PoV

{-# OPTIONS --safe #-}

open import Ledger.Conway.Specification.Transaction
open import Ledger.Conway.Specification.Abstract

module Ledger.Conway.Specification.Ledger.Properties.PoV
  (txs : _) (open TransactionStructure txs)
  (abs : AbstractFunctions txs) (open AbstractFunctions abs)
  where

open import Ledger.Conway.Specification.Certs govStructure
open import Ledger.Conway.Specification.Chain txs abs
open import Ledger.Conway.Specification.Certs.Properties govStructure
open import Ledger.Conway.Specification.Ledger txs abs
open import Ledger.Prelude
open import Ledger.Conway.Specification.Utxo txs abs
open import Ledger.Conway.Specification.Utxo.Properties txs abs using (χ; module DepositHelpers)
open import Ledger.Conway.Specification.Utxo.Properties.PoV txs abs
open import Ledger.Conway.Specification.Utxow txs abs

open import Axiom.Set.Properties th

open import Data.Nat.Properties using (+-0-monoid; +-identityʳ; +-comm; +-assoc; *-identityʳ; *-zeroʳ)

-- ** Proof that LEDGER preserves values.

instance
  HasCoin-LState : HasCoin LState
  HasCoin-LState .getCoin s = getCoin (LState.utxoSt s) + getCoin (LState.certState s)

module _
  (tx : Tx) (let open Tx tx; open TxBody body)
  ( indexedSumᵛ'-∪  :  {A : Type} ⦃ _ : DecEq A ⦄ (m m' : A ⇀ Coin)
                       → disjoint (dom m) (dom m') → getCoin (m ∪ˡ m') ≡ getCoin m + getCoin m' )
  ( sumConstZero    :  {A : Type} ⦃ _ : DecEq A ⦄ {X : ℙ A} → getCoin (constMap X 0) ≡ 0 )
  ( res-decomp      :  {A : Type} ⦃ _ : DecEq A ⦄ (m m' : A ⇀ Coin)
                       → (m ∪ˡ m')ˢ ≡ᵉ (m ∪ˡ (m' ∣ dom (m ˢ) ᶜ))ˢ )
  ( getCoin-cong    :  {A : Type} ⦃ _ : DecEq A ⦄ (s : A ⇀ Coin) (s' : ℙ (A × Coin)) → s ˢ ≡ᵉ s'
                       → indexedSum' proj₂ (s ˢ) ≡ indexedSum' proj₂ s' )
  ( ≡ᵉ-getCoinˢ     :  {A A' : Type} ⦃ _ : DecEq A ⦄ ⦃ _ : DecEq A' ⦄ (s : ℙ (A × Coin)) {f : A → A'}
                       → InjectiveOn (dom s) f → getCoin (mapˢ (map₁ f) s) ≡ getCoin s )
  where

  pattern UTXO-induction r = UTXO-inductive⋯ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ r _ _ _

Theorem (LEDGER rule preserves value).

Informally.

Let s and s' be ledger states and let tx : Tx be a fresh transaction, that is, a transaction that is not already part of the UTxOState of s. If s ⇀⦇ tx ,LEDGER⦈ s', then the coin values of s and s' are equal, that is, getCoin s \(≡\) getCoin s'.

Formally.

  LEDGER-pov : {Γ : LEnv} {s s' : LState}
    → txid ∉ mapˢ proj₁ (dom (UTxOOf s))
    → Γ ⊢ s ⇀⦇ tx ,LEDGER⦈ s' → getCoin s ≡ getCoin s'

Proof.

  LEDGER-pov
    {s  = s}
    {s' = s'}
    h (LEDGER-V {utxoSt' = utxoSt''} ( valid , UTXOW⇒UTXO st@(UTXO-induction r) , h' , _ )) =
    let
      open LState s
      open CertState certState
      open LState s' renaming (utxoSt to utxoSt'; govSt to govSt'; certState to certState')
      open CertState certState'
      open ≡-Reasoning
      open CERTSpov indexedSumᵛ'-∪ sumConstZero res-decomp  getCoin-cong ≡ᵉ-getCoinˢ r
      zeroMap    = constMap (mapˢ RwdAddr.stake (dom txwdrls)) 0
    in
    begin
      getCoin utxoSt + getCoin certState
        ≡⟨ cong (getCoin utxoSt +_) (CERTS-pov h') ⟩
      getCoin utxoSt + (getCoin certState' + getCoin txwdrls)
        ≡˘⟨ cong (λ x → getCoin utxoSt + (getCoin certState' + x )) (*-identityʳ (getCoin txwdrls)) ⟩  -- cong (λ u → getCoin utxoSt + (getCoin certState' + getCoin txwdrls * χ u)) valid ⟩
      getCoin utxoSt + (getCoin certState' + getCoin txwdrls * 1)
        ≡˘⟨ cong (λ u → getCoin utxoSt + (getCoin certState' + getCoin txwdrls * χ u)) valid ⟩
      getCoin utxoSt + (getCoin certState' + getCoin txwdrls * χ isValid)
        ≡⟨ cong (getCoin utxoSt +_) (+-comm (getCoin certState') _) ⟩
      getCoin utxoSt + (getCoin txwdrls * χ isValid + getCoin certState')
        ≡˘⟨ +-assoc (getCoin utxoSt) (getCoin txwdrls * χ isValid) (getCoin certState') ⟩
      getCoin utxoSt + getCoin txwdrls * χ isValid + getCoin certState'
        ≡⟨ cong (_+ getCoin certState') (UTXOpov h st) ⟩
      getCoin utxoSt' + getCoin certState'
        ∎

  LEDGER-pov  {s = s}
              {s' = s'}
              h (LEDGER-I {utxoSt' = utxoSt''} (invalid , UTXOW⇒UTXO st)) =
    let
        open LState s
        open CertState certState
        open LState s' renaming (utxoSt to utxoSt'; govSt to govSt'; certState to certState')
        open UTxOState utxoSt
        open UTxOState utxoSt' renaming (utxo to utxo'; fees to fees'
                                        ; deposits to deposits'; donations to donations') in
    cong (_+ rewardsBalance dState)
    ( begin
      getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{4905}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{4912}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{4919}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{4930}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$
        ≡˘⟨ +-identityʳ (getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{4977}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{4984}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{4991}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{5002}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$) ⟩
      getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{5033}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{5040}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{5047}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{5058}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$ + 0
        ≡˘⟨ cong (getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{5102}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{5109}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{5116}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{5127}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$ +_) (*-zeroʳ (getCoin txwdrls)) ⟩
      getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{5189}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{5196}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{5203}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{5214}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$ + getCoin txwdrls * 0
        ≡˘⟨ cong (λ x → getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{5282}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{5289}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{5296}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{5307}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$ + getCoin txwdrls * χ x) invalid ⟩
      getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Utxo.html#4930}{\htmlId{5370}{\htmlClass{Function}{\text{utxo}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4952}{\htmlId{5377}{\htmlClass{Function}{\text{fees}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#4974}{\htmlId{5384}{\htmlClass{Function}{\text{deposits}}}}\, \\ \,\href{Ledger.Conway.Specification.Utxo.html#5000}{\htmlId{5395}{\htmlClass{Function}{\text{donations}}}}\, \end{pmatrix}$ + getCoin txwdrls * χ isValid
        ≡⟨ UTXOpov h st ⟩
      getCoin $\begin{pmatrix} \,\href{Ledger.Conway.Specification.Ledger.Properties.PoV.html#4727}{\htmlId{5479}{\htmlClass{Function}{\text{utxo'}}}}\, \\ \,\href{Ledger.Conway.Specification.Ledger.Properties.PoV.html#4742}{\htmlId{5487}{\htmlClass{Function}{\text{fees'}}}}\, \\ \,\href{Ledger.Conway.Specification.Ledger.Properties.PoV.html#4802}{\htmlId{5495}{\htmlClass{Function}{\text{deposits'}}}}\, \\ \,\href{Ledger.Conway.Specification.Ledger.Properties.PoV.html#4826}{\htmlId{5507}{\htmlClass{Function}{\text{donations'}}}}\, \end{pmatrix}$ ∎ )
    where open ≡-Reasoning