The Logic of Secrets LAMAS 2020, 8 May 2020 Thomas gotnes - - PowerPoint PPT Presentation

The Logic of Secrets

LAMAS 2020, 8 May 2020 Thomas Ågotnes University of Bergen, Norway Southwest University (SWU), China Zuojun Xiong, SWU Yuzhi Zhang, SWU

Secrets

• Of fundamental importance in, e.g.,
• safety and security
• cryptography
• authentication
• access control
• …
• (and in business and politics and romance and..)

What is a secret?

• “a piece of knowledge that is hidden and intended to be

kept hidden” (Wiktionary)

• “a piece of information that is only known by one person
• r a few people and should not be told to
• thers” (Cambridge Dictionary)
• “something that is kept or meant to be kept unknown or

unseen by others” (Oxford English Dictionary)

• “something kept from the knowledge of others” (Merriam-

Webster)

What is a secret?

• “a piece of knowledge that is hidden and intended to be

kept hidden” (Wiktionary)

• “a piece of information that is only known by one person
• r a few people and should not be told to
• thers” (Cambridge Dictionary)
• “something that is kept or meant to be kept unknown or

unseen by others” (Oxford English Dictionary)

• “something kept from the knowledge of others” (Merriam-

Webster) Fundamentally about knowledge and ignorance

In this paper we

• Formalise secrets (more precisely: secretly knowing)
• Using the standard framework for reasoning about

knowledge and ignorance: modal epistemic logic

• Key question: what are the (epistemic) properties of

secretly knowing?

• Introduce a modality for secretly knowing and study its

properties Saϕ a secretly knows ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

(2’) a knows that any other agent b does not know ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

Ka V

b6=a ¬Kbϕ

(2’) a knows that any other agent b does not know ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

Ka V

b6=a ¬Kbϕ

(2’) a knows that any other agent b does not know ϕ (2”) a knows that any other agent b does not know whether ϕ

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

Ka V

b6=a ¬Kbϕ

(2’) a knows that any other agent b does not know ϕ (2”) a knows that any other agent b does not know whether ϕ Ka V

b6=a(¬Kbϕ∧¬Kb¬ϕ)

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

Ka V

b6=a ¬Kbϕ

(2’) a knows that any other agent b does not know ϕ (2”) a knows that any other agent b does not know whether ϕ Ka V

b6=a(¬Kbϕ∧¬Kb¬ϕ)

Necessary epistemic conditions for secretly knowing

a secretly knows ϕ (1) a knows ϕ Kaϕ (2) any other agent b does not know ϕ V

b6=a ¬Kbϕ

Ka V

b6=a ¬Kbϕ

(2’) a knows that any other agent b does not know ϕ (2”) a knows that any other agent b does not know whether ϕ Ka V

b6=a(¬Kbϕ∧¬Kb¬ϕ)

Kaϕ ∧ Ka V

b6=a ¬Kbϕ

The secretly-knowing modality

ϕ ::= p | ¬ϕ | (ϕ ∧ ϕ) | Kaϕ | Saϕ LSK:

The secretly-knowing modality

∼a⊆ W × W eq. rel., V : W → 2Prop

Epistemic model: M = (W, ∼, V )

ϕ ::= p | ¬ϕ | (ϕ ∧ ϕ) | Kaϕ | Saϕ LSK:

The secretly-knowing modality

∼a⊆ W × W eq. rel., V : W → 2Prop

Epistemic model: M = (W, ∼, V )

ϕ ::= p | ¬ϕ | (ϕ ∧ ϕ) | Kaϕ | Saϕ LSK: M, w | = p iff w 2 V (p). M, w | = ¬ϕ iff M, w 6| = ϕ. M, w | = ϕ ^ ψ iff M, w | = ϕ and M, w | = ψ. M, w | = Kaϕ iff 8w0 2 W, if w⇠aw0, then M, w0 | = ϕ. M, w | = Saϕ iff 8w0⇠aw M, w0 | = ϕ and 8b 6= a, 9u⇠bw0 M, u | = ¬ϕ.

The secretly-knowing modality

∼a⊆ W × W eq. rel., V : W → 2Prop

Epistemic model: M = (W, ∼, V )

ϕ ::= p | ¬ϕ | (ϕ ∧ ϕ) | Kaϕ | Saϕ LSK: Have that: M, w | = Saϕ ⇔ M, w | = Kaϕ ∧ Ka V

b6=a ¬Kbϕ

M, w | = p iff w 2 V (p). M, w | = ¬ϕ iff M, w 6| = ϕ. M, w | = ϕ ^ ψ iff M, w | = ϕ and M, w | = ψ. M, w | = Kaϕ iff 8w0 2 W, if w⇠aw0, then M, w0 | = ϕ. M, w | = Saϕ iff 8w0⇠aw M, w0 | = ϕ and 8b 6= a, 9u⇠bw0 M, u | = ¬ϕ.

The secretly-knowing modality

∼a⊆ W × W eq. rel., V : W → 2Prop

Epistemic model: M = (W, ∼, V )

M, w | = p iff w 2 V (p). M, w | = ¬ϕ iff M, w 6| = ϕ. M, w | = ϕ ^ ψ iff M, w | = ϕ and M, w | = ψ. M, w | = Kaϕ iff 8w0 2 W, if w⇠aw0, then M, w0 | = ϕ. M, w | = Saϕ iff 8w0⇠aw M, w0 | = ϕ and 8b 6= a, 9u⇠bw0 M, u | = ¬ϕ. ψ ::= p | ¬ψ | (ψ ∧ ψ) | Saψ LS:

Properties of secretly knowing: interaction axioms

Interaction axioms for Sa and Ka (S) Saϕ $ Kaϕ ^ Ka ⇣V

b6=a ¬Kbϕ

⌘

• Def. of Sa

(4SK) Saϕ ! KaSaϕ Positive secret knowledge introspection (5SK) ¬Saϕ ! Ka¬Saϕ Negative secret knowledge introspection (P) Saϕ ! (Kaϕ ^ ¬Kbϕ) Secret privacy (NKS) ¬KbSaϕ Secret unknowability (NSK1) ¬SaKbϕ Knowledge is no secret (NSK2) ¬Sa¬Kbϕ Ignorance is no secret (NC) KaSaϕ _ Ka¬Saϕ Secret neg. completeness (a 6= b)

Properties of secretly knowing: interaction axioms between agents

Interaction axioms for Sa and Sb (Ex1) Saϕ → ¬Sbϕ Secret exclusivity (Ex2) Sa¬Saϕ → ¬Sb¬Sbϕ Higher-order secret exclusivity (N1) ¬SaSbϕ No secret secrets (N2) ¬Sa¬Sbϕ No secret non-secrets

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| =

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

(RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

6| =Sa(ϕ ^ ψ) ! Saϕ (RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

6| =Sa(ϕ ^ ψ) ! Saϕ (RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

6| =Sa(ϕ ^ ψ) ! Saϕ K+C+RE = ECK = the weakest non-normal modal logic with neighbourhood semantics (RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

6| =Sa(ϕ ^ ψ) ! Saϕ K+C+RE = ECK = the weakest non-normal modal logic with neighbourhood semantics M, w | = Saϕ iff 8w0⇠aw M, w0 | = ϕ and 8b 6= a 9u⇠bw0 M, u | = ¬ϕ. (RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

6| =Sa(ϕ ^ ψ) ! Saϕ K+C+RE = ECK = the weakest non-normal modal logic with neighbourhood semantics (RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ

Properties of secretly knowing: basic principles

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

(5) ¬Saϕ → Sa¬Saϕ 6| = (Nec) | = ϕ ⇒ | = Saϕ 6)

6| =¬Sa(ϕ ! ψ) ! (¬Saϕ ! ¬Saψ) 6| =¬Sa¬(ϕ ! ψ) ! (¬Sa¬ϕ ! ¬Sa¬ψ)

6| =Sa(ϕ ^ ψ) ! Saϕ K+C+RE = ECK = the weakest non-normal modal logic with neighbourhood semantics (RM) | = ϕ ! ψ 6) | = Saϕ ! Saψ Sa is a ECKT4-modality

Towards completeness

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

Towards completeness

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

Conjecture: The language with a single Sa modality is completely axiomatised by ECKT4+⊤

Towards completeness

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

Conjecture: The language with a single Sa modality is completely axiomatised by ECKT4+⊤ Existing results: ECK: completeness proof (for neighbourhood semantics) by van der Putte and McNamara currently under submission ECK4: non-trival extension

Towards completeness

Axioms for Sa (K) Sa(ϕ ! ψ) ! (Saϕ ! Saψ) Secret distribution (T) Saϕ ! ϕ Secret veridicality (4) Saϕ ! SaSaϕ Secret introspection (C) (Saϕ ^ Saψ) ! Sa(ϕ ^ ψ) Secret combination (D) Saϕ ! ¬Sa¬ϕ Secrets partiallity (>) ¬Sa> No tautological secrets (?) ¬Sa? No contradictory secrets Rules for Sa (RE) From ϕ $ ψ infer Saϕ $ Saψ Replacement of equivalents (Nnec) From ϕ infer ¬Saϕ Negative necessitation (Dnec) From ϕ infer ¬Sa¬ϕ Diamond necessitation

Conjecture: The language with a single Sa modality is completely axiomatised by ECKT4+⊤

Related work

• Gossip protocols (Attamah et al., 2014; Apt et al., 2016;

Attamah et al., 2017; Apt et al., 2018)

• Modal logics of access control (Abadi et al., 1993; Abadi,

2003; Garg and Abadi, 2008; Aceto et al., 2010; Fong, 2011)

• Secrets most often taken as a primary notion rather than

derived from more primitive models of knowledge

• E.g., Attamah et al. 2014/2017:

a knows the secret of b: KaB ∨ Ka¬B

Common knowledge, belief, and dynamics of lying (suggestion from reviewer)

C{a,b}(Kaϕ ∧ ¬Kbϕ)

Common knowledge, belief, and dynamics of lying (suggestion from reviewer)

C{a,b}(Kaϕ ∧ ¬Kbϕ) C{a,b}(Ba¬ϕ ∧ ¬Bb¬ϕ)

• precond. for ”a is lying to b”

(van Ditmarsch, 2013)

Common knowledge, belief, and dynamics of lying (suggestion from reviewer)

C{a,b}(Kaϕ ∧ ¬Kbϕ) 6| = Saϕ ! C{a,b}(Ba¬ϕ ∧ ¬Bb¬ϕ)

• precond. for ”a is lying to b”

(van Ditmarsch, 2013)

Road ahead

• Generalisation: “…known by a few people…”
• Group knowledge
• Secrets vs. mysteries
• We abstracted away all non-epistemic properties of

secrets, such as intention

• “…intended to be kept hidden…”