From: rtrimana Date: Tue, 16 Aug 2016 22:37:32 +0000 (-0700) Subject: Cleaning up proof part X-Git-Url: http://plrg.eecs.uci.edu/git/?p=iotcloud.git;a=commitdiff_plain;h=b3268a5e142973ff90796c2afab456b5a22fce4c Cleaning up proof part --- diff --git a/doc/iotcloud.tex b/doc/iotcloud.tex index 52ec3f0..a0e8abe 100644 --- a/doc/iotcloud.tex +++ b/doc/iotcloud.tex @@ -929,12 +929,12 @@ received the same message $\mathsf{t}$ with sequence number $\mathsf{s_t > s_n}$ \begin{prop} Every client $\mathsf{J}$ who sends a message $\mathsf{t}$ -has $\mathsf{\mathscr{P}_t}$ as its latest stored message, and -$\mathsf{s_t = s_{\mathscr{P}_t} + 1}$. +has parent $\mathsf{p_t}$ as its latest stored message, and +$\mathsf{s_t = s_{p_t} + 1}$. \end{prop} \begin{proof} True by definition, because $J$ sets -$\mathsf{hmac_p(t) = hmac_c(\mathscr{P}_t)}$ and -$\mathsf{s_t = }$ $\mathsf{s_{\mathscr{P}_t + 1}}$ when a message +$\mathsf{hmac_p(t) = hmac_c(p_t)}$ and +$\mathsf{s_t = }$ $\mathsf{s_{p_t + 1}}$ when a message is sent. \end{proof} @@ -969,10 +969,12 @@ call them $\mathsf{t}$ and $\mathsf{u}$ such that $\mathsf{s_t \le s_u}$. Then $\mathsf{t}$ is in the path of $\mathsf{u}$. \end{lem} \begin{proof} -Clearly $\mathsf{C}$ will throw an error if $\mathsf{s_t = s_u}$. So -$\mathsf{s_t < s_u}$. Additionally, if $\mathsf{C}$ receives $\mathsf{u}$ before -$\mathsf{t}$, this will cause it to throw an error, so $\mathsf{t}$ is received -before $\mathsf{u}$. +By contradiction, we will prove that if $\mathsf{t}$ is not in the path of +$\mathsf{u}$, then it is impossible for client $\mathsf{C}$ to receive both +messages without throwing any errors. Clearly $\mathsf{C}$ will throw an error +if $\mathsf{s_t = s_u}$. So $\mathsf{s_t < s_u}$. Additionally, if $\mathsf{C}$ +receives $\mathsf{u}$ before $\mathsf{t}$, this will cause it to throw an +error, so $\mathsf{t}$ is received before $\mathsf{u}$. Assume that $\mathsf{t}$ is not in the path of $\mathsf{u}$. Take $\mathsf{u}$ to be the packet of smallest sequence number for which this occurs, and @@ -993,22 +995,28 @@ $\mathsf{{id_{self}}_J = GetMacID(r_1)}$, and $\mathsf{K}$ be the client who sent $\mathsf{l_1}$. Because no client can send two messages with the same sequence number, and $\mathsf{s_{r_1} = s_{l_1} = s_q + 1}$, $\mathsf{J \neq K}$. -We also know the following three facts: +We also know the following facts: \begin{prop} No client sends both a message in -$\mathsf{(r_2,...,t)}$ and a message in $\mathsf{(l_2,...,u)}$. \end{prop} +$\mathsf{(r_2,...,t)}$ and a message in $\mathsf{(l_2,...,u)}$. +\end{prop} \begin{proof} To send a message $\mathsf{p}$ that is the parent of some other message, one must have received the parent of $\mathsf{p}$. Since $\mathsf{u}$ is the message with smallest sequence number received by any client that violates Lemma 1, no client receives both a message in $\mathsf{r}$ -and a message in $\mathsf{l}$. \end{proof} +and a message in $\mathsf{l}$. +\end{proof} -\begin{prop} $\mathsf{C}$ does not receive any message with -sequence number strictly between $\mathsf{s_t}$ and $\mathsf{s_u}$. \end{prop} +\begin{prop} $\mathsf{C}$ does not receive any message with a +sequence number strictly between $\mathsf{s_t}$ and $\mathsf{s_u}$. +\end{prop} -\begin{proof} If there were such a message with sequence number smaller than $\mathsf{s_u}$, it would contradict the assumption that $\mathsf{u}$ is the message with least sequence number that violates Lemma 1. \end{proof} +\begin{proof} If there were such a message with sequence number smaller than +$\mathsf{s_u}$, it would contradict the assumption that $\mathsf{u}$ is the +message with the least sequence number that violates Lemma 1. +\end{proof} There are two cases: \begin{itemize}