# HG changeset patch # User hoelzl # Date 1322750518 -3600 # Node ID efd2b952f42588a4fe5bd0cd9682beeb318d413b # Parent ad4242285560d05b50b3f0e73cbcdcdee9c33857 use list theorems in Dining Cryptographers and Koepf Duermuth Countermeasure diff -r ad4242285560 -r efd2b952f425 src/HOL/Probability/ex/Dining_Cryptographers.thy --- a/src/HOL/Probability/ex/Dining_Cryptographers.thy Thu Dec 01 15:41:58 2011 +0100 +++ b/src/HOL/Probability/ex/Dining_Cryptographers.thy Thu Dec 01 15:41:58 2011 +0100 @@ -2,6 +2,12 @@ imports "~~/src/HOL/Probability/Information" begin +lemma image_ex1_eq: "inj_on f A \ (b \ f ` A) \ (\!x \ A. b = f x)" + by (unfold inj_on_def) blast + +lemma Ex1_eq: "\! x. P x \ P x \ P y \ x = y" + by auto + locale finite_space = fixes S :: "'a set" assumes finite[simp]: "finite S" @@ -28,45 +34,6 @@ lemma (in finite_space) \'_eq[simp]: "\' A = (if A \ S then card A / card S else 0)" unfolding \'_def by (auto simp: M_def) -lemma set_of_list_extend: - "{xs. length xs = Suc n \ (\x\set xs. x \ A)} = - (\(xs, n). n#xs) ` ({xs. length xs = n \ (\x\set xs. x \ A)} \ A)" - (is "?lists (Suc n) = _") -proof - show "(\(xs, n). n#xs) ` (?lists n \ A) \ ?lists (Suc n)" by auto - show "?lists (Suc n) \ (\(xs, n). n#xs) ` (?lists n \ A)" - proof - fix x assume "x \ ?lists (Suc n)" - moreover - hence "x \ []" by auto - then obtain t h where "x = h # t" by (cases x) auto - ultimately show "x \ (\(xs, n). n#xs) ` (?lists n \ A)" - by (auto intro!: image_eqI[where x="(t, h)"]) - qed -qed - -lemma card_finite_list_length: - assumes "finite A" - shows "(card {xs. length xs = n \ (\x\set xs. x \ A)} = (card A)^n) \ - finite {xs. length xs = n \ (\x\set xs. x \ A)}" - (is "card (?lists n) = _ \ _") -proof (induct n) - case 0 have "{xs. length xs = 0 \ (\x\set xs. x \ A)} = {[]}" by auto - thus ?case by simp -next - case (Suc n) - moreover note set_of_list_extend[of n A] - moreover have "inj_on (\(xs, n). n#xs) (?lists n \ A)" - by (auto intro!: inj_onI) - ultimately show ?case using assms by (auto simp: card_image) -qed - -lemma - assumes "finite A" - shows finite_lists: "finite {xs. length xs = n \ (\x\set xs. x \ A)}" - and card_list_length: "card {xs. length xs = n \ (\x\set xs. x \ A)} = (card A)^n" - using card_finite_list_length[OF assms, of n] by auto - section "Define the state space" text {* @@ -171,12 +138,6 @@ unfolding payer_def_raw dc_crypto fst_image_times if_not_P[OF *] .. qed -lemma image_ex1_eq: "inj_on f A \ (b \ f ` A) \ (\!x \ A. b = f x)" - by (unfold inj_on_def) blast - -lemma Ex1_eq: "\! x. P x \ P x \ P y \ x = y" - by auto - lemma card_payer_and_inversion: assumes "xs \ inversion ` dc_crypto" and "i < n" shows "card {dc \ dc_crypto. payer dc = Some i \ inversion dc = xs} = 2" @@ -341,7 +302,7 @@ qed lemma finite_dc_crypto: "finite dc_crypto" - using finite_lists[where A="UNIV :: bool set"] + using finite_lists_length_eq[where A="UNIV :: bool set"] unfolding dc_crypto by simp lemma card_inversion: @@ -401,7 +362,7 @@ lemma card_dc_crypto: "card dc_crypto = n * 2^n" unfolding dc_crypto - using card_list_length[of "UNIV :: bool set"] + using card_lists_length_eq[of "UNIV :: bool set"] by (simp add: card_cartesian_product card_image) lemma card_image_inversion: @@ -512,7 +473,7 @@ from z have "payer -` {z} \ dc_crypto = {z} \ {xs. length xs = n}" by (auto simp: dc_crypto payer_def) hence "card (payer -` {z} \ dc_crypto) = 2^n" - using card_list_length[where A="UNIV::bool set"] + using card_lists_length_eq[where A="UNIV::bool set"] by (simp add: card_cartesian_product_singleton) hence "?dP {z} = 1 / real n" by (simp add: distribution_def card_dc_crypto) diff -r ad4242285560 -r efd2b952f425 src/HOL/Probability/ex/Koepf_Duermuth_Countermeasure.thy --- a/src/HOL/Probability/ex/Koepf_Duermuth_Countermeasure.thy Thu Dec 01 15:41:58 2011 +0100 +++ b/src/HOL/Probability/ex/Koepf_Duermuth_Countermeasure.thy Thu Dec 01 15:41:58 2011 +0100 @@ -6,87 +6,11 @@ imports "~~/src/HOL/Probability/Information" "~~/src/HOL/Library/Permutation" begin -lemma - fixes p u :: "'a \ real" - assumes "1 < b" - assumes sum: "(\i\S. p i) = (\i\S. u i)" - and pos: "\i. i \ S \ 0 \ p i" "\i. i \ S \ 0 \ u i" - and cont: "\i. i \ S \ 0 < p i \ 0 < u i" - shows "(\i\S. p i * log b (u i)) \ (\i\S. p i * log b (p i))" -proof - - have "(\i\S. p i * ln (u i) - p i * ln (p i)) \ (\i\S. u i - p i)" - proof (intro setsum_mono) - fix i assume [intro, simp]: "i \ S" - show "p i * ln (u i) - p i * ln (p i) \ u i - p i" - proof cases - assume "p i = 0" with pos[of i] show ?thesis by simp - next - assume "p i \ 0" - then have "0 < p i" "0 < u i" using pos[of i] cont[of i] by auto - then have *: "0 < u i / p i" by (blast intro: divide_pos_pos cont) - from `0 < p i` `0 < u i` - have "p i * ln (u i) - p i * ln (p i) = p i * ln (u i / p i)" - by (simp add: ln_div field_simps) - also have "\ \ p i * (u i / p i - 1)" - using exp_ge_add_one_self[of "ln (u i / p i)"] pos[of i] exp_ln[OF *] - by (auto intro!: mult_left_mono) - also have "\ = u i - p i" - using `p i \ 0` by (simp add: field_simps) - finally show ?thesis by simp - qed - qed - also have "\ = 0" using sum by (simp add: setsum_subtractf) - finally show ?thesis using `1 < b` unfolding log_def setsum_subtractf - by (auto intro!: divide_right_mono - simp: times_divide_eq_right setsum_divide_distrib[symmetric]) -qed - -definition (in prob_space) - "ordered_variable_partition X = (SOME f. bij_betw f {0.. - (\ij j \ distribution X {f i} \ distribution X {f j}))" +lemma SIGMA_image_vimage: + "snd ` (SIGMA x:f`X. f -` {x} \ X) = X" + by (auto simp: image_iff) -lemma ex_ordered_bij_betw_nat_finite: - fixes order :: "nat \ 'a\linorder" - assumes "finite S" - shows "\f. bij_betw f {0.. (\ij j \ order (f i) \ order (f j))" -proof - - from ex_bij_betw_nat_finite [OF `finite S`] guess f .. note f = this - let ?xs = "sort_key order (map f [0 ..< card S])" - - have "?xs <~~> map f [0 ..< card S]" - unfolding multiset_of_eq_perm[symmetric] by (rule multiset_of_sort) - from permutation_Ex_bij [OF this] - obtain g where g: "bij_betw g {0..i. i ?xs ! i = map f [0 ..< card S] ! g i" - by (auto simp: atLeast0LessThan) - - { fix i assume "i < card S" - then have "g i < card S" using g by (auto simp: bij_betw_def) - with map [OF `i < card S`] have "f (g i) = ?xs ! i" by simp } - note this[simp] - - show ?thesis - proof (intro exI allI conjI impI) - show "bij_betw (f\g) {0.. j" - from sorted_nth_mono[of "map order ?xs" i j] - show "order ((f\g) i) \ order ((f\g) j)" by simp - qed -qed - -definition (in prob_space) - "order_distribution X i = real (distribution X {ordered_variable_partition X i})" - -definition (in prob_space) - "guessing_entropy b X = (\i'(_')") where - "\(X) \ guessing_entropy b X" - -lemma zero_notin_Suc_image[simp]: "0 \ Suc ` A" - by auto +declare inj_split_Cons[simp] definition extensionalD :: "'b \ 'a set \ ('a \ 'b) set" where "extensionalD d A = {f. \x. x \ A \ f x = d}" @@ -156,32 +80,73 @@ qed qed simp -lemma set_of_list_extend: - "{xs. length xs = Suc n \ (\x\set xs. x \ A)} = - (\(xs, n). n#xs) ` ({xs. length xs = n \ (\x\set xs. x \ A)} \ A)" - by (auto simp: length_Suc_conv) +lemma zero_notin_Suc_image[simp]: "0 \ Suc ` A" + by auto -lemma - assumes "finite A" - shows finite_lists: - "finite {xs. length xs = n \ (\x\set xs. x \ A)}" (is "finite (?lists n)") - and card_list_length: - "card {xs. length xs = n \ (\x\set xs. x \ A)} = (card A)^n" +lemma setprod_setsum_distrib_lists: + fixes P and S :: "'a set" and f :: "'a \ _::semiring_0" assumes "finite S" + shows "(\ms\{ms. set ms \ S \ length ms = n \ (\ixim\{m\S. P i m}. f m)" +proof (induct n arbitrary: P) + case 0 then show ?case by (simp cong: conj_cong) +next + case (Suc n) + have *: "{ms. set ms \ S \ length ms = Suc n \ (\i(xs, x). x#xs) ` ({ms. set ms \ S \ length ms = n \ (\i {m\S. P 0 m})" + apply (auto simp: image_iff length_Suc_conv) + apply force+ + apply (case_tac i) + by force+ + show ?case unfolding * + using Suc[of "\i. P (Suc i)"] + by (simp add: setsum_reindex split_conv setsum_cartesian_product' + lessThan_Suc_eq_insert_0 setprod_reindex setsum_left_distrib[symmetric] setsum_right_distrib[symmetric]) +qed + +lemma ex_ordered_bij_betw_nat_finite: + fixes order :: "nat \ 'a\linorder" + assumes "finite S" + shows "\f. bij_betw f {0.. (\ij j \ order (f i) \ order (f j))" proof - - from `finite A` - have "(card {xs. length xs = n \ (\x\set xs. x \ A)} = (card A)^n) \ - finite {xs. length xs = n \ (\x\set xs. x \ A)}" - proof (induct n) - case (Suc n) - moreover note set_of_list_extend[of n A] - moreover have "inj_on (\(xs, n). n#xs) (?lists n \ A)" - by (auto intro!: inj_onI) - ultimately show ?case using assms by (auto simp: card_image) - qed (simp cong: conj_cong) - then show "finite (?lists n)" "card (?lists n) = card A ^ n" - by auto + from ex_bij_betw_nat_finite [OF `finite S`] guess f .. note f = this + let ?xs = "sort_key order (map f [0 ..< card S])" + + have "?xs <~~> map f [0 ..< card S]" + unfolding multiset_of_eq_perm[symmetric] by (rule multiset_of_sort) + from permutation_Ex_bij [OF this] + obtain g where g: "bij_betw g {0..i. i ?xs ! i = map f [0 ..< card S] ! g i" + by (auto simp: atLeast0LessThan) + + { fix i assume "i < card S" + then have "g i < card S" using g by (auto simp: bij_betw_def) + with map [OF `i < card S`] have "f (g i) = ?xs ! i" by simp } + note this[simp] + + show ?thesis + proof (intro exI allI conjI impI) + show "bij_betw (f\g) {0.. j" + from sorted_nth_mono[of "map order ?xs" i j] + show "order ((f\g) i) \ order ((f\g) j)" by simp + qed qed +definition (in prob_space) + "ordered_variable_partition X = (SOME f. bij_betw f {0.. + (\ij j \ distribution X {f i} \ distribution X {f j}))" + +definition (in prob_space) + "order_distribution X i = real (distribution X {ordered_variable_partition X i})" + +definition (in prob_space) + "guessing_entropy b X = (\i'(_')") where + "\(X) \ guessing_entropy b X" + locale finite_information = fixes \ :: "'a set" and p :: "'a \ real" @@ -215,7 +180,7 @@ begin definition msgs :: "('key \ 'message list) set" where - "msgs = keys \ {ms. length ms = n \ (\M\set ms. M \ messages)}" + "msgs = keys \ {ms. set ms \ messages \ length ms = n}" definition P :: "('key \ 'message list) \ real" where "P = (\(k, ms). K k * (\i finite_information msgs P b proof default show "finite msgs" unfolding msgs_def - using finite_lists[OF M.finite_space, of n] + using finite_lists_length_eq[OF M.finite_space, of n] by auto have [simp]: "\A. inj_on (\(xs, n). n # xs) A" by (force intro!: inj_onI) @@ -234,13 +199,13 @@ note setsum_left_distrib[symmetric, simp] note setsum_cartesian_product'[simp] - have "(\ms | length ms = n \ (\M\set ms. M \ messages). \xms | set ms \ messages \ length ms = n. \x X) = X" - by (auto simp: image_iff) - -lemma inj_Cons[simp]: "\X. inj_on (\(xs, x). x#xs) X" by (auto intro!: inj_onI) - -lemma setprod_setsum_distrib_lists: - fixes P and S :: "'a set" and f :: "'a \ _::semiring_0" assumes "finite S" - shows "(\ms\{ms. length ms = n \ set ms \ S \ (\ixim\{m\S. P i m}. f m)" -proof (induct n arbitrary: P) - case 0 then show ?case by (simp cong: conj_cong) -next - case (Suc n) - have *: "{ms. length ms = Suc n \ set ms \ S \ (\i(xs, x). x#xs) ` ({ms. length ms = n \ set ms \ S \ (\i {m\S. P 0 m})" - apply (auto simp: image_iff length_Suc_conv) - apply force+ - apply (case_tac i) - by force+ - show ?case unfolding * - using Suc[of "\i. P (Suc i)"] - by (simp add: setsum_reindex split_conv setsum_cartesian_product' - lessThan_Suc_eq_insert_0 setprod_reindex setsum_left_distrib[symmetric] setsum_right_distrib[symmetric]) -qed - context koepf_duermuth begin @@ -296,7 +235,7 @@ proof - have "(t\OB)`msgs \ extensionalD 0 observations \ (observations \ {.. n})" unfolding observations_def extensionalD_def OB_def msgs_def - by (auto simp add: t_def comp_def image_iff) + by (auto simp add: t_def comp_def image_iff subset_eq) with finite_extensionalD_funcset have "card ((t\OB)`msgs) \ card (extensionalD 0 observations \ (observations \ {.. n}))" by (rule card_mono) auto @@ -339,7 +278,7 @@ lemma \

_k: assumes "k \ keys" shows "\

(fst) {k} = K k" proof - from assms have *: - "fst -` {k} \ msgs = {k}\{ms. length ms = n \ (\M\set ms. M \ messages)}" + "fst -` {k} \ msgs = {k}\{ms. set ms \ messages \ length ms = n}" unfolding msgs_def by auto show "\

(fst) {k} = K k" apply (simp add: \'_eq distribution_def) @@ -352,7 +291,7 @@ lemma fst_image_msgs[simp]: "fst`msgs = keys" proof - from M.not_empty obtain m where "m \ messages" by auto - then have *: "{m. length m = n \ (\x\set m. x\messages)} \ {}" + then have *: "{m. set m \ messages \ length m = n} \ {}" by (auto intro!: exI[of _ "replicate n m"]) then show ?thesis unfolding msgs_def fst_image_times if_not_P[OF *] by simp @@ -382,7 +321,7 @@ (\im\{m\messages. observe k m = obs ! i}. M m)" unfolding P_def using `K k \ 0` `k \ keys` apply (simp add: setsum_cartesian_product' setsum_divide_distrib msgs_def ** cong: conj_cong) - apply (subst setprod_setsum_distrib_lists[OF M.finite_space, unfolded subset_eq]) .. + apply (subst setprod_setsum_distrib_lists[OF M.finite_space]) .. finally have "\

(OB, fst) {(obs, k)} / K k = (\im\{m\messages. observe k m = obs ! i}. M m)" . } note * = this