You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is a good reason for our many types of assertions and how they're modeled in Z3. But I feel like we don't yet have a real good story why these are the right thing. I think we must find a simpler higher mental model from which we can derive them, which would allow us to put a single @A require statement that will do the right thing both in the private program and the consensual program.
For instance, I believe that some variant of @A require pred(x, y) would generate code for A that checks properties, code for the consensus that checks the properties when x and y are both revealed, verify that x and y are indeed revealed before any live termination of the protocol (as opposed to A or B timing out), and a safety proof that A can indeed come up with values x and y that satisfy the predicate.
The text was updated successfully, but these errors were encountered:
There is a good reason for our many types of assertions and how they're modeled in Z3. But I feel like we don't yet have a real good story why these are the right thing. I think we must find a simpler higher mental model from which we can derive them, which would allow us to put a single
@A requirestatement that will do the right thing both in the private program and the consensual program.For instance, I believe that some variant of
@A require pred(x, y)would generate code for A that checks properties, code for the consensus that checks the properties whenxandyare both revealed, verify thatxandyare indeed revealed before any live termination of the protocol (as opposed toAorBtiming out), and a safety proof thatAcan indeed come up with valuesxandythat satisfy the predicate.The text was updated successfully, but these errors were encountered: