From stdpp Require Import prelude finite.[Loading ML file ring_plugin.cmxs (using legacy method) ... done]
[Loading ML file zify_plugin.cmxs (using legacy method) ... done]
[Loading ML file micromega_plugin.cmxs (using legacy method) ... done]
[Loading ML file btauto_plugin.cmxs (using legacy method) ... done]
From Coq Require Import FunctionalExtensionality Reals.
From VLSM.Lib Require Import Preamble FinSetExtras.[Loading ML file coq-itauto.plugin ... done]
From VLSM.Lib Require Import Measurable RealsExtras.
From VLSM.Core Require Import VLSM MessageDependencies VLSMProjections Composition ProjectionTraces.
From VLSM.Core Require Import SubProjectionTraces AnnotatedVLSM Equivocation.
From VLSM.Core Require Import ByzantineTraces.FixedSetByzantineTraces.
From VLSM.Core Require Import Equivocation.FixedSetEquivocation.
From VLSM.Core Require Import Equivocation.LimitedMessageEquivocation.
From VLSM.Core Require Import Equivocation.MsgDepLimitedEquivocation.
From VLSM.Core Require Import Equivocation.TraceWiseEquivocation.

Core: VLSM Compositions with Byzantine Components of Limited Weight

In this module, we define and study protocol executions allowing a (weight-)limited amount of byzantine faults.

We will show that, if the non-byzantine components are validators for a composition constraint allowing only a limited amount of equivocation, then they do not distinguish between byzantine components and equivocating ones, that is, projections of traces with byzantine faults to the non-byzantine components are projections of traces of the composition of the regular components under a composition constraint allowing only a limited amount of equivocation.

Section sec_limited_byzantine_traces.

Context
  {message : Type}
  `{FinSet index Ci}
  `{!finite.Finite index}
  (IM : index -> VLSM message)
  `{forall i : index, HasBeenSentCapability (IM i)}
  `{forall i : index, HasBeenReceivedCapability (IM i)}
  (threshold : R)
  `{ReachableThreshold validator Cv threshold}
  `{!finite.Finite validator}
  (A : validator -> index)
  `{!Inj (=) (=) A}
  (sender : message -> option validator)
  .

We define the limited_byzantine_trace_property in two steps. First, we leverage the fixed_byzantine_trace_alt_property by assuming a fixed selection of byzantine components whose added weight is below the ReachableThreshold.

Definition fixed_limited_byzantine_trace_prop
  (s : composite_state IM)
  (tr : list (composite_transition_item IM))
  (byzantine_vs : Cv)
  (byzantine := fin_sets.set_map A byzantine_vs : Ci)
  : Prop
  := (sum_weights byzantine_vs <= threshold)%R /\
     fixed_byzantine_trace_alt_prop (Ci := Ci) IM byzantine A sender s tr.

The union of traces with the fixed_limited_byzantine_trace_property over all possible selections of (limited) byzantine components.

Definition limited_byzantine_trace_prop
  (s : composite_state IM)
  (tr : list (composite_transition_item IM))
  : Prop :=
  exists byzantine, fixed_limited_byzantine_trace_prop s tr byzantine.

Context
  `{FinSet message Cm}
  {is_equivocating_tracewise_no_has_been_sent_dec :
    RelDecision (is_equivocating_tracewise_no_has_been_sent IM A sender)}
  (limited_constraint := tracewise_limited_equivocation_constraint (Cv := Cv) IM threshold A sender)
  (Limited : VLSM message := composite_vlsm IM limited_constraint)
  (Hvalidator : forall i : index, component_message_validator_prop IM limited_constraint i)
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  (can_emit_signed : channel_authentication_prop IM A sender)
  (message_dependencies : message -> Cm)
  `{!Irreflexive (msg_dep_happens_before message_dependencies)}
  `{forall i, MessageDependencies (IM i) message_dependencies}
  (Hfull : forall i, message_dependencies_full_node_condition_prop (IM i) message_dependencies)
  .

Assuming the byzantine components are known

We will first fix a selection of byzantine components of limited weight and analyze traces with the fixed_limited_byzantine_trace_property w.r.t. that selection.

Section sec_fixed_limited_selection.

Context
  (byzantine_vs : Cv)
  (byzantine : Ci := fin_sets.set_map A byzantine_vs )
  (non_byzantine : Ci := difference (list_to_set (enum index)) byzantine)
  (Hlimit : (sum_weights byzantine_vs <= threshold)%R)
  (PreNonByzantine := preloaded_fixed_non_byzantine_vlsm IM byzantine A sender)
  (HBE : BasicEquivocation (composite_state IM) validator Cv threshold
    := equivocation_dec_tracewise IM threshold A sender)
  .

When replacing the byzantine components of a composite valid_state with initial states for those machines we obtain a state which is not_heavy.

Lemma limited_PreNonByzantine_valid_state_lift_not_heavy s
  (Hs : valid_state_prop PreNonByzantine s)
  (sX := lift_sub_state IM (elements non_byzantine) s)
  : not_heavy (1 := HBE) sX.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
not_heavy sX
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
not_heavy sX
  cut (equivocating_validators (1 := HBE) sX ⊆ byzantine_vs).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
equivocating_validators sX ⊆ byzantine_vs
→ not_heavy sX
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
equivocating_validators sX ⊆ byzantine_vs
  {message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
equivocating_validators sX ⊆ byzantine_vs
→ not_heavy sX
    intro Hincl.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
not_heavy sX
    unfold not_heavy.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
(equivocation_fault sX <= threshold)%R
    transitivity (sum_weights byzantine_vs); [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
(equivocation_fault sX <= sum_weights byzantine_vs)%R
    apply sum_weights_subseteq_list.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
NoDup (elements (equivocating_validators sX))
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
NoDup (elements byzantine_vs)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
elements (equivocating_validators sX)
⊆ elements byzantine_vs
    -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
NoDup (elements (equivocating_validators sX)) by apply NoDup_elements.
    -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
NoDup (elements byzantine_vs) by apply NoDup_elements.
    -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
elements (equivocating_validators sX)
⊆ elements byzantine_vs intros i Hi.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hincl: equivocating_validators sX ⊆ byzantine_vs
i: validator
Hi: i ∈ elements (equivocating_validators sX)
i ∈ elements byzantine_vs
      by apply elem_of_elements, Hincl, elem_of_elements, Hi.
  }message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
Hs: valid_state_prop PreNonByzantine s
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
equivocating_validators sX ⊆ byzantine_vs
  apply valid_state_has_trace in Hs as [is [tr Htr]].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
equivocating_validators sX ⊆ byzantine_vs
  specialize (preloaded_non_byzantine_vlsm_lift IM byzantine A sender)
    as Hproj.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
equivocating_validators sX ⊆ byzantine_vs
  apply (VLSM_embedding_finite_valid_trace_init_to Hproj) in Htr as Hpre_tr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
equivocating_validators sX ⊆ byzantine_vs
  intros v Hv.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
v: validator
Hv: v ∈ equivocating_validators sX
v ∈ byzantine_vs
  apply equivocating_validators_is_equivocating_tracewise_iff in Hv as Hvs'.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
v: validator
Hv: v ∈ equivocating_validators sX
Hvs': is_equivocating_tracewise_no_has_been_sent IM A
  sender sX v
v ∈ byzantine_vs
  specialize (Hvs' _ _ Hpre_tr).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
v: validator
Hv: v ∈ equivocating_validators sX
Hvs': ∃ m : message,
  sender m = Some v
  ∧ equivocation_in_trace
      (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM)) m
      (VLSM_embedding_finite_trace_project
        Hproj tr)
v ∈ byzantine_vs
  destruct Hvs' as [m0 [Hsender0 [preX [itemX [sufX [Htr_pr [Hm0 Heqv]]]]]]].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX: list transition_item
itemX: transition_item
sufX: list transition_item
Htr_pr: VLSM_embedding_finite_trace_project Hproj tr =
preX ++ itemX :: sufX
Hm0: input itemX = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  apply map_eq_app in Htr_pr as [pre [item_suf [Heqtr [Hpre_pr Hitem_suf_pr]]]].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX: list transition_item
itemX: transition_item
sufX, pre, item_suf: list transition_item
Heqtr: tr = pre ++ item_suf
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hitem_suf_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm
        IM byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) item_suf =
itemX :: sufX
Hm0: input itemX = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  apply map_eq_cons in Hitem_suf_pr as [item [suf [Heqitem_suf [Hitem_pr Hsuf_pr]]]].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
tr: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  tr
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     tr)
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX: list transition_item
itemX: transition_item
sufX, pre, item_suf: list transition_item
Heqtr: tr = pre ++ item_suf
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
item: transition_item
suf: list transition_item
Heqitem_suf: item_suf = item :: suf
Hitem_pr: pre_VLSM_embedding_transition_item_project
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))) item = itemX
Hsuf_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) suf = sufX
Hm0: input itemX = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  subst tr item_suf.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  (pre ++ item :: suf)
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX: list transition_item
itemX: transition_item
sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hitem_pr: pre_VLSM_embedding_transition_item_project
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))) item = itemX
Hsuf_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) suf = sufX
Hm0: input itemX = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs clear Hsuf_pr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  (pre ++ item :: suf)
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX: list transition_item
itemX: transition_item
sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hitem_pr: pre_VLSM_embedding_transition_item_project
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))) item = itemX
Hm0: input itemX = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  subst itemX.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  (pre ++ item :: suf)
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
     item) = 
Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs cbn in Hm0.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  (pre ++ item :: suf)
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  change (pre ++ item :: suf) with (pre ++ [item] ++ suf) in Htr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_init_to PreNonByzantine is s
  (pre ++ [item] ++ suf)
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  destruct Htr as [Htr Hinit].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_from_to PreNonByzantine is s
  (pre ++ [item] ++ suf)
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  apply (finite_valid_trace_from_to_app_split PreNonByzantine) in Htr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Htr: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
∧ finite_valid_trace_from_to PreNonByzantine
    (finite_trace_last is pre) s 
    ([item] ++ suf)
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  destruct Htr as [Hpre Hitem].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
Hitem: finite_valid_trace_from_to PreNonByzantine
  (finite_trace_last is pre) s 
  ([item] ++ suf)
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
v ∈ byzantine_vs
  apply (VLSM_embedding_finite_valid_trace_from_to Hproj) in Hpre as Hpre_pre.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
Hitem: finite_valid_trace_from_to PreNonByzantine
  (finite_trace_last is pre) s 
  ([item] ++ suf)
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
v ∈ byzantine_vs
  apply valid_trace_last_pstate in Hpre_pre as Hs_pre.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
Hitem: finite_valid_trace_from_to PreNonByzantine
  (finite_trace_last is pre) s 
  ([item] ++ suf)
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
v ∈ byzantine_vs
  apply (finite_valid_trace_from_to_app_split PreNonByzantine), proj1 in Hitem.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre: list transition_item
item: transition_item
suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
Hitem: finite_valid_trace_from_to PreNonByzantine
  (finite_trace_last is pre)
  (finite_trace_last
     (finite_trace_last is pre) [item]) [item]
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++ item :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
preX, sufX: list transition_item
Hpre_pr: map
  (pre_VLSM_embedding_transition_item_project
     (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
     (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
     (lift_sub_label IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))
     (lift_sub_state IM
        (elements
        (list_to_set (enum index)
        ∖ byzantine)))) pre = preX
Hm0: input item = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0 preX
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
v ∈ byzantine_vs
  inversion Hitem; subst; clear Htl Hitem.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
iom, oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := iom;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
sufX: list transition_item
Hm0: input
  {|
    l := l;
    input := iom;
    destination := s0;
    output := oom
  |} = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Ht: input_valid_transition PreNonByzantine l
  (finite_trace_last is pre, iom) (
  s0, oom)
v ∈ byzantine_vs simpl in Hm0.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
iom, oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := iom;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
m0: message
Hsender0: sender m0 = Some v
sufX: list transition_item
Hm0: iom = Some m0
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Ht: input_valid_transition PreNonByzantine l
  (finite_trace_last is pre, iom) (
  s0, oom)
v ∈ byzantine_vs subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Ht: input_valid_transition PreNonByzantine l
  (finite_trace_last is pre, Some m0) (
  s0, oom)
v ∈ byzantine_vs
  destruct Ht as [[_ [_ [_ [Hc _]]]] _].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hc: NoEquivocation.composite_no_equivocations_except_from
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (fixed_set_signed_message IM byzantine A sender)
  l (finite_trace_last is pre, Some m0)
v ∈ byzantine_vs
  destruct Hc as [[sub_i Hsenti] | Hemit].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
sub_i: sub_index
  (elements
     (list_to_set (enum index) ∖ byzantine))
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     sub_i)
  ((finite_trace_last is pre, Some m0).1
     sub_i) m0
v ∈ byzantine_vs
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
v ∈ byzantine_vs
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
sub_i: sub_index
  (elements
     (list_to_set (enum index) ∖ byzantine))
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     sub_i)
  ((finite_trace_last is pre, Some m0).1
     sub_i) m0
v ∈ byzantine_vs destruct_dec_sig sub_i i Hi Heqsub_i; subst sub_i.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
v ∈ byzantine_vs
    assert (Hsent : composite_has_been_sent IM
                      (lift_sub_state IM (elements non_byzantine) (finite_trace_last is pre)) m0).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
composite_has_been_sent IM
  (lift_sub_state IM (elements non_byzantine)
     (finite_trace_last is pre)) m0
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
Hsent: composite_has_been_sent IM
  (lift_sub_state IM 
     (elements non_byzantine)
     (finite_trace_last is pre)) m0
v ∈ byzantine_vs
    {message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
composite_has_been_sent IM
  (lift_sub_state IM (elements non_byzantine)
     (finite_trace_last is pre)) m0
      exists i.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
has_been_sent (IM i)
  (lift_sub_state IM (elements non_byzantine)
     (finite_trace_last is pre) i) m0
      unfold lift_sub_state.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
has_been_sent (IM i)
  (lift_sub_state_to IM (elements non_byzantine)
     (λ n : index, `(vs0 (IM n)))
     (finite_trace_last is pre) i) m0
      by rewrite (lift_sub_state_to_eq _ _ _ _ _ Hi).
    }message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
Hsent: composite_has_been_sent IM
  (lift_sub_state IM 
     (elements non_byzantine)
     (finite_trace_last is pre)) m0
v ∈ byzantine_vs
    apply (composite_proper_sent IM) in Hsent; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
Hsent: selected_message_exists_in_all_preloaded_traces
  (free_composite_vlsm IM)
  (field_selector output)
  (lift_sub_state IM 
     (elements non_byzantine)
     (finite_trace_last is pre)) m0
v ∈ byzantine_vs
    apply (VLSM_embedding_initial_state Hproj) in Hinit.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     is)
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Hsenti: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
  ((finite_trace_last is pre, Some m0).1
     (dexist i Hi)) m0
Hsent: selected_message_exists_in_all_preloaded_traces
  (free_composite_vlsm IM)
  (field_selector output)
  (lift_sub_state IM 
     (elements non_byzantine)
     (finite_trace_last is pre)) m0
v ∈ byzantine_vs
    by specialize (Hsent _ _ (conj Hpre_pre Hinit)).
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
v ∈ byzantine_vs specialize (proj1 Hemit) as [i [Hi Hsigned]].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: channel_authenticated_message A sender i m0
v ∈ byzantine_vs
    subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: channel_authenticated_message A sender i m0
v ∈ byzantine_vs
    destruct (decide (i ∈ byzantine)).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: channel_authenticated_message A sender i m0
e: i ∈ byzantine
v ∈ byzantine_vs
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: channel_authenticated_message A sender i m0
n: i ∉ byzantine
v ∈ byzantine_vs
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: channel_authenticated_message A sender i m0
e: i ∈ byzantine
v ∈ byzantine_vs unfold channel_authenticated_message in Hsigned.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: option_map A (sender m0) = Some i
e: i ∈ byzantine
v ∈ byzantine_vs
      rewrite Hsender0 in Hsigned.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: option_map A (Some v) = Some i
e: i ∈ byzantine
v ∈ byzantine_vs
      apply Some_inj in Hsigned; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
Hi: A v
∉ elements (list_to_set (enum index) ∖ byzantine)
e: A v ∈ byzantine
v ∈ byzantine_vs
      by revert e; apply elem_of_set_map_inj.
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i
∉ elements (list_to_set (enum index) ∖ byzantine)
Hsigned: channel_authenticated_message A sender i m0
n: i ∉ byzantine
v ∈ byzantine_vs rewrite elem_of_elements in Hi.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hi: i ∉ list_to_set (enum index) ∖ byzantine
Hsigned: channel_authenticated_message A sender i m0
n: i ∉ byzantine
v ∈ byzantine_vs
      contradict Hi.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hsigned: channel_authenticated_message A sender i m0
n: i ∉ byzantine
i ∈ list_to_set (enum index) ∖ byzantine
      apply elem_of_difference; split; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s, is: state PreNonByzantine
pre, suf: list transition_item
Hpre: finite_valid_trace_from_to PreNonByzantine is
  (finite_trace_last is pre) pre
s0: state PreNonByzantine
oom: option message
l: label PreNonByzantine
Hinit: initial_state_prop is
sX:= lift_sub_state IM (elements non_byzantine) s: composite_state IM
Hproj: VLSM_embedding
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_label IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
m0: message
Hpre_tr: finite_valid_trace_init_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) s)
  (VLSM_embedding_finite_trace_project Hproj
     (pre ++
      {|
        l := l;
        input := Some m0;
        destination := s0;
        output := oom
      |} :: suf))
v: validator
Hv: v ∈ equivocating_validators sX
Hsender0: sender m0 = Some v
sufX: list transition_item
Heqv: ¬ trace_has_message 
    (field_selector output) m0
    (map
       (pre_VLSM_embedding_transition_item_project
        (preloaded_fixed_non_byzantine_vlsm IM
        byzantine A sender)
        (preloaded_with_all_messages_vlsm
        (free_composite_vlsm IM))
        (lift_sub_label IM
        (elements
        (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
        (elements
        (list_to_set (enum index) ∖ byzantine))))
       pre)
Hpre_pre: finite_valid_trace_from_to
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine)) is)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
        ∖ byzantine))
     (finite_trace_last is pre))
  (VLSM_embedding_finite_trace_project
     Hproj pre)
Hs_pre: valid_state_prop
  (preloaded_with_all_messages_vlsm
     (free_composite_vlsm IM))
  (lift_sub_state IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (finite_trace_last is pre))
Hemit: fixed_set_signed_message IM byzantine A sender
  m0
i: index
Hsigned: channel_authenticated_message A sender i m0
n: i ∉ byzantine
i ∈ list_to_set (enum index)
      by apply elem_of_list_to_set, elem_of_enum.
Qed.

Existing Instance HBE.

When replacing the byzantine components of a composite valid_state with initial states for those machines validity of transitions for the non-byzantine components is preserved.

Lemma limited_PreNonByzantine_lift_valid
  : weak_embedding_valid_preservation PreNonByzantine Limited
    (lift_sub_label IM (elements non_byzantine))
    (lift_sub_state IM (elements non_byzantine)).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
weak_embedding_valid_preservation PreNonByzantine
  Limited (lift_sub_label IM (elements non_byzantine))
  (lift_sub_state IM (elements non_byzantine))
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
weak_embedding_valid_preservation PreNonByzantine
  Limited (lift_sub_label IM (elements non_byzantine))
  (lift_sub_state IM (elements non_byzantine))
  intros l s om Hv HsY HomY.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
valid (lift_sub_label IM (elements non_byzantine) l)
  (lift_sub_state IM (elements non_byzantine) s, om)
  repeat split; [by rapply @lift_sub_valid; apply Hv |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
limited_constraint
  (lift_sub_label IM (elements non_byzantine) l)
  (lift_sub_state IM (elements non_byzantine) s, om)
  hnf.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
LimitedEquivocationProp IM threshold is_equivocating
  (composite_transition IM
     (lift_sub_label IM (elements non_byzantine) l)
     (lift_sub_state IM (elements non_byzantine) s, om)).1
  destruct (composite_transition (sub_IM IM (elements non_byzantine)) l (s, om))
    as [s' om'] eqn: Ht.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
s': composite_state
  (sub_IM IM (elements non_byzantine))
om': option message
Ht: composite_transition
  (sub_IM IM (elements non_byzantine)) l (
  s, om) = (
s', om')
LimitedEquivocationProp IM threshold is_equivocating
  (composite_transition IM
     (lift_sub_label IM (elements non_byzantine) l)
     (lift_sub_state IM (elements non_byzantine) s, om)).1
  apply (lift_sub_transition IM (elements non_byzantine)) in Ht as HtX.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
s': composite_state
  (sub_IM IM (elements non_byzantine))
om': option message
Ht: composite_transition
  (sub_IM IM (elements non_byzantine)) l (
  s, om) = (
s', om')
HtX: composite_transition IM
  (lift_sub_label IM (elements non_byzantine) l)
  (lift_sub_state IM (elements non_byzantine) s,
   om) =
(lift_sub_state IM (elements non_byzantine) s',
 om')
LimitedEquivocationProp IM threshold is_equivocating
  (composite_transition IM
     (lift_sub_label IM (elements non_byzantine) l)
     (lift_sub_state IM (elements non_byzantine) s, om)).1
  simpl in HtX |- *; rewrite HtX; simpl.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
s': composite_state
  (sub_IM IM (elements non_byzantine))
om': option message
Ht: composite_transition
  (sub_IM IM (elements non_byzantine)) l (
  s, om) = (
s', om')
HtX: (let (si', om') :=
   transition 
     (projT2 l)
     (lift_sub_state IM 
        (elements non_byzantine) s 
        (`(projT1 l)), om) in
 (state_update IM
    (lift_sub_state IM 
       (elements non_byzantine) s) 
    (`(projT1 l)) si', om')) =
(lift_sub_state IM (elements non_byzantine) s',
 om')
LimitedEquivocationProp IM threshold
  (is_equivocating_tracewise_no_has_been_sent IM A
     sender)
  (lift_sub_state IM (elements non_byzantine) s')
  change (is_equivocating_tracewise_no_has_been_sent _ _ _) with is_equivocating.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
Hv: input_valid PreNonByzantine l (s, om)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
HomY: option_valid_message_prop Limited om
s': composite_state
  (sub_IM IM (elements non_byzantine))
om': option message
Ht: composite_transition
  (sub_IM IM (elements non_byzantine)) l (
  s, om) = (
s', om')
HtX: (let (si', om') :=
   transition 
     (projT2 l)
     (lift_sub_state IM 
        (elements non_byzantine) s 
        (`(projT1 l)), om) in
 (state_update IM
    (lift_sub_state IM 
       (elements non_byzantine) s) 
    (`(projT1 l)) si', om')) =
(lift_sub_state IM (elements non_byzantine) s',
 om')
LimitedEquivocationProp IM threshold is_equivocating
  (lift_sub_state IM (elements non_byzantine) s')
  by eapply tracewise_not_heavy_LimitedEquivocationProp_iff,
    limited_PreNonByzantine_valid_state_lift_not_heavy,
    input_valid_transition_destination.
Qed.

By replacing the byzantine components of a composite valid_state with initial states for those machines and ignoring transitions for byzantine components we obtain valid traces for the Limited equivocation composition.

Lemma limited_PreNonByzantine_vlsm_lift
  : VLSM_embedding PreNonByzantine Limited
      (lift_sub_label IM (elements non_byzantine))
      (lift_sub_state IM (elements non_byzantine)).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
VLSM_embedding PreNonByzantine Limited
  (lift_sub_label IM (elements non_byzantine))
  (lift_sub_state IM (elements non_byzantine))
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
VLSM_embedding PreNonByzantine Limited
  (lift_sub_label IM (elements non_byzantine))
  (lift_sub_state IM (elements non_byzantine))
  apply basic_VLSM_embedding; intros ? *.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
input_valid PreNonByzantine l (s, om)
→ valid_state_prop Limited
    (lift_sub_state IM (elements non_byzantine) s)
  → option_valid_message_prop Limited om
    → valid
        (lift_sub_label IM (elements non_byzantine) l)
        (lift_sub_state IM (elements non_byzantine) s,
         om)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
s': state PreNonByzantine
om': option message
input_valid_transition PreNonByzantine l (
  s, om) (
  s', om')
→ transition
    (lift_sub_label IM (elements non_byzantine) l)
    (lift_sub_state IM (elements non_byzantine) s, om) =
  (lift_sub_state IM (elements non_byzantine) s', om')
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
initial_state_prop s
→ initial_state_prop
    (lift_sub_state IM (elements non_byzantine) s)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
input_valid PreNonByzantine l (s, Some m)
→ valid_state_prop Limited
    (lift_sub_state IM (elements non_byzantine) s)
  → initial_message_prop m
    → valid_message_prop Limited m
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
input_valid PreNonByzantine l (s, om)
→ valid_state_prop Limited
    (lift_sub_state IM (elements non_byzantine) s)
  → option_valid_message_prop Limited om
    → valid
        (lift_sub_label IM (elements non_byzantine) l)
        (lift_sub_state IM (elements non_byzantine) s,
         om) by intros; apply limited_PreNonByzantine_lift_valid.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
om: option message
s': state PreNonByzantine
om': option message
input_valid_transition PreNonByzantine l (s, om)
  (s', om')
→ transition
    (lift_sub_label IM (elements non_byzantine) l)
    (lift_sub_state IM (elements non_byzantine) s, om) =
  (lift_sub_state IM (elements non_byzantine) s', om') by intros * []; rapply lift_sub_transition.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
s: state PreNonByzantine
initial_state_prop s
→ initial_state_prop
    (lift_sub_state IM (elements non_byzantine) s) by intros; apply (lift_sub_state_initial IM).
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
input_valid PreNonByzantine l (s, Some m)
→ valid_state_prop Limited
    (lift_sub_state IM (elements non_byzantine) s)
  → initial_message_prop m
    → valid_message_prop Limited m intros Hv HsY [[sub_i [[im Him] Heqm]] | Hseeded].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
sub_i: sub_index
  (elements
     (list_to_set (enum index) ∖ byzantine))
im: message
Him: initial_message_prop im
Heqm: `(im ↾ Him) = m
valid_message_prop Limited m
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
Hseeded: fixed_set_signed_message IM byzantine A
  sender m
valid_message_prop Limited m
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
sub_i: sub_index
  (elements
     (list_to_set (enum index) ∖ byzantine))
im: message
Him: initial_message_prop im
Heqm: `(im ↾ Him) = m
valid_message_prop Limited m cbn in Heqm; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
sub_i: sub_index
  (elements
     (list_to_set (enum index) ∖ byzantine))
Him: initial_message_prop m
valid_message_prop Limited m
      destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
Him: initial_message_prop m
valid_message_prop Limited m
      unfold sub_IM in Him; cbn in Him; clear -Him.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
sender: message → option validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
m: message
i: index
Him: initial_message_prop m
valid_message_prop Limited m
      apply initial_message_is_valid.message, index: Type
EqDecision0: EqDecision index
IM: index → VLSM message
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
sender: message → option validator
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
m: message
i: index
Him: initial_message_prop m
initial_message_prop m
      by exists i, (exist _ m Him).
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
Hseeded: fixed_set_signed_message IM byzantine A
  sender m
valid_message_prop Limited m destruct Hseeded as (Hsigned & i & Hi & li & si & Hpre_valid).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
PreNonByzantine:= preloaded_fixed_non_byzantine_vlsm IM
  byzantine A sender: VLSM message
HBE:= equivocation_dec_tracewise IM threshold A sender: BasicEquivocation 
  (composite_state IM) validator Cv threshold
l: label PreNonByzantine
s: state PreNonByzantine
m: message
Hv: input_valid PreNonByzantine l (s, Some m)
HsY: valid_state_prop Limited
  (lift_sub_state IM (elements non_byzantine) s)
Hsigned: non_sub_index_authenticated_message
  (elements
     (list_to_set (enum index) ∖ byzantine))
  A sender m
i: index
Hi: i ∈ list_to_set (enum index) ∖ byzantine
li: label (preloaded_with_all_messages_vlsm (IM i))
si: state (preloaded_with_all_messages_vlsm (IM i))
Hpre_valid: input_constrained (IM i) li (si, Some m)
valid_message_prop Limited m
      by eapply Hvalidator.
Qed.

End sec_fixed_limited_selection.

Given a trace with the fixed_limited_byzantine_trace_property for a selection of byzantine components, there exists a valid trace for the Limited equivocation composition such that the projection of the two traces to the non-byzantine components coincide.

Lemma validator_fixed_limited_non_byzantine_traces_are_limited_non_equivocating s tr byzantine_vs
  (byzantine : Ci := fin_sets.set_map A byzantine_vs)
  (not_byzantine : Ci := difference (list_to_set (enum index)) byzantine)
  : fixed_limited_byzantine_trace_prop s tr byzantine_vs ->
    exists bs btr,
      finite_valid_trace Limited bs btr /\
      composite_state_sub_projection IM (elements not_byzantine) s =
      composite_state_sub_projection IM (elements not_byzantine) bs /\
      finite_trace_sub_projection IM (elements not_byzantine) tr =
      finite_trace_sub_projection IM (elements not_byzantine) btr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
fixed_limited_byzantine_trace_prop s tr byzantine_vs
→ ∃ (bs : state Limited) (btr : list transition_item),
    finite_valid_trace Limited bs btr
    ∧ composite_state_sub_projection IM
        (elements not_byzantine) s =
      composite_state_sub_projection IM
        (elements not_byzantine) bs
      ∧ finite_trace_sub_projection IM
          (elements not_byzantine) tr =
        finite_trace_sub_projection IM
          (elements not_byzantine) btr
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
fixed_limited_byzantine_trace_prop s tr byzantine_vs
→ ∃ (bs : state Limited) (btr : list transition_item),
    finite_valid_trace Limited bs btr
    ∧ composite_state_sub_projection IM
        (elements not_byzantine) s =
      composite_state_sub_projection IM
        (elements not_byzantine) bs
      ∧ finite_trace_sub_projection IM
          (elements not_byzantine) tr =
        finite_trace_sub_projection IM
          (elements not_byzantine) btr
  intros [Hlimit Hfixed].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
∃ (bs : state Limited) (btr : list transition_item),
  finite_valid_trace Limited bs btr
  ∧ composite_state_sub_projection IM
      (elements not_byzantine) s =
    composite_state_sub_projection IM
      (elements not_byzantine) bs
    ∧ finite_trace_sub_projection IM
        (elements not_byzantine) tr =
      finite_trace_sub_projection IM
        (elements not_byzantine) btr
  eexists _, _; split.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
finite_valid_trace Limited ?Goal ?Goal0
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
composite_state_sub_projection IM
  (elements not_byzantine) s =
composite_state_sub_projection IM
  (elements not_byzantine) 
  ?Goal
∧ finite_trace_sub_projection IM
    (elements not_byzantine) tr =
  finite_trace_sub_projection IM
    (elements not_byzantine) 
    ?Goal0
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
finite_valid_trace Limited ?Goal ?Goal0 by apply (VLSM_embedding_finite_valid_trace
            (limited_PreNonByzantine_vlsm_lift byzantine_vs Hlimit)).
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
composite_state_sub_projection IM
  (elements not_byzantine) s =
composite_state_sub_projection IM
  (elements not_byzantine)
  (lift_sub_state IM
     (elements
        (list_to_set (enum index)
         ∖ set_map A byzantine_vs))
     (composite_state_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine_vs)) s))
∧ finite_trace_sub_projection IM
    (elements not_byzantine) tr =
  finite_trace_sub_projection IM
    (elements not_byzantine)
    (VLSM_embedding_finite_trace_project
       (limited_PreNonByzantine_vlsm_lift byzantine_vs
          Hlimit)
       (finite_trace_sub_projection IM
          (elements
             (list_to_set (enum index)
              ∖ set_map A byzantine_vs)) tr)) unfold lift_sub_state.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
composite_state_sub_projection IM
  (elements not_byzantine) s =
composite_state_sub_projection IM
  (elements not_byzantine)
  (lift_sub_state_to IM
     (elements
        (list_to_set (enum index)
         ∖ set_map A byzantine_vs))
     (λ n : index, `(vs0 (IM n)))
     (composite_state_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine_vs)) s))
∧ finite_trace_sub_projection IM
    (elements not_byzantine) tr =
  finite_trace_sub_projection IM
    (elements not_byzantine)
    (VLSM_embedding_finite_trace_project
       (limited_PreNonByzantine_vlsm_lift byzantine_vs
          Hlimit)
       (finite_trace_sub_projection IM
          (elements
             (list_to_set (enum index)
              ∖ set_map A byzantine_vs)) tr))
    rewrite composite_state_sub_projection_lift_to.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
composite_state_sub_projection IM
  (elements not_byzantine) s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine_vs)) s
∧ finite_trace_sub_projection IM
    (elements not_byzantine) tr =
  finite_trace_sub_projection IM
    (elements not_byzantine)
    (VLSM_embedding_finite_trace_project
       (limited_PreNonByzantine_vlsm_lift byzantine_vs
          Hlimit)
       (finite_trace_sub_projection IM
          (elements
             (list_to_set (enum index)
              ∖ set_map A byzantine_vs)) tr))
    split; [done |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
not_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimit: (sum_weights byzantine_vs <= threshold)%R
Hfixed: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine_vs) A sender s tr
finite_trace_sub_projection IM
  (elements not_byzantine) tr =
finite_trace_sub_projection IM
  (elements not_byzantine)
  (VLSM_embedding_finite_trace_project
     (limited_PreNonByzantine_vlsm_lift byzantine_vs
        Hlimit)
     (finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine_vs)) tr))
    by symmetry; apply composite_trace_sub_projection_lift.
Qed.

The main result

Given any trace with the limited_byzantine_trace_property, there exists a valid trace for the Limited equivocation composition and a selection of components of limited weight such that the projection of the two traces to the components not in the selection coincide.

Lemma validator_limited_non_byzantine_traces_are_limited_non_equivocating s tr
  : limited_byzantine_trace_prop s tr ->
    exists bs btr,
      finite_valid_trace Limited bs btr /\
      exists (selection_vs : Cv)
        (selection : Ci := fin_sets.set_map A selection_vs)
        (selection_complement := difference (list_to_set (enum index)) selection),
        (sum_weights selection_vs <= threshold)%R /\
        composite_state_sub_projection IM (elements selection_complement) s =
        composite_state_sub_projection IM (elements selection_complement) bs /\
        finite_trace_sub_projection IM (elements selection_complement) tr =
        finite_trace_sub_projection IM (elements selection_complement) btr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
limited_byzantine_trace_prop s tr
→ ∃ (bs : state Limited) (btr : list transition_item),
    finite_valid_trace Limited bs btr
    ∧ (∃ selection_vs : Cv,
         let selection := set_map A selection_vs in
         let selection_complement :=
           list_to_set (enum index) ∖ selection in
         (sum_weights selection_vs <= threshold)%R
         ∧ composite_state_sub_projection IM
             (elements selection_complement) s =
           composite_state_sub_projection IM
             (elements selection_complement) bs
           ∧ finite_trace_sub_projection IM
               (elements selection_complement) tr =
             finite_trace_sub_projection IM
               (elements selection_complement) btr)
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
limited_byzantine_trace_prop s tr
→ ∃ (bs : state Limited) (btr : list transition_item),
    finite_valid_trace Limited bs btr
    ∧ (∃ selection_vs : Cv,
         let selection := set_map A selection_vs in
         let selection_complement :=
           list_to_set (enum index) ∖ selection in
         (sum_weights selection_vs <= threshold)%R
         ∧ composite_state_sub_projection IM
             (elements selection_complement) s =
           composite_state_sub_projection IM
             (elements selection_complement) bs
           ∧ finite_trace_sub_projection IM
               (elements selection_complement) tr =
             finite_trace_sub_projection IM
               (elements selection_complement) btr)
  intros [byzantine Hlimited].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: fixed_limited_byzantine_trace_prop s tr
  byzantine
∃ (bs : state Limited) (btr : list transition_item),
  finite_valid_trace Limited bs btr
  ∧ (∃ selection_vs : Cv,
       let selection := set_map A selection_vs in
       let selection_complement :=
         list_to_set (enum index) ∖ selection in
       (sum_weights selection_vs <= threshold)%R
       ∧ composite_state_sub_projection IM
           (elements selection_complement) s =
         composite_state_sub_projection IM
           (elements selection_complement) bs
         ∧ finite_trace_sub_projection IM
             (elements selection_complement) tr =
           finite_trace_sub_projection IM
             (elements selection_complement) btr)
  apply proj1 in Hlimited as Hlimit.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: fixed_limited_byzantine_trace_prop s tr
  byzantine
Hlimit: (sum_weights byzantine <= threshold)%R
∃ (bs : state Limited) (btr : list transition_item),
  finite_valid_trace Limited bs btr
  ∧ (∃ selection_vs : Cv,
       let selection := set_map A selection_vs in
       let selection_complement :=
         list_to_set (enum index) ∖ selection in
       (sum_weights selection_vs <= threshold)%R
       ∧ composite_state_sub_projection IM
           (elements selection_complement) s =
         composite_state_sub_projection IM
           (elements selection_complement) bs
         ∧ finite_trace_sub_projection IM
             (elements selection_complement) tr =
           finite_trace_sub_projection IM
             (elements selection_complement) btr)
  apply validator_fixed_limited_non_byzantine_traces_are_limited_non_equivocating
    in Hlimited
    as [bs [btr [Hlimited [Hs_pr Htr_pr]]]].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
A: validator → index
Inj0: Inj eq eq A
sender: message → option validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
is_equivocating_tracewise_no_has_been_sent_dec: RelDecision
  (is_equivocating_tracewise_no_has_been_sent
     IM A sender)
limited_constraint:= tracewise_limited_equivocation_constraint
  IM threshold A sender: composite_label IM
→ composite_state IM *
  option message → Prop
Limited:= composite_vlsm IM limited_constraint: VLSM message
Hvalidator: ∀ i : index,
  component_message_validator_prop IM
    limited_constraint i
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
can_emit_signed: channel_authentication_prop IM A
  sender
message_dependencies: message → Cm
Irreflexive0: Irreflexive
  (msg_dep_happens_before
     message_dependencies)
H28: ∀ i : index,
  MessageDependencies 
    (IM i) message_dependencies
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
bs: state Limited
btr: list transition_item
Hlimited: finite_valid_trace Limited bs btr
Hs_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) bs
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) btr
Hlimit: (sum_weights byzantine <= threshold)%R
∃ (bs : state Limited) (btr : list transition_item),
  finite_valid_trace Limited bs btr
  ∧ (∃ selection_vs : Cv,
       let selection := set_map A selection_vs in
       let selection_complement :=
         list_to_set (enum index) ∖ selection in
       (sum_weights selection_vs <= threshold)%R
       ∧ composite_state_sub_projection IM
           (elements selection_complement) s =
         composite_state_sub_projection IM
           (elements selection_complement) bs
         ∧ finite_trace_sub_projection IM
             (elements selection_complement) tr =
           finite_trace_sub_projection IM
             (elements selection_complement) btr)
  by exists bs, btr; eauto.
Qed.

End sec_limited_byzantine_traces.

Section sec_msg_dep_limited_byzantine_traces.

Context
  {message : Type}
  `{FinSet index Ci}
  `{!finite.Finite index}
  (IM : index -> VLSM message)
  `{forall i, HasBeenSentCapability (IM i)}
  `{forall i, HasBeenReceivedCapability (IM i)}
  (threshold : R)
  `{ReachableThreshold validator Cv threshold}
  `{!finite.Finite validator}
  `{FinSet message Cm}
  (message_dependencies : message -> Cm)
  (full_message_dependencies : message -> Cm)
  `{!FullMessageDependencies message_dependencies full_message_dependencies}
  `{forall i, MessageDependencies (IM i) message_dependencies}
  (sender : message -> option validator)
  (A : validator -> index)
  `{!Inj (=) (=) A}
  (Limited := msg_dep_limited_equivocation_vlsm (Cv := Cv)
    IM threshold full_message_dependencies sender)
  (no_initial_messages_in_IM : no_initial_messages_in_IM_prop IM)
  (Hchannel : channel_authentication_prop IM A sender)
  (Hvalidator :
    forall i : index,
      msg_dep_limited_equivocation_message_validator_prop (Cv := Cv)
        IM threshold full_message_dependencies sender i)
  (Hfull : forall i, message_dependencies_full_node_condition_prop (IM i) message_dependencies)
  .

If the set of byzantine components is weight-limited and if an input_valid_transition of the non-byzantine components from a state of weight-limited equivocation does not introduce equivocators from the non-byzantine components, then the transition is valid for weight-limited equivocation.

Lemma lift_preloaded_fixed_non_byzantine_valid_transition_to_limited
  (byzantine_vs : Cv)
  (byzantine : Ci := fin_sets.set_map A byzantine_vs)
  (non_byzantine := difference (list_to_set (enum index)) byzantine)
  (Hlimited : (sum_weights byzantine_vs <= threshold)%R)
  sub_l sub_s iom sub_sf oom
  (Ht_sub : input_valid_transition
      (preloaded_fixed_non_byzantine_vlsm IM byzantine A sender)
      sub_l (sub_s, iom) (sub_sf, oom))
  ann_s
  (Hann_s : valid_state_prop Limited ann_s)
  (Hann_s_pr : original_state ann_s = lift_sub_state IM (elements non_byzantine) sub_s)
  (ann' := msg_dep_composite_transition_message_equivocators IM full_message_dependencies sender
      (lift_sub_label IM (elements non_byzantine) sub_l) (ann_s, iom))
  (Heqv_byzantine : ann' ⊆ byzantine_vs)
  : input_valid_transition Limited
      (lift_sub_label IM (elements non_byzantine) sub_l) (ann_s, iom)
      (mk_annotated_state (free_composite_vlsm IM) Cv
        (lift_sub_state IM (elements non_byzantine) sub_sf) ann',
      oom).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
sub_l: label
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) sub_l (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     sub_l) (ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
input_valid_transition Limited
  (lift_sub_label IM (elements non_byzantine) sub_l)
  (ann_s, iom)
  ({|
     original_state :=
       lift_sub_state IM (elements non_byzantine)
         sub_sf;
     state_annotation := ann'
   |}, oom)
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
sub_l: label
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) sub_l (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     sub_l) (ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
input_valid_transition Limited
  (lift_sub_label IM (elements non_byzantine) sub_l)
  (ann_s, iom)
  ({|
     original_state :=
       lift_sub_state IM (elements non_byzantine)
         sub_sf;
     state_annotation := ann'
   |}, oom)
  destruct sub_l as [sub_i li]; destruct_dec_sig sub_i i Hi Heqsub_i; subst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
input_valid_transition Limited
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (ann_s, iom)
  ({|
     original_state :=
       lift_sub_state IM (elements non_byzantine)
         sub_sf;
     state_annotation := ann'
   |}, oom)
  repeat split; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
valid_state_prop Limited ann_s
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
option_valid_message_prop Limited iom
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
valid li (original_state ann_s i, iom)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
coeqv_limited_equivocation_constraint IM threshold
  sender
  (msg_dep_coequivocating_senders IM
     full_message_dependencies sender)
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
annotated_transition (free_composite_vlsm IM) Cv
  (coeqv_composite_transition_message_equivocators IM
     sender
     (msg_dep_coequivocating_senders IM
        full_message_dependencies sender))
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom) =
({|
   original_state :=
     lift_sub_state IM (elements non_byzantine) sub_sf;
   state_annotation :=
     match iom with
     | Some m =>
         state_annotation ann_s
         ∪ coeqv_message_equivocators IM sender
             (msg_dep_coequivocating_senders IM
                full_message_dependencies sender)
             (original_state ann_s) m
     | None => state_annotation ann_s
     end
 |}, oom)
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
valid_state_prop Limited ann_s done.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
option_valid_message_prop Limited iom destruct iom as [im |]; [| apply option_valid_message_None].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, Some im) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, Some im): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
option_valid_message_prop Limited (Some im)
    by eapply Hvalidator, preloaded_sub_composite_input_valid_projection, Ht_sub.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
valid li (original_state ann_s i, iom) unfold lift_sub_state in Hann_s_pr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state_to IM
  (elements non_byzantine)
  (λ n : index, `(vs0 (IM n))) sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
valid li (original_state ann_s i, iom)
    rewrite Hann_s_pr, (lift_sub_state_to_eq _ _ _ _ _ Hi).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state_to IM
  (elements non_byzantine)
  (λ n : index, `(vs0 (IM n))) sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
valid li (sub_s (dexist i Hi), iom)
    by apply Ht_sub.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
coeqv_limited_equivocation_constraint IM threshold
  sender
  (msg_dep_coequivocating_senders IM
     full_message_dependencies sender)
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (ann_s, iom) apply Rle_trans with (sum_weights byzantine_vs)
    ; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
(sum_weights
   (coeqv_composite_transition_message_equivocators IM
      sender
      (msg_dep_coequivocating_senders IM
         full_message_dependencies sender)
      (lift_sub_label IM (elements non_byzantine)
         (existT (dexist i Hi) li)) (ann_s, iom)) <=
 sum_weights byzantine_vs)%R
    apply sum_weights_subseteq.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
coeqv_composite_transition_message_equivocators IM
  sender
  (msg_dep_coequivocating_senders IM
     full_message_dependencies sender)
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (ann_s, iom)
⊆ byzantine_vs
    by intro; apply Heqv_byzantine.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s: valid_state_prop Limited ann_s
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
ann':= msg_dep_composite_transition_message_equivocators
  IM full_message_dependencies sender
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (
  ann_s, iom): Cv
Heqv_byzantine: ann' ⊆ byzantine_vs
annotated_transition (free_composite_vlsm IM) Cv
  (coeqv_composite_transition_message_equivocators IM
     sender
     (msg_dep_coequivocating_senders IM
        full_message_dependencies sender))
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (ann_s, iom) =
({|
   original_state :=
     lift_sub_state IM (elements non_byzantine) sub_sf;
   state_annotation :=
     match iom with
     | Some m =>
         state_annotation ann_s
         ∪ coeqv_message_equivocators IM sender
             (msg_dep_coequivocating_senders IM
                full_message_dependencies sender)
             (original_state ann_s) m
     | None => state_annotation ann_s
     end
 |}, oom) clear -Ht_sub Hann_s_pr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
Ht_sub: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li) (
  sub_s, iom) (sub_sf, oom)
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
annotated_transition (free_composite_vlsm IM) Cv
  (coeqv_composite_transition_message_equivocators IM
     sender
     (msg_dep_coequivocating_senders IM
        full_message_dependencies sender))
  (lift_sub_label IM (elements non_byzantine)
     (existT (dexist i Hi) li)) (ann_s, iom) =
({|
   original_state :=
     lift_sub_state IM (elements non_byzantine) sub_sf;
   state_annotation :=
     match iom with
     | Some m =>
         state_annotation ann_s
         ∪ coeqv_message_equivocators IM sender
             (msg_dep_coequivocating_senders IM
                full_message_dependencies sender)
             (original_state ann_s) m
     | None => state_annotation ann_s
     end
 |}, oom)
    destruct Ht_sub as [_ Ht_sub]; revert Ht_sub
    ; unfold annotated_transition; cbn
    ; rewrite Hann_s_pr; unfold lift_sub_state at 1
    ; rewrite (lift_sub_state_to_eq _ _ _ _ _ Hi)
    ; unfold sub_IM at 2; cbn
    ; destruct (transition _ _ _) as (si', om')
    ; inversion_clear 1.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM i)
om': option message
({|
   original_state :=
     state_update IM
       (lift_sub_state IM (elements non_byzantine)
          sub_s) i si';
   state_annotation :=
     match iom with
     | Some m =>
         state_annotation ann_s
         ∪ coeqv_message_equivocators IM sender
             (msg_dep_coequivocating_senders IM
                full_message_dependencies sender)
             (lift_sub_state IM
                (elements non_byzantine) sub_s) m
     | None => state_annotation ann_s
     end
 |}, oom) =
({|
   original_state :=
     lift_sub_state IM (elements non_byzantine)
       (state_update
          (sub_IM IM
             (elements
                (list_to_set (enum index) ∖ byzantine)))
          sub_s (dexist i Hi) si');
   state_annotation :=
     match iom with
     | Some m =>
         state_annotation ann_s
         ∪ coeqv_message_equivocators IM sender
             (msg_dep_coequivocating_senders IM
                full_message_dependencies sender)
             (lift_sub_state IM
                (elements non_byzantine) sub_s) m
     | None => state_annotation ann_s
     end
 |}, oom)
    do 2 f_equal; extensionality j.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM i)
om': option message
j: index
state_update IM
  (lift_sub_state IM (elements non_byzantine) sub_s) i
  si' j =
lift_sub_state IM (elements non_byzantine)
  (state_update
     (sub_IM IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     sub_s (dexist i Hi) si') j
    unfold lift_sub_state.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM i)
om': option message
j: index
state_update IM
  (lift_sub_state_to IM (elements non_byzantine)
     (λ n : index, `(vs0 (IM n))) sub_s) i si' j =
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n)))
  (state_update
     (sub_IM IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     sub_s (dexist i Hi) si') j
    destruct (decide (i = j)); subst; state_update_simpl.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
j: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) j
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist j Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM j)
om': option message
si' =
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n)))
  (state_update
     (sub_IM IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     sub_s (dexist j Hi) si') j
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM i)
om': option message
j: index
n: i ≠ j
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n))) sub_s j =
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n)))
  (state_update
     (sub_IM IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     sub_s (dexist i Hi) si') j
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
j: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) j
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist j Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM j)
om': option message
si' =
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n)))
  (state_update
     (sub_IM IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     sub_s (dexist j Hi) si') j by rewrite (lift_sub_state_to_eq _ _ _ _ _ Hi), !state_update_eq.
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM i)
om': option message
j: index
n: i ≠ j
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n))) sub_s j =
lift_sub_state_to IM (elements non_byzantine)
  (λ n : index, `(vs0 (IM n)))
  (state_update
     (sub_IM IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     sub_s (dexist i Hi) si') j unfold lift_sub_state_to.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H16: Elements validator Cv
Cm: Type
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H26: Elements message Cm
full_message_dependencies: message → Cm
sender: message → option validator
A: validator → index
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
sub_s: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom: option message
sub_sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
oom: option message
ann_s: state Limited
Hann_s_pr: original_state ann_s =
lift_sub_state IM (elements non_byzantine)
  sub_s
si': state (IM i)
om': option message
j: index
n: i ≠ j
match
  decide (sub_index_prop (elements non_byzantine) j)
with
| left e => sub_s (dexist j e)
| right _ => `(vs0 (IM j))
end =
match
  decide (sub_index_prop (elements non_byzantine) j)
with
| left e =>
    state_update
      (sub_IM IM
         (elements
            (list_to_set (enum index) ∖ byzantine)))
      sub_s (dexist i Hi) si' (dexist j e)
| right _ => `(vs0 (IM j))
end
      by case_decide; [rewrite sub_IM_state_update_neq |].
Qed.

Considering a trace with the fixed_byzantine_trace_alt_property for a set byzantine of indices of bounded weight, its subtrace corresponding to the non-byzantine components is of limited equivocation and its set of equivocators is included in byzantine.

Lemma lift_fixed_byzantine_traces_to_limited
  (s : composite_state IM)
  (tr : list (composite_transition_item IM))
  (byzantine_vs : Cv)
  (byzantine : Ci := fin_sets.set_map A byzantine_vs)
  (non_byzantine := difference (list_to_set (enum index)) byzantine)
  (Hlimited : (sum_weights byzantine_vs <= threshold)%R)
  (Hbyzantine :
    fixed_byzantine_trace_alt_prop IM byzantine A sender s tr)
  (s_reset_byzantine :=
    lift_sub_state IM (elements non_byzantine)
      (composite_state_sub_projection IM (elements non_byzantine) s))
  (bs := mk_annotated_state (free_composite_vlsm IM) Cv s_reset_byzantine (` inhabitant))
  (btr :=
    msg_dep_annotate_trace_with_equivocators (Cv := Cv) IM full_message_dependencies sender
      s_reset_byzantine
      (pre_VLSM_embedding_finite_trace_project _ _
        (lift_sub_label IM (elements non_byzantine)) (lift_sub_state IM (elements non_byzantine))
        (finite_trace_sub_projection IM (elements non_byzantine) tr)))
  : finite_valid_trace Limited bs btr /\
    state_annotation (@finite_trace_last _ Limited bs btr) ⊆ byzantine_vs.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
Hbyzantine: fixed_byzantine_trace_alt_prop IM
  byzantine A sender s tr
s_reset_byzantine:= lift_sub_state IM
  (elements non_byzantine)
  (composite_state_sub_projection
     IM (elements non_byzantine) s): composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM (elements non_byzantine)))
     (composite_type IM)
     (lift_sub_label IM (elements non_byzantine))
     (lift_sub_state IM (elements non_byzantine))
     (finite_trace_sub_projection IM
        (elements non_byzantine) tr)): list transition_item
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
non_byzantine:= list_to_set (enum index) ∖ byzantine: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
Hbyzantine: fixed_byzantine_trace_alt_prop IM
  byzantine A sender s tr
s_reset_byzantine:= lift_sub_state IM
  (elements non_byzantine)
  (composite_state_sub_projection
     IM (elements non_byzantine) s): composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM (elements non_byzantine)))
     (composite_type IM)
     (lift_sub_label IM (elements non_byzantine))
     (lift_sub_state IM (elements non_byzantine))
     (finite_trace_sub_projection IM
        (elements non_byzantine) tr)): list transition_item
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs
  subst non_byzantine.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
Hbyzantine: fixed_byzantine_trace_alt_prop IM
  byzantine A sender s tr
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine))
  (composite_state_sub_projection
     IM
     (elements
        (list_to_set (enum index)
         ∖ byzantine)) s): composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index) ∖ byzantine))
        tr)): list transition_item
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs
  induction Hbyzantine using finite_valid_trace_rev_ind.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
Hsi: initial_state_prop si
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine)) si: composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     []): list transition_item
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
l: label
  (preloaded_fixed_non_byzantine_vlsm IM byzantine
     A sender)
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) l
  (finite_trace_last si tr0, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine)) si: composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (tr0 ++ [x])): list transition_item
IHHbyzantine: let s_reset_byzantine :=
  lift_sub_state IM
    (elements
       (list_to_set (enum index)
        ∖ byzantine)) si in
let bs :=
  {|
    original_state := s_reset_byzantine;
    state_annotation := `inhabitant
  |} in
let btr :=
  msg_dep_annotate_trace_with_equivocators
    IM full_message_dependencies sender
    s_reset_byzantine
    (pre_VLSM_embedding_finite_trace_project
       (composite_type
          (sub_IM IM
             (elements
                (list_to_set
                   (enum index)
                 ∖ byzantine))))
       (composite_type IM)
       (lift_sub_label IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine)))
       (lift_sub_state IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine))) tr0) in
finite_valid_trace Limited bs btr
∧ state_annotation
    (finite_trace_last bs btr)
  ⊆ byzantine_vs
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
Hsi: initial_state_prop si
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine)) si: composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     []): list transition_item
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs split; [| by apply empty_subseteq].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
Hsi: initial_state_prop si
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine)) si: composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     []): list transition_item
finite_valid_trace Limited bs btr
    assert (Hisp : initial_state_prop Limited bs)
      by (split; cbn; [apply lift_sub_state_initial |]; done).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
Hsi: initial_state_prop si
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine)) si: composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     []): list transition_item
Hisp: initial_state_prop bs
finite_valid_trace Limited bs btr
    by split; [constructor; apply initial_state_is_valid |].
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
l: label
  (preloaded_fixed_non_byzantine_vlsm IM byzantine
     A sender)
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) l
  (finite_trace_last si tr0, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
s_reset_byzantine:= lift_sub_state IM
  (elements
     (list_to_set (enum index)
      ∖ byzantine)) si: composite_state IM
bs:= {|
  original_state := s_reset_byzantine;
  state_annotation := `inhabitant
|}: annotated_state (free_composite_vlsm IM) Cv
btr:= msg_dep_annotate_trace_with_equivocators IM
  full_message_dependencies sender
  s_reset_byzantine
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (tr0 ++ [x])): list transition_item
IHHbyzantine: let s_reset_byzantine :=
  lift_sub_state IM
    (elements
       (list_to_set (enum index)
        ∖ byzantine)) si in
let bs :=
  {|
    original_state := s_reset_byzantine;
    state_annotation := `inhabitant
  |} in
let btr :=
  msg_dep_annotate_trace_with_equivocators
    IM full_message_dependencies sender
    s_reset_byzantine
    (pre_VLSM_embedding_finite_trace_project
       (composite_type
          (sub_IM IM
             (elements
                (list_to_set
                   (enum index)
                 ∖ byzantine))))
       (composite_type IM)
       (lift_sub_label IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine)))
       (lift_sub_state IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine))) tr0) in
finite_valid_trace Limited bs btr
∧ state_annotation
    (finite_trace_last bs btr)
  ⊆ byzantine_vs
finite_valid_trace Limited bs btr
∧ state_annotation (finite_trace_last bs btr)
  ⊆ byzantine_vs subst s_reset_byzantine bs btr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
l: label
  (preloaded_fixed_non_byzantine_vlsm IM byzantine
     A sender)
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) l
  (finite_trace_last si tr0, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHbyzantine: let s_reset_byzantine :=
  lift_sub_state IM
    (elements
       (list_to_set (enum index)
        ∖ byzantine)) si in
let bs :=
  {|
    original_state := s_reset_byzantine;
    state_annotation := `inhabitant
  |} in
let btr :=
  msg_dep_annotate_trace_with_equivocators
    IM full_message_dependencies sender
    s_reset_byzantine
    (pre_VLSM_embedding_finite_trace_project
       (composite_type
          (sub_IM IM
             (elements
                (list_to_set
                   (enum index)
                 ∖ byzantine))))
       (composite_type IM)
       (lift_sub_label IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine)))
       (lift_sub_state IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine))) tr0) in
finite_valid_trace Limited bs btr
∧ state_annotation
    (finite_trace_last bs btr)
  ⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine)))
        (tr0 ++ [x])))
∧ state_annotation
    (finite_trace_last
       {|
         original_state :=
           lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             si;
         state_annotation := `inhabitant
       |}
       (msg_dep_annotate_trace_with_equivocators IM
          full_message_dependencies sender
          (lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             si)
          (pre_VLSM_embedding_finite_trace_project
             (composite_type
                (sub_IM IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine))))
             (composite_type IM)
             (lift_sub_label IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)))
             (lift_sub_state IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine))) (tr0 ++ [x]))))
  ⊆ byzantine_vs
    unfold pre_VLSM_embedding_finite_trace_project; rewrite !map_app.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
l: label
  (preloaded_fixed_non_byzantine_vlsm IM byzantine
     A sender)
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) l
  (finite_trace_last si tr0, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHbyzantine: let s_reset_byzantine :=
  lift_sub_state IM
    (elements
       (list_to_set (enum index)
        ∖ byzantine)) si in
let bs :=
  {|
    original_state := s_reset_byzantine;
    state_annotation := `inhabitant
  |} in
let btr :=
  msg_dep_annotate_trace_with_equivocators
    IM full_message_dependencies sender
    s_reset_byzantine
    (pre_VLSM_embedding_finite_trace_project
       (composite_type
          (sub_IM IM
             (elements
                (list_to_set
                   (enum index)
                 ∖ byzantine))))
       (composite_type IM)
       (lift_sub_label IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine)))
       (lift_sub_state IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine))) tr0) in
finite_valid_trace Limited bs btr
∧ state_annotation
    (finite_trace_last bs btr)
  ⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0 ++
      map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        [x]))
∧ state_annotation
    (finite_trace_last
       {|
         original_state :=
           lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             si;
         state_annotation := `inhabitant
       |}
       (msg_dep_annotate_trace_with_equivocators IM
          full_message_dependencies sender
          (lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             si)
          (map
             (pre_VLSM_embedding_transition_item_project
                (composite_type
                   (sub_IM IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine))))
                (composite_type IM)
                (lift_sub_label IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)))
                (lift_sub_state IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)))) tr0 ++
           map
             (pre_VLSM_embedding_transition_item_project
                (composite_type
                   (sub_IM IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine))))
                (composite_type IM)
                (lift_sub_label IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)))
                (lift_sub_state IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)))) [x])))
  ⊆ byzantine_vs
    rewrite @msg_dep_annotate_trace_with_equivocators_app; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
l: label
  (preloaded_fixed_non_byzantine_vlsm IM byzantine
     A sender)
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) l
  (finite_trace_last si tr0, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHbyzantine: let s_reset_byzantine :=
  lift_sub_state IM
    (elements
       (list_to_set (enum index)
        ∖ byzantine)) si in
let bs :=
  {|
    original_state := s_reset_byzantine;
    state_annotation := `inhabitant
  |} in
let btr :=
  msg_dep_annotate_trace_with_equivocators
    IM full_message_dependencies sender
    s_reset_byzantine
    (pre_VLSM_embedding_finite_trace_project
       (composite_type
          (sub_IM IM
             (elements
                (list_to_set
                   (enum index)
                 ∖ byzantine))))
       (composite_type IM)
       (lift_sub_label IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine)))
       (lift_sub_state IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine))) tr0) in
finite_valid_trace Limited bs btr
∧ state_annotation
    (finite_trace_last bs btr)
  ⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   annotate_trace_item (free_composite_vlsm IM) Cv
     (coeqv_composite_transition_message_equivocators
        IM sender
        (msg_dep_coequivocating_senders IM
           full_message_dependencies sender))
     (pre_VLSM_embedding_transition_item_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index) ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine)))
        x)
     (λ _ : annotated_state (free_composite_vlsm IM)
              Cv, [])
     (finite_trace_last
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              si;
          state_annotation := ∅
        |}
        (msg_dep_annotate_trace_with_equivocators IM
           full_message_dependencies sender
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              si)
           (map
              (pre_VLSM_embedding_transition_item_project
                 (composite_type
                    (sub_IM IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine))))
                 (composite_type IM)
                 (lift_sub_label IM
                    (elements
                       (list_to_set (enum index)
                        ∖ byzantine)))
                 (lift_sub_state IM
                    (elements
                       (list_to_set (enum index)
                        ∖ byzantine)))) tr0))))
∧ state_annotation
    (finite_trace_last
       {|
         original_state :=
           lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             si;
         state_annotation := ∅
       |}
       (msg_dep_annotate_trace_with_equivocators IM
          full_message_dependencies sender
          (lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             si)
          (map
             (pre_VLSM_embedding_transition_item_project
                (composite_type
                   (sub_IM IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine))))
                (composite_type IM)
                (lift_sub_label IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)))
                (lift_sub_state IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)))) tr0) ++
        annotate_trace_item (free_composite_vlsm IM)
          Cv
          (coeqv_composite_transition_message_equivocators
             IM sender
             (msg_dep_coequivocating_senders IM
                full_message_dependencies sender))
          (pre_VLSM_embedding_transition_item_project
             (composite_type
                (sub_IM IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine))))
             (composite_type IM)
             (lift_sub_label IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)))
             (lift_sub_state IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine))) x)
          (λ _ : annotated_state
                   (free_composite_vlsm IM) Cv, [])
          (finite_trace_last
             {|
               original_state :=
                 lift_sub_state IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)) si;
               state_annotation := ∅
             |}
             (msg_dep_annotate_trace_with_equivocators
                IM full_message_dependencies sender
                (lift_sub_state IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine)) si)
                (map
                   (pre_VLSM_embedding_transition_item_project
                      (composite_type
                         (sub_IM IM
                            (elements
                               (list_to_set
                                  (enum index)
                                ∖ byzantine))))
                      (composite_type IM)
                      (lift_sub_label IM
                         (elements
                            (list_to_set (enum index)
                             ∖ byzantine)))
                      (lift_sub_state IM
                         (elements
                            (list_to_set (enum index)
                             ∖ byzantine)))) tr0)))))
  ⊆ byzantine_vs
    unfold annotate_trace_item; cbn; rewrite finite_trace_last_is_last; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
l: label
  (preloaded_fixed_non_byzantine_vlsm IM byzantine
     A sender)
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) l
  (finite_trace_last si tr0, iom) (
  sf, oom)
x:= {|
  l := l;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
IHHbyzantine: let s_reset_byzantine :=
  lift_sub_state IM
    (elements
       (list_to_set (enum index)
        ∖ byzantine)) si in
let bs :=
  {|
    original_state := s_reset_byzantine;
    state_annotation := `inhabitant
  |} in
let btr :=
  msg_dep_annotate_trace_with_equivocators
    IM full_message_dependencies sender
    s_reset_byzantine
    (pre_VLSM_embedding_finite_trace_project
       (composite_type
          (sub_IM IM
             (elements
                (list_to_set
                   (enum index)
                 ∖ byzantine))))
       (composite_type IM)
       (lift_sub_label IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine)))
       (lift_sub_state IM
          (elements
             (list_to_set (enum index)
              ∖ byzantine))) tr0) in
finite_valid_trace Limited bs btr
∧ state_annotation
    (finite_trace_last bs btr)
  ⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine)) l;
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation
                  (finite_trace_last
                     {|
                       original_state :=
                         lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si;
                       state_annotation := ∅
                     |}
                     (msg_dep_annotate_trace_with_equivocators
                        IM full_message_dependencies
                        sender
                        (lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si)
                        (map
                           (pre_VLSM_embedding_transition_item_project
                              (composite_type
                                 (sub_IM IM (...)))
                              (composite_type IM)
                              (lift_sub_label IM
                                 (elements (...)))
                              (lift_sub_state IM
                                 (elements (...))))
                           tr0)))
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                       full_message_dependencies
                       sender)
                    (original_state
                       (finite_trace_last
                          {|
                            original_state :=
                              lift_sub_state IM
                                (elements
                                   (list_to_set ...
                                    ∖ byzantine)) si;
                            state_annotation := ∅
                          |}
                          (msg_dep_annotate_trace_with_equivocators
                             IM
                             full_message_dependencies
                             sender
                             (lift_sub_state IM
                                (elements
                                   (list_to_set ...
                                    ∖ byzantine)) si)
                             (map
                                (pre_VLSM_embedding_transition_item_project
                                   (composite_type
                                      (...))
                                   (composite_type IM)
                                   (lift_sub_label IM
                                      (...))
                                   (lift_sub_state IM
                                      (...))) tr0))))
                    m
            | None =>
                state_annotation
                  (finite_trace_last
                     {|
                       original_state :=
                         lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si;
                       state_annotation := ∅
                     |}
                     (msg_dep_annotate_trace_with_equivocators
                        IM full_message_dependencies
                        sender
                        (lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si)
                        (map
                           (pre_VLSM_embedding_transition_item_project
                              (composite_type
                                 (sub_IM IM
                                    (elements ...)))
                              (composite_type IM)
                              (lift_sub_label IM
                                 (elements
                                    (... ∖ byzantine)))
                              (lift_sub_state IM
                                 (elements
                                    (... ∖ byzantine))))
                           tr0)))
            end
        |};
      output := oom
    |}])
∧ match iom with
  | Some m =>
      state_annotation
        (finite_trace_last
           {|
             original_state :=
               lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si;
             state_annotation := ∅
           |}
           (msg_dep_annotate_trace_with_equivocators
              IM full_message_dependencies sender
              (lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si)
              (map
                 (pre_VLSM_embedding_transition_item_project
                    (composite_type
                       (sub_IM IM
                          (elements
                             (list_to_set (enum index)
                              ∖ byzantine))))
                    (composite_type IM)
                    (lift_sub_label IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))
                    (lift_sub_state IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))) tr0)))
      ∪ coeqv_message_equivocators IM sender
          (msg_dep_coequivocating_senders IM
             full_message_dependencies sender)
          (original_state
             (finite_trace_last
                {|
                  original_state :=
                    lift_sub_state IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine)) si;
                  state_annotation := ∅
                |}
                (msg_dep_annotate_trace_with_equivocators
                   IM full_message_dependencies sender
                   (lift_sub_state IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine)) si)
                   (map
                      (pre_VLSM_embedding_transition_item_project
                         (composite_type
                            (sub_IM IM
                               (elements
                                  (list_to_set
                                     (enum index)
                                   ∖ byzantine))))
                         (composite_type IM)
                         (lift_sub_label IM
                            (elements
                               (list_to_set
                                  (enum index)
                                ∖ byzantine)))
                         (lift_sub_state IM
                            (elements
                               (list_to_set
                                  (enum index)
                                ∖ byzantine)))) tr0))))
          m
  | None =>
      state_annotation
        (finite_trace_last
           {|
             original_state :=
               lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si;
             state_annotation := ∅
           |}
           (msg_dep_annotate_trace_with_equivocators
              IM full_message_dependencies sender
              (lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si)
              (map
                 (pre_VLSM_embedding_transition_item_project
                    (composite_type
                       (sub_IM IM
                          (elements
                             (list_to_set (enum index)
                              ∖ byzantine))))
                    (composite_type IM)
                    (lift_sub_label IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))
                    (lift_sub_state IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))) tr0)))
  end ⊆ byzantine_vs
    destruct l as [sub_i li]; destruct_dec_sig sub_i i Hi Heqsub_i; subst sub_i
    ; destruct IHHbyzantine as [[Htr0_ann Hsi_ann] Htr0_eqv_byzantine]
    ; cbn in Htr0_eqv_byzantine |- *.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
Htr0_eqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ byzantine)) si;
       state_annotation := ∅
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM
        full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ byzantine)) si)
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ byzantine)))
           tr0))) ⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          (existT (dexist i Hi) li);
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation
                  (finite_trace_last
                     {|
                       original_state :=
                         lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si;
                       state_annotation := ∅
                     |}
                     (msg_dep_annotate_trace_with_equivocators
                        IM full_message_dependencies
                        sender
                        (lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si)
                        (map
                           (pre_VLSM_embedding_transition_item_project
                              (composite_type
                                 (sub_IM IM (...)))
                              (composite_type IM)
                              (lift_sub_label IM
                                 (elements (...)))
                              (lift_sub_state IM
                                 (elements (...))))
                           tr0)))
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                       full_message_dependencies
                       sender)
                    (original_state
                       (finite_trace_last
                          {|
                            original_state :=
                              lift_sub_state IM
                                (elements
                                   (list_to_set ...
                                    ∖ byzantine)) si;
                            state_annotation := ∅
                          |}
                          (msg_dep_annotate_trace_with_equivocators
                             IM
                             full_message_dependencies
                             sender
                             (lift_sub_state IM
                                (elements
                                   (list_to_set ...
                                    ∖ byzantine)) si)
                             (map
                                (pre_VLSM_embedding_transition_item_project
                                   (composite_type
                                      (...))
                                   (composite_type IM)
                                   (lift_sub_label IM
                                      (...))
                                   (lift_sub_state IM
                                      (...))) tr0))))
                    m
            | None =>
                state_annotation
                  (finite_trace_last
                     {|
                       original_state :=
                         lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si;
                       state_annotation := ∅
                     |}
                     (msg_dep_annotate_trace_with_equivocators
                        IM full_message_dependencies
                        sender
                        (lift_sub_state IM
                           (elements
                              (list_to_set
                                 (enum index)
                               ∖ byzantine)) si)
                        (map
                           (pre_VLSM_embedding_transition_item_project
                              (composite_type
                                 (sub_IM IM
                                    (elements ...)))
                              (composite_type IM)
                              (lift_sub_label IM
                                 (elements
                                    (... ∖ byzantine)))
                              (lift_sub_state IM
                                 (elements
                                    (... ∖ byzantine))))
                           tr0)))
            end
        |};
      output := oom
    |}])
∧ match iom with
  | Some m =>
      state_annotation
        (finite_trace_last
           {|
             original_state :=
               lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si;
             state_annotation := ∅
           |}
           (msg_dep_annotate_trace_with_equivocators
              IM full_message_dependencies sender
              (lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si)
              (map
                 (pre_VLSM_embedding_transition_item_project
                    (composite_type
                       (sub_IM IM
                          (elements
                             (list_to_set (enum index)
                              ∖ byzantine))))
                    (composite_type IM)
                    (lift_sub_label IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))
                    (lift_sub_state IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))) tr0)))
      ∪ coeqv_message_equivocators IM sender
          (msg_dep_coequivocating_senders IM
             full_message_dependencies sender)
          (original_state
             (finite_trace_last
                {|
                  original_state :=
                    lift_sub_state IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine)) si;
                  state_annotation := ∅
                |}
                (msg_dep_annotate_trace_with_equivocators
                   IM full_message_dependencies sender
                   (lift_sub_state IM
                      (elements
                         (list_to_set (enum index)
                          ∖ byzantine)) si)
                   (map
                      (pre_VLSM_embedding_transition_item_project
                         (composite_type
                            (sub_IM IM
                               (elements
                                  (list_to_set
                                     (enum index)
                                   ∖ byzantine))))
                         (composite_type IM)
                         (lift_sub_label IM
                            (elements
                               (list_to_set
                                  (enum index)
                                ∖ byzantine)))
                         (lift_sub_state IM
                            (elements
                               (list_to_set
                                  (enum index)
                                ∖ byzantine)))) tr0))))
          m
  | None =>
      state_annotation
        (finite_trace_last
           {|
             original_state :=
               lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si;
             state_annotation := ∅
           |}
           (msg_dep_annotate_trace_with_equivocators
              IM full_message_dependencies sender
              (lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)) si)
              (map
                 (pre_VLSM_embedding_transition_item_project
                    (composite_type
                       (sub_IM IM
                          (elements
                             (list_to_set (enum index)
                              ∖ byzantine))))
                    (composite_type IM)
                    (lift_sub_label IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))
                    (lift_sub_state IM
                       (elements
                          (list_to_set (enum index)
                           ∖ byzantine)))) tr0)))
  end ⊆ byzantine_vs
    remember (@finite_trace_last _ (annotated_type (free_composite_vlsm IM) _) _ _)
      as lst in Htr0_eqv_byzantine at 1 |- * at 1 2 3 4 5 6.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          (existT (dexist i Hi) li);
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation lst
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                       full_message_dependencies
                       sender) (original_state lst) m
            | None => state_annotation lst
            end
        |};
      output := oom
    |}])
∧ match iom with
  | Some m =>
      state_annotation lst
      ∪ coeqv_message_equivocators IM sender
          (msg_dep_coequivocating_senders IM
             full_message_dependencies sender)
          (original_state lst) m
  | None => state_annotation lst
  end ⊆ byzantine_vs
    assert (Hlsti : original_state lst = lift_sub_state IM
      (elements (list_to_set (enum index) ∖ byzantine)) (finite_trace_last si tr0)).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
original_state lst =
lift_sub_state IM
  (elements (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          (existT (dexist i Hi) li);
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation lst
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                      full_message_dependencies sender)
                    (original_state lst) m
            | None => state_annotation lst
            end
        |};
      output := oom
    |}])
∧ match iom with
  | Some m =>
      state_annotation lst
      ∪ coeqv_message_equivocators IM sender
          (msg_dep_coequivocating_senders IM
             full_message_dependencies sender)
          (original_state lst) m
  | None => state_annotation lst
  end ⊆ byzantine_vs
    {message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
original_state lst =
lift_sub_state IM
  (elements (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
      subst lst; rewrite msg_dep_annotate_trace_with_equivocators_last_original_state; symmetry.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
Htr0_eqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ byzantine)) si;
       state_annotation := ∅
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM
        full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ byzantine)) si)
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ byzantine)))
           tr0))) ⊆ byzantine_vs
lift_sub_state IM
  (elements (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0) =
finite_trace_last
  (original_state
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine))
           si;
       state_annotation := ∅
     |})
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index) ∖ byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)))
     tr0)
      apply (pre_VLSM_embedding_finite_trace_last _ _
              (lift_sub_label IM _)
              (lift_sub_state IM _)).
    }message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          (existT (dexist i Hi) li);
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation lst
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                       full_message_dependencies
                       sender) (original_state lst) m
            | None => state_annotation lst
            end
        |};
      output := oom
    |}])
∧ match iom with
  | Some m =>
      state_annotation lst
      ∪ coeqv_message_equivocators IM sender
          (msg_dep_coequivocating_senders IM
             full_message_dependencies sender)
          (original_state lst) m
  | None => state_annotation lst
  end ⊆ byzantine_vs
    match goal with
    |- _ /\ ?B => cut B
    end.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM sender
        (msg_dep_coequivocating_senders IM
           full_message_dependencies sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
→ finite_valid_trace Limited
    {|
      original_state :=
        lift_sub_state IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          si;
      state_annotation := ∅
    |}
    (msg_dep_annotate_trace_with_equivocators IM
       full_message_dependencies sender
       (lift_sub_state IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          si)
       (map
          (pre_VLSM_embedding_transition_item_project
             (composite_type
                (sub_IM IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine))))
             (composite_type IM)
             (lift_sub_label IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)))
             (lift_sub_state IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)))) tr0) ++
     [{|
        l :=
          lift_sub_label IM
            (elements
               (list_to_set (enum index) ∖ byzantine))
            (existT (dexist i Hi) li);
        input := iom;
        destination :=
          {|
            original_state :=
              lift_sub_state IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)) sf;
            state_annotation :=
              match iom with
              | Some m =>
                  state_annotation lst
                  ∪ coeqv_message_equivocators IM
                      sender
                      (msg_dep_coequivocating_senders
                         IM full_message_dependencies
                         sender) (original_state lst)
                      m
              | None => state_annotation lst
              end
          |};
        output := oom
      |}])
  ∧ match iom with
    | Some m =>
        state_annotation lst
        ∪ coeqv_message_equivocators IM sender
            (msg_dep_coequivocating_senders IM
               full_message_dependencies sender)
            (original_state lst) m
    | None => state_annotation lst
    end ⊆ byzantine_vs
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM sender
        (msg_dep_coequivocating_senders IM
           full_message_dependencies sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
    {message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM sender
        (msg_dep_coequivocating_senders IM
           full_message_dependencies sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
→ finite_valid_trace Limited
    {|
      original_state :=
        lift_sub_state IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          si;
      state_annotation := ∅
    |}
    (msg_dep_annotate_trace_with_equivocators IM
       full_message_dependencies sender
       (lift_sub_state IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          si)
       (map
          (pre_VLSM_embedding_transition_item_project
             (composite_type
                (sub_IM IM
                   (elements
                      (list_to_set (enum index)
                       ∖ byzantine))))
             (composite_type IM)
             (lift_sub_label IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)))
             (lift_sub_state IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)))) tr0) ++
     [{|
        l :=
          lift_sub_label IM
            (elements
               (list_to_set (enum index) ∖ byzantine))
            (existT (dexist i Hi) li);
        input := iom;
        destination :=
          {|
            original_state :=
              lift_sub_state IM
                (elements
                   (list_to_set (enum index)
                    ∖ byzantine)) sf;
            state_annotation :=
              match iom with
              | Some m =>
                  state_annotation lst
                  ∪ coeqv_message_equivocators IM
                      sender
                      (msg_dep_coequivocating_senders
                         IM full_message_dependencies
                         sender) (original_state lst)
                      m
              | None => state_annotation lst
              end
          |};
        output := oom
      |}])
  ∧ match iom with
    | Some m =>
        state_annotation lst
        ∪ coeqv_message_equivocators IM sender
            (msg_dep_coequivocating_senders IM
               full_message_dependencies sender)
            (original_state lst) m
    | None => state_annotation lst
    end ⊆ byzantine_vs
      intro Heqv_byzantine.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Heqv_byzantine: match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM
        sender
        (msg_dep_coequivocating_senders
           IM
           full_message_dependencies
           sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          (existT (dexist i Hi) li);
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation lst
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                       full_message_dependencies
                       sender) (original_state lst) m
            | None => state_annotation lst
            end
        |};
      output := oom
    |}])
∧ match iom with
  | Some m =>
      state_annotation lst
      ∪ coeqv_message_equivocators IM sender
          (msg_dep_coequivocating_senders IM
             full_message_dependencies sender)
          (original_state lst) m
  | None => state_annotation lst
  end ⊆ byzantine_vs
      do 2 (split; [| done]).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Heqv_byzantine: match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM
        sender
        (msg_dep_coequivocating_senders
           IM
           full_message_dependencies
           sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index) ∖ byzantine)) si)
     (map
        (pre_VLSM_embedding_transition_item_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index) ∖ byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))))
        tr0) ++
   [{|
      l :=
        lift_sub_label IM
          (elements
             (list_to_set (enum index) ∖ byzantine))
          (existT (dexist i Hi) li);
      input := iom;
      destination :=
        {|
          original_state :=
            lift_sub_state IM
              (elements
                 (list_to_set (enum index) ∖ byzantine))
              sf;
          state_annotation :=
            match iom with
            | Some m =>
                state_annotation lst
                ∪ coeqv_message_equivocators IM sender
                    (msg_dep_coequivocating_senders IM
                       full_message_dependencies
                       sender) (original_state lst) m
            | None => state_annotation lst
            end
        |};
      output := oom
    |}])
      apply finite_valid_trace_from_app_iff; split; [done |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Heqv_byzantine: match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM
        sender
        (msg_dep_coequivocating_senders
           IM
           full_message_dependencies
           sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
finite_valid_trace_from Limited
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine))
           si;
       state_annotation := ∅
     |}
     (msg_dep_annotate_trace_with_equivocators IM
        full_message_dependencies sender
        (lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine))
           si)
        (map
           (pre_VLSM_embedding_transition_item_project
              (composite_type
                 (sub_IM IM
                    (elements
                       (list_to_set (enum index)
                        ∖ byzantine))))
              (composite_type IM)
              (lift_sub_label IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)))
              (lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)))) tr0)))
  [{|
     l :=
       lift_sub_label IM
         (elements
            (list_to_set (enum index) ∖ byzantine))
         (existT (dexist i Hi) li);
     input := iom;
     destination :=
       {|
         original_state :=
           lift_sub_state IM
             (elements
                (list_to_set (enum index) ∖ byzantine))
             sf;
         state_annotation :=
           match iom with
           | Some m =>
               state_annotation lst
               ∪ coeqv_message_equivocators IM sender
                   (msg_dep_coequivocating_senders IM
                      full_message_dependencies sender)
                   (original_state lst) m
           | None => state_annotation lst
           end
       |};
     output := oom
   |}]
      subst x; cbn; apply finite_valid_trace_singleton.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Heqv_byzantine: match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM
        sender
        (msg_dep_coequivocating_senders
           IM
           full_message_dependencies
           sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
input_valid_transition Limited
  (lift_sub_label IM
     (elements (list_to_set (enum index) ∖ byzantine))
     (existT (dexist i Hi) li))
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine))
           si;
       state_annotation := ∅
     |}
     (msg_dep_annotate_trace_with_equivocators IM
        full_message_dependencies sender
        (lift_sub_state IM
           (elements
              (list_to_set (enum index) ∖ byzantine))
           si)
        (map
           (pre_VLSM_embedding_transition_item_project
              (composite_type
                 (sub_IM IM
                    (elements
                       (list_to_set (enum index)
                        ∖ byzantine))))
              (composite_type IM)
              (lift_sub_label IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)))
              (lift_sub_state IM
                 (elements
                    (list_to_set (enum index)
                     ∖ byzantine)))) tr0)), iom)
  ({|
     original_state :=
       lift_sub_state IM
         (elements
            (list_to_set (enum index) ∖ byzantine)) sf;
     state_annotation :=
       match iom with
       | Some m =>
           state_annotation lst
           ∪ coeqv_message_equivocators IM sender
               (msg_dep_coequivocating_senders IM
                  full_message_dependencies sender)
               (original_state lst) m
       | None => state_annotation lst
       end
   |}, oom)
      replace (finite_trace_last _ _) with lst.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Heqv_byzantine: match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM
        sender
        (msg_dep_coequivocating_senders
           IM
           full_message_dependencies
           sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
input_valid_transition Limited
  (lift_sub_label IM
     (elements (list_to_set (enum index) ∖ byzantine))
     (existT (dexist i Hi) li)) (lst, iom)
  ({|
     original_state :=
       lift_sub_state IM
         (elements
            (list_to_set (enum index) ∖ byzantine)) sf;
     state_annotation :=
       match iom with
       | Some m =>
           state_annotation lst
           ∪ coeqv_message_equivocators IM sender
               (msg_dep_coequivocating_senders IM
                  full_message_dependencies sender)
               (original_state lst) m
       | None => state_annotation lst
       end
   |}, oom)
      by eapply lift_preloaded_fixed_non_byzantine_valid_transition_to_limited;
        [| | subst lst; apply finite_valid_trace_last_pstate | |].
    }message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
iom, oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := iom;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, iom) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
match iom with
| Some m =>
    state_annotation lst
    ∪ coeqv_message_equivocators IM sender
        (msg_dep_coequivocating_senders IM
           full_message_dependencies sender)
        (original_state lst) m
| None => state_annotation lst
end ⊆ byzantine_vs
    destruct iom as [im |]; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
state_annotation lst
∪ coeqv_message_equivocators IM sender
    (msg_dep_coequivocating_senders IM
       full_message_dependencies sender)
    (original_state lst) im ⊆ byzantine_vs
    apply union_subseteq; split; [done |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
coeqv_message_equivocators IM sender
  (msg_dep_coequivocating_senders IM
     full_message_dependencies sender)
  (original_state lst) im ⊆ byzantine_vs
    unfold coeqv_message_equivocators
    ; case_decide as Hnobs; [by apply empty_subseteq |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
list_to_set
  (omap sender [im] ++
   elements
     (msg_dep_coequivocating_senders IM
        full_message_dependencies sender
        (original_state lst) im)) ⊆ byzantine_vs
    rewrite (full_node_msg_dep_coequivocating_senders _ _ _ _ Hfull _ _ i li);
      [| by cbn; rewrite Hlsti; eapply @preloaded_sub_composite_input_valid_projection, Hx].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
list_to_set (omap sender [im] ++ elements ∅)
⊆ byzantine_vs
    rewrite elements_empty, app_nil_r; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
list_to_set
  match sender im with
  | Some y => [y]
  | None => []
  end ⊆ byzantine_vs
    intro _i_im; rewrite elem_of_list_to_set.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
_i_im: validator
_i_im
∈ match sender im with
  | Some y => [y]
  | None => []
  end → _i_im ∈ byzantine_vs
    destruct (sender im) as [i_im |] eqn: Hsender; [| by inversion 1].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
_i_im, i_im: validator
Hsender: sender im = Some i_im
_i_im ∈ [i_im] → _i_im ∈ byzantine_vs
    rewrite elem_of_list_singleton; intro; subst _i_im.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hx: input_valid_transition
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
  (existT (dexist i Hi) li)
  (finite_trace_last si tr0, Some im) (
  sf, oom)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
i_im: validator
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs
    destruct Hx as [(_ & _ & _ & [Hsent | [Hsigned _]] & _) _].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hsent: composite_has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (finite_trace_last si tr0, Some im).1 im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
i_im: validator
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hsigned: non_sub_index_authenticated_message
  (elements
     (list_to_set (enum index) ∖ byzantine))
  A sender im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
i_im: validator
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hsent: composite_has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (finite_trace_last si tr0, Some im).1 im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
i_im: validator
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs contradict Hnobs.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hsent: composite_has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine)))
  (finite_trace_last si tr0, Some im).1 im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
i_im: validator
Hsender: sender im = Some i_im
composite_has_been_directly_observed IM
  (original_state lst) im
      destruct Hsent as [sub_i_im Hsent]; cbn in Hsent |- *
      ; destruct_dec_sig sub_i_im _i_im H_i_im Heqsub_i_im; subst sub_i_im.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
_i_im: index
H_i_im: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine))
  _i_im
Hsent: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist _i_im H_i_im))
  (finite_trace_last si tr0
     (dexist _i_im H_i_im)) im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
i_im: validator
Hsender: sender im = Some i_im
composite_has_been_directly_observed IM
  (original_state lst) im
      apply composite_has_been_directly_observed_sent_received_iff; left.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
_i_im: index
H_i_im: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine))
  _i_im
Hsent: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist _i_im H_i_im))
  (finite_trace_last si tr0
     (dexist _i_im H_i_im)) im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
i_im: validator
Hsender: sender im = Some i_im
composite_has_been_sent IM (original_state lst) im
      exists _i_im.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
_i_im: index
H_i_im: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine))
  _i_im
Hsent: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist _i_im H_i_im))
  (finite_trace_last si tr0
     (dexist _i_im H_i_im)) im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
i_im: validator
Hsender: sender im = Some i_im
has_been_sent (IM _i_im) (original_state lst _i_im) im
      rewrite Hlsti; cbn; unfold lift_sub_state.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
_i_im: index
H_i_im: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine))
  _i_im
Hsent: has_been_sent
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist _i_im H_i_im))
  (finite_trace_last si tr0
     (dexist _i_im H_i_im)) im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
i_im: validator
Hsender: sender im = Some i_im
has_been_sent (IM _i_im)
  (lift_sub_state_to IM
     (elements (list_to_set (enum index) ∖ byzantine))
     (λ n : index, `(vs0 (IM n)))
     (finite_trace_last si tr0) _i_im) im
      by rewrite (lift_sub_state_to_eq _ _ _ _ _ H_i_im).
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
Hsigned: non_sub_index_authenticated_message
  (elements
     (list_to_set (enum index) ∖ byzantine))
  A sender im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
i_im: validator
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs destruct Hsigned as (_i_im & H_i_im & Hauth).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
_i_im: index
H_i_im: _i_im
∉ elements
    (list_to_set (enum index) ∖ byzantine)
Hauth: channel_authenticated_message A sender _i_im
  im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
i_im: validator
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs
      unfold channel_authenticated_message in Hauth
      ; rewrite Hsender in Hauth.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
_i_im: index
H_i_im: _i_im
∉ elements
    (list_to_set (enum index) ∖ byzantine)
i_im: validator
Hauth: option_map A (Some i_im) = Some _i_im
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs
      apply Some_inj in Hauth; subst _i_im.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
i_im: validator
H_i_im: A i_im
∉ elements
    (list_to_set (enum index) ∖ byzantine)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
Hsender: sender im = Some i_im
i_im ∈ byzantine_vs
      destruct (decide (i_im ∈ byzantine_vs)) as [Hi_im | Hni_im]; [done |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
i_im: validator
H_i_im: A i_im
∉ elements
    (list_to_set (enum index) ∖ byzantine)
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
Hsender: sender im = Some i_im
Hni_im: i_im ∉ byzantine_vs
i_im ∈ byzantine_vs
      contradict H_i_im.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
i_im: validator
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
Hsender: sender im = Some i_im
Hni_im: i_im ∉ byzantine_vs
A i_im
∈ elements (list_to_set (enum index) ∖ byzantine)
      apply elem_of_elements, elem_of_difference; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
i_im: validator
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
Hsender: sender im = Some i_im
Hni_im: i_im ∉ byzantine_vs
A i_im ∈ list_to_set (enum index) ∧ A i_im ∉ byzantine
      split; [by apply elem_of_list_to_set, elem_of_enum |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine_vs: Cv
byzantine:= set_map A byzantine_vs: Ci
Hlimited: (sum_weights byzantine_vs <= threshold)%R
si: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
tr0: list transition_item
Hbyzantine: finite_valid_trace
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender) si tr0
sf: state
  (preloaded_fixed_non_byzantine_vlsm IM
     byzantine A sender)
im: message
oom: option message
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index) ∖ byzantine)) i
li: label
  (sub_IM IM
     (elements
        (list_to_set (enum index) ∖ byzantine))
     (dexist i Hi))
x:= {|
  l := existT (dexist i Hi) li;
  input := Some im;
  destination := sf;
  output := oom
|}: transition_item
i_im: validator
Htr0_ann: finite_valid_trace_from Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Hsi_ann: initial_state_prop
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := `inhabitant
  |}
lst: state
  (annotated_type (free_composite_vlsm IM) Cv)
Heqlst: lst =
finite_trace_last
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si;
    state_annotation := ∅
  |}
  (msg_dep_annotate_trace_with_equivocators
     IM full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ byzantine)) si)
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ byzantine))) tr0))
Htr0_eqv_byzantine: state_annotation lst
⊆ byzantine_vs
Hlsti: original_state lst =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ byzantine))
  (finite_trace_last si tr0)
Hnobs: ¬ composite_has_been_directly_observed IM
    (original_state lst) im
Hsender: sender im = Some i_im
Hni_im: i_im ∉ byzantine_vs
A i_im ∉ byzantine
      by contradict Hni_im; revert Hni_im; apply elem_of_set_map_inj.
Qed.

Under full-message dependencies and full node assumptions, if all components are validators for the msg_dep_limited_equivocation_vlsm associated to their composition, then the traces exposed limited Byzantine behavior coincide with the traces exposed to limited equivocation.

Lemma msg_dep_validator_limited_non_equivocating_byzantine_traces_are_limited_non_equivocating s tr
  : limited_byzantine_trace_prop (Ci := Ci) (Cv := Cv) IM threshold A sender s tr <->
    exists bs btr selection_vs
      (selection : Ci := fin_sets.set_map A selection_vs)
      (selection_complement := difference (list_to_set (enum index)) selection),
      finite_valid_trace Limited bs btr /\
      state_annotation (finite_trace_last bs btr) ⊆ selection_vs /\
      (sum_weights selection_vs <= threshold)%R /\
      composite_state_sub_projection IM (elements selection_complement) s =
        composite_state_sub_projection IM (elements selection_complement) (original_state bs) /\
      finite_trace_sub_projection IM (elements selection_complement) tr =
        finite_trace_sub_projection IM (elements selection_complement)
          (pre_VLSM_embedding_finite_trace_project
            Limited (composite_type IM) Datatypes.id original_state btr).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
limited_byzantine_trace_prop IM threshold A sender s
  tr
↔ (∃ (bs : state Limited) (btr : list transition_item) 
     (selection_vs : Cv),
     let selection := set_map A selection_vs in
     let selection_complement :=
       list_to_set (enum index) ∖ selection in
     finite_valid_trace Limited bs btr
     ∧ state_annotation (finite_trace_last bs btr)
       ⊆ selection_vs
       ∧ (sum_weights selection_vs <= threshold)%R
         ∧ composite_state_sub_projection IM
             (elements selection_complement) s =
           composite_state_sub_projection IM
             (elements selection_complement)
             (original_state bs)
           ∧ finite_trace_sub_projection IM
               (elements selection_complement) tr =
             finite_trace_sub_projection IM
               (elements selection_complement)
               (pre_VLSM_embedding_finite_trace_project
                  Limited (composite_type IM)
                  Datatypes.id original_state btr))
Proof.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
limited_byzantine_trace_prop IM threshold A sender s
  tr
↔ (∃ (bs : state Limited) (btr : list transition_item) 
     (selection_vs : Cv),
     let selection := set_map A selection_vs in
     let selection_complement :=
       list_to_set (enum index) ∖ selection in
     finite_valid_trace Limited bs btr
     ∧ state_annotation (finite_trace_last bs btr)
       ⊆ selection_vs
       ∧ (sum_weights selection_vs <= threshold)%R
         ∧ composite_state_sub_projection IM
             (elements selection_complement) s =
           composite_state_sub_projection IM
             (elements selection_complement)
             (original_state bs)
           ∧ finite_trace_sub_projection IM
               (elements selection_complement) tr =
             finite_trace_sub_projection IM
               (elements selection_complement)
               (pre_VLSM_embedding_finite_trace_project
                  Limited (composite_type IM)
                  Datatypes.id original_state btr))
  split.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
limited_byzantine_trace_prop IM threshold A sender s
  tr
→ ∃ (bs : state Limited) (btr : list transition_item) 
    (selection_vs : Cv),
    let selection := set_map A selection_vs in
    let selection_complement :=
      list_to_set (enum index) ∖ selection in
    finite_valid_trace Limited bs btr
    ∧ state_annotation (finite_trace_last bs btr)
      ⊆ selection_vs
      ∧ (sum_weights selection_vs <= threshold)%R
        ∧ composite_state_sub_projection IM
            (elements selection_complement) s =
          composite_state_sub_projection IM
            (elements selection_complement)
            (original_state bs)
          ∧ finite_trace_sub_projection IM
              (elements selection_complement) tr =
            finite_trace_sub_projection IM
              (elements selection_complement)
              (pre_VLSM_embedding_finite_trace_project
                 Limited (composite_type IM)
                 Datatypes.id original_state btr)
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
(∃ (bs : state Limited) 
   (btr : list transition_item) 
   (selection_vs : Cv),
   let selection := set_map A selection_vs in
   let selection_complement :=
     list_to_set (enum index) ∖ selection in
   finite_valid_trace Limited bs btr
   ∧ state_annotation (finite_trace_last bs btr)
     ⊆ selection_vs
     ∧ (sum_weights selection_vs <= threshold)%R
       ∧ composite_state_sub_projection IM
           (elements selection_complement) s =
         composite_state_sub_projection IM
           (elements selection_complement)
           (original_state bs)
         ∧ finite_trace_sub_projection IM
             (elements selection_complement) tr =
           finite_trace_sub_projection IM
             (elements selection_complement)
             (pre_VLSM_embedding_finite_trace_project
                Limited 
                (composite_type IM) Datatypes.id
                original_state btr))
→ limited_byzantine_trace_prop IM threshold A sender s
    tr
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
limited_byzantine_trace_prop IM threshold A sender s
  tr
→ ∃ (bs : state Limited) (btr : list transition_item) 
    (selection_vs : Cv),
    let selection := set_map A selection_vs in
    let selection_complement :=
      list_to_set (enum index) ∖ selection in
    finite_valid_trace Limited bs btr
    ∧ state_annotation (finite_trace_last bs btr)
      ⊆ selection_vs
      ∧ (sum_weights selection_vs <= threshold)%R
        ∧ composite_state_sub_projection IM
            (elements selection_complement) s =
          composite_state_sub_projection IM
            (elements selection_complement)
            (original_state bs)
          ∧ finite_trace_sub_projection IM
              (elements selection_complement) tr =
            finite_trace_sub_projection IM
              (elements selection_complement)
              (pre_VLSM_embedding_finite_trace_project
                 Limited (composite_type IM)
                 Datatypes.id original_state btr) intros (byzantine & Hlimited & Hbyzantine).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbyzantine: fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine) A sender s tr
∃ (bs : state Limited) (btr : list transition_item) 
  (selection_vs : Cv),
  let selection := set_map A selection_vs in
  let selection_complement :=
    list_to_set (enum index) ∖ selection in
  finite_valid_trace Limited bs btr
  ∧ state_annotation (finite_trace_last bs btr)
    ⊆ selection_vs
    ∧ (sum_weights selection_vs <= threshold)%R
      ∧ composite_state_sub_projection IM
          (elements selection_complement) s =
        composite_state_sub_projection IM
          (elements selection_complement)
          (original_state bs)
        ∧ finite_trace_sub_projection IM
            (elements selection_complement) tr =
          finite_trace_sub_projection IM
            (elements selection_complement)
            (pre_VLSM_embedding_finite_trace_project
               Limited (composite_type IM)
               Datatypes.id original_state btr)
    apply lift_fixed_byzantine_traces_to_limited in Hbyzantine
       as [Hbtr Heqv_byzantine] ; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
∃ (bs : state Limited) (btr : list transition_item) 
  (selection_vs : Cv),
  let selection := set_map A selection_vs in
  let selection_complement :=
    list_to_set (enum index) ∖ selection in
  finite_valid_trace Limited bs btr
  ∧ state_annotation (finite_trace_last bs btr)
    ⊆ selection_vs
    ∧ (sum_weights selection_vs <= threshold)%R
      ∧ composite_state_sub_projection IM
          (elements selection_complement) s =
        composite_state_sub_projection IM
          (elements selection_complement)
          (original_state bs)
        ∧ finite_trace_sub_projection IM
            (elements selection_complement) tr =
          finite_trace_sub_projection IM
            (elements selection_complement)
            (pre_VLSM_embedding_finite_trace_project
               Limited (composite_type IM)
               Datatypes.id original_state btr)
    eexists _, _, byzantine; do 3 (split; [done |]); split.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (original_state
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) s);
       state_annotation := `inhabitant
     |})
message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project Limited
     (composite_type IM) Datatypes.id original_state
     (msg_dep_annotate_trace_with_equivocators IM
        full_message_dependencies sender
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ 
                     set_map A byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (finite_trace_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) tr))))
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (original_state
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) s);
       state_annotation := `inhabitant
     |}) extensionality sub_i; destruct_dec_sig sub_i i Hi Heqsub_i; subst; cbn.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) i
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  s (dexist i Hi) =
lift_sub_state IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (composite_state_sub_projection IM
     (elements
        (list_to_set (enum index)
         ∖ set_map A byzantine)) s) i
      unfold lift_sub_state.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
i: index
Hi: sub_index_prop
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) i
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  s (dexist i Hi) =
lift_sub_state_to IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (λ n : index, `(vs0 (IM n)))
  (composite_state_sub_projection IM
     (elements
        (list_to_set (enum index)
         ∖ set_map A byzantine)) s) i
      by rewrite (lift_sub_state_to_eq _ _ _ _ _ Hi).
    +message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace Limited
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project Limited
     (composite_type IM) Datatypes.id original_state
     (msg_dep_annotate_trace_with_equivocators IM
        full_message_dependencies sender
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ set_map A byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (finite_trace_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) tr)))) subst Limited.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace
  (msg_dep_limited_equivocation_vlsm IM
     threshold full_message_dependencies sender)
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     (msg_dep_limited_equivocation_vlsm IM threshold
        full_message_dependencies sender)
     (composite_type IM) Datatypes.id original_state
     (msg_dep_annotate_trace_with_equivocators IM
        full_message_dependencies sender
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ set_map A byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (finite_trace_sub_projection IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)) tr))))
      rewrite msg_dep_annotate_trace_with_equivocators_project.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
byzantine: Cv
Hlimited: (sum_weights byzantine <= threshold)%R
Hbtr: finite_valid_trace
  (msg_dep_limited_equivocation_vlsm IM
     threshold full_message_dependencies sender)
  {|
    original_state :=
      lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s);
    state_annotation := `inhabitant
  |}
  (msg_dep_annotate_trace_with_equivocators IM
     full_message_dependencies sender
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (composite_state_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) s))
     (pre_VLSM_embedding_finite_trace_project
        (composite_type
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine))))
        (composite_type IM)
        (lift_sub_label IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (lift_sub_state IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (finite_trace_sub_projection IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)) tr)))
Heqv_byzantine: state_annotation
  (finite_trace_last
     {|
       original_state :=
         lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s);
       state_annotation :=
         `inhabitant
     |}
     (msg_dep_annotate_trace_with_equivocators
        IM full_message_dependencies
        sender
        (lift_sub_state IM
           (elements
              (list_to_set
                 (enum index)
               ∖ set_map A byzantine))
           (composite_state_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) s))
        (pre_VLSM_embedding_finite_trace_project
           (composite_type
              (sub_IM IM
                 (elements
                    (list_to_set
                      (enum index)
                     ∖ 
                     set_map A
                      byzantine))))
           (composite_type IM)
           (lift_sub_label IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (lift_sub_state IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)))
           (finite_trace_sub_projection
              IM
              (elements
                 (list_to_set
                    (enum index)
                  ∖ set_map A
                      byzantine)) tr))))
⊆ byzantine
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index) ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     (composite_type
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine))))
     (composite_type IM)
     (lift_sub_label IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)))
     (lift_sub_state IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)))
     (finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)) tr))
      by symmetry; apply composite_trace_sub_projection_lift.
  -message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
(∃ (bs : state Limited) (btr : list transition_item) 
   (selection_vs : Cv),
   let selection := set_map A selection_vs in
   let selection_complement :=
     list_to_set (enum index) ∖ selection in
   finite_valid_trace Limited bs btr
   ∧ state_annotation (finite_trace_last bs btr)
     ⊆ selection_vs
     ∧ (sum_weights selection_vs <= threshold)%R
       ∧ composite_state_sub_projection IM
           (elements selection_complement) s =
         composite_state_sub_projection IM
           (elements selection_complement)
           (original_state bs)
         ∧ finite_trace_sub_projection IM
             (elements selection_complement) tr =
           finite_trace_sub_projection IM
             (elements selection_complement)
             (pre_VLSM_embedding_finite_trace_project
                Limited (composite_type IM)
                Datatypes.id original_state btr))
→ limited_byzantine_trace_prop IM threshold A sender s
    tr intros (bs & btr & byzantine & Hbtr & Heqv_byzantine & Hlimited & His_pr & Htr_pr).message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Hbtr: finite_valid_trace Limited bs btr
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs)
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr)
limited_byzantine_trace_prop IM threshold A sender s
  tr
    exists byzantine; split; [done |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Hbtr: finite_valid_trace Limited bs btr
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs)
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr)
fixed_byzantine_trace_alt_prop IM
  (set_map A byzantine) A sender s tr
    eapply VLSM_incl_finite_valid_trace
    ; [by apply fixed_non_equivocating_incl_fixed_non_byzantine |].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Hbtr: finite_valid_trace Limited bs btr
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs)
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr)
finite_valid_trace
  {|
    vlsm_type :=
      composite_vlsm
        (sub_IM IM
           (elements
              (list_to_set (enum index)
               ∖ set_map A byzantine)))
        (NoEquivocation.no_equivocations_additional_constraint_with_preloaded
           (sub_IM IM
              (elements
                 (list_to_set (enum index)
                  ∖ set_map A byzantine)))
           (free_constraint
              (sub_IM IM
                 (elements
                    (list_to_set (enum index)
                     ∖ set_map A byzantine))))
           (fixed_set_signed_message IM
              (set_map A byzantine) A sender));
    vlsm_machine :=
      pre_induced_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine))
        (fixed_equivocation_constraint IM
           (set_map A byzantine))
  |}
  (composite_state_sub_projection IM
     (elements
        (list_to_set (enum index)
         ∖ set_map A byzantine)) s)
  (finite_trace_sub_projection IM
     (elements
        (list_to_set (enum index)
         ∖ set_map A byzantine)) tr)
    apply fixed_non_equivocating_traces_char.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Hbtr: finite_valid_trace Limited bs btr
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs)
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr)
∃ (eis : state
           (fixed_equivocation_vlsm_composition IM
              (set_map A byzantine))) (etr : list
                                               transition_item),
  finite_valid_trace
    (fixed_equivocation_vlsm_composition IM
       (set_map A byzantine)) eis etr
  ∧ composite_state_sub_projection IM
      (elements
         (list_to_set (enum index)
          ∖ set_map A byzantine)) eis =
    composite_state_sub_projection IM
      (elements
         (list_to_set (enum index)
          ∖ set_map A byzantine)) s
    ∧ finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)) etr =
      finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)) tr
    symmetry in His_pr, Htr_pr.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Hbtr: finite_valid_trace Limited bs btr
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs) =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr) =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr
∃ (eis : state
           (fixed_equivocation_vlsm_composition IM
              (set_map A byzantine))) (etr : list
                                               transition_item),
  finite_valid_trace
    (fixed_equivocation_vlsm_composition IM
       (set_map A byzantine)) eis etr
  ∧ composite_state_sub_projection IM
      (elements
         (list_to_set (enum index)
          ∖ set_map A byzantine)) eis =
    composite_state_sub_projection IM
      (elements
         (list_to_set (enum index)
          ∖ set_map A byzantine)) s
    ∧ finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)) etr =
      finite_trace_sub_projection IM
        (elements
           (list_to_set (enum index)
            ∖ set_map A byzantine)) tr
    eexists _, _; split; [| done].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Hbtr: finite_valid_trace Limited bs btr
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs) =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr) =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr
finite_valid_trace
  (fixed_equivocation_vlsm_composition IM
     (set_map A byzantine)) (original_state bs)
  (pre_VLSM_embedding_finite_trace_project Limited
     (composite_type IM) Datatypes.id original_state
     btr)
    eapply @msg_dep_fixed_limited_equivocation_witnessed in Hbtr as [_ Hbtr]; [| done..].message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs) =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr) =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr
Hbtr: finite_valid_trace
  (fixed_equivocation_vlsm_composition IM
     (set_map A
        (state_annotation
           (finite_trace_last bs btr))))
  (original_state bs)
  (pre_VLSM_embedding_finite_trace_project
     (msg_dep_limited_equivocation_vlsm IM
        threshold full_message_dependencies
        sender) (composite_type IM)
     Datatypes.id original_state btr)
finite_valid_trace
  (fixed_equivocation_vlsm_composition IM
     (set_map A byzantine)) (original_state bs)
  (pre_VLSM_embedding_finite_trace_project Limited
     (composite_type IM) Datatypes.id original_state
     btr)
    revert Hbtr; apply VLSM_incl_finite_valid_trace.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs) =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr) =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr
VLSM_incl_part
  (constrained_vlsm_machine (free_composite_vlsm IM)
     (fixed_equivocation_constraint IM
        (set_map A
           (state_annotation
              (finite_trace_last bs btr)))))
  (constrained_vlsm_machine (free_composite_vlsm IM)
     (fixed_equivocation_constraint IM
        (set_map A byzantine)))
    apply fixed_equivocation_vlsm_composition_index_incl.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs) =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr) =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr
elements
  (set_map A
     (state_annotation (finite_trace_last bs btr)))
⊆ elements (set_map A byzantine)
    intro; rewrite !elem_of_elements.message, index, Ci: Type
H: ElemOf index Ci
H0: Empty Ci
H1: Singleton index Ci
H2: Union Ci
H3: Intersection Ci
H4: Difference Ci
H5: Elements index Ci
EqDecision0: EqDecision index
H6: FinSet index Ci
H7: finite.Finite index
IM: index → VLSM message
H8: ∀ i : index, HasBeenSentCapability (IM i)
H9: ∀ i : index, HasBeenReceivedCapability (IM i)
threshold: R
validator, Cv: Type
Hm: Measurable validator
H10: ElemOf validator Cv
H11: Empty Cv
H12: Singleton validator Cv
H13: Union Cv
H14: Intersection Cv
H15: Difference Cv
H16: Elements validator Cv
EqDecision1: EqDecision validator
H17: FinSet validator Cv
H18: ReachableThreshold validator Cv threshold
H19: finite.Finite validator
Cm: Type
H20: ElemOf message Cm
H21: Empty Cm
H22: Singleton message Cm
H23: Union Cm
H24: Intersection Cm
H25: Difference Cm
H26: Elements message Cm
EqDecision2: EqDecision message
H27: FinSet message Cm
message_dependencies, full_message_dependencies: message → Cm
FullMessageDependencies0: FullMessageDependencies
  message_dependencies
  full_message_dependencies
H28: ∀ i : index,
  MessageDependencies (IM i)
    message_dependencies
sender: message → option validator
A: validator → index
Inj0: Inj eq eq A
Limited:= msg_dep_limited_equivocation_vlsm IM
  threshold full_message_dependencies sender: VLSM message
no_initial_messages_in_IM: no_initial_messages_in_IM_prop
  IM
Hchannel: channel_authentication_prop IM A sender
Hvalidator: ∀ i : index,
  msg_dep_limited_equivocation_message_validator_prop
    IM threshold
    full_message_dependencies sender i
Hfull: ∀ i : index,
  message_dependencies_full_node_condition_prop
    (IM i) message_dependencies
s: composite_state IM
tr: list (composite_transition_item IM)
bs: state Limited
btr: list transition_item
byzantine: Cv
Heqv_byzantine: state_annotation
  (finite_trace_last bs btr)
⊆ byzantine
Hlimited: (sum_weights byzantine <= threshold)%R
His_pr: composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (original_state bs) =
composite_state_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) s
Htr_pr: finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine))
  (pre_VLSM_embedding_finite_trace_project
     Limited (composite_type IM) Datatypes.id
     original_state btr) =
finite_trace_sub_projection IM
  (elements
     (list_to_set (enum index)
      ∖ set_map A byzantine)) tr
x: index
x
∈ set_map A
    (state_annotation (finite_trace_last bs btr))
→ x ∈ set_map A byzantine
    by apply set_map_mono.
Qed.

End sec_msg_dep_limited_byzantine_traces.