# Strengthening Gossip Protocols using Protocol-Dependent Knowledge

Distributed dynamic gossip is a generalization of the classic telephone problem in which agents communicate to share secrets, with the additional twist that also telephone numbers are exchanged to determine who can call whom. Recent work focused on the success conditions of simple protocols such as "Learn New Secrets" (LNS) wherein an agent a may only call another agent b if a does not know b's secret. A protocol execution is successful if all agents get to know all secrets. On partial networks these protocols sometimes fail because they ignore information available to the agents that would allow for better coordination. We study how epistemic protocols for dynamic gossip can be strengthened, using epistemic logic as a simple protocol language with a new operator for protocol-dependent knowledge. We provide definitions of different strengthenings and show that they perform better than LNS, but we also prove that there is no strengthening of LNS that always terminates successfully. Together, this gives us a better picture of when and how epistemic coordination can help in the dynamic gossip problem in particular and distributed systems in general.

There are no comments yet.

## Authors

• 19 publications
• 4 publications
• 3 publications
• 2 publications
07/22/2019

### Open Problems in a Logic of Gossips

Gossip protocols are programs used in a setting in which each agent hold...
11/26/2020

### Everyone Knows that Everyone Knows: Gossip Protocols for Super Experts

A gossip protocol is a procedure for sharing secrets in a network. The b...
06/10/2016

### Simple epistemic planning: generalised gossiping

The gossip problem, in which information (known as secrets) must be shar...
07/27/2017

### Common Knowledge in a Logic of Gossips

Gossip protocols aim at arriving, by means of point-to-point or group co...
08/24/2018

### A Communication Protocol for Man-Machine Networks

One of the most challenging coordination problems in artificial intellig...
03/07/2017

### Vocabulary Alignment in Openly Specified Interactions

The problem of achieving common understanding between agents that use di...
09/16/2021

### BuDDI: A Declarative Bloom Language for CALM Programming

Coordination protocols help programmers of distributed systems reason ab...

## Code Repositories

### gossip

🗣️📞 Explicit Epistemic Model Checking for Dynamic Gossip

##### This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

## 1 Introduction

The so-called gossip problem is a problem about peer-to-peer information sharing: a number of agents each start with some private information, and the goal is to share this information among all agents, using only peer-to-peer communication channels [38]. For example, the agents could be autonomous sensors that need to pool their individual measurements in order to obtain a joint observation. Or the agents could be distributed copies of a database that can each be edited separately, and that need to synchronize with each other [18, 21, 28].

The example that is typically used in the literature, however, is a bit more frivolous: as the name suggests, the gossip problem is usually represented as a number of people gossiping [24, 16, 15]. This term goes back to the oldest sources on the topic, such as [6]. The gossip scenario gives us not only the name of the gossip problem, but also the names of some of the other concepts that are used: the private information that an agent starts out with is called that agent’s secret, the communication between two agents is called a telephone call and an agent is capable of contacting another agent if knows ’s telephone number.

These terms should not be taken too literally. Results on the gossip problem can, in theory, be used by people that literally just want to exchange gossip by telephone. But we model information exchange in general and ignore all other social and fun aspects of gossip among humans — although these aspects can also be modeled in epistemic logic [30].

For our framework, applications where artificial agents need to synchronize their information are much more likely. For example, recent ideas to improve cryptocurrencies like bitcoin and other blockchain applications focus on the peer-to-peer exchange (gossip) happening in such networks [36] or even aim to replace blockchains with directed graphs storing the history of communication [5]. Epistemic logic can shed new light on the knowledge of agents participating in blockchain protocols [22, 10].

There are many different sets of rules for the gossip problem [24]. For example, calls may be one-on-one, or may be conference calls. Multiple calls may take place in parallel, or must happen sequentially. Agents may only be allowed to exchange one secret per call, or exchange everything they know. Information may go both ways during a call, or only in one direction. We consider only the most commonly studied set of rules: calls are one-on-one, calls are sequential, and the callers exchange all the secrets they know. So if a call between and is followed by a call between and , then in the second call agent will also tell agent the secret of agent .

The goal of gossip is that every agent knows every secret. An agent who knows all secrets is called an expert, so the goal is to turn all agents into experts.

The classical gossip problem, studied in the 1970s, assumed a total communication network (anyone could call anyone else from the start), and focused on optimal call sequences, i.e. schedules of calls which spread all the secrets with a minimum number of calls, which happens to be for agents [38, 27]. Later, this strong assumption on the network of the gossiping agents was dropped, giving rise to studies on different network topologies (see [24] for a survey), with calls sufficing for most networks.

Unfortunately, these results about optimal call sequences only show that such call sequences exist. They do not provide any guidance to the agents about how to achieve an optimal call sequence. Effectively, these solutions assume a central scheduler with knowledge of the entire network, who will come up with an optimal schedule of calls, to be sent to the agents, who will eventually execute it in the correct order. Most results also rely upon synchrony so that agents can execute their calls at the appropriate time (i.e. after some calls have been made, and before some other calls are made).

The requirement that there be a central scheduler that tells the agents exactly what to do, is against the spirit of the peer-to-peer communication that we want to achieve. Computer science has shifted towards the study of distributed algorithms for the gossip problem [23, 29]. Indeed, the gossip problem becomes more natural without a central scheduler; the gossiping agents try to do their best with the information they have when deciding whom to call. Unfortunately, this can lead to sequences of calls that are redundant because they contain many calls that are uninformative in the sense that neither agent learns a new secret. Additionally, the algorithm may fail, i.e., it may deadlock, get stuck in a loop or terminate before all information has been exchanged.

For many applications it is not realistic to assume that every agent is capable of contacting every other agent. So we assume that every agent has a set of agents of which they “know the telephone number”, their neighbors, so to say, and that they are therefore able to contact. We represent this as a directed graph, with an edge from agent to agent if is capable of calling .

In classical studies, this graph is typically considered to be unchanging. In more recent work on dynamic gossip the agents exchange both the secrets and the numbers of their contacts, therefore increasing the connectivity of the network [16]. We focus on dynamic gossip. In distributed protocols for dynamic gossip all agents decide on their own whom to call, depending on their current information [16], or also depending on the expectation for knowledge growth resulting from the call [15]. The latter requires agents to represent each other’s knowledge, and thus epistemic logic.

Different protocols for dynamic gossip are successful in different classes of gossip networks. The main challenge in designing such a protocol is to find a good level of redundancy: we do not want superfluous calls, but the less redundant a gossip protocol, the easier it fails in particular networks. Another challenge is to keep the protocol simple. After all, a protocol that requires the agents to solve a computationally hard problem every time they have to decide whom to call next, would not be practical. There is also a trade-off between the content of the message of which a call consists, and the expected duration of gossip protocols. A nice example of that is [25], wherein the minimum number of calls to achieve the epistemic goal is reduced from quadratic to linear order, however at the price of more ‘expensive’ messages, not only exchanging secrets but also knowledge about secrets.

A well-studied protocol is “Learn New Secrets” (), in which agents are allowed to call someone if and only if they do not know the other’s secret. This protocol excludes redundant calls in which neither participant learns any new secrets. As a result of this property, all call sequences are finite. For small numbers of agents, it therefore has a shorter expected execution length than the “Any Call” () protocol that allows arbitrary calls at all times and thus allows infinite call sequences [14]. Additionally, it is easy for agents to check whom they are allowed to call when following . However, is not always successful. On some graphs it can terminate unsuccessfully, i.e. when some agents do not yet know all secrets. In particular there are graphs where the outcome depends on how the agents choose among allowed calls [16].

Fortunately, it turns out that failure of can often be avoided with some forethought by the calling agents. That is, if some of the choices available to the agents lead to success and other choices to failure, it is often possible for the agents to determine in advance which choices are the successful ones. This leads to the idea of strengthening a protocol. Suppose that is a protocol that, depending on the choices of the agents, is sometimes successful and sometimes unsuccessful. A strengthening of is an addition to that gives the agents guidance on how to choose among the options that gives them.

The idea is that such a strengthening can leave good properties of a protocol intact, while reducing the chance of failure. For example, any strengthening of will inherit the property that there are no redundant calls: It will still be the case that agents only call other agents if they do not know their secrets.

Let us illustrate this with a small example, also featuring as a running example in the technical sections (see Figure 1 on page 1). There are three agents . Agent knows the number of , and and know each other’s number. Calling agents exchange secrets and numbers, which may expand the network, and they apply the protocol, wherein you may only call other agents if you do not know their secret. If calls , it learns the secret of and the number of . All different ways to make further calls now result in all three agents knowing all secrets. If the first call is between and (and there are no other first calls than , , and ), they learn each other’s secret but no new number. The only possible next call now is , after which and know all secrets but not . But although now knows ’s number, she is not permitted to call , as she already learned ’s secret by calling . We are stuck. So, some executions of on this graph are successful and others are unsuccessful. Suppose we now strengthen the protocol into such that and have to wait before making a call until they are called by another agent. This means that will first receive a call from . Then all executions of are successful on this graph. In fact, there is only one remaining execution: . The protocol is a strengthening of the protocol .

The main contributions of this paper are as follows. We define what it means that a gossip protocol is common knowledge between all agents. To that end we propose a logical semantics with an individual knowledge modality for protocol-dependent knowledge. We then define various strengthenings of gossip protocols, both in the logical syntax and in the semantics. This includes a strengthening called uniform backward induction, a form of backward induction applied to (imperfect information) gossip protocol execution trees. We give some general results for strengthenings, but mainly apply our strengthenings to the protocol : we investigate some basic gossip graphs (networks) on which we gradually strengthen until all its executions are successful on that graph. However, no such strengthening will work for all gossip graphs. This is proved by a counterexample consisting of a six-agent gossip graph, that requires fairly detailed analysis. Some of our results involve the calculation and checking of large numbers of call sequences. For this we use an implementation in Haskell.

Our paper is structured as follows. In Section 2 we introduce the basic definitions to describe gossip graphs and a variant of epistemic logic to be interpreted on them. In particular, Subsection 2.3 introduces a new operator for protocol-dependent knowledge. In Section 3 we define semantic and — using the new operator — syntactic ways to strengthen gossip protocols. We investigate how successful those strengthenings are and study their behavior under iteration. Section 4 contains our main result, that strengthening to a strongly successful protocol is impossible. In Section 5 we wrap up and conclude. The Appendix describes the Haskell code used to support our results.

## 2 Epistemic Logic for Dynamic Gossip Protocols

### 2.1 Gossip Graphs and Calls

Gossip graphs are used to keep track of who knows which secrets and which telephone numbers.

###### Definition 1 (Gossip Graph).

Given a finite set of agents , a gossip graph is a triple where and are binary relations on such that where is the identity relation on . An initial gossip graph is a gossip graph where . We write for and for , and similarly for the relation . The set of all initial gossip graphs is denoted by .

The relations model the basic knowledge of the agents. Agent knows the number of iff and knows the secret of iff . If we have and not we also say that knows the pure number of .

###### Definition 2 (Possible Call; Call Execution).

A call

is an ordered pair of agents

. We usually write instead of . Given a gossip graph , a call is possible iff . Given a possible call , is the graph such that , , , and , for . For a sequence of calls we write or . The empty sequence is . A sequence of possible calls is a possible call sequence. We extend the notation to possible call sequences by and . Gossip graph is the result of executing in .

To visualize gossip graphs we draw with dashed and with solid arrows. When making calls, the property is preserved, so we omit the dashed arrow if there already is a solid arrow.

###### Example 3.

Consider the following initial gossip graph in which knows the number of , and and know each other’s number and no other numbers are known:

Suppose that calls . We obtain the gossip graph in which and know each other’s secret and now also knows the number of :

### 2.2 Logical Language and Protocols

We now introduce a logical language which we will interpret on gossip graphs. Propositional variables and stand for “agent knows the number of agent ” and “agent knows the secret of agent ”, and is the ‘always true’ proposition. Definitions 4 and 5 are by simultaneous induction, as the language construct refers to a protocol .

###### Definition 4 (Language).

We consider the language defined by

 φ::=⊤∣Nab∣Sab∣¬φ∣(φ∧φ)∣KPaφ∣[π]φπ::=?φ∣ab∣(π ; π)∣(π∪π)∣π∗

where . Members of of type are formulas and those of type are programs.

###### Definition 5 (Syntactic protocol).

A syntactic protocol is a program defined by

 P:=⎛⎝⋃a≠b∈A(?(Nab∧Pab);ab)⎞⎠∗;?⋀a≠b∈A¬(Nab∧Pab)

where for all , is a formula. This formula is called the protocol condition for call of protocol . The notation means that and are designated variables in that formula.

Other logical connectives and program constructs are defined by abbreviation. Moreover, stands for , and for . We use analogous abbreviations for the relation . We write for . We then say that agent is an expert. Similarly, we write for , and for : all agents are experts.

Construct reads as “after every execution of program , (is true).” For program modalities, we use the standard definition for diamonds: , and further: and for all , .

Our protocols are gossip protocols, but as we define no other, we omit the word ‘gossip’. The word ‘syntactic’ in syntactic protocol is to distinguish it from the semantic protocol that will be defined later. It is also often omitted.

Our new operator reads as “given the protocol , agent knows that ”. Informally, this means that agent knows that on the assumption that it is common knowledge among the agents that they all use the gossip protocol . The epistemic dual is defined as and can be read as “given the protocol , agent considers it possible that .”

We note that the language is well-defined, in particular . The only variable parts of a protocol are the protocol conditions . Hence, given agents, and the requirement that , a protocol is determined by its many protocol conditions. We can therefore see the construct as an operator with input objects of type formula (namely all these protocol condition formulas plus the formula in ), and as output a more complex object of type formula (namely ).111Alternatively one could define a protocol condition function and proceed as follows. In the language BNF replace by where and

is a vector representing

arguments, and in the definition of protocol replace by . That way, Definition 4 precedes Definition 5 and is no longer simultaneously defined. Then, when later defining the semantics of , replace all by .

Note that this means that all knowledge operators in a call condition of a protocol must be relative to protocols strictly simpler than . In particular, the call condition cannot contain the operator , although it may contain where is less complex than . So the language is incapable of describing the “protocol” given by “ is allowed to call if and only if knows, assuming that is common knowledge, that does not know ’s secret.” This is intentional; the “protocol” is viciously circular so we do not want our language to be able to represent it.

###### Example 6.

The “Learn New Secrets” protocol () is the protocol with protocol conditions for all . This prescribes that you are allowed to call any agent whose secret you do not yet know (and whose number you already know). The “Any Call” protocol () is the protocol with protocol conditions for all . You are allowed to call any agent whose number you know.

The standard epistemic modality is defined by abbreviation as .

### 2.3 Semantics of Protocol-Dependent Knowledge

We now define how to interpret the language on gossip graphs. A gossip state is a pair such that is an initial gossip graph and a call sequence possible on (see Def. 2). We recall that and induce the gossip graph . This is called the gossip graph associated with gossip state . The semantics of is with respect to a given initial gossip graph , and defined on the set of gossip states for all possible on . Definitions 7 and 8 are simultaneously defined.

###### Definition 7 (Epistemic Relation).

Let an initial gossip graph and a protocol be given. We inductively define the epistemic relation for agent over gossip states , where are the associated gossip graphs.

1. ;

2. if , , , and is -permitted at and at , then ;
if , , , and is -permitted at and at , then ;

3. if and such that is -permitted at and is -permitted at , then .

###### Definition 8 (Semantics).

Let initial gossip graph be given. We inductively define the interpretation of a formula on a gossip state , where is the associated gossip graph.

 G,σ⊨⊤alwaysG,σ⊨NabiffNσabG,σ⊨SabiffSσabG,σ⊨¬φiffG,σ⊭φG,σ⊨φ∧ψiffG,σ⊨φ and G,σ⊨ψG,σ⊨KPaφiffG,σ′⊨φ for all (G,σ′)∼Pa(G,σ)G,σ⊨[π]φiffG,σ′⊨φ % for all (G,σ′)∈⟦π⟧(G,σ)

where is the following interpretation of programs as relations between gossip states. Note that we write for the set .

 ⟦?φ⟧(G,σ):={(G,σ)∣G,σ⊨φ}⟦ab⟧(G,σ):={(G,(σ;ab))∣G,σ⊨Nab}⟦π;π′⟧(G,σ):=⋃{⟦π′⟧(G,σ′)∣(G,σ′)∈⟦π⟧(G,σ)}⟦π∪π′⟧(G,σ):=⟦π⟧(G,σ)∪⟦π′⟧(G,σ)⟦π∗⟧(G,σ):=⋃{⟦πn⟧(G,σ)∣n∈N}

If we say that is -permitted at . A -permitted call sequence consists of -permitted calls.

Let us first explain why the interpretation of protocol-dependent knowledge is well-defined. The interpretation of in state is a function of the truth of in all accessible via . This is standard. Non-standard is that the relation is a function of the truth of protocol conditions in gossip states including ). This may seem a slippery slope. However, note that cannot be a subformula of any such , as the language is well-defined: knowledge cannot be self-referential. These checks of can therefore be performed without vicious circularity.

Let us now explain an important property of , namely that it only relates two gossip states if both are reachable by the protocol . So if and is a -permitted call sequence, then is -permitted as well. In other words, assumes that no one will make any calls that are not -permitted. The set of relations therefore represents the information state of the agents under the assumption that it is common knowledge that the protocol will be followed.

Given the logical semantics, a convenient primitive is the following gossip model.

###### Definition 9 (Gossip Model; Execution Tree).

Given an initial gossip graph , the gossip model for consists of all gossip states (where, by definition of gossip states, is possible on ), with epistemic relations between gossip states. The execution tree of a protocol given is the submodel of the gossip model restricted to the set of those where is -permitted.

The relation is an equivalence relation on the restriction of a gossip model to the set of gossip states where is -permitted. This is why we use the symbol for the relation. However, is typically not an equivalence relation on the entire domain of the gossip model, as is not reflexive on unreachable gossip states .

In our semantics, the modality can always be evaluated. There are three cases to distinguish. If the call is not possible (if does not know the number of ), then , so that is trivially true for all . If the call is possible but not -permitted, then but , so that in such states is true: the agent believes everything including contradictions. In other words, we have that . If the call is possible and -permitted, then and consists of the equivalence class of gossip states that are indistinguishable for agent after call .

In view of the above, one might want to have a modality or program strictly standing for ‘call is possible and -permitted’. We can enforce protocol for call by , for “after the -permitted call , is true.”

Let us now be exact in what sense the gossip model is a Kripke model. Clear enough, the set of gossip states constitute a domain, and we can identify the valuation of atomic propositions (resp.  with the subset of the domain such that (resp. ). The relation to the usual accessibility relations of a Kripke model is less clear. For each agent , we do not have a unique relation , but parametrized relations ; therefore, in a way, there are as many relations for agent as there are protocols . These relations are only implicitly given. Given , they can be made explicit if a semantic check of so requires.

Gossip models are reminiscent of the history-based models of [34] and of the protocol-generated forest of [9]. A gossip model is a protocol-generated forest (and similarly, the execution trees contained in the gossip model are protocol-generated forests), although a rather small forest, namely consisting of a single tree. An important consequence of this is that the agents initially have common knowledge of the gossip graph. For example, in the initial gossip graph of the introduction, depicted in Figure 1, agent knows that agent only knows the number of . Other works consider uncertainty about the initial gossip graph (for example, to represent that agent is uncertain whether knows ’s number), such that each gossip graph initially considered possible generates its own tree [15].

The gossip states that are the domain elements of the gossip model carry along a history of prior calls. This can, in principle, be used in a protocol language to be interpreted on such models, although we do not do this in this work. An example of such a protocol is the “Call Once” protocol described in [16]: call is permitted in gossip state , if and do not occur in .

With respect to the protocol the gossip model is not restricted. If we only were to consider the protocol , to each agent we can associate a unique epistemic relation in the gossip model, for which we might as well write . We now have a standard Kripke model. This justifies as a suitable abbreviation of .

###### Definition 10 (Extension of a protocol).

For any initial gossip graph and any syntactic protocol we define the extension of on by

 P0(G):={ϵ}Pi+1(G):={σ;ab∣σ∈Pi(G), a,b∈A, G,σ⊨Pab}P(G):=⋃i<ωPk(G)

The extension of is .

Recall that is the set of all initial gossip graphs. We often identify a protocol with its extension. To compare protocols we will write iff for all we have .

###### Definition 11 (Success).

Given an initial gossip graph and protocol , a -permitted call sequence is terminal iff for all calls , . We then also say that the gossip state is terminal. A terminal call sequence is successful iff after its execution all agents are experts. Otherwise it is unsuccessful.

• A protocol is strongly successful on iff all terminal -permitted call sequences are successful: .

• A protocol is weakly successful on iff some terminal -permitted call sequences are successful: .

• A protocol is unsuccessful on iff no terminal -permitted call sequences are successful: .

A protocol is strongly successful iff it is strongly successful on all initial gossip graphs , and similarly for weakly successful and unsuccessful.

Instead of ‘is successful’ we also say ‘succeeds’, and instead of ‘terminal sequence’ we also say that the sequence is terminating. Given a gossip graph and a -permitted sequence we say that the associated gossip graph is -reachable (from ). A terminal -permitted sequence is also called an execution of . Given any set of call sequences, is the subset of the terminal sequences of .

All our protocols can always be executed. If this is without making any calls, the protocol extension is empty. Being empty does not mean that holds, which is never the case.

Strong success implies weak success, but not vice versa. Formally, we have that is valid for all protocols , but is not valid in general, because our protocols are typically non-deterministic.

We can distinguish unsuccessful termination (not all agents know all secrets) from successful termination. In other works [16, 2] this distinction cannot be made. In those works termination implies success.

###### Example 12.

We continue with Example 3. The execution tree of on this graph is shown in Figure 1. We denote calls with gray arrows and the epistemic relation with dotted lines. For example, agent cannot distinguish whether call or happened. At the end of each branch the termination of is denoted with if successful, and if unsuccessful.

To illustrate our semantics, for this graph we have:

• — the call is -permitted at the start.

• — after the call the agents and know each other’s secret

• — after the call the call is possible.

• — after the call the protocol will always terminate successfully.

• — after the calls or the protocol will always terminate unsuccessfully.

• — after the calls or , agent knows that and know each others secret.

• — after the call sequence everyone knows that everyone is an expert.

We only have epistemic edges for agent , and those are between states with identical gossip graphs. If there are three agents, then if you are not involved in a call, you know that the other two agents must have called. You may only be uncertain about the direction of that call. But the direction of the call does not matter for the numbers and secrets being exchanged. Hence all agents always know what the current gossip graph is. For a more interesting epistemic relation, see Figure 2 in the Appendix.

### 2.4 Symmetric and epistemic protocols, and semantic protocols

Given a protocol , for any and , the protocol conditions and can be different formulas. So a protocol may require different agents to obey different rules. Although there are settings wherein this is interesting to investigate, we want to restrict our investigation to those protocols where there is one protocol condition to rule them all. This is enforced by the requirement of symmetry. Another requirement is that the calling agent should know that the protocol condition is satisfied before making a call. That is the requirement that the protocol be epistemic. It is indispensable in order to see our protocols as distributed gossip protocols.

###### Definition 13 (Symmetric and epistemic syntactic protocol).

Let a syntactic protocol be given. Protocol is symmetric iff for every permutation of agents, we have , where is the natural extension of to formulas.222Formally: , , , , , , , , , , . Protocol is epistemic iff for every , the protocol condition is valid. We henceforth require all our protocols to be symmetric and epistemic.

Intuitively, a protocol is epistemic if callers always know when to make a call, without being given instructions by a central scheduler. This means that whenever is true, so agent is allowed to call agent , it must be the case that knows that is true. In other words, in an epistemic protocol implies . Furthermore, by Definition 8 knowledge is truthful on the execution tree for protocol in gossip model. So except in the gossip states that cannot be reached using the protocol , we also have that implies .

If a protocol is symmetric the names of the agents are irrelevant and therefore interchangeable. So a symmetric protocol is not allowed to “hard-code” agents to perform certain roles. This means that, for example, we cannot tell agent to call , as opposed to , just because comes before in the alphabet. But we can tell to call , as opposed to , on the basis that, say, knows that knows five secrets while only knows two secrets. If a protocol is symmetric, we can think of the protocol condition as the unique protocol condition for , modulo permutation.

Epistemic and symmetric protocols capture the distributed peer-to-peer nature of the gossip problem.

###### Example 14.

The protocols and are symmetric and epistemic. For this is trivial. For , observe that agents always know which numbers and secrets they know. A direct consequence of clause (2.) of Definition 7 of the epistemic relation is that for any protocol , if , then and . Thus, applying the clause for knowledge of Definition 8, we immediately get that the following formulas are all valid: , , , and . Therefore, in particular this holds for .

Although the numbers and secrets known by an agent before and after a call may vary, the agent always knows whether she knows a given number or secret. Knowledge about other agents having a certain number or a secret is preserved after calls. But, of course, knowledge about other agents not having a certain number or secret is not preserved after calls.

Not all protocols we discuss in this work are definable in the logical language. We therefore need the additional notion of a semantic protocol, defined by its extension.

###### Definition 15 (Semantic protocol).

A semantic protocol is a function mapping initial gossip graphs to sets of call sequences. We assume semantic protocols to be closed under subsequences, i.e. for all we want that implies . For a semantic protocol we say that a call is -permitted at ) iff .

Given any syntactic protocol we can view its extension as a semantic protocol. Using this definition of permitted calls for semantic protocols we can apply Definition 7 to get the epistemic relation with respect to a semantic protocol . Because the relation depends only on which calls are allowed, the epistemic relation with respect to a (syntactic) protocol is identical to the epistemic relation with respect to the extension of .

We also require that semantic protocols are symmetric and epistemic, adapting the definitions of these two properties as follows.

###### Definition 16 (Symmetric and epistemic semantic protocol).

A semantic protocol is symmetric iff for all initial gossip graphs and for all permutations of agents we have (where ). A semantic protocol is epistemic iff for all initial gossip graphs and for all we have: iff for all we have .

It is easy to verify that the syntactic definition of an epistemic protocol agrees with the semantic definition.

###### Proposition 17.

A syntactic protocol is epistemic if and only if its extension is epistemic.

###### Proof.

Let be the extension of and note that, as remarked above, the epistemic relations induced by and are identical. Now we have the following chain of equivalences:

 P is not epistemic ∃a,b,G,σ,τ:G,σ⊨Pab, G,τ⊭Pab and (G,σ)∼Pa(G,τ) ∃a,b,G,σ,τ:(σ;ab)∈Q(G), (τ;ab)∉Q(G) and (G,σ)∼Pa(G,τ) ∃a,b,G,σ,τ:(σ;ab)∈Q(G), (τ;ab)∉Q(G) and (G,σ)∼Qa(G,τ) Q is not epistemic

Note that Proposition 17 does not imply that every epistemic semantic protocol is the extension of a syntactic epistemic protocol, since some semantic protocols are not the extension of any syntactic protocol.

For symmetry, the situation is slightly more complex than for being epistemic.

###### Proposition 18.

If a syntactic protocol is symmetric, then its extension is symmetric.

###### Proof.

Let be the extension of . Fix any permutation and any initial gossip graph . To show is that (where is extended to gossip graphs in the natural way). We show by induction that for every call sequence , we have .

As base case, note that and . Now, as induction hypothesis, assume that for every call sequence that is shorter than , we have . Let be the final call in , so . Then we have the following sequence of equivalences:

 (τ;ab)∈Q(J(G)) ⇔J(G),τ⊨Pab ⇔G,J−1(τ)⊨J−1(Pab) ⇔G,J−1(τ)⊨PJ−1(ab) ⇔(J−1(τ);J−1(ab))∈Q(G) ⇔(τ;ab)∈J(Q(G)),

where the equivalence on the third line is due to being symmetric. This completes the induction step and thereby the proof. ∎

The converse of Proposition 18 does not hold: if is not symmetric, it is still possible for its extension to be symmetric. The reason for this discrepancy is that symmetry for syntactic protocols has the very strong condition that . So if is symmetric and is given by (i) and (ii) for , then is not symmetric even though and have the same extension. We do, however, have the following slightly weaker statement. Recall that a gossip state is -reachable iff the call sequence is -permitted at .

###### Proposition 19.

Let be a syntactic protocol such that, for some -reachable gossip state , some permutation and some we have . Then the extension of is not symmetric.

###### Proof.

Let be the extension of , and suppose towards a contradiction that is symmetric. Then we have the following sequence of equivalences:

 G,σ⊨PJ(ab) ⇔(σ;J(ab))∈Q(G) ⇔(J−1(σ);ab)∈J−1(Q(G)) ⇔(J−1(σ);ab)∈Q(J−1(G)) ⇔J−1(G),J−1(σ)⊨Pab ⇔G,σ⊨J(Pab),

where the equivalence on the third line is due to being symmetric. This contradicts , from which it follows that is not symmetric. ∎

So while may be non-symmetric and still have a symmetric extension, this can only happen if is equivalent to in all reachable gossip states. We conclude that our syntactic and semantic definitions of symmetry agree up to logical equivalence.

## 3 Strengthening of Protocols

### 3.1 How can we strengthen a protocol?

In our semantics it is common knowledge among the agents that they follow a certain protocol, for example . Can they use this information to prevent making “bad” calls that lead to an unsuccessful sequence?

If we look at the execution graph given in Figure 1, then it seems easy to fix the protocol. Agents and should wait and not make the first call. Agent should not make a call before he has received a call from . We cannot say this in our logic as we have no converse modalities to reason over past calls. In this case however, there is a different way to ensure the same result. We can ensure that and wait before calling by a strengthening of that only allows a first call from to if does not know the number of . To determine that a call is not the first call, we need another property: after at least one call happened, there is an agent who knows another agent’s secret.

We can define this new protocol by protocol condition . Observe that this new protocol is again symmetric and epistemic: agents always know whether . Because of synchronicity, not only the callers but also all other agents know that there are agents and such that knows the secret of . This is an ad-hoc solution specific to this initial gossip graph. Could we also give a general definition to improve which works on more or even all initial graphs? The answer to that is: more, yes, but all, no.

We will now discuss different ways to improve protocols by making them more restrictive. Our goal is to rule out unsuccessful sequences while keeping at least some successful ones. Doing this can be difficult because we still require the strengthened protocols to be epistemic and symmetric. Hence we are not allowed to arbitrarily rule out specific calls using the names of agents, for example. Whenever a call is removed from the protocol, we also have to remove all calls to other agents that the caller cannot distinguish: it has to be done uniformly. But before we discuss specific ideas for strengthening, let us define it.

###### Definition 20 (Strengthening).

A protocol is a syntactic strengthening of a protocol iff is valid for all agents . A protocol is a semantic strengthening of a protocol iff .

A syntactic strengthening procedure is a function that for any syntactic protocol returns a syntactic strengthening of . Analogously, we define semantic strengthening procedure.

We stress that strengthening is a relation between two protocols and whereas strengthening procedures define a restricting transformation that given any tells us how to obtain . In the case of a syntactic strengthening, and are implicitly required to be syntactic protocols. Vice versa however, syntactic protocols can be semantic strengthenings. In fact, we have the following.

###### Proposition 21.

Every syntactic strengthening is a semantic strengthening.

###### Proof.

Let be a syntactic strengthening of a protocol . Let a gossip graph be given. We show by induction on the length of that implies . The base case where is trivial.

For the induction step, consider any . As , we also have and . From and the inductive hypothesis, it follows that . From and the validity of follows . Finally, by Definition 10, and imply . ∎

###### Lemma 22.

Suppose is a strengthening of . Then and are both valid, for any agent .

###### Proof.

This follows immediately from the semantics of protocol-dependent knowledge given in Definition 8. ∎

### 3.2 Syntactic Strengthening: Look-Ahead and One-Step

We will now present concrete examples of syntactic strengthening procedures.

###### Definition 23 (Look-Ahead and One-Step Strengthenings).

We define four syntactic strengthening procedures as follows. Let be a protocol.

 hard look-ahead strengthening:P■ab:=Pab∧KPa[ab]⟨P⟩Exsoft look-ahead strengthening:P⧫ab:=Pab∧^KPa[ab]⟨P⟩Exhard one-step strengthening:P□ab:=Pab∧KPa[ab](Ex∨⋁i,j(Nij∧Pij))soft one-step strengthening:P◊ab:=Pab∧^KPa[ab](Ex∨⋁i,j(Nij∧Pij))

The hard look-ahead strengthening allows agents to make a call iff the call is allowed by the original protocol and moreover they know that making this call yields a situation where the original protocol can still succeed.

For example, consider . Informally, its condition is that is permitted to call iff does not have the secret of and knows that after making the call to , it is still possible to follow in such a way that all agents become experts.

The soft look-ahead strengthening allows more calls than the hard look-ahead strengthening because it only demands that considers it possible that the protocol can succeed after the call. This can be interpreted as a good faith or lucky draw assumption that the previous calls between other agents have been made “in a good way”. Soft look-ahead strengthening allows agents to take a risk.

The soft and the hard look-ahead strengthening include a diamond labeled with the protocol P, where that protocol P by definition contains arbitrary iteration: the Kleene star . To evaluate this, we need to compute the execution tree of for the initial gossip graph . In practice this can make it hard to check the protocol condition of the new protocol.

The one-step strengthenings, in contrast, only use the protocol condition in their formalization and not the entire protocol . This means that they provide an easier to compute, but less reliable alternative to full look-ahead, namely by looking only one step ahead. We only demand that agent knows (or, in the soft version, considers it possible) that after the call, everyone is an expert or the protocol can still go on for at least one more step — though it might be that all continuation sequences will eventually be unsuccessful and thus this next call would already have been excluded by both look-ahead strengthenings.

An obvious question now is, can these or other strengthenings get us from weak to strong success? Do these strengthenings only remove unsuccessful sequences, or will they also remove successful branches, and maybe even return an empty and unsuccessful protocol? In our next example everything still works fine.

###### Example 24.

Consider Example 12 again. It is easy to see that the soft and the hard look-ahead strengthening rule out the two unsuccessful branches in this execution tree and keep the successful ones. Protocol only preserves alternatives that are all successful and only eliminates alternatives if they are all unsuccessful. In the execution tree in Figure 1, the effect is the same for and , because at any state the agents always know which calls lead to successful branches. This is typical for gossip scenarios with three agents: if a call happened, the agent not involved in the call might be unsure about the direction of the call, but it knows who the callers are.

The one-step strengthenings are not enough to rule out the unsuccessful sequences. This is because the unsuccessful sequences are of length but the one-step strengthenings can only remove the last call in a sequence. In this case, the protocols and