Results 1 
2 of
2
A Formal Model of Asynchronous Communication and Its Use in Mechanically Verifying a Biphase Mark Protocol
 Formal Aspects of Computing
, 1992
"... In this paper we present a formal model of asynchronous communication as a function in the BoyerMoore logic. The function transforms the signal stream generated by one processor into the signal stream consumed by an independently clocked processor. This transformation "blurs" edges and "dilates" ti ..."
Abstract

Cited by 36 (5 self)
 Add to MetaCart
In this paper we present a formal model of asynchronous communication as a function in the BoyerMoore logic. The function transforms the signal stream generated by one processor into the signal stream consumed by an independently clocked processor. This transformation "blurs" edges and "dilates" time due to differences in the phases and rates of the two clocks and the communications delay. The model can be used quantitatively to derive concrete performance bounds on asynchronous communications at ISO protocol level 1 (physical level). We develop part of the reusable formal theory that permits the convenient application of the model. We use the theory to show that a biphase mark protocol can be used to send messages of arbitrary length between two asynchronous processors. We study two versions of the protocol, a conventional one which uses cells of size 32 cycles and an unconventional one which uses cells of size 18. Our proof of the former protocol requires the ratio of the clock rates of the two processors to be within 3% of unity. The unconventional biphase mark protocol permits the ratio to vary by 5%. At nominal clock rates of 20MHz, the unconventional protocol allows transmissions at a burst rate of slightly over 1MHz. These claims are formally stated in terms of our model of asynchrony; the proofs of the claims have been mechanically checked with the BoyerMoore theorem prover, NQTHM. We conjecture that the protocol can be proved to work under our model for smaller cell sizes and more divergent clock rates but the proofs would be harder. Known inadequacies of our model include that (a) distortion due to the presence of an edge is limited to the time span of the cycle during which the edge was written, (b) both clocks are assumed to be linear functions of time (i....
Proof checking the RSA public key encryption algorithm
 American Mathematical Monthly
, 1984
"... The authors describe the use of a mechanical theoremprover to check the published proof of the invertibility of the public key encryption algorithm of Rivest, Shamir and Adleman: (M mod n) mod N=M, provided n is the product of two distinct primes p and q, M
Abstract

Cited by 22 (9 self)
 Add to MetaCart
The authors describe the use of a mechanical theoremprover to check the published proof of the invertibility of the public key encryption algorithm of Rivest, Shamir and Adleman: (M mod n) mod N=M, provided n is the product of two distinct primes p and q, M<n, and e and d are multiplicative inverses in the ring of integers modulo (p1)*(q1). Among the lemmas proved mechanically and used in the main proof are many familiar theorems of number theory, including Fermatâ€™s theorem: M mod p=1, when p M. The axioms underlying the proofs are those of Peano arithmetic and ordered pairs. The development of mathematics toward greater precision has led, as is well known, to the formalization of large tracts of it, so that one can prove any theorem using nothing but a few mechanical rules. Godel [11] But formalized mathematics cannot in practice be written down in full, and therefore we must have confidence in what might be called the common sense of the mathematician... We shall therefore very quickly abandon formalized mathematics... Bourbaki [1] 1.