# HG changeset patch # User wenzelm # Date 1729113182 -7200 # Node ID cf2c039671789508f4e00fe01efba8f4e7ba40db # Parent 8e7bd056675995282f51427f52b820981cded778 tuned proofs; diff -r 8e7bd0566759 -r cf2c03967178 src/HOL/Probability/ex/Dining_Cryptographers.thy --- a/src/HOL/Probability/ex/Dining_Cryptographers.thy Wed Oct 16 22:07:04 2024 +0200 +++ b/src/HOL/Probability/ex/Dining_Cryptographers.thy Wed Oct 16 23:13:02 2024 +0200 @@ -124,32 +124,31 @@ hence "length ys = n" by (simp add: dc_crypto) have [simp]: "length xs = n" using xs_inv[symmetric] by (simp add: inversion_def) - { fix b - have "inj_on (\x. inversion (Some i, x)) {ys. ys ! 0 = b \ length ys = length xs}" - proof (rule inj_onI) - fix x y - assume "x \ {ys. ys ! 0 = b \ length ys = length xs}" - and "y \ {ys. ys ! 0 = b \ length ys = length xs}" - and inv: "inversion (Some i, x) = inversion (Some i, y)" - hence [simp]: "x ! 0 = y ! 0" "length y = n" "length x = n" - using \length xs = n\ by simp_all - have *: "\j. j < n \ - (x ! j = x ! (Suc j mod n)) = (y ! j = y ! (Suc j mod n))" - using inv unfolding inversion_def map_eq_conv payer_def coin_def - by fastforce - show "x = y" - proof (rule nth_equalityI, simp) - fix j assume "j < length x" hence "j < n" using \length xs = n\ by simp - thus "x ! j = y ! j" - proof (induct j) - case (Suc j) - hence "j < n" by simp - with Suc show ?case using *[OF \j < n\] - by (cases "y ! j") simp_all - qed simp - qed - qed } - note inj_inv = this + have inj_inv: "inj_on (\x. inversion (Some i, x)) {ys. ys ! 0 = b \ length ys = length xs}" + for b + proof (rule inj_onI) + fix x y + assume "x \ {ys. ys ! 0 = b \ length ys = length xs}" + and "y \ {ys. ys ! 0 = b \ length ys = length xs}" + and inv: "inversion (Some i, x) = inversion (Some i, y)" + hence [simp]: "x ! 0 = y ! 0" "length y = n" "length x = n" + using \length xs = n\ by simp_all + have *: "\j. j < n \ + (x ! j = x ! (Suc j mod n)) = (y ! j = y ! (Suc j mod n))" + using inv unfolding inversion_def map_eq_conv payer_def coin_def + by fastforce + show "x = y" + proof (rule nth_equalityI, simp) + fix j assume "j < length x" hence "j < n" using \length xs = n\ by simp + thus "x ! j = y ! j" + proof (induct j) + case (Suc j) + hence "j < n" by simp + with Suc show ?case using *[OF \j < n\] + by (cases "y ! j") simp_all + qed simp + qed + qed txt \ We now construct the possible inversions for \<^term>\xs\ when the payer is @@ -162,16 +161,20 @@ have "\l. l < max i j \ Suc l mod n = Suc l" using \i < n\ \j < n\ by auto - { fix l assume "l < n" - hence "(((l < min i j \ l = min i j) \ (min i j < l \ l < max i j)) \ l = max i j) \ max i j < l" by auto - hence "((i = l) = (zs ! l = zs ! (Suc l mod n))) = ((j = l) = (ys ! l = ys ! (Suc l mod n)))" - apply - proof ((erule disjE)+) - assume "l < min i j" + have "((i = l) = (zs ! l = zs ! (Suc l mod n))) = ((j = l) = (ys ! l = ys ! (Suc l mod n)))" + if "l < n" for l + proof - + from that consider "l < min i j" | "l = min i j" | "min i j < l" "l < max i j" + | "l = max i j" | "max i j < l" + by linarith + thus ?thesis + proof cases + case 1 hence "l \ i" and "l \ j" and "zs ! l = ys ! l" and "zs ! (Suc l mod n) = ys ! (Suc l mod n)" using \i < n\ \j < n\ unfolding zs_def by auto thus ?thesis by simp next - assume "l = min i j" + case 2 show ?thesis proof (cases rule: linorder_cases) assume "i < j" @@ -192,13 +195,13 @@ thus ?thesis by simp qed next - assume "min i j < l \ l < max i j" + case 3 hence "i \ l" and "j \ l" and "zs ! l = (\ ys ! l)" "zs ! (Suc l mod n) = (\ ys ! (Suc l mod n))" using \i < n\ \j < n\ by (auto simp: zs_def) thus ?thesis by simp next - assume "l = max i j" + case 4 show ?thesis proof (cases rule: linorder_cases) assume "i < j" @@ -223,14 +226,15 @@ thus ?thesis by simp qed next - assume "max i j < l" + case 5 hence "j \ l" and "i \ l" by simp_all have "zs ! (Suc l mod n) = ys ! (Suc l mod n)" using \l < n\ \max i j < l\ by (cases "Suc l = n") (auto simp add: zs_def) moreover have "zs ! l = ys ! l" using \l < n\ \max i j < l\ by (auto simp add: zs_def) ultimately show ?thesis using \j \ l\ \i \ l\ by auto - qed } + qed + qed hence zs: "inversion (Some i, zs) = xs" by (simp add: xs_inv[symmetric] inversion_def coin_def payer_def) moreover @@ -297,15 +301,12 @@ have card_double: "2 * card ?sets = card (\?sets)" proof (rule card_partition) show "finite ?sets" by simp - { fix i assume "i < n" - have "?set i \ dc_crypto" by auto - have "finite (?set i)" using finite_dc_crypto by auto } + have "finite (?set i)" for i + using finite_dc_crypto by auto thus "finite (\?sets)" by auto - next fix c assume "c \ ?sets" thus "card c = 2" using card_payer_and_inversion[OF assms] by auto - next fix x y assume "x \ ?sets" and "y \ ?sets" "x \ y" then obtain i j where xy: "x = ?set i" "y = ?set j" by auto @@ -315,17 +316,20 @@ have sets: "?sets = ?set ` {..< n}" unfolding image_def by auto - { fix i j :: nat assume asm: "i \ j" "i < n" "j < n" - { assume iasm: "?set i = {}" + have "?set i \ ?set j" if asm: "i \ j" "i < n" "j < n" for i j + proof - + have False if iasm: "?set i = {}" + proof - have "card (?set i) = 2" using card_payer_and_inversion[OF assms \i < n\] by auto - hence "False" - using iasm by auto } + thus ?thesis using iasm by auto + qed then obtain c where ci: "c \ ?set i" by blast hence cj: "c \ ?set j" using asm by auto - { assume "?set i = ?set j" - hence "False" using ci cj by auto } - hence "?set i \ ?set j" by auto } + have False if "?set i = ?set j" + using that ci cj by auto + thus ?thesis by auto + qed hence "inj_on ?set {..< n}" unfolding inj_on_def by auto from card_image[OF this] have "card (?set ` {..< n}) = n" by auto @@ -345,16 +349,13 @@ let ?P = "{inversion -` {x} \ dc_crypto |x. x \ inversion ` dc_crypto}" have "\?P = dc_crypto" by auto - { fix a b assume *: "(a, b) \ dc_crypto" - have inv_SOME: "inversion (SOME x. inversion x = inversion (a, b) \ x \ dc_crypto) = inversion (a, b)" - apply (rule someI2) - by (auto simp: *) } - note inv_SOME = this + have inv_SOME: "inversion (SOME x. inversion x = inversion (a, b) \ x \ dc_crypto) = inversion (a, b)" + if "(a, b) \ dc_crypto" for a b + by (rule someI2) (auto simp: that) - { fix a b assume *: "(a, b) \ dc_crypto" - have "(SOME x. inversion x = inversion (a, b) \ x \ dc_crypto) \ dc_crypto" - by (rule someI2) (auto simp: *) } - note SOME_inv_dc = this + have SOME_inv_dc: "(SOME x. inversion x = inversion (a, b) \ x \ dc_crypto) \ dc_crypto" + if "(a, b) \ dc_crypto" for a b + by (rule someI2) (auto simp: that) have "bij_betw (\s. inversion (SOME x. x \ s \ x \ dc_crypto)) {inversion -` {x} \ dc_crypto |x. x \ inversion ` dc_crypto} @@ -373,13 +374,11 @@ have "?P = (\x. inversion -` {x} \ dc_crypto) ` (inversion ` dc_crypto)" by auto thus "finite ?P" using finite_dc_crypto by auto - next fix c assume "c \ {inversion -` {x} \ dc_crypto |x. x \ inversion ` dc_crypto}" then obtain x where "c = inversion -` {x} \ dc_crypto" and x: "x \ inversion ` dc_crypto" by auto hence "c = {dc \ dc_crypto. inversion dc = x}" by auto thus "card c = 2 * n" using card_inversion[OF x] by simp - next fix x y assume "x \ ?P" "y \ ?P" and "x \ y" then obtain i j where diff -r 8e7bd0566759 -r cf2c03967178 src/HOL/Probability/ex/Koepf_Duermuth_Countermeasure.thy --- a/src/HOL/Probability/ex/Koepf_Duermuth_Countermeasure.thy Wed Oct 16 22:07:04 2024 +0200 +++ b/src/HOL/Probability/ex/Koepf_Duermuth_Countermeasure.thy Wed Oct 16 23:13:02 2024 +0200 @@ -69,12 +69,12 @@ with \f \ g\ eq show False unfolding fun_upd_eq_iff[of _ _ b _ _ d] by (auto simp: fun_upd_idem fun_upd_eq_iff) next - { fix f assume "f \ extensionalD d A \ (A \ B)" - have "card (fun_upd f a ` B) = card B" - proof (auto intro!: card_image inj_onI) - fix b b' assume "f(a := b) = f(a := b')" - from fun_upd_eq_iff[THEN iffD1, OF this] show "b = b'" by simp - qed } + have "card (fun_upd f a ` B) = card B" + if "f \ extensionalD d A \ (A \ B)" for f + proof (auto intro!: card_image inj_onI) + fix b b' assume "f(a := b) = f(a := b')" + from fun_upd_eq_iff[THEN iffD1, OF this] show "b = b'" by simp + qed then show "(\i\extensionalD d A \ (A \ B). card (fun_upd i a ` B)) = card B * card B ^ card A" using insert by simp qed @@ -170,9 +170,9 @@ qed then show "sum P msgs = 1" unfolding msgs_def P_def by simp - fix x - have "\ A f. 0 \ (\x\A. M (f x))" by (auto simp: prod_nonneg) - then show "0 \ P x" + have "0 \ (\x\A. M (f x))" for A f + by (auto simp: prod_nonneg) + then show "0 \ P x" for x unfolding P_def by (auto split: prod.split simp: zero_le_mult_iff) qed auto @@ -333,40 +333,45 @@ proof - txt \Lemma 2\ - { fix k obs obs' - assume "k \ keys" "K k \ 0" and obs': "obs' \ OB ` msgs" and obs: "obs \ OB ` msgs" - assume "t obs = t obs'" - from t_eq_imp_bij_func[OF this] + have t_eq_imp: "(\

(OB ; fst) {(obs, k)}) = (\

(OB ; fst) {(obs', k)})" + if "k \ keys" "K k \ 0" and obs': "obs' \ OB ` msgs" and obs: "obs \ OB ` msgs" + and eq: "t obs = t obs'" + for k obs obs' + proof - + from t_eq_imp_bij_func[OF eq] obtain t_f where "bij_betw t_f {..i. i obs!i = obs' ! t_f i" using obs obs' unfolding OB_def msgs_def by auto then have t_f: "inj_on t_f {.. OB`msgs" - then have **: "\ms. length ms = n \ OB (k, ms) = obs \ (\i(OB ; fst) {(obs, k)}) / K k = + (\im\{m\messages. observe k m = obs ! i}. M m)" + if "obs \ OB`msgs" for obs + proof - + from that have **: "length ms = n \ OB (k, ms) = obs \ (\i(OB ; fst) {(obs, k)}) / K k = p ({k}\{ms. (k,ms) \ msgs \ OB (k,ms) = obs}) / K k" - apply (simp add: \'_eq) by (auto intro!: arg_cong[where f=p]) - also have "\ = - (\im\{m\messages. observe k m = obs ! i}. M m)" + by (simp add: \'_eq) (auto intro!: arg_cong[where f=p]) + also have "\ = (\im\{m\messages. observe k m = obs ! i}. M m)" unfolding P_def using \K k \ 0\ \k \ keys\ apply (simp add: sum.cartesian_product' sum_divide_distrib msgs_def ** cong: conj_cong) apply (subst prod_sum_distrib_lists[OF M.finite_space]) .. - finally have "(\

(OB ; fst) {(obs, k)}) / K k = - (\im\{m\messages. observe k m = obs ! i}. M m)" . } - note * = this + finally show ?thesis . + qed have "(\

(OB ; fst) {(obs, k)}) / K k = (\

(OB ; fst) {(obs', k)}) / K k" unfolding *[OF obs] *[OF obs'] using t_f(1) obs_t_f by (subst (2) t_f(2)) (simp add: prod.reindex) - then have "(\

(OB ; fst) {(obs, k)}) = (\

(OB ; fst) {(obs', k)})" - using \K k \ 0\ by auto } - note t_eq_imp = this + then show ?thesis using \K k \ 0\ by auto + qed let ?S = "\obs. t -`{t obs} \ OB`msgs" - { fix k obs assume "k \ keys" "K k \ 0" and obs: "obs \ OB`msgs" + have P_t_eq_P_OB: "\

(t\OB ; fst) {(t obs, k)} = real (card (?S obs)) * \

(OB ; fst) {(obs, k)}" + if "k \ keys" "K k \ 0" and obs: "obs \ OB`msgs" + for k obs + proof - have *: "((\x. (t (OB x), fst x)) -` {(t obs, k)} \ msgs) = (\obs'\?S obs. ((\x. (OB x, fst x)) -` {(obs', k)} \ msgs))" by auto have df: "disjoint_family_on (\obs'. (\x. (OB x, fst x)) -` {(obs', k)} \ msgs) (?S obs)" @@ -377,17 +382,18 @@ by (auto simp add: * intro!: sum_nonneg) also have "(\obs'\?S obs. \

(OB ; fst) {(obs', k)}) = real (card (?S obs)) * \

(OB ; fst) {(obs, k)}" by (simp add: t_eq_imp[OF \k \ keys\ \K k \ 0\ obs]) - finally have "\

(t\OB ; fst) {(t obs, k)} = real (card (?S obs)) * \

(OB ; fst) {(obs, k)}" .} - note P_t_eq_P_OB = this + finally show ?thesis . + qed - { fix k obs assume "k \ keys" and obs: "obs \ OB`msgs" - have "\

(t\OB | fst) {(t obs, k)} = - real (card (t -` {t obs} \ OB ` msgs)) * \

(OB | fst) {(obs, k)}" - using \

_k[OF \k \ keys\] P_t_eq_P_OB[OF \k \ keys\ _ obs] by auto } - note CP_t_K = this + have CP_t_K: "\

(t\OB | fst) {(t obs, k)} = + real (card (t -` {t obs} \ OB ` msgs)) * \

(OB | fst) {(obs, k)}" + if k: "k \ keys" and obs: "obs \ OB`msgs" for k obs + using \

_k[OF k] P_t_eq_P_OB[OF k _ obs] by auto - { fix k obs assume "k \ keys" and obs: "obs \ OB`msgs" - then have "t -`{t obs} \ OB`msgs \ {}" (is "?S \ {}") by auto + have CP_T_eq_CP_O: "\

(fst | t\OB) {(k, t obs)} = \

(fst | OB) {(k, obs)}" + if "k \ keys" and obs: "obs \ OB`msgs" for k obs + proof - + from that have "t -`{t obs} \ OB`msgs \ {}" (is "?S \ {}") by auto then have "real (card ?S) \ 0" by auto have "\

(fst | t\OB) {(k, t obs)} = \

(t\OB | fst) {(t obs, k)} * \

(fst) {k} / \

(t\OB) {t obs}" @@ -411,31 +417,33 @@ by (auto intro!: sum.cong simp: prob_conj_imp1 vimage_def) also have "\

(OB | fst) {(obs, k)} * \

(fst) {k} / \

(OB) {obs} = \

(fst | OB) {(k, obs)}" by (auto simp: vimage_def conj_commute prob_conj_imp2) - finally have "\

(fst | t\OB) {(k, t obs)} = \

(fst | OB) {(k, obs)}" . } - note CP_T_eq_CP_O = this + finally show ?thesis . + qed let ?H = "\obs. (\k\keys. \

(fst|OB) {(k, obs)} * log b (\

(fst|OB) {(k, obs)})) :: real" let ?Ht = "\obs. (\k\keys. \

(fst|t\OB) {(k, obs)} * log b (\

(fst|t\OB) {(k, obs)})) :: real" - { fix obs assume obs: "obs \ OB`msgs" + have *: "?H obs = ?Ht (t obs)" if obs: "obs \ OB`msgs" for obs + proof - have "?H obs = (\k\keys. \

(fst|t\OB) {(k, t obs)} * log b (\

(fst|t\OB) {(k, t obs)}))" using CP_T_eq_CP_O[OF _ obs] by simp - then have "?H obs = ?Ht (t obs)" . } - note * = this + then show ?thesis . + qed have **: "\x f A. (\y\t-`{x}\A. f y (t y)) = (\y\t-`{x}\A. f y x)" by auto - { fix x + have P_t_sum_P_O: "\

(t\OB) {t (OB x)} = (\obs\?S (OB x). \

(OB) {obs})" for x + proof - have *: "(\x. t (OB x)) -` {t (OB x)} \ msgs = (\obs\?S (OB x). OB -` {obs} \ msgs)" by auto have df: "disjoint_family_on (\obs. OB -` {obs} \ msgs) (?S (OB x))" unfolding disjoint_family_on_def by auto - have "\

(t\OB) {t (OB x)} = (\obs\?S (OB x). \

(OB) {obs})" + show ?thesis unfolding comp_def using finite_measure_finite_Union[OF _ _ df] - by (force simp add: * intro!: sum_nonneg) } - note P_t_sum_P_O = this + by (force simp add: * intro!: sum_nonneg) + qed txt \Lemma 3\ have "\(fst | OB) = -(\obs\OB`msgs. \

(OB) {obs} * ?Ht (t obs))" diff -r 8e7bd0566759 -r cf2c03967178 src/HOL/Probability/ex/Measure_Not_CCC.thy --- a/src/HOL/Probability/ex/Measure_Not_CCC.thy Wed Oct 16 22:07:04 2024 +0200 +++ b/src/HOL/Probability/ex/Measure_Not_CCC.thy Wed Oct 16 23:13:02 2024 +0200 @@ -44,28 +44,30 @@ proof induction case (Union F) moreover - { fix i assume "countable (UNIV - F i)" - then have "countable (UNIV - (\i. F i))" - by (rule countable_subset[rotated]) auto } + have "countable (UNIV - (\i. F i))" if "countable (UNIV - F i)" for i + using that by (rule countable_subset[rotated]) auto ultimately show "countable (\i. F i) \ countable (UNIV - (\i. F i))" by blast qed (auto simp: Diff_Diff_Int) next assume "countable A \ countable (UNIV - A)" moreover - { fix A :: "real set" assume A: "countable A" + have A: "A \ COCOUNT" if "countable A" for A :: "real set" + proof - have "A = (\a\A. {a})" by auto also have "\ \ COCOUNT" - by (intro sets.countable_UN' A) (auto simp: COCOUNT_def) - finally have "A \ COCOUNT" . } - note A = this + by (intro sets.countable_UN' that) (auto simp: COCOUNT_def) + finally show ?thesis . + qed note A[of A] moreover - { assume "countable (UNIV - A)" - with A have "space COCOUNT - (UNIV - A) \ COCOUNT" by simp - then have "A \ COCOUNT" - by (auto simp: COCOUNT_def Diff_Diff_Int) } + have "A \ COCOUNT" if "countable (UNIV - A)" + proof - + from A that have "space COCOUNT - (UNIV - A) \ COCOUNT" by simp + then show ?thesis + by (auto simp: COCOUNT_def Diff_Diff_Int) + qed ultimately show "A \ COCOUNT" by blast qed @@ -121,12 +123,14 @@ lemma space_EXP: "space EXP = measurable COCOUNT BOOL" proof - - { fix f + have "f \ space EXP \ f \ measurable COCOUNT BOOL" for f + proof - have "f \ space EXP \ (\(a, b). f b) \ measurable (POW \\<^sub>M COCOUNT) BOOL" using eq[of "\x. f"] by (simp add: measurable_const_iff) also have "\ \ f \ measurable COCOUNT BOOL" by auto - finally have "f \ space EXP \ f \ measurable COCOUNT BOOL" . } + finally show ?thesis . + qed then show ?thesis by auto qed