Witness Extraction Method using HRO2-mr Realizability and Friedman-Dragalin Translation, Papers of Cryptography and System Security

A method of witness extraction based on the embedding of classical logic in intuitionistic logic, the curry-howard isomorphism, and hro2-mr realizability. It shows how each proof of a σ1 formula in ha2 can be converted into a term of hro2 that is defined and satisfies the formula for every value of any parameters appearing in it. The method is demonstrated using a tait-style calculus for pa2 and the preliminaries include propositional, quantifier, equality, and arithmetical rules.

Typology: Papers

Pre 2010

Uploaded on 08/26/2009

koofers-user-jrm-1
koofers-user-jrm-1 🇺🇸

7 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
A Realizability Interpretation for Classical
Analysis
Henry Towsner
May 20, 2005
Abstract
We present a realizability interpretation for classical analysis–an association
of a term to every proof so that the terms assigned to existential formulas repre-
sent witnesses to the truth of that formula. For classical proofs of Π2sentences
xyA(x, y), this provides a recursive type 1 function which computes the func-
tion given by f(x) = yiff yis the least number such that A(x,y ).
1 Introduction
Although both classical and intuitionistic arithmetic prove the same Π2sentences,
proofs in the intuitionistic version generally provide more information. The Curry-
Howard isomorphism associates them with realizing λterms, which associate numeri-
cal witnesses to existential quantifiers and appropriate functionals to strings of quanti-
fiers.
[Avigad, 2000] demonstrates a method of extending this realization to classical
arithmetic to find numerical witnesses to Σ1sentences and type 1 functions witnessing
Π2sentences. This method of witness extraction was derived from the composition of
an embedding of classical logic in intuitionistic logic, the Friedman-Dragalin transla-
tion (first described in [Friedman, 1978] and [Dragalin, 1980]), and the Curry-Howard
isomorphism.
In this paper we extend this method to second order classical arithmetic. As with
Avigad’s version, the actual embedding of classical logic in intuitionistic logic is un-
usually simple; in particular, unlike the double-negation translation, an atomic formula
φin classical logic is unchanged in the intuitionistic embedding. This leads to a differ-
ent type of equivalence between the theories: if we can prove φin classical logic then
φ¬¬ can be proven in intuitionistic logic. By contrast, under the embedding used here,
we will be able to prove instead that (¬φ)E` .
The embedding used here is simplified by not allowing implication or universal
quantifiers in the classical language, instead building them in the usual way from nega-
tion, disjunction, and existential quantifiers. This means that, for example, is
embedded is ¬∃x¬φ: no universal quantifiers appear in the range of the embedding.
1
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Witness Extraction Method using HRO2-mr Realizability and Friedman-Dragalin Translation and more Papers Cryptography and System Security in PDF only on Docsity!

A Realizability Interpretation for Classical

Analysis

Henry Towsner

May 20, 2005

Abstract We present a realizability interpretation for classical analysis–an association of a term to every proof so that the terms assigned to existential formulas repre- sent witnesses to the truth of that formula. For classical proofs of Π 2 sentences ∀x∃yA(x, y), this provides a recursive type 1 function which computes the func- tion given by f (x) = y iff y is the least number such that A(x, y).

1 Introduction

Although both classical and intuitionistic arithmetic prove the same Π 2 sentences, proofs in the intuitionistic version generally provide more information. The Curry- Howard isomorphism associates them with realizing λ terms, which associate numeri- cal witnesses to existential quantifiers and appropriate functionals to strings of quanti- fiers. [Avigad, 2000] demonstrates a method of extending this realization to classical arithmetic to find numerical witnesses to Σ 1 sentences and type 1 functions witnessing Π 2 sentences. This method of witness extraction was derived from the composition of an embedding of classical logic in intuitionistic logic, the Friedman-Dragalin transla- tion (first described in [Friedman, 1978] and [Dragalin, 1980]), and the Curry-Howard isomorphism. In this paper we extend this method to second order classical arithmetic. As with Avigad’s version, the actual embedding of classical logic in intuitionistic logic is un- usually simple; in particular, unlike the double-negation translation, an atomic formula φ in classical logic is unchanged in the intuitionistic embedding. This leads to a differ- ent type of equivalence between the theories: if we can prove φ in classical logic then φ¬¬^ can be proven in intuitionistic logic. By contrast, under the embedding used here, we will be able to prove instead that (¬φ)E^ ` ⊥. The embedding used here is simplified by not allowing implication or universal quantifiers in the classical language, instead building them in the usual way from nega- tion, disjunction, and existential quantifiers. This means that, for example, ∀xφ is embedded is ¬∃x¬φ: no universal quantifiers appear in the range of the embedding.

In order to find λ terms corresponding to intuitionistic proofs, the HRO^2 − mr realizability given in [Troelstra, 1973] will be used, based on Kreisel’s modified real- izability presented in [Kreisel, 1959] and [Kreisel, 1962]. The system HRO^2 encodes functionals as numbers and the modified realizability associates a type to each formula of HA^2 and a particular term of that type to each proof of the formula. We will show that each proof of a Σ 1 formula ∃xA(x) in HA^2 can be converted into a term t of HRO^2 such that analysis proves that t is defined and satisfies A for every value of any parameters appearing in A.

2 Preliminaries

A Tait style calculus based on the one in [Schwichtenberg, 1977] will be used for P A^2. The primary difference is that ¬ is taken as a connective, rather than a shorthand for the negation-normal form. Atomic formulae will be either of the form s = t or Xt 1... tn (where s, t, t 1 ,... , tn are terms and X is an n-ary second order variable). The connec- tives will be ¬, ∨, ∃, and ∃^2. Other connectives can be defined in the usual way. The rules of this system will be:

  1. Propositional Rules

(a) Γ, A, ¬A for any atomic A (b) From Γ, ¬φ and Γ, ¬ψ conclude Γ, ¬(φ ∨ ψ) (c) From Γ, φ conclude Γ, φ ∨ ψ and Γ, ψ ∨ φ (d) From Γ, φ and Γ, ¬φ conclude Γ

  1. Quantifier rules

(a) From Γ, ¬φ(y) conclude Γ, ¬∃xφ(x) if y does not occur free in any for- mula of Γ (b) From Γ, ¬φ(Y ) conclude Γ, ¬∃^2 Xφ(X) if Y does not occur free in any formula of Γ (c) From Γ, φ(t) conclude Γ, ∃xφ(x) (d) From Γ, φ(λ~y.B) conclude Γ, ∃^2 Xφ(X)

  1. Equality rules (quantifier free)
    • Γ, t = t for any term t
    • From Γ, t 1 = t 2 conclude Γ, t 2 = t 1 for any terms t 1 and t 2
    • From Γ, t 1 = t 2 and Γ, φ(t 1 ) conclude Γ, φ(t 2 ) for any terms t 1 and t 2
  2. Arithmetical rules

(a) Quantifier-free defining equations for all primitive recursive relations and functions

  • φN^ ≡ φ (for φ = Xt 1... tn)
  • φN^ ≡ φ ∨ α (for other atomic φ)
  • (¬φ)N^ ≡ φN^ → α
  • (φ ∨ ψ)N^ ≡ φN^ ∨ ψN
  • (∃xφ(x))N^ ≡ ∃xφ(x)N
  • (∃Xφ(X))N^ ≡ ∃Xφ(X)N

Lemma 1. The N -translation commutes with substitution:

φ(λ~y.B)N^ = (λY.φ(Y )N^ )(λ~y.BN^ )

or, equivalently: (φ[λ~y.B/Y ])N^ = φN^ [λ~y.BN^ /Y ]

Proof. By induction on φ(Y ). When φ(Y ) 6 = Y t 1... tn, just apply the inductive hypothesis. When φ(Y ) = Y t 1... tn then φ(λ~y.B)N^ = (Bt 1... tn)N^ = BN^ t 1... tn while (λY.φ(Y )N^ )(λy.BN^ ) = (λY.Y t 1... tn)(λ~y.BN^ ) = BN^ t 1... tn.

Lemma 2. If d : Γ is a proof in P A^2 then (¬Γ)N^ ` α is provable in HA^2_._

Proof. Proved by induction on the last step of d. The following two deductions will be used repeatedly: Γ, φ ⇒ α Γ ⇒ φ → α (φ → α) → α ⇒ (φ → α) → α Γ, (φ → α) → α ⇒ α

Γ, (φ → α) → α ⇒ α Γ ⇒ ((φ → α) → α) → α

φ ⇒ φ φ → α ⇒ φ → α φ, φ → α ⇒ α φ ⇒ (φ → α) → α Γ, φ ⇒ α

  • If d is just the axiom Γ, A, ¬A then either (¬A)N^ = A ∨ α → α and (¬¬A)N^ = (A ∨ α → α) → α or (¬A)N^ = A → α and (¬¬A)N^ = (A → α) → α. In either case, α follows by → E.
  • If d concludes Γ, ¬(φ ∨ ψ) from Γ, ¬φ and Γ, ¬ψ then: (¬Γ)N^ , (φN^ → α) → α ⇒ α (¬Γ)N^ , φN^ ⇒ α

(¬Γ)N^ , (ψN^ → α) → α ⇒ α (¬Γ)N^ , ψN^ ⇒ α (¬Γ)N^ , φN^ ∨ ψN^ ⇒ α (¬Γ)N^ , (φN^ ∨ ψN^ → α) → α ⇒ α

  • If d concludes Γ, φ ∨ ψ from Γ, φ (the case for Γ, ψ is similar) then:

(φN^ ∨ ψN^ ) → α ⇒ (φN^ ∨ ψN^ ) → α

φN^ ⇒ φN φN^ ⇒ φN^ ∨ ψN (φN^ ∨ ψN^ ) → α, φN^ ⇒ α (φN^ ∨ ψN^ ) → α ⇒ φN^ → α and (¬Γ)N^ , φN^ → α ⇒ α (¬Γ)N^ ⇒ (φN^ → α) → α (φN^ ∨ ψN^ ) → α ⇒ φN^ → α (¬Γ)N^ , (φN^ ∨ ψN^ ) → α ⇒ α

  • If d concludes Γ from Γ, φ and Γ, ¬φ then:

(¬Γ)N^ , φN^ → α ⇒ α (¬Γ)N^ ⇒ (φN^ → α) → α

(¬Γ)N^ , (φN^ → α) → α ⇒ α (¬Γ)N^ ⇒ ((φN^ → α) → α) → α (¬Γ)N^ ⇒ α

  • If d concludes Γ, ¬∃xφ(x) from Γ, ¬φ(y) then:

(¬Γ)N^ , (φ(y)N^ → α) → α ⇒ α (¬Γ)N^ , φ(y)N^ ⇒ α ∃xφ(x)N^ ⇒ ∃xφ(x)N (¬Γ)N^ , ∃xφ(x)N^ ⇒ α (¬Γ)N^ , (∃xφ(x)N^ → α) → α ⇒ α

  • If d concludes Γ, ∃xφ(x) from Γ, φ(t) then:

φ(t)N^ ⇒ φ(t)N φ(t)N^ ⇒ ∃xφ(x)N^ ∃xφ(x)N^ → α ⇒ ∃xφ(x)N^ → α ∃xφ(x)N^ → α, φ(t)N^ ⇒ α ∃xφ(x)N^ → α ⇒ φ(t)N^ → α and (¬Γ)N^ , φ(t)N^ → α ⇒ α (¬Γ)N^ ⇒ (φ(t)N^ → α) → α ∃xφ(x)N^ → α ⇒ φ(t)N^ → α (¬Γ)N^ , ∃xφ(x)N^ → α ⇒ α

  • If d concludes Γ, ¬∃xφ(x) from Γ, φ(0) and Γ, ¬φ(y), φ(Sy) then:

(¬Γ)N^ , φ(y)N^ → α, (φ(Sy)N^ → α) → α ⇒ α (¬Γ)N^ , φ(y)N^ → α, φ(Sy)N^ ⇒ α (¬Γ)N^ , φ(y)N^ → α ⇒ φ(Sy)N^ → α (¬Γ)N^ , (φ(0)N^ → α) → α ⇒ α (¬Γ)N^ , φ(0)N^ ⇒ α (¬Γ)N^ ⇒ φ(0)N^ → α (¬Γ)N^ , φ(y)N^ → α ⇒ φ(Sy)N^ → α (¬Γ)N^ ⇒ ∀x[φ(x)N^ → α] (¬Γ)N^ ⇒ φ(y)N^ → α φ(y)N^ ⇒ φ(y)N (¬Γ)N^ , φ(y)N^ ⇒ α

  • If σ, τ ∈ T then σ × τ ∈ T
  • If σ[αn] ∈ T then ∀αn.σ[αn] ∈ T
  • If σ[αn] ∈ T then ∃αn.σ[αn] ∈ T

HRO^2 is given by associating to each σ ∈ T a set of numbers Vσ (representing the numbers denoting functions of that type) and to each type variable α a variable Vα ranging over the sets Vσ :

  • All numbers are in V 0
  • If αn ∈ T is a type variable then there is a corresponding set variable Vαn
  • x ∈ Vσ→τ if for any y ∈ Vσ , {x}(y) ∈ Vτ
  • x ∈ Vσ×τ if (x) 0 ∈ Vσ and (x) 1 ∈ Vτ
  • x ∈ ∀αn.σ[αn] if for any V ∈ T , x ∈ Vσ[αn][V /Vαn ]
  • x ∈ ∃αn.σ[αn] if there is some V ∈ T such that x ∈ Vσ[αn][V /Vαn ]

Full details of the construction are given in [Troelstra, 1973].

5 Realizability

The modified realizability HRO^2 -mr assigns a predicate, Realizesφ from HRO^2 , to each formula φ of HA^2. A number realizes a formula φ when the term it represents executes a computation which demonstrates the truth of the formula. It is then possible to assign a specific term to a deduction d which realizes the conclusion of d. In order to define the realizability, it is first necessary to define a predicate which is satisfied when a number encodes a functional of the appropriate type to realize a for- mula. Following the notation in [Troelstra, 1973], a unary second order variable U (^) X^1 of HRO^2 is uniquely associated to each second order variable X of HA^2. For technical reasons, the set denoted by U (^) X^1 must contain 0 , so ∃U (^) X^1 will represent quantification only over those formulae which are satisfied by 0. Then:

  1. Types=t(x) ≡ [x = x] where x is not free in s or t
  2. TypeX~t(x) ≡ U (^) X^1 x
  3. Typeφ∨ψ (x) ≡ ((x) 0 = 0 → Typeφ((x) 1 )) ∧ ((x) 0 6 = 1 → Typeψ ((x) 1 ))
  4. Typeφ→ψ (x) ≡ ∀y(Typeφ(y) → {x}(y) ↓ ∧ Typeψ ({x}(y)))
  5. Type∃yφ(y)(x) ≡ Typeφ((x) 0 )((x) 1 )
  6. Type∃Xnφ(X)(x) ≡ ∃U (^) X^1 Typeφ(X)(x)

An n + 1-ary second order variable of HRO^2 , X∗, must be uniquely associated to each n-ary second order variable X of HA^2. Then the realizability is given by:

  1. Realizess=t(x) ≡ [s = t]
  2. RealizesX~t(x) ≡ X∗(x, ~t) ∧ TypeX~t(x)

Realizesφ∨ψ (x) ≡ ((x) 0 = 0 → Realizesφ((x) 1 )) ∧((x) 0 6 = 0 → Realizesψ ((x) 1 ))

Realizesφ→ψ (x) ≡ Typeφ→ψ (x) ∧∀y(Realizesφ(y) → {x}(y) ↓ ∧ Realizesψ ({x}(y)))

  1. Realizes∃yφ(y)(x) ≡ Realizesφ((x) 0 )((x) 1 )
  2. Realizes∃Xnφ(X)(x) ≡ ∃Y ∗∃U (^) Y^1 Realizesφ(Y )(x)

The rules of P A^2 are not sound for this realizability, but their N -translations are; for instance, there is no term corresponding to the axiom φ ∨ ¬φ, but φN^ → α, φN^ → α → α ` α does correspond to a term. In particular, if α = ∃xA(x) where A is a primitive recursive relation then we say x P A^2 -realizes a formula φ of P A^2 if RealizesφN (x). Note that Realizesα(x) ≡ A((x) 0 ), so

Type(¬φ)N (x) ≡ ∀y(TypeφN (y) → {x}(y) ↓)

Realizes(¬φ)N ≡ Type(¬φ)N (y) ∧ ∀y(RealizesφN (y) → {x}(y) ↓ ∧A(({x}(y)) 0 )) α may have additional free variables so long as they are renamed to be different from the eigenvalues in any application of the induction or ∀ rules. Any free vari- ables other than x will in general also be a free variable in Realizesφ. In this case, Realizesφ(t) means that t is a term (possibly with the same free variables as A) realiz- ing φ for every value of those variables. In general, we use αφ for a first order variable intended to satisfy TypeφN (αφ) and when Γ = {φ 1 ,... , φk} is a sequent, we intend αΓ = (αφ 1 ,... , αφk ) to be a sequence of variables such that TypeφNi (αφi ).

Lemma 3. 1. Write [∗] for [λx TypeB~y (x)/U (^) X^1 ]. Then

Typeφ(X~t)[∗] = Typeφ(B~t)

2. Write [†] for [λxλ~y RealizesB~y (x)/X∗]. Then

Realizesφ(X~t)(x)[∗][†] ↔ Realizesφ(B~t)(x)

Proof. 1. Proved by a straightforward induction on φ(X). When φ(X) = X~t then

TypeX~t(x)[∗] = U (^) X^1 (x)[∗] = TypeB~t(x)

The other cases just apply the inductive hypothesis.

  • d is any of the quantifier free axioms. Then Γ = {φ 1 ,... , φk} and at least one φi must be true, therefore it is never possible for α¬Γ to realize ¬Γ, so

Fd ≡ 0

  • d is an axiom of the form Γ, A, ¬A. Then:

Fd ≡ {ᬬA}(α¬A)

  • d concludes Γ, φ ∨ ψ from d′^ : Γ, φ (the case for d′^ : Γ, ψ is similar). Then:

Fd ≡ (λα¬φ.Fd′ )(pλαφ.{α¬(φ∨ψ)}(〈 0 , αφ)q)

  • d concludes Γ, ¬(φ ∨ ψ) from d 0 : Γ, ¬φ and d 1 : Γ, ¬ψ. Then primitive recursion can be used to define by cases:

F ′^ ≡ p

(λᬬφ.F 0 )(pλα¬φ.{α¬φ}((αφ∨ψ ) 1 )q) if (αφ∨ψ ) 0 = 0 (λᬬψ .F 1 )(pλα¬ψ .{α¬ψ }((αφ∨ψ ) 1 )q) if (αφ∨ψ ) 0 6 = 0 q

and define Fd ≡ {ᬬ(φ∨ψ)}(pλαφ∨ψ .F ′q)

  • d concludes Γ, ∃xφ(x) from d′^ : Γ, φ(t). If t has any free variables that do not occur in the conclusion the should be replaced with 0 in Fd′^. Then:

Fd = (λα¬φ(t).Fd′ )(pλαφ(t).{α¬∃xφ(x)}(〈t, αφ(t)〉)q)

  • d concludes Γ, ¬∃xφ(x) from d′^ : Γ, ¬φ(y). Then Fd′ is a term which may contain y free and y does not occur free in Γ. So:

Fd ≡ {ᬬ∃xφ(x)}(pλα∃xφ(x).(λyλᬬφ(y).Fd′ ) ((α∃xφ(x)) 0 )(λα¬φ(y).{α¬φ(y)}((α∃xφ(x)) 1 ))q)

  • d derives Γ from d 0 : Γ, ¬φ and d 1 : Γ, φ. Replace any free variables which appear in d 0 and d 1 but not in d with 0 (for first order variables) and (∀X^0 )X (for second order variables). Then:

Fd ≡ (λᬬφ.F 0 )(pλα¬φ.F 1 q)

  • d is a deduction of Γ, ¬∃xφ(x) from d 0 : Γ, ¬φ(0) and d 1 : Γ, φ(y), ¬φ(Sy). Then construct a function h by primitive recursion:

h(0) ≡ pλαφ(0).(λᬬφ(0).Fd 0 )(λα¬φ(0).{α¬φ(0)}(αφ(0)))q

h(Sy) ≡ p(λα¬φ(y).λαφ(Sy).(λᬬφ(Sy).Fd 1 ) (λα¬φ(Sy).{α¬φ(Sy)}(αφ(Sy))))(h(y))q Note that Realizes(¬φ(n))N (h(n)) for every n. Then:

Fd ≡ {ᬬ∃xφ(x)}(λα∃xφ(x).{h((α∃xφ(x)) 0 )}((α∃xφ(x)) 1 ))

  • d is a deduction of Γ, ∃Xφ(X) from d′^ : Γ, φ(λ~y.B)

Fd ≡ (λα¬φ(λ~y.B).Fd′^ )(pλαφ(λ~y.B).{α∃Xφ(X)}(αφ(λ~y.B))q)

Free variables appearing in d′^ but not d should be replaced.

  • d is a deduction of Γ, ¬∃Xφ(X) from d′^ : Γ, ¬φ(Y ) then:

Fd ≡ {ᬬ∃Xφ(X)}(pλα∃Xφ(X).[(λαφ(Y ).(λᬬφ(Y ).Fd′ ) (pλα¬φ(Y ).{α¬φ(Y )}(αφ(Y ))q))(α∃Xφ(X))]q)

Theorem 2. If d is a deduction of ∃xA(x) where A(x) is primitive recursive then it is possible to construct a term t of HRO^2 with the same free variables as ∃xA(x) such that A(t) holds for every value of those variables.

Proof. Cut d with a hypothesis h : ¬∃xA(x); this gives a proof d′^ of the empty sequent. Let Fh = {ᬬ∃xA(x)}(pλα∃xA(x).α∃xA(x)q). Then, applying the previous theorem, t = Fd′ is a term with no free variables, and therefore A((t) 0 ).

If A has free variables other than x, they will also, in general, be free variables in the corresponding term, so as an easy corollary we have:

Theorem 3. If f is some function and A is primitive recursive relation symbol repre- senting the graph of f and P A^2 ` ∀y∃xA(y, x) then there is a term t in HRO^2 with free variable y such that f = λy.t_._

Proof. Since P A^2 proves ∀y∃xA(y, x), there is also a P A^2 deduction d of ∃xA(y, x). Then the term (Fd) 0 given by the previous theorem suffices.

References

[Avigad, 2000] Avigad, J. (2000). A realizability interpretation for classical arith- metic. In Buss, H´ajek, and Pudl´ak, editors, Logic Colloquium ’98 , number 13 in Lecture Notes in Logic, pages 57–90. AK Peters.

[Dragalin, 1980] Dragalin, A. (1980). New forms of realizability and Markov’s rule (Russian). Doklady , 251:534–537. Translation SM 21, pp. 461–464.

[Friedman, 1978] Friedman, H. (1978). Higher Set Theory , volume 669 of Springer Lecture Notes , chapter Classically and Intuitionistically Provably Recursive Func- tions, pages 21–27. Springer.

[Kreisel, 1959] Kreisel, G. (1959). Interpretation of analysis by means of functionals of finite type. In Heyting, A., editor, Constructivity in Mathematics , pages 101–128. North-Holland.