ \\\r
$CreateLastSL(s,sv,id)=\tuple{s,sv,id}=sl_{last}$ \\\r
-$CreateEntLV(kv_s,s_s)=\tuple{kv_s,s_s}$ \\\r
$Decrypt(SK_s,sv_s)=Dat_s=\tuple{s,id,hmac_p,DE,hmac_c}$ \\\r
$GetSeqN(Dat_s = \tuple{s,id,hmac_p,DE,hmac_c})=s$ \\\r
$GetMacId(Dat_s = \tuple{s,id,hmac_p,DE,hmac_c})=id$ \\\r
\wedge \forall \tuple{kv_s, s_s} \in LV_s, kv_s = kv$ \\\r
$GetKV($key-value data entry$)=\tuple{k_s,v_s} = kv_s$ \\\r
$GetSS($slot-sequence data entry$)=\tuple{id_s,s_{s_{last}}} = ss_s$ \\\r
-$GetQS($queue-state data entry$)=qs_s$ \\\r
-$GetCR($collision-resolution data entry$)=\tuple{s_s,id_s} = cr_s$ \\\r
-$GetKey(kv = \tuple{k, v})=k$ \\\r
-$GetVal(kv = \tuple{k, v})=v$ \\\r
-$GetId(ss = \tuple{id, s_{last}})=id$ \\\r
-$GetSLast(ss = \tuple{id, s_{last}})=s_{last}$ \\\r
-$GetS(cr = \tuple{s, id})=s$ \\\r
-$GetId(cr = \tuple{s, id})=id$ \\\r
+$GetCR($de$)=\tuple{s_s,id_s} = cr_s$ \\\r
+$Hmac(Dat_s,SK) = hmac_c$ \textit{value computed from $s$, $id$,\r
+$hmac_p$, and $DE$ taken from $Dat_s$} \\\r
+$IsKv(de) = true$ \textit{if $de$ is a $kv$, false otherwise} \\\r
+$IsSs(de) = true$ \textit{if $de$ is a $ss$, false otherwise} \\\r
+$IsQs(de) = true$ \textit{if $de$ is a $qs$, false otherwise} \\\r
+$IsCr(de) = true$ \textit{if $de$ is a $cr$, false otherwise} \\\r
+$GetKey(kv)=k$\Comment{$kv = \tuple{k, v}$} \\\r
+$GetVal(kv)=v$ \\\r
+$GetId(ss)=id$\Comment{$ss = \tuple{id, s_{last}}$} \\\r
+$GetSLast(ss)=s_{last}$ \\\r
+$GetS(cr)=s$\Comment{$cr = \tuple{s, id}$} \\\r
+$GetId(cr)=id$ \\\r
+$GetLastS(sl_{last})=s$\Comment{$sl_{last} = \tuple{s,sv,id}$} \\\r
+$GetSV(sl_{last})=sv$ \\\r
+$GetID(sl_{last})=id$ \\\r
$GetKeyVal(DT_s,k_s)= \tuple{k, v}$ \textit{such that} $\tuple{k, v} \r
\in DT_s \wedge \forall \tuple{k_s, v_s} \in DT_s, k = k_s$ \\\r
$MaxLastSeqN(MS_s)= s_{last}$ \textit{such that} $\tuple{id, s_{last}} \in MS_s \r
\r
\begin{algorithmic}[1]\r
\Function{GetQueSta}{$DE_s$}\r
-\State $de_{qs} \gets ss$ \textit{such that} $ss \in DE_s, \r
- de_s \in D \land type(de_s) = "qs"$\r
-\If{$de_{qs} \neq \emptyset$}\r
- \State $qs_{ret} \gets GetQS(de_{qs})$\r
+\State $qs_{de} \gets qs$ \textit{such that} $qs \in DE_s, \r
+ de_s \in D \land IsQs(de_s)$\r
+\If{$qs_{de} \neq \emptyset$}\r
+ \State $qs_{ret} \gets qs_{de})$\r
\Else\r
\State $qs_{ret} \gets \emptyset$\r
\EndIf\r
\r
\begin{algorithmic}[1]\r
\Function{GetSlotSeq}{$DE_s$}\r
-\State $DE_{ss} \gets \{de | de \in DE_s \land type(de) = "ss"\}$\r
+\State $DE_{ss} \gets \{de | de \in DE_s \land IsSs(de)\}$\r
\State \Return{$DE_{ss}$}\r
\EndFunction\r
\end{algorithmic}\r
\r
\begin{algorithmic}[1]\r
\Function{GetColRes}{$DE_s$}\r
-\State $DE_{cr} \gets \{de | de \in DE_s \land type(de) = "cr"\}$\r
+\State $DE_{cr} \gets \{de | de \in DE_s \land IsCr(de)\}$\r
\State \Return{$DE_{cr}$}\r
\EndFunction\r
\end{algorithmic}\r
\If{$s_t = \emptyset$}\r
\State $MS_s[id_s] = s_s$ \Comment{First occurrence}\r
\Else\r
+ \If{$id_s = id_{self}$}\r
+ \If{$s_t \neq s_s$}\Comment{Check for mismatch on $s$}\r
+ \State \Call{Error}{'Mismatch on $s$ for $id_{self}$'}\r
+ \EndIf\r
+ \Else\r
+ \If{$s_t > s_s$}\Comment{Check for rollback on $s$}\r
+ \State \Call{Error}{'Rollback on $s$ for $id_s$'}\r
+ \EndIf\r
+ \EndIf\r
\State $MS_S[id_s] \gets max(s_t, s_s)$\r
\EndIf\r
\State \Return{$MS_s$}\r
\end{algorithmic}\r
\r
\begin{algorithmic}[1]\r
-\Function{ValidSlotsRange}{$|SL_s|,s_{s_{min}},s_{s_{max}}$}\r
-\State $sz_{SL} \gets s_{s_{max}} - s_{s_{min}} + 1$\r
-\If{$sz_{SL} \neq |SL_s|$}\r
- \State \Call{Error}{'Sequence numbers range does not match actual set'}\r
-\EndIf\r
+\Function{ValidSlotsRange}{$s_{s_{min}}$}\r
\State $s_{s_{last}} \gets MaxSMSeqN(SM)$\r
\If{$s_{s_{min}} \leq s_{s_{last}}$}\r
\State \Call{Error}{'Server sent old slots'}\r
\end{algorithmic}\r
\r
\begin{algorithmic}[1]\r
-\Procedure{CheckSlotsRange}{$|SL_s|$}\r
-\State $s_{s_{max}} \gets MaxLastSeqN(MS)$\r
-\State $s_{self} \gets MS[id_{self}]$\r
-\State $sz_{expected} \gets s_{s_{max}} - s_{self} + 1$\r
-\If{$|SL_s| \neq sz_{expected}$}\r
+\Procedure{CheckNumSlots}{$|SL_s|,sz_s$}\r
+\If{$|SL_s| \neq sz_s$}\r
\State \Call{Error}{'Actual number of slots does not match expected'}\r
\EndIf\r
\EndProcedure\r
\EndFunction\r
\end{algorithmic}\r
\r
+\begin{algorithmic}[1]\r
+\Function{ValidHmacChain}{$Dat_s,s_s,hmac_{p_s},sl_l$}\r
+ \State $hmac_{p_{stored}} \gets GetPrevHmac(Dat_s)$\r
+ \If {$ \neg(s_s = 0 \land hmac_{p_s} = 0)$}\r
+ \State $s_l \gets GetLastS(sl_l)$\r
+ \If {$(s_s > s_l + 1) \land (hmac_{p_{stored}} \neq hmac_{p_s})$}\r
+ \State \Call{Error}{'Invalid previous HMAC value'}\r
+ \EndIf\r
+ \EndIf\r
+ \If{$Hmac(Dat_s,SK) \neq GetCurrHmac(Dat_s)$ }\r
+ \State \Call{Error}{'Invalid current HMAC value'}\r
+ \EndIf\r
+ \State $hmac_{p_s} \gets Hmac(Dat_s,SK)$\Comment{Update $hmac_{p_s}$ for next check}\r
+\State \Return{$hmac_{p_s}$}\r
+\EndFunction\r
+\end{algorithmic}\r
+\r
\begin{algorithmic}[1]\r
\Function{UpdateDT}{$DT_s,DE_s,LV_s,s_s$}\r
-\State $DE_{s_{kv}} \gets \{de_s | de_s \in DE_s, type(de_s) = "kv"\}$\r
-\ForAll{$de_s \in DE_s$}\r
+\State $DE_{s_{kv}} \gets \{de_s | de_s \in DE_s \land IsKv(de_s)\}$\r
+\ForAll{$de_s \in DE_{s_{kv}}$}\r
\State $kv_s \gets GetKV(de_s)$\r
\State $LV_s \gets \Call{UpdateKVLivEnt}{LV_s,kv_s,s_s}$\r
\State $k_s \gets GetKey(kv_s)$\r
\EndFunction\r
\end{algorithmic}\r
\r
+\begin{algorithmic}[1]\r
+\Function{InitExpSize}{$s_{min}$}\r
+\If{$s_{min} < max_g$}\Comment{Check whether $SL$ is full on server}\r
+ \State $sz_s \gets s_{min}$\r
+\Else\r
+ \State $sz_s \gets max_g$\r
+\EndIf\r
+\State \Return{$sz_s$}\r
+\EndFunction\r
+\end{algorithmic}\r
+\r
+\begin{algorithmic}[1]\r
+\Function{UpdateExpSize}{$sz_s$}\r
+\State $sz_s \gets sz_s + 1$\r
+\If{$sz_s > max_g$}\Comment{Expected size $\leq max_g$}\r
+ \State $sz_s \gets max_g$\r
+\EndIf\r
+\State \Return{$sz_s$}\r
+\EndFunction\r
+\end{algorithmic}\r
+\r
+\begin{algorithmic}[1]\r
+\Function{UpdateQS}{$Dat_s,max_s$}\r
+\State $DE_s \gets GetDatEnt(Dat_s)$\r
+\State $qs_s \gets \Call{GetQueSta}{DE_s}$\Comment{Handle qs}\r
+\If{$qs_s \neq \emptyset \land qs_s > max_s$}\r
+ \State $max_s \gets qs_s$\r
+\EndIf\r
+\State \Return{$max_s$}\r
+\EndFunction\r
+\end{algorithmic}\r
+\r
+\begin{algorithmic}[1]\r
+\Procedure{UpdateCR}{$DE_s$}\r
+\State $DE_{s_{cr}} \gets \Call{GetColRes}{DE_s}$\Comment{Handle cr}\r
+\If{$DE_{s_{cr}} \neq \emptyset$}\r
+ \ForAll{$de_{s_{cr}} \in DE_{s_{cr}}$}\r
+ \State $cr_s \gets GetCR(de_{s_{cr}})$\r
+ \State $\Call{CheckCollision}{MS,SM,cr_s}$\r
+ \State $CR_{live} \gets \Call{AddCRLivEnt}{CR_{live},cr_s}$\r
+ \EndFor\r
+\EndIf\r
+\EndProcedure\r
+\end{algorithmic}\r
+\r
+\begin{algorithmic}[1]\r
+\Function{UpdateSS}{$DE_s,MS_s$}\r
+\State $DE_{s_{ss}} \gets \Call{GetSlotSeq}{DE_s}$\Comment{Handle ss}\r
+\If{$DE_{s_{ss}} \neq \emptyset$}\r
+ \ForAll{$de_{s_{ss}} \in DE_{s_{ss}}$}\r
+ \State $\tuple{id_d,s_{d_{last}}} \gets GetSS(de_{s_{ss}})$\r
+ \State $MS_s \gets \Call{UpdateLastSeqN}{id_d,s_{d_{last}},MS_s}$\r
+ \State $SS_{live} \gets \Call{AddSSLivEnt}{SS_{live},de_{s_{ss}}}$\r
+ \EndFor\r
+\EndIf\r
+\State \Return{$MS_s$}\r
+\EndFunction\r
+\end{algorithmic}\r
+\r
\begin{algorithmic}[1]\r
\Procedure{ProcessSL}{$SL_g$}\r
\State $MS_g \gets \emptyset$\r
\State $\tuple{s_{g_{min}},sv_{g_{min}}} \gets MinSlot(SL_g)$\r
\State $\tuple{s_{g_{max}},sv_{g_{max}}} \gets MaxSlot(SL_g)$\r
-\State $d \gets \Call{ValidSlotsRange}{|SL_g|,s_{g_{min}},s_{g_{max}}}$\r
+\State $d \gets \Call{ValidSlotsRange}{s_{g_{min}}}$\r
+\State $sz \gets \Call{InitExpSize}{s_{g_{min}}}$\r
\For{$s_g \gets s_{g_{min}}$ \textbf{to} $s_{g_{max}}$}\Comment{Process slots \r
in $SL_g$ in order}\r
\State $\tuple{s_g,sv_g} \gets Slot(SL_g,s_g)$\r
\If{$s_g \neq s_{g_{in}}$}\r
\State \Call{Error}{'Invalid sequence number'}\r
\EndIf\r
- \State $DE_g \gets GetDatEnt(Dat_g)$\r
- \State $hmac_{p_{stored}} \gets GetPrevHmac(Dat_g)$\r
- \If {$ \neg(s_g = 0 \land hmac_{p_g} = 0) \land hmac_{p_{stored}} \neq hmac_{p_g}$}\r
- \State \Call{Error}{'Invalid previous HMAC value'}\r
- \EndIf\r
- \If{$\Call{Hmac}{DE_g,SK} \neq GetCurrHmac(Dat_g)$ }\r
- \State \Call{Error}{'Invalid current HMAC value'}\r
- \EndIf\r
- \State $hmac_{p_g} \gets Hmac(DE_g,SK)$\Comment{Update $hmac_{p_g}$ for next check}\r
- \State $qs_g \gets \Call{GetQueSta}{DE_g}$\Comment{Handle qs}\r
- \If{$qs_g \neq \emptyset \land qs_g > max_g$}\r
- \State $max_g \gets qs_g$\r
- \EndIf\r
- %Check for last s in Dat\r
- \State $id_g \gets GetMacId(Dat_g)$\Comment{Handle last s}\r
- \State $MS_g \gets \Call{UpdateLastSeqN}{id_g,s_g,MS_g}$\r
- %Check for last s in DE in Dat\r
- \State $DE_{g_{ss}} \gets \Call{GetSlotSeq}{DE_g}$\Comment{Handle ss}\r
- \If{$DE_{g_{ss}} \neq \emptyset$}\r
- \ForAll{$de_{g_{ss}} \in DE_{g_{ss}}$}\r
- \State $\tuple{id_d,s_{d_{last}}} \gets GetSS(de_{g_{ss}})$\r
- \State $MS_g \gets \Call{UpdateLastSeqN}{id_d,s_{d_{last}},MS_g}$\r
- \State $SS_{live} \gets \Call{AddSSLivEnt}{SS_{live},de_{g_{ss}}}$\r
- \EndFor\r
- \EndIf\r
- \State $DE_{g_{cr}} \gets \Call{GetColRes}{DE_g}$\Comment{Handle cr}\r
- \If{$DE_{g_{cr}} \neq \emptyset$}\r
- \ForAll{$de_{g_{cr}} \in DE_{g_{cr}}$}\r
- \State $cr_g \gets GetCR(de_{g_{cr}})$\r
- \State $\Call{CheckCollision}{MS,SM,cr_g}$\r
- \State $CR_{live} \gets \Call{AddCRLivEnt}{CR_{live},cr_g}$\r
- \EndFor\r
- \EndIf\r
+ \State $hmac_{p_g} \gets \Call{ValidHmacChain}{Dat_g,s_g,hmac_{p_g},sl_{last}}$\r
+ \State $sz \gets \Call{UpdateExpSize}{sz}$\r
+ \State $max_g \gets \Call{UpdateQS}{Dat_g,max_g}$\Comment{Handle qs}\r
+ \State $MS_g \gets \Call{UpdateLastSeqN}{id_g,s_g,MS_g}$\Comment{Handle last s}\r
+ \State $MS_g \gets \Call{UpdateSS}{DE_g,MS_g}$\Comment{Handle ss}\r
+ %\State $DE_{g_{ss}} \gets \Call{GetSlotSeq}{DE_g}$\Comment{Handle ss}\r
+ %\If{$DE_{g_{ss}} \neq \emptyset$}\r
+ % \ForAll{$de_{g_{ss}} \in DE_{g_{ss}}$}\r
+ % \State $\tuple{id_d,s_{d_{last}}} \gets GetSS(de_{g_{ss}})$\r
+ % \State $MS_g \gets \Call{UpdateLastSeqN}{id_d,s_{d_{last}},MS_g}$\r
+ % \State $SS_{live} \gets \Call{AddSSLivEnt}{SS_{live},de_{g_{ss}}}$\r
+ % \EndFor\r
+ %\EndIf\r
+ \State $\Call{UpdateCR}{DE_g}$\Comment{Handle cr}\r
+ %\State $DE_{g_{cr}} \gets \Call{GetColRes}{DE_g}$\Comment{Handle cr}\r
+ %\If{$DE_{g_{cr}} \neq \emptyset$}\r
+ % \ForAll{$de_{g_{cr}} \in DE_{g_{cr}}$}\r
+ % \State $cr_g \gets GetCR(de_{g_{cr}})$\r
+ % \State $\Call{CheckCollision}{MS,SM,cr_g}$\r
+ % \State $CR_{live} \gets \Call{AddCRLivEnt}{CR_{live},cr_g}$\r
+ % \EndFor\r
+ %\EndIf\r
\State $sl_{last} \gets \Call{StoreLastSlot}{MS,sl_{last},s_g,sv_g,id_g}$\r
\State $DT \gets \Call{UpdateDT}{DT,DE_g,LV,s_g}$\r
\EndFor\r
-\If{$m + |SL_g| \leq max_g$}\Comment{Check actual size against $max_g$}\r
- \State $m \gets m + |SL_g|$\r
-\Else\r
- \State \Call{Error}{'Actual $SL$ size on server exceeds $max_g$'}\r
-\EndIf\r
\State $\Call{CheckLastSeqN}{MS_g,MS,d}$\r
-\State $\Call{CheckSlotsRange}{|SL_g|}$\r
+\State $\Call{CheckNumSlots}{|SL_g|,sz}$\r
\State $\Call{UpdateSSLivEnt}{SS_{live},MS}$\r
\State $\Call{UpdateCRLivEnt}{CR_{live},MS}$\r
\State $\Call{UpdateSM}{SM,CR_{live}}$\r
\textit{$cs_g$ = counter of $ss \in SS$ for getting pairs (initially 0)} \\\r
\textit{$cc_p$ = counter of $cr \in CR$ for putting pairs (initially 0)} \\\r
\textit{$cc_g$ = counter of $cr \in CR$ for getting pairs (initially 0)} \\\r
-\textit{$hmac_{c_p}$ = the HMAC value of the current slot} \\\r
+\textit{$hmac_{c_p}$ = the HMAC value of the current slot in procedure \r
+$\Call{PutDataEntries}{}$} \\\r
\textit{$hmac_{p_p}$ = the HMAC value of the previous slot \r
-($hmac_{p_p} = \emptyset$ for the first slot)} \\\r
+($hmac_{p_p} = \emptyset$ for the first slot) in procedure \r
+$\Call{PutDataEntries}{}$} \\\r
\textit{$id_{self}$ = machine Id of this client} \\\r
\textit{$sl_{last}$ = info of last slot in queue = \r
$\tuple{s_{last},sv_{last},id_{last}}$ (initially $\emptyset$)} \\\r
+\textit{$sz$ = expected size of received slots from server} \\\r
\textit{$th_p$ = threshold number of dead slots for a resize to happen} \\\r
\textit{$m'_p$ = offset added to $max$ for resize} \\\r
\textit{$reinsert_{qs}$ = boolean to decide $qs$($max_g$) reinsertion} \\\r
$CreateQS(max'_s)=qs_s$ \\\r
$CreateCR(s_s,id_s)=\tuple{s_s,id_s} = cr_s$ \\\r
$Encrypt(Dat_s,SK_s)=sv_s$ \\\r
-$GetLastS(sl = \tuple{s,sv,id})=s$ \\\r
-$GetSV(sl = \tuple{s,sv,id})=sv$ \\\r
-$GetID(sl = \tuple{s,sv,id})=id$ \\\r
$GetColSeqN(SL_s,s_s)= \tuple{s, sv}$ \textit{such that} $\tuple{s, sv}\r
\in SL_s \wedge \forall \tuple{s_s, sv_s} \in SL_s, s = s_s$ \\\r
$GetKVPair(KV_s,k_s)= \tuple{ck,\tuple{k, v}}$ \textit{such that} \r
\r
\begin{algorithmic}[1]\r
\Function{Put}{$KV_s,\tuple{k_s,v_s}$} \Comment{Interface function to update a key-value pair}\r
-\State $\tuple{ck_s,\tuple{k_s,v_t}} \gets GetKVPair(KV,k_s)$\r
+\State $\tuple{ck_s,\tuple{k_s,v_t}} \gets GetKVPair(KV_s,k_s)$\r
\If{$\tuple{ck_s,\tuple{k_s,v_t}} = \emptyset$}\r
\State $KV_s \gets KV_s \cup \{\tuple{ck_p, \tuple{k_s,v_s}}\}$\r
\State $ck_p \gets ck_p + 1$\r
\ForAll{$de_s \in DE_s$}\r
\State $live \gets \Call{CheckLiveness}{s_s,de_s}$\r
\If{$live$}\r
- \If{$de_s = kv$}\r
+ \If{$type(de_s) = ``kv"$}\r
\State $\tuple{k_s,v_s} \gets GetKV(de_s)$\r
\State $KV \gets \Call{PutKVPair}{KV,\tuple{k_s,v_s}}$\r
- \ElsIf{$de_s = ss$}\r
+ \ElsIf{$type(de_s) = ``ss"$}\r
\State $\tuple{id_s,s_{s_{last}}} \gets GetSS(de_s)$\r
\State $SS \gets \Call{PutSSPair}{SS,\tuple{id_s,s_{s_{last}}}}$\r
- \ElsIf{$de_s = cr$}\r
+ \ElsIf{$type(de_s) = ``cr"$}\r
\State $\tuple{s_s,id_s} \gets GetCR(de_s)$\r
\State $CR \gets \Call{PutCRPair}{CR,\tuple{s_s,id_s}}$\r
- \ElsIf{$de_s = qs$}\r
+ \ElsIf{$type(de_s) = ``qs"$}\r
\State $reinsert_{qs} \gets true$\r
\EndIf\r
\EndIf\r
Then $\mathsf{t}$ is in the path of $\mathsf{u}$. \r
\end{lem}\r
\begin{proof}\r
-Assume otherwise. Then there are some pairs $\mathsf{(t,u)}$ that violate this lemma. \r
-Take a specific $\mathsf{(t,u)}$ such that $\mathsf{s_u}$ is minimized and \r
-$\mathsf{s_t}$ is maximized for this choice of $\mathsf{s_u}$.\r
+Assume that there are some pairs of messages $\mathsf{(t,u)}$ that violate this lemma. \r
+Take a specific $\mathsf{(t,u)}$ such that $\mathsf{s_u}$ is minimized, and \r
+$\mathsf{s_t}$ is maximized for this choice of $\mathsf{s_u}$. We will show that $\mathsf{C}$\r
+cannot receive both $\mathsf{t}$ and $\mathsf{u}$ without throwing an error.\r
\r
Clearly $\mathsf{C}$ will throw an error if $\mathsf{s_t = s_u}$. So \r
$\mathsf{s_t < s_u}$. Additionally, if $\mathsf{C}$ receives $\mathsf{u}$ before \r
projects / iotcloud.git / blobdiff