Labelled Natural Deduction for Public Announcement Logic with Common Knowledge

Public announcement logic is a logic that studies epistemic updates. In this paper, we propose a sound and complete labelled natural deduction system for public announcement logic with the common knowledge operator (PAC). The completeness of the proposed system is proved indirectly through a Hilbert calculus for PAC known to be complete and sound. We conclude with several discussions regarding the system including some problems of the system in attaining normalisation and subformula property.


Introduction
An agent's knowledge over a proposition may be updated when new information is given. Public announcement logic (PAL) is a logic that formalises the notion of this epistemic updates. The common knowledge operator on the other hand is an operator that attempts to formalise the notion of common or mutual knowledge among a group of agents. One can understand the common knowledge of proposition A as everyone knowing that A, everyone knowing that everyone knowing that A, and so on ad infinitum. The interaction between public announcement and common knowledge helps us understand the dynamic of (common) knowledge of a group in social interaction. One significant implication of understanding the dynamic of (common) knowledge may be realised in cryptography, particularly cryptographic protocol, as the information in a protocol is dynamic and the common knowledge of a piece of information between, say, two agents might be required to be achieved in a protocol.
We assume here that public announcement logic with common knowledge (PAC) is a multi-modal extension of the modal logic S5 and that an announced formula is always true. Several proof systems have been proposed for PAL: a display calculus [1], sequent calculi [2][3][4], a tableau calculus [5], and a Hilbert calculus [6]. The proposed proof systems for (normal) modal logics with the common knowledge operator, on the other hand, are for example the Tait calculus of [7][8][9] and the hypersequent calculus of [10]. So far, all known proof systems for the logic with the interaction of public announcement and common knowledge are formulated as Hilbert calculi for example the Hilbert calculus for public announcement logic with common knowledge (PAC) of [6].
In this paper, we propose a labelled natural deduction for public announcement logic with common knowledge (NPAC). We begin by presenting the syntax of PAC in which there are two types of formula: labelled and relational formulas. The Kripke semantics of the logic is based on the notion of a restricted model that gives meaning to an indexed or updated formula. Then, we present the labelled natural deduction for PAC. Its soundness is proved by translating PAC into NPAC. Finally, we discuss the assumption that we made regarding the announcement being always true and some difficulties of some of the rules that are needed to be resolved for NPAC to be normalisable and to satisfy the subformula property.

Syntax
We assume a countably infinite set of atomic propositions p, q, r, . . . , a set W of worlds x, y, z, . . . , a finite set G of agent-symbols a, b, c, . . . ; and corresponding knowledge operators K a , K b , K c , . . . and finite set R G of binary relation symbols R a , R b , R c , . . . . We assume also sets of agent-symbols − → a , − → a 1 , − → a 2 . . . ; and corresponding group knowledge operators E− → a , E− → a 1 , E− → a 2 , . . . and common knowledge operators C− → a , C− → a 1 , C− → a 2 , . . . . We use the sequence notation for a set of agent-symbols for brevity and it should intuitively be understood as an occurrence-insensitive, unordered sequence of agent-symbols as it should be in a set. For example, if − → a = {a, b, c} then instead of writing E {a,b,c} A and C {a,b,c} A we occasionally write E abc A and C abc A. Finally, we assume a transitive closure symbol * , a falsum symbol ⊥, an implication operator ⊃, and a binary announcement operator [A]B for arbitrary basic formulas A and B defined below.
A basic formula A is defined by the following scheme ¬A is defined as A ⊃⊥ and other propositional operators are defined in the obvious manner. Besides basic formulas, there are two forms of formula in PAC: labelled and relational formulas.
A labelled formula is of the form x : − → F here is added as an index to keep track of the world updates in the syntax. For brevity, we use "formula" for labelled or relational formulas A , B, C , . . . ; or basic formulas A, B, C, . . . . Whichever the situation is, it can be easily understood by the script or the non-script font used.

Semantics
A Kripke model for PAC is a structure M = W, R G , V such that W is a non-empty finite set of worlds, R G = a∈G R a where R a is an equivalence relation on W, and V : W × P → {0, 1} is a valuation function that for every pair of world x and atomic proposition p yields the truth value of p at x.
Let M be a Kripke model and A a basic formula. A restricted Kripke model for PAC is a structure A} is a non-empty finite set of worlds, Let R− → a = a∈ − → a R a and R * be the transitive closure of a relation R. Truth for a formula A in a model M − → is defined by main induction on the length of − → F 1 with side induction on the complexity of A : for every x ∈ W and every pair of sequences of formulas − → F 1 and − → F 2 .
x : ..a n y. 5. If M xR − → F a 1 ...a n y and, for every ..a n . Therefore M xR − → F a 1 ...a n y. 5. Suppose that the antecedent is true. Then, (x, y) ∈ R − → F a 1 ...a n = a i ∈{a 1 ,...,a n } R Suppose that, for an arbitrary M and an arbitrary n ≥ 1, M xR In other words, for every natural number n there are no z 1 , z 2 , . . . , and z n such that (x, − → a y for some natural number n. Therefore, by the third supposition, M A . Hence, from either of the two cases, M A .

Hilbert Axiomatisation
The sound and complete Hilbert calculus PAC consists of the following axioms and rules [6]:

Labelled Natural Deduction for PAC
As we are internalising the worlds into the logic, we would of course want to exploit the behaviour of the relation between the worlds into NPAC from which we can introduce the common knowledge operator. While other proof systems introduce the common knowledge operator from the group knowledge operator, we want to introduce the common knowledge operator in a way that reflects the semantics where we use the transitive closure of a relation. Now, to introduce the transitive closure of a relation (R − → F − → a ) * we can use the following property: exists a natural number n, z 1 , . . . , and z n such that xR [6]. However, this is problematic since the natural number n is arbitrary. We resolve this by using infinitely many introduction rules of (R − → F − → a ) * and a corresponding elimination rule with infinitely many minor premises. One can observe that by using infinitely many premises in the (R Table 1 we exhaust all possible number of worlds that connect the world x and y in a way similar to that in which we exhaust all individual constants in first-order logic by using an ω-rule for existential elimination. Labelled natural deduction for PAC (NPAC) consists of the rules in Tables 1-5. Note that the standard introduction and elimination rules for conjunction ∧ and disjunction ∨ are derivable from those for ⊃ and ⊥ in the obvious way. In the sequel, we will make use of some of them to shorten some derivations, in particular of those for conjunction: ∧I, ∧E 1 , and ∧E 2 . We let p in the atom rules A I, A E 1 , and A E 2 to be either a propositional formula or ⊥. To capture the arbitrariness of y, we impose y as an eigenvariable respectively in the K a I, E− → a I, and C− → a I rules. Similarly, we impose z 1 , . . . , z n for every n ≥ 1 as eigenvariables in the (R− → a ) * E rule. As usual, we assume a formula in square brackets to indicate a discharged assumption. Each discharged assumption can be discharged zero or multiple times by each application of a rule. The subscript n in the symbol z n in Table 1 can be understood as the number of worlds that connect the world x to y.
Note that R− → a has a finite number, n, of introduction rules according to the number of agents in − → a and a corresponding elimination rule with n minor premises. On the other hand, (R− → a ) * has infinitely many introduction rules and a corresponding elimination rule with infinitely many minor premises, thereby making the derivations in the system to be trees with possibly infinitely many branches where each branch is, however, always finite in length.     Table 5. Composition rules for NPAC.

Reductio ad Absurdum
x : We write Γ A to mean that there is a derivation Π of a labelled or relational formula A in which all undischarged assumptions belong to the set of labelled or relational formula Γ. One can refer to [11] for more details on the notion of derivation in natural deduction in general.
The following are needed for the completeness proof.
and similarly for Π n for every n ≥ 1 but with [xR − → a z] 2 as its top most formulas.

Soundness and Completeness
Theorem 1 (Soundness). Let Γ ∪ A be a set of formulas. NPAC is sound (i.e., Γ A implies Γ A ).
Proof. From the semantic definition, Proposition 2, and Proposition 3, it is easy to see that all NPAC rules are truth-preserving rules. The proof proceeds by induction over the number of applications of rules in the deduction Π of A . Theorem 2 (Completeness). Let ∆ ∪ A be a set of formulas. NPAC is complete (i.e., ∆ A implies ∆ A).

Proof. We prove completeness by showing that all axioms and rules of PAC are derivable in NPAC.
As PAC is complete, it follows that NPAC is also complete. There are 17 axioms and rules needed to be shown to be derivable from NPAC. Observe that the axioms of PAC of the form "A" are captured by the derivability of x : − → F A in NPAC where x and − → F are arbitrary and that rules of PAC of the form "from A, B, C, . . . , infer D" are captured by showing that the derivability of x 1 : In the following proof, we let the world x and the sequence of formulas − → F to be arbitrary. We remove the − → F in the following proof (except in 16) without loss of generality. One can refer the proof for S5 axioms and rules (i.e., 1,2,3,4,5,13,14) in [12]. The following is the rest of the proof.
6. Atomic permanence. For one direction, For the other direction, For the other direction, 9. Announcement and knowledge. For one direction, For the other direction, 10. Announcement composition. For one direction, For the other direction, 12. Mix of common knowledge.
15. Necessitation of C− → a . Suppose that A. Then, y : A for every y ∈ W. Let Π be a derivation of y : A and x be an arbitrary world. Then: where Π 0 and Π n are respectively Note that although the soundness proof presented here establishes the validity of every derivable labelled or relational formula, the indirect completeness proof establishes only the derivability of every valid basic formula. In other words, we can at least sure that there is a derivation of a basic formula where it is true in every world given every update. Hence, we only establish weak completeness rather than strong completeness where all valid formulas (including relational and labelled) are derivable. There might still be a possibility of not having a derivation of a valid labelled formula where its basic formula is true in a specific world given a specific update, and a valid relational formula in general. One can refer to [13] for more discussion on weak and strong completeness in a labelled proof system.

Discussion
As we have stated in the introduction, we assume that the announcement made is always true. Public announcement logic with this assumption was initially proposed by Plaza in [14]. We can, however, make a weaker assumption by saying that an announcement can be either true or false, as done by Gerbrandy and Groenevel in [15]. There are several reasons why we allow an announcement to be false. One of them is that an announcement made in a social setting may not always be true. In a cryptographic perspective, for example, a piece of information announced by an agent is not always trustful. One can refer to [16] for more discussion on the differences between a Gerbrandy-Groenevel (GG) style public announcement logic and Plaza-style public announcement logic.
To obtain a labelled natural deduction system for PAC in GG-style, say, GG-NPAC, we therefore change the announcement rules [A]I and [A]E in NPAC as follows: x : Now, these rules make it harder to establish an announcement formula x : We will leave further investigations on GG-NPAC, especially on the interaction between common knowledge and announcement in GG-style, for future research. Now we will discuss several problems of NPAC in attaining normalisation and subformula property. At first glance, the rules of NPAC satisfy some principles laid down by proof-theoretic semantics [17,18]. Firstly, the rules are in harmony in the sense that everything that is required to introduce a formula is similar to everything that is obtained by eliminating that very formula. One possible way to see this is to observe that all rules follow almost identically the common pattern of propositional rules (e.g., the R − → F − → a rules resemble the disjunction rules but with n many rules for the introduction and n many minor premises in the elimination instead of two). Secondly, by properly defining the rank of a formula, which will involve an ordinal analysis considering that introducing the common knowledge operator may require infinite premises, we can see that every formula is introduced (eliminated) with a rank higher (lower) than the rank of the premise(s).
Another principle that is of main importance is normalisation. However, there are two main difficulties of showing the normalisation for NPAC. Firstly, the conclusion of an application of ⊥ rule may be the major premise of an elimination rule and such formula occurrences would violate the subformula property. However one can resolve this by introducing conversions involving the ⊥ rule as done in [19,20]. Nevertheless, to resolve this problem, one has to show the derivability of some formula x : The critical step marked by * can be justified however if we can show that ⊥ is global: if ⊥ is proved to be in one of the worlds (even the updated ones) then ⊥ is proved to be in all worlds (including the updated ones). The condition of ⊥ is global is then sufficient to introduce the conversions to resolve the problem mentioned above. Using a similar method as in [12], the globality of ⊥ can be obtained by using two different world symbols as shown in ⊥ rule in Table 2. The globality of ⊥ in NPAC is shown in the following Proposition 6 in the point number 5. 1. x : 1.
The second difficulty is connected with the composition rules. If one were to view that com 1 as an introduction rule and com 2 as an elimination rule they would seem to be in harmony (because we could define a conversion in an obvious way). However, the interaction of the composition rules with the rules for logical operators may introduce derivation like the following which obviously does not have the subformula property: Clearly, the formula x : B∧[B]C A 1 ∧ A 2 does not occur either in the conclusion nor in the premises but it is impossible to reduce Σ by the conventional conversions. Situation of this kind could be resolved by defining permutative conversion for the composition rules. Another possible solution perhaps is to show that the composition rules are indeed admissible in NPAC which we conjecture is to be the case. In fact, more generally, we conjecture the following proposition of which the problem of the composition rules is just a specific case.