A puzzle game

Temporal Logic of Knowledge and its applications in security

C˘at˘alin Dima

LACL, Universit´e Paris 12

8/12/2006

1 Preliminaries

The muddy children puzzle Logics of knowledge and security

2 The bases

Syntax and semantics Knowledge and time

Types of temporal knowledge Axiomatics and decidability issues

3 Knowledge and information flow Classical information flow properties

1 Preliminaries

The muddy children puzzle Logics of knowledge and security

2 The bases

Syntax and semantics Knowledge and time

Types of temporal knowledge Axiomatics and decidability issues

3 Knowledge and information flow Classical information flow properties

A puzzle game

nchildren play together outside,

None wants to get dirty (Dad punishes!), but would like to see the others dirty! (kids...)

It happens that, at some moment,k of them get mud on their foreheads

... so each of them cannot see if he’s dirty or not!

... and none signals anything to anybody who’s dirty!

Mum comes into the room and says

At least one of you has mud on his forehead Then she asks everybody:

Does anyone of you know whether you’re dirty?

Assuming that all children are intelligent, perceptive and truthful (!), what happens?

A puzzle game

nchildren play together outside,

None wants to get dirty (Dad punishes!), but would like to see the others dirty! (kids...)

It happens that, at some moment,k of them get mud on their foreheads

... so each of them cannot see if he’s dirty or not!

... and none signals anything to anybody who’s dirty!

Mum comes into the room and says

At least one of you has mud on his forehead Then she asks everybody:

Does anyone of you know whether you’re dirty?

Assuming that all children are intelligent, perceptive and truthful (!), what happens?

A puzzle game

nchildren play together outside,

None wants to get dirty (Dad punishes!), but would like to see the others dirty! (kids...)

It happens that, at some moment,k of them get mud on their foreheads

... so each of them cannot see if he’s dirty or not!

... and none signals anything to anybody who’s dirty!

Mum comes into the room and says

At least one of you has mud on his forehead Then she asks everybody:

Does anyone of you know whether you’re dirty?

Assuming that all children are intelligent, perceptive and truthful (!), what happens?

A puzzle game

nchildren play together outside,

None wants to get dirty (Dad punishes!), but would like to see the others dirty! (kids...)

It happens that, at some moment,k of them get mud on their foreheads

... so each of them cannot see if he’s dirty or not!

... and none signals anything to anybody who’s dirty!

Mum comes into the room and says

At least one of you has mud on his forehead Then she asks everybody:

Does anyone of you know whether you’re dirty?

Assuming that all children are intelligent, perceptive and truthful (!), what happens?

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Solving the puzzle game

There is a “formal” proof that

the firstk−1 times Mum asks her question, all will sayNo, butthek^thtime she asks her question, exactly those children with muddy foreheads will sayYes, I am dirty!

Proof: by induction onk:

Fork=1 it’s obvious (ain’t it?).

Fork=2, the first time everybody saysNo.

... but then everybody will notice that the two muddy children do not know they are dirty.

Hence muddyaconcludes that, since muddybdoes not deduce that he’s the only one to be dirty, he must have seen mud on someone else’s forehead.

So it must be his (a’s) own forehead that was muddy!

Generalize the reasoning!

Muddy children and knowledge

All children do their reasoning provided theyknowsome properties...

... and deduce (know) later that the othersdo not know some other properties.

Mum’s questions serve assynchronization steps.

Without these, there could be no way for children to achieve their deductions!

Stepk +1 also represents the convergence of the system tocommon knowledge.

That is,everybody knows that everybody knows that everybody knows that ... thata1. . .ak are dirty

Why studying logics of knowledge?

Epistemic logics are important inmulti-agent systems.

Originally developed for AI.

Security analysis involves at least two agents: the legitimate user(s) and the intruder(s).

In security protocol analysis, we speak aboutintruder knowledge!

Information flow analysis also is concerned with the information an agent gains about security levels to which he is not authorized to access.

Information is closely related to knowledge.

What characterizes a logic?

Its syntax.

Its semantics.

Its axiomatic system.

The possibility to “mechanicise” the deduction = decidability of various decision problems.

Various interesting extensions.

Applications in the study of information flow.

1 Preliminaries

The muddy children puzzle Logics of knowledge and security

2 The bases

Syntax and semantics Knowledge and time

Types of temporal knowledge Axiomatics and decidability issues

3 Knowledge and information flow Classical information flow properties

Basic knowledge operators

nagent system – call them 1,2, . . . ,n.

K_iφ: agenti knowsformulaφ.

Examples:

1 nchildren play their muddy forehead game.

2 p2:childi has mud on his forehead.

3 K4p2:child 4 knows that child 2 is muddy.

4 K1(K4p2∧p1) :

child 1 knows that child 2 knows that 2 is muddy...

... and also knows that he himself is muddy!

All the other boolean operators: ∧,∨,¬,→. . .. Temporal operators will be added later!

Basic knowledge operators

nagent system – call them 1,2, . . . ,n.

K_iφ: agenti knowsformulaφ.

Examples:

1 nchildren play their muddy forehead game.

2 p2:childi has mud on his forehead.

3 K4p2:child 4 knows that child 2 is muddy.

4 K1(K4p2∧p1) :

child 1 knows that child 2 knows that 2 is muddy...

... and also knows that he himself is muddy!

All the other boolean operators: ∧,∨,¬,→. . .. Temporal operators will be added later!

Basic knowledge operators

nagent system – call them 1,2, . . . ,n.

K_iφ: agenti knowsformulaφ.

Examples:

1 nchildren play their muddy forehead game.

2 p2:childi has mud on his forehead.

3 K4p2:child 4 knows that child 2 is muddy.

4 K1(K4p2∧p1) :

child 1 knows that child 2 knows that 2 is muddy...

... and also knows that he himself is muddy!

All the other boolean operators: ∧,∨,¬,→. . .. Temporal operators will be added later!

Basic knowledge operators

nagent system – call them 1,2, . . . ,n.

K_iφ: agenti knowsformulaφ.

Examples:

1 nchildren play their muddy forehead game.

2 p2:childi has mud on his forehead.

3 K4p2:child 4 knows that child 2 is muddy.

4 K1(K4p2∧p1) :

child 1 knows that child 2 knows that 2 is muddy...

... and also knows that he himself is muddy!

All the other boolean operators: ∧,∨,¬,→. . .. Temporal operators will be added later!

Basic knowledge operators

nagent system – call them 1,2, . . . ,n.

K_iφ: agenti knowsformulaφ.

Examples:

1 nchildren play their muddy forehead game.

2 p2:childi has mud on his forehead.

3 K4p2:child 4 knows that child 2 is muddy.

4 K1(K4p2∧p1) :

child 1 knows that child 2 knows that 2 is muddy...

... and also knows that he himself is muddy!

All the other boolean operators: ∧,∨,¬,→. . .. Temporal operators will be added later!

Basic knowledge operators

nagent system – call them 1,2, . . . ,n.

K_iφ: agenti knowsformulaφ.

Examples:

1 nchildren play their muddy forehead game.

2 p2:childi has mud on his forehead.

3 K4p2:child 4 knows that child 2 is muddy.

4 K1(K4p2∧p1) :

child 1 knows that child 2 knows that 2 is muddy...

... and also knows that he himself is muddy!

All the other boolean operators: ∧,∨,¬,→. . .. Temporal operators will be added later!

Semantics

Possible worldsmodel: Kripke structurefornagents:

M = (S,Π, π,K₁, . . . ,K_n).

S– the set ofglobal states.

SometimesS=S1×. . .×Sn. Si =local statesfor agenti.

Π– set of primitive propositions (likep2:childi is muddy).

π :S→2^Π– truth value for each primite propositionin each state.

K_i – theindistinguishibility relation(also called the possibilityrelation).

K_i(s,s⁰)= for agenti, statessands⁰ cannot be

distinguished by prior observation – i.e., according toi’s knowledge!

Very oftenK_i arereflexive, symmetric & transitive– i.e.

equivalence relations.

Semantics

Possible worldsmodel: Kripke structurefornagents:

M = (S,Π, π,K₁, . . . ,K_n).

S– the set ofglobal states.

SometimesS=S1×. . .×Sn. Si =local statesfor agenti.

Π– set of primitive propositions (likep2:childi is muddy).

π :S→2^Π– truth value for each primite propositionin each state.

K_i – theindistinguishibility relation(also called the possibilityrelation).

K_i(s,s⁰)= for agenti, statessands⁰ cannot be

distinguished by prior observation – i.e., according toi’s knowledge!

Very oftenK_i arereflexive, symmetric & transitive– i.e.

equivalence relations.

Semantics

Possible worldsmodel: Kripke structurefornagents:

M = (S,Π, π,K₁, . . . ,K_n).

S– the set ofglobal states.

SometimesS=S1×. . .×Sn. Si =local statesfor agenti.

Π– set of primitive propositions (likep2:childi is muddy).

π :S→2^Π– truth value for each primite propositionin each state.

K_i – theindistinguishibility relation(also called the possibilityrelation).

K_i(s,s⁰)= for agenti, statessands⁰ cannot be

distinguished by prior observation – i.e., according toi’s knowledge!

Very oftenK_i arereflexive, symmetric & transitive– i.e.

equivalence relations.

Semantics

Possible worldsmodel: Kripke structurefornagents:

M = (S,Π, π,K₁, . . . ,K_n).

S– the set ofglobal states.

SometimesS=S1×. . .×Sn. Si =local statesfor agenti.

Π– set of primitive propositions (likep2:childi is muddy).

π :S→2^Π– truth value for each primite propositionin each state.

K_i – theindistinguishibility relation(also called the possibilityrelation).

K_i(s,s⁰)= for agenti, statessands⁰ cannot be

distinguished by prior observation – i.e., according toi’s knowledge!

Very oftenK_i arereflexive, symmetric & transitive– i.e.

equivalence relations.

Semantics

Possible worldsmodel: Kripke structurefornagents:

M = (S,Π, π,K₁, . . . ,K_n).

S– the set ofglobal states.

SometimesS=S1×. . .×Sn. Si =local statesfor agenti.

Π– set of primitive propositions (likep2:childi is muddy).

π :S→2^Π– truth value for each primite propositionin each state.

K_i – theindistinguishibility relation(also called the possibilityrelation).

K_i(s,s⁰)= for agenti, statessands⁰ cannot be

distinguished by prior observation – i.e., according toi’s knowledge!

Very oftenK_i arereflexive, symmetric & transitive– i.e.

equivalence relations.

Semantics (contd.)

Semantics of formulas: evaluated at eachstates:

(M,s)|=φ: formulaφholds atstates.

(M,s)|=piffp₂∈π(s).

(M,s)|=φ₁∧φ₂iff

(M,s)|=K_iφiff(M,s⁰)|=φfor alls⁰ withK_i(s,s⁰).

φis a formula that is acquired byi.

All observations bringi to consider thatφmust hold.

Notation:M |=φiff(M,s)|=φfor alls∈S.

Semantics (contd.)

Semantics of formulas: evaluated at eachstates:

(M,s)|=φ: formulaφholds atstates.

(M,s)|=piffp₂∈π(s).

(M,s)|=φ₁∧φ₂iff

(M,s)|=K_iφiff(M,s⁰)|=φfor alls⁰ withK_i(s,s⁰).

φis a formula that is acquired byi.

All observations bringi to consider thatφmust hold.

Notation:M |=φiff(M,s)|=φfor alls∈S.

Semantics (contd.)

Semantics of formulas: evaluated at eachstates:

(M,s)|=φ: formulaφholds atstates.

(M,s)|=piffp₂∈π(s).

(M,s)|=φ₁∧φ₂iff

(M,s)|=K_iφiff(M,s⁰)|=φfor alls⁰ withK_i(s,s⁰).

φis a formula that is acquired byi.

All observations bringi to consider thatφmust hold.

Notation:M |=φiff(M,s)|=φfor alls∈S.

Semantics (contd.)

Semantics of formulas: evaluated at eachstates:

(M,s)|=φ: formulaφholds atstates.

(M,s)|=piffp₂∈π(s).

(M,s)|=φ₁∧φ₂iff(M,s)|=φ₁and(M,s) |=φ₂. (M,s)|=K_iφiff(M,s⁰)|=φfor alls⁰ withK_i(s,s⁰).

φis a formula that is acquired byi.

All observations bringi to consider thatφmust hold.

Notation:M |=φiff(M,s)|=φfor alls∈S.

Semantics (contd.)

Semantics of formulas: evaluated at eachstates:

(M,s)|=φ: formulaφholds atstates.

(M,s)|=piffp₂∈π(s).

(M,s)|=φ₁∧φ₂iff(M,s)|=φ₁and(M,s) |=φ₂. (M,s)|=K_iφiff(M,s⁰)|=φfor alls⁰ withK_i(s,s⁰).

φis a formula that is acquired byi.

All observations bringi to consider thatφmust hold.

Notation:M |=φiff(M,s)|=φfor alls∈S.

Muddy children – original situation

Kripke structureMmud = (S,Π, π,K_i)fornagents.

“Local state” for agenti: S_i ={0,1}(muddy or not!).

S=S1×. . .Sn– that is, 2ⁿinitial situations.

A “global state” is composed of “local states”:

s= (s1, . . . ,sn).

Π ={p₁, . . . ,pn}.

(Mmud,s)|=p3iffs3=1.

K_i(s,s⁰)iffs_j =s_j⁰for allj 6=i.

“Hypercube” representation ofMmud.

What are the states where(M_mud,s)|=K₁p₂?

Muddy children – original situation

Kripke structureMmud = (S,Π, π,K_i)fornagents.

“Local state” for agenti: S_i ={0,1}(muddy or not!).

S=S1×. . .Sn– that is, 2ⁿinitial situations.

A “global state” is composed of “local states”:

s= (s1, . . . ,sn).

Π ={p₁, . . . ,pn}.

(Mmud,s)|=p3iffs3=1.

K_i(s,s⁰)iffs_j =s_j⁰for allj 6=i.

“Hypercube” representation ofMmud.

What are the states where(M_mud,s)|=K₁p₂?

Muddy children – original situation

Kripke structureMmud = (S,Π, π,K_i)fornagents.

“Local state” for agenti: S_i ={0,1}(muddy or not!).

S=S1×. . .Sn– that is, 2ⁿinitial situations.

A “global state” is composed of “local states”:

s= (s1, . . . ,sn).

Π ={p₁, . . . ,pn}.

(Mmud,s)|=p3iffs3=1.

K_i(s,s⁰)iffs_j =s_j⁰for allj 6=i.

“Hypercube” representation ofMmud.

What are the states where(M_mud,s)|=K₁p₂?

Muddy children – original situation

Kripke structureMmud = (S,Π, π,K_i)fornagents.

“Local state” for agenti: S_i ={0,1}(muddy or not!).

S=S1×. . .Sn– that is, 2ⁿinitial situations.

A “global state” is composed of “local states”:

s= (s1, . . . ,sn).

Π ={p₁, . . . ,pn}.

(Mmud,s)|=p3iffs3=1.

K_i(s,s⁰)iffs_j =s_j⁰for allj 6=i.

“Hypercube” representation ofMmud.

What are the states where(M_mud,s)|=K₁p₂?

Other knowledge operators

i considersφpossible–Piφ–

(M,s)|=Piφiff(M,s⁰)|=φfor somes⁰withK_i(s,s⁰).

Everybody in the groupGknowsφ–E_Gφ– (M,s)|=EGφiff(M,s)|=Kiφfor alli ∈G.

Distributed knowledge ofφwithin a group: DGφ

(M,s)|=EGφiff(M,s⁰)|=φfor alls⁰withK_i(s,s⁰)∀i ∈G.

Common knowledge ofφwithin a groupG: C_Gφ (M,s)|=C_Gφiff(M,s)|=E_G^kφfor allk.

That is, each agent knows that each other agent knows that .... knows thatφholds.

Stronger thanEGand distributed knowledge!

What aboutP₂p₂,E_1,2p₂,E_1,2p₃,D_1,2p₃,C_1,2p₃inM_mud?

Other knowledge operators

i considersφpossible–Piφ–

(M,s)|=Piφiff(M,s⁰)|=φfor somes⁰withK_i(s,s⁰).

Everybody in the groupGknowsφ–E_Gφ– (M,s)|=EGφiff(M,s)|=Kiφfor alli ∈G.

Distributed knowledge ofφwithin a group: DGφ

(M,s)|=EGφiff(M,s⁰)|=φfor alls⁰withK_i(s,s⁰)∀i ∈G.

Common knowledge ofφwithin a groupG: C_Gφ (M,s)|=C_Gφiff(M,s)|=E_G^kφfor allk.

That is, each agent knows that each other agent knows that .... knows thatφholds.

Stronger thanEGand distributed knowledge!

What aboutP₂p₂,E_1,2p₂,E_1,2p₃,D_1,2p₃,C_1,2p₃inM_mud?

Other knowledge operators

i considersφpossible–Piφ–

(M,s)|=Piφiff(M,s⁰)|=φfor somes⁰withK_i(s,s⁰).

Everybody in the groupGknowsφ–E_Gφ– (M,s)|=EGφiff(M,s)|=Kiφfor alli ∈G.

Distributed knowledge ofφwithin a group: DGφ

(M,s)|=EGφiff(M,s⁰)|=φfor alls⁰withK_i(s,s⁰)∀i ∈G.

Common knowledge ofφwithin a groupG: C_Gφ (M,s)|=C_Gφiff(M,s)|=E_G^kφfor allk.

That is, each agent knows that each other agent knows that .... knows thatφholds.

Stronger thanEGand distributed knowledge!

What aboutP₂p₂,E_1,2p₂,E_1,2p₃,D_1,2p₃,C_1,2p₃inM_mud?

Other knowledge operators

i considersφpossible–Piφ–

(M,s)|=Piφiff(M,s⁰)|=φfor somes⁰withK_i(s,s⁰).

Everybody in the groupGknowsφ–E_Gφ– (M,s)|=EGφiff(M,s)|=Kiφfor alli ∈G.

Distributed knowledge ofφwithin a group: DGφ

(M,s)|=EGφiff(M,s⁰)|=φfor alls⁰withK_i(s,s⁰)∀i ∈G.

Common knowledge ofφwithin a groupG: C_Gφ (M,s)|=C_Gφiff(M,s)|=E_G^kφfor allk.

That is, each agent knows that each other agent knows that .... knows thatφholds.

Stronger thanEGand distributed knowledge!

What aboutP₂p₂,E_1,2p₂,E_1,2p₃,D_1,2p₃,C_1,2p₃inM_mud?

Other knowledge operators

i considersφpossible–Piφ–

(M,s)|=Piφiff(M,s⁰)|=φfor somes⁰withK_i(s,s⁰).

Everybody in the groupGknowsφ–E_Gφ– (M,s)|=EGφiff(M,s)|=Kiφfor alli ∈G.

Distributed knowledge ofφwithin a group: DGφ

(M,s)|=EGφiff(M,s⁰)|=φfor alls⁰withK_i(s,s⁰)∀i ∈G.

Common knowledge ofφwithin a groupG: C_Gφ (M,s)|=C_Gφiff(M,s)|=E_G^kφfor allk.

That is, each agent knows that each other agent knows that .... knows thatφholds.

Stronger thanEGand distributed knowledge!

What aboutP₂p₂,E_1,2p₂,E_1,2p₃,D_1,2p₃,C_1,2p₃inM_mud?

Evolving knowledge

Consider again the muddy children Kripke structureM_mud. What happens when Mum speaks the first time?

Answer: state(0,0, ...,0) disappears!

After Mum’s announcement, it iscommon knowledgethat someone has mud on his forehead!

What happens when Mum speaks the second time?

All states with only one 1 dissapear!

After Mum’s announcement, it iscommon knowledgethat at least twochildren are dirty!

And so on...

But this is not exactly captured by our system model!

Evolving knowledge

Consider again the muddy children Kripke structureM_mud. What happens when Mum speaks the first time?

Answer: state(0,0, ...,0) disappears!

After Mum’s announcement, it iscommon knowledgethat someone has mud on his forehead!

What happens when Mum speaks the second time?

All states with only one 1 dissapear!

After Mum’s announcement, it iscommon knowledgethat at least twochildren are dirty!

And so on...

But this is not exactly captured by our system model!

Evolving knowledge

Consider again the muddy children Kripke structureM_mud. What happens when Mum speaks the first time?

Answer: state(0,0, ...,0) disappears!

After Mum’s announcement, it iscommon knowledgethat someone has mud on his forehead!

What happens when Mum speaks the second time?

All states with only one 1 dissapear!

After Mum’s announcement, it iscommon knowledgethat at least twochildren are dirty!

And so on...

But this is not exactly captured by our system model!

Evolving knowledge

Consider again the muddy children Kripke structureM_mud. What happens when Mum speaks the first time?

Answer: state(0,0, ...,0) disappears!

After Mum’s announcement, it iscommon knowledgethat someone has mud on his forehead!

What happens when Mum speaks the second time?

All states with only one 1 dissapear!

After Mum’s announcement, it iscommon knowledgethat at least twochildren are dirty!

And so on...

But this is not exactly captured by our system model!

Evolving knowledge

Consider again the muddy children Kripke structureM_mud. What happens when Mum speaks the first time?

Answer: state(0,0, ...,0) disappears!

After Mum’s announcement, it iscommon knowledgethat someone has mud on his forehead!

What happens when Mum speaks the second time?

All states with only one 1 dissapear!

After Mum’s announcement, it iscommon knowledgethat at least twochildren are dirty!

And so on...

But this is not exactly captured by our system model!

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Incorporating temporal operators

Future temporal operators:

φ– next time,φholds.

2φ–φholds forever, from now on.

φUψ–φholds in every time point untilψholds.

3φ– there exists a point in the future whereφwill hold.

And past temporal operators:

φ– last time,φheld.

φ– always before,φheld.

φ–φheld sometime in the past.

φSψ–φheld in every time point sinceψheld.

Other operators can be added (e.g. fixpoints).

Temporal semantics

Transition system fornagentsT = (S,):

⊆S×S–temporal evolutionof the system.

RunsinT =infinitesequences of states inS.

Temporal interpreted system overT: I= (Q,Π, π):

Q=Runs(T)×N–points.

π:Q→2^Π– interpretation of propositional symbols.

Semantics of temporal formulas: (I,r,n)|=φ.

(r,n)∈Q.

Temporal semantics

Transition system fornagentsT = (S,):

⊆S×S–temporal evolutionof the system.

RunsinT =infinitesequences of states inS.

Temporal interpreted system overT: I= (Q,Π, π):

Q=Runs(T)×N–points.

π:Q→2^Π– interpretation of propositional symbols.

Semantics of temporal formulas: (I,r,n)|=φ.

(r,n)∈Q.

Temporal semantics

Transition system fornagentsT = (S,):

⊆S×S–temporal evolutionof the system.

RunsinT =infinitesequences of states inS.

Temporal interpreted system overT: I= (Q,Π, π):

Q=Runs(T)×N–points.

π:Q→2^Π– interpretation of propositional symbols.

Semantics of temporal formulas: (I,r,n)|=φ.

(r,n)∈Q.

Temporal semantics (contd.)

(I,r,n)|=φiff(I,r,n+1)|=φ.

(I,r,n)|=2φiff(I,r,m)|=φforallm≥n.

(I,r,n)|=3φiff(I,r,m)|=φforsomem≥n.

(I,r,n)|=φUψiff(I,r,m)|=ψfor somem≥nand (I,r,p)|=φfor alln≤p <m.

(I,r,n)|= φiff(I,r,n−1)|=φ(n>0!).

(I,r,n)|=φiff(I,r,m)|=φfor allm≤n.

(I,r,n)|=φiff(I,r,n+1)|=φfor somem≤n.

(I,r,n)|=φUψiff(I,r,m)|=ψfor somem≤nand (I,r,p)|=φfor allm<p≤m.

Temporal semantics (contd.)

(I,r,n)|=φiff(I,r,n+1)|=φ.

(I,r,n)|=2φiff(I,r,m)|=φforallm≥n.

(I,r,n)|=3φiff(I,r,m)|=φforsomem≥n.

(I,r,n)|=φUψiff(I,r,m)|=ψfor somem≥nand (I,r,p)|=φfor alln≤p <m.

(I,r,n)|= φiff(I,r,n−1)|=φ(n>0!).

(I,r,n)|=φiff(I,r,m)|=φfor allm≤n.

(I,r,n)|=φiff(I,r,n+1)|=φfor somem≤n.

(I,r,n)|=φUψiff(I,r,m)|=ψfor somem≤nand (I,r,p)|=φfor allm<p≤m.

Temporal and knowledge semantics

Temporal interpreted systemI = (Q,Π, π) over a transition systemT.

Kripke structure overT: MT = (I,K₁, . . .K_n). K_i ⊆Q×Q.

Semantics : unchanged from what we’ve seen!

Example formulas: K12p1∧p2UC2,3p3.

Temporal and knowledge semantics

Temporal interpreted systemI = (Q,Π, π) over a transition systemT.

Kripke structure overT: MT = (I,K₁, . . .K_n). K_i ⊆Q×Q.

Semantics : unchanged from what we’ve seen!

Example formulas: K12p1∧p2UC2,3p3.

Muddy children example

Transition system: T = (S,)with={(s,s)| s∈S}.

Local states are unchanged during the run!

Run – identified with the (unique) state occurring in it!

Hence points = pairs (state, timepoint).

Interpretation: π(s,n) ={p_i |s_i =1}.

Possibility relations:

K_i (s,k),(s⁰.k)

iffs=s⁰ or supp(s),supp(s⁰)≥k andsj =s_j⁰ ∀j6=i

supp(s) ={i |si =1}.

Draw it!

Muddy children example

Transition system: T = (S,)with={(s,s)| s∈S}.

Local states are unchanged during the run!

Run – identified with the (unique) state occurring in it!

Hence points = pairs (state, timepoint).

Interpretation: π(s,n) ={p_i |s_i =1}.

Possibility relations:

K_i (s,k),(s⁰.k)

iffs=s⁰ or supp(s),supp(s⁰)≥k andsj =s_j⁰ ∀j6=i

supp(s) ={i |si =1}.

Draw it!

Muddy children example

Transition system: T = (S,)with={(s,s)| s∈S}.

Local states are unchanged during the run!

Run – identified with the (unique) state occurring in it!

Hence points = pairs (state, timepoint).

Interpretation: π(s,n) ={p_i |s_i =1}.

Possibility relations:

K_i (s,k),(s⁰.k)

iffs=s⁰ or supp(s),supp(s⁰)≥k andsj =s_j⁰ ∀j6=i

supp(s) ={i |si =1}.

Draw it!