Deriving the correctness of quantum protocols in the probabilistic logic for quantum programs
 878 Downloads
 1 Citations
Abstract
This paper presents a sound axiomatization for a probabilistic modal dynamic logic of quantum programs. The logic can express whether a state is separable or entangled, information that is local to a subsystem of the whole quantum system, and the probability of positive answers to quantum tests of certain properties. The power of this axiomatization is demonstrated with proofs of properties concerning bases of a finitedimensional Hilbert space, composite systems, entangled and separable states, and with proofs of the correctness of two probabilistic quantum protocols (the quantum leader election protocol and the BB84 quantum key distribution protocol).
Keywords
Probability Quantum logic Axiomatization Quantum computation Quantum protocols1 Introduction
There is a large literature on logics for classical computation. These include Hoare logic (1969), propositional dynamic logic (Fischer and Ladner 1979), other dynamic logics (Harel et al. 2000), and temporal logics (Hodkinson and Reynolds 2007), and they aid in proving correctness of protocols and programs. With the increased prospects of quantum devices and computers, there is a growing interest in quantum analogs for these logics.
Quantum logic, which was originally used to clarify properties of quantum physics (Birkhoff and Neumann 1936), has developed into a broader field, with many logics addressing algebraic structures of quantum systems (Dalla Chiara and Giuntini 2002; Dalla Chiara et al. 2004). A significant recent development is the strengthening of quantum logic to be able to address quantum computation as well (Dunn et al. 2013). This coincides with development to formalize the semantics of quantum programs (D’Hondt and Panangaden 2006b) and the development of model checkers and verification tools for quantum systems (Gay et al. 2008; Feng et al. 2013; Ying et al. 2013).
Recent work toward the development of quantum logics for computation yielded probabilistic dynamic quantum logics that are decidable, such as Baltag et al. (2013, 2014), and the correctness of many quantum protocols can be expressed in these languages. However, an axiomatization of these probabilistic systems is lacking. In the nonprobabilistic setting, a sound axiomatization relevant to our work was developed in Baltag and Smets (2006) for the Logic of Quantum Programs, a quantum analog of the propositional dynamic logic, which was used to prove the correctness of the quantum teleportation protocol and the quantum secret sharing protocol. But the logic of quantum programs could not express quantities, and could only account for the correctness of qualitative properties of algorithms and protocols considered, and that work considered a probabilistic extension to be a greater goal of the program.
This paper lays a foundation for an axiomatization for a probabilistic variant of the Logic of Quantum Programs. The language involves dynamic modalities for quantum programs as well as probabilistic modalities, and is similar to the decidable logic in Baltag et al. (2014), and hence we give it the same name: the Probabilistic Logic of Quantum Programs. Among the differences between our language here and the one in Baltag et al. (2014) is that our language here simplifies the formulas for locality to describing full separability with respect to a given set of components. This simplification of the language allows us to highlight basic properties in the proof system that are essential to properties of bases of a finitedimensional Hilbert space. We develop a sound proof system for this logic, and we use it to prove properties of the quantum leader election protocol of D’Hondt and Panangaden (2006a) and the BB84 quantum key distribution protocol (Bennett and Brassard 1984, 2014).
The quantum leader election protocol is a method for selecting exactly one of n many members, giving each member equal chance of being selected. This is analogous to establishing a fair nsided die, and such selections are important for distributive systems. We prove in our language the existence and correctness of the Wstate as a shared state whose measurement would select a leader with the correct probability. The BB84 quantum key distribution protocol is a secure distribution key protocol. We prove in our language the correctness of this protocol in the event that there is no eavesdropping of communication. These two protocols are just examples of what our system can prove, and we are sure there are many others. But our logic also lays a foundation for further development in axiomatizing logics for quantum systems, particularly those that involve probability.
There have been other developments in forming axiomatizations of quantum logics. Goldblatt (1974), developed a complete axiomatization of orthologic and orthomodular quantum logic. There has also been development of Gentzen style proof systems for orthologic (Nishimura 2009). Selinger (2007), uses a graphical language to axiomatize properties for dagger compact closed categories, and shows in Selinger (2011, 2012) that this axiomatic system is also complete with respect to finitedimensional Hilbert spaces. Abramsky and Bob (2009), use a diagrammatic axiomatization to prove the correctness of quantum teleportation, logic gate teleportation, and entanglement swapping protocols. An axiomatization of a quantum logic that involve probabilities is given in Mateus and Sernadas (2006). Our logic differs from these in that it builds on the work of Baltag and Smets (2006) and Baltag et al. (2014), and can be viewed as a probabilistic quantum analog of propositional dynamic logic.
Our paper is organized as follows. In Sect. 2, we introduce probabilistic quantum structures, the basic structures for our semantics, which are mild abstractions of Hilbert spaces. In Sect. 3, we introduce the syntax and semantics for our probabilistic logic of quantum programs. We then present in Sect. 4 the deductive system and prove some properties in the language from it, including properties concerning orthonormal bases. In Sect. 5, we prove the correctness of the quantum leader election protocol and the BB84 protocol.
2 Probabilistic quantum structure
Let \({\mathcal {H}}\) be a finitedimensional Hilbert space with an orthonormal basis \(\mathbf{B}=(\mathbf{b}_0,\cdots ,\mathbf{b}_{n1})\). Let \(V_{\mathbf{B}}\) denote the set of all functions \(f:\mathbf{B}\rightarrow {\mathbb {C}}\). It is well known that there is a bijective correspondence between the vectors in \({\mathcal {H}}\) and the elements of \(V_{\mathbf{B}}\) given by mapping every \(\mathbf{v}\) in \({\mathcal {H}}\) to the function \(\mathbf{b}_i\mapsto \langle \mathbf{v},\mathbf{b}_i\rangle \). A state of \({\mathcal {H}}\) is a onedimensional subspace s of \({\mathcal {H}}\). We represent the states of \({\mathcal {H}}\) by a subset of \(V_{\mathbf{B}}\), each representing a canonical representative of the onedimensional subspace. This subset is the set of complex probability mass function defined as follows.
Definition 2.1
 1.there exists an \( i \in n \) such that
 (a)
\( f(b_j) = 0 \) for all \( j < i \), and
 (b)
\( f(b_i) \in (0,1] \),
 (a)
 2.
\( f(b_i)^2 \in [0,1] \), and
 3.
\( \sum _{i \in N} f(b_i)^2 = 1 \).
Note that if f is a complex probability mass function, the function \(f^2:B\rightarrow [0,1]\) is a (real) probability mass function. In this sense, a complex probability mass function can be seen as an appropriate “square root” of a probability mass function.
Every function \(f\in V_B\) can be converted into a function \(S_B\) as follows.
Definition 2.2
It is easy to see that the strong normalization transforms any nonzero function \(f:\mathbf{B}\rightarrow {\mathbb {C}}\) into a complex probability mass function. The set of complex probability mass functions is identified with the set of states of a Hilbert spaces by the following proposition.
Proposition 2.3
 1.
Given a complex probability mass function \(f:\mathbf{B}\rightarrow {\mathbb {C}}\), there exists a unique unit vector \(\mathbf{v}\) in \({\mathcal {H}}\), such that for each j, \(f(\mathbf{b_j}) = \langle \mathbf{v},\mathbf{b_j}\rangle \).
 2.
Given any state s of \({\mathcal {H}}\), there is a unique unit vector \(\mathbf{v}\) in s, such that the function \(f_{\mathbf{v}} = \langle \mathbf{v},\cdot \rangle :\mathbf{B}\rightarrow {\mathbb {C}}\) is a complex probability mass function over the ordered orthonormal basis \(\mathbf{B}\).
Proof
 1.Given \(f\in S_{\mathbf{B}}\), we define the vector \(\mathbf{v}\) to beSince the basis \(\mathbf{B}\) is orthonormal, it is easy to see that \(f(\mathbf{b_j}) = \langle \mathbf{v},\mathbf{b_j}\rangle \). By condition 3 of the definition of a complex probability mass function, \(\mathbf{v}\) is a unit vector.$$\begin{aligned} \mathbf{v}=\sum _{j\in n} f(\mathbf{b}_\mathbf{j})\mathbf{b}_\mathbf{j}. \end{aligned}$$
 2.
Let s be a onedimensional subspace of \({\mathcal {H}}\), and let \(\mathbf{w}\) be any nonzero vector in s. We identify \(\mathbf{w}\) with a nonzero function in \(f_{\mathbf{w}}\in V_{\mathbf{B}}\). Let \(\mathbf{v}\) be a vector corresponding to \({\mathsf {sn}}(f_{\mathbf{w}})\). As \(\mathbf{v}\) only differs from \(\mathbf{w}\) by a constant multiple, \(\mathbf{v}\in s\). Furthermore, as \({\mathsf {sn}}(f_{\mathbf{w}})\) is a complex probability mass function, \(\mathbf{v}\) is a unit vector. To see that \(\mathbf{v}\) is unique, we observe that for any complex number \(c\ne 1\) and any complex probability mass function f, the function \(c\cdot f: \mathbf{b}\mapsto c\cdot f(\mathbf{b})\) is not a complex probability mass function. \(\square \)
Because every state can be represented by a complex probability mass function, we will use the term state to mean either a onedimensional subspace or a complex probability mass function. We will also use the same notation for both concepts. Also, throughout this paper, we will identify each natural number \(n\in \mathbb {N}:=\{0,1,2,\cdots \}\) with the set \(\{0,1,\cdots ,n1\}\) of elements preceding it. If we write \( i < N \) without a lower bound, we intend for i to range from \( i = 0 \) to \( i = N 1 \).
2.1 Maps between bases and states
We require the basis to be ordered so that we can have a canonical representation of each state via a vector representative of its onedimensional subspace (for the same reason, vectors are written as ordered tuples, also assuming an order to its basis). Were we to reorder the basis elements, we could then map each vector representative in the original ordering to its unique corresponding representative in the new order (this mapping is, in this context, an identity map on states). This concept is generalized to changeofbasis maps as follows.
Definition 2.4
The tensor product of two ordered bases is the Cartesian product of the elements ordered by the dictionary order.
Definition 2.5
It is easy to see that in general \((s\otimes t)\otimes r \cong s\otimes (t\otimes r)\). As the tensor product is associative given our strictest notion of isomorphism, we will ignore internal parentheses when taking tensor products of more than two bases.
2.2 Agents and separability
Definition 2.6
(Multiagent PQM and components) Let \( N= \{0,\cdots ,N1\}\) be a finite set of agents. An Nprobabilistic quantum model (NPQM) is a tuple \(\mathfrak {M}=(B_0,\cdots ,B_{N1})\) of ordered bases. Let \(I\subseteq N\). Then \(\mathfrak {M}_I :=\{B_i \mid i\in I\}\) is said to be a component of \(\mathfrak {M}\).
If \(I = \{x_1,\cdots ,x_m\}\subseteq N\) for some \(m < N\) (where \((x_i)\) is strictly increasing), we write \(\bigotimes \mathfrak {M}_I = B_{x_1}\otimes B_{x_2}\otimes \cdots \otimes B_{x_m}\). We write \(S^{\mathfrak {M}}_I\) (or \(S_I\) if \(\mathfrak {M}\) is understood from context) for \(S_{\bigotimes \mathfrak {M}_I}\), and S (or \(S^{\mathfrak {M}}\)) for \(S_N\) (or \(S^{\mathfrak {M}}_N\)). In what follows, given a finite ordered set \(J = \{x_1,\cdots ,x_m\}\) for some \(m < N\) (with the sequence \((x_i)\) being strictly increasing), we use the notation \((b_i)_{i\in J}\) for the tuple \((b_{x_1},\cdots ,b_{x_m})\).
Definition 2.7
Note that although \(\otimes \) is not commutative, \(\otimes ^{\mathfrak {M}}\) is. Also note that \(\otimes ^\mathfrak {M}\) is associative; hence we generally omit parentheses.
Definition 2.8

s is \(\mathfrak {M}\)separable in J if there exist \(s_J\in S_J\) and \(s_{N{\setminus } J}\in S_{N\setminus J}\) such that \(s \cong s_J\otimes ^{\mathfrak {M}} s_{N\setminus J}\). If s is not \(\mathfrak {M}\)separable in J we say that s is \(\mathfrak {M}\)entangled in J.

s is \(\mathfrak {M}\)separable in \(\varPi \) if there exists \(s_i\in S_{X_i}\) such that \(s\cong s_1\otimes ^\mathfrak {M}\cdots \otimes ^\mathfrak {M}s_k\). If s is not \(\mathfrak {M}\)separable in \(\varPi \) we say that s is \(\mathfrak {M}\)entangled in \(\varPi \). If \(\mathfrak {M}\) is separable in \(\{\{i\}\mid i\in N\}\), we say \(\mathfrak {M}\) is fully separable.
Separability will play an important role in the semantics of the logic we define in the next section.
3 Probabilistic quantum logic
In this section, we define the syntax and semantics of our language, and provide some useful syntactic abbreviations.
3.1 Syntax
We have the standard logical connectives \( \lnot \phi , \phi \wedge \psi \) and \( [\alpha ]\phi \) with the meaning not \( \phi \), \( \phi \) and \( \psi \) and after any successful execution of program \( \alpha \), \( \phi \) holds respectively.
Here the programs \( \alpha \) are \( \phi ? \), a quantum test whether or not \( \phi \) holds; \(\alpha \cup \beta \), an arbitrary choice between two programs \( \alpha \) and \( \beta \); and \( \alpha ;\beta \), the sequential execution of two programs \( \alpha \) and \( \beta \).
We also have three nonstandard, but useful connectives. \( {\textsf {Atom}}(\phi ) \) intuitively means that \( \phi \) is only true at one and only one state. \( {\mathsf {Sep}}(\phi ) \) means intuitively that all states making \( \phi \) true are separable into each agent, that is, these states are of the form \( \bigotimes ^\mathfrak {M}_{i < N} s_{\{i\}} \) for some \( s_{\{i\}} \in S_{\{i\}} \) for each \( i < N \). \( \phi _I \) intuitively represents the information that the local system I has about \( \phi \) , that is, if any measurement that can be performed within the local system I cannot refute \( \phi \), then \( \phi _I \) true.
Lastly, we have \( t \ge \rho \), which intuitively means the probability of t is greater than or equal to \( \rho \). Here t is a linear combination of \( \Pr (\phi ) \), the probability that a test for \( \phi \) is successful.
We have chosen the language to express several examples in the simplest way. However, one could easily imagine ways to extend the expressibility of this language. For example, we could extend this language with unitary operators \(\alpha \,\,{::=}\,\, U \mid U^\dagger \); however, we do not use these operators in the examples we discuss.
3.2 Semantics
3.3 Abbreviations
With this language, we can express many notions in quantum mechanics. Some are so important and natural to use, we introduce abbreviations for them (Table 1). We have the standard abbreviations \( {\mathtt {tt}}, {\mathtt {ff}}\) and \( \vee \). Note that if \([ \lnot \phi ? ]{\mathtt {ff}}\) holds in a state s, then any test from s will result in a state with property \(\phi \), or equivalently, any nonorthogonal state has property \(\phi \). We abbreviate \([ \lnot \phi ? ]{\mathtt {ff}}\) using \(\Box \phi \), where \(\square \) can be viewed as the modal operator for the nonorthogonality relation R. We abbreviate \({\sim }\phi \) by \(\Box \lnot \phi \) for the following reason. The orthocomplement of \( \phi \), denoted by \( {\sim }\phi \), is true at any state s that is orthogonal to the set of states that make \(\phi \) true. Equivalently, every state that makes \(\phi \) true is orthogonal to s, and hence every state nonorthogonal to s makes \(\lnot \phi \) true. This means that \(\Box \lnot \phi \) is true at s. With the orthocomplement, we can also define the quantum join: \( \phi \sqcup \psi :={\sim }( {\sim }\phi \wedge {\sim }\psi ) \). The quantum join \( \phi \sqcup \psi \) can be thought of as the smallest testable property containing \( \phi \) and \( \psi \).
Our quantum models satisfy the superposition principle: every state can reach any other state in two nonorthogonal steps, that is \( R ; R = S \times S \). This gives us the power to express that a formula is valid in a model: \( \forall \phi :=\square \square \phi \) is true at a state iff \( \phi \) is true at every state in the model. With this global modality, we can express many relations between formulas that are globally true, such as inequality: \( (\phi \le \psi ) :=\forall (\phi \rightarrow \psi ) \), equality: \( (\phi \equiv \psi ) :=\forall (\phi \leftrightarrow \psi ) \), and orthogonal formulas: \( (\phi \perp \psi ) :=(\phi \le {\sim }\psi ) \).
As can be seen from the definition of the semantics, the logical operators for probability \( \Pr (\phi ) \) and for tests \( \phi ? \) are only meaningful if the formula \( \phi \) is testable. Noting that every testable property is closed under taking double orthocomplement, we can express testability by \( T(\phi ) :=(\phi \equiv {\sim }{\sim }\phi ) \).
Abbreviations for formulas
\( {\mathtt {ff}}\)  \( :=p \wedge \lnot p \) 
\( {\mathtt {tt}}\)  \( :=\lnot {\mathtt {ff}}\) 
\( {\langle \alpha \rangle }\phi \)  \( :=\lnot [\alpha ]\lnot \phi \) 
\( \square \phi \)  \( :=[ \lnot \phi ? ]{\mathtt {ff}}\) 
\( \Diamond \phi \)  \( :=\lnot \square \lnot \phi \) 
\( {\sim }\phi \)  \( :=\square \lnot \phi \) 
\( \phi \vee \psi \)  \( :=\lnot (\lnot \phi \wedge \lnot \psi ) \) 
\( \phi \sqcup \psi \)  \( :={\sim }({\sim }\phi \wedge {\sim }\psi ) \) 
\( \forall \phi \)  \( :=\square \square \phi \) 
\( \exists \phi \)  \( :=\Diamond \Diamond \phi \) 
\( (\phi \le \psi ) \)  \( :=\forall (\phi \rightarrow \psi ) \) 
\( (\phi \equiv \psi ) \)  \( :=\forall (\phi \leftrightarrow \psi ) \) 
\( \phi \perp \psi \)  \( :=\phi \le {\sim }\psi \) 
\( T(\phi ) \)  \( :={\sim }{\sim }\phi \equiv \phi \) 
\( I(\phi ) \)  \( :=(\phi \equiv \phi _I) \) 
Probabilistic abbreviations
\( \sum _{k=1}^n a_k\Pr (\phi _k) \)  \( :=a_1\Pr (\phi _1) + \cdots + a_n\Pr (\phi _n) \) 
\( \rho \sum _{k=1}^n a_k\Pr (\phi _k) \)  \( :=\sum _{k=1}^n \rho a_k\Pr (\phi _k) \) 
\( t < \rho \)  \( :=\lnot (t \ge \rho ) \) 
\( t_1 \ge t_2\)  \(:=t_2t_1\ge 0\) 
\( t \le \rho \)  \( :=t \ge \rho \) 
\( t = \rho \)  \( :=t \ge \rho \wedge t \le \rho \) 
\( t_1 \ge t_2 \)  \( :=t_1t_2 \ge 0 \) 
\(t_1 = t_2\)  \(:=t_1t_2=0\) 
\( {\langle \phi ? \rangle }_{= \rho } \psi \)  \( :=\Pr (\phi ) = \rho \wedge {\langle \phi ? \rangle }\psi \) 
\( {\langle \phi ? \rangle }_{> \rho } \psi \)  \( :=\Pr (\phi ) > \rho \wedge {\langle \phi ? \rangle }\psi \) 
4 Deductive system
Rules
MP  \(\frac{\phi \quad \phi \rightarrow \psi }{\psi } \) (modus ponens) 
Nec  \(\frac{\phi }{{[}\alpha ]\phi }\) (necessitation) 
US  \(\frac{\phi }{\phi ^\sigma }\) for some \( \sigma : {\text {Prop}}\rightarrow \mathcal {L}_N \) (substitution) 
Axioms for quantum systems
Axioms for programs  
PL  All propositional tautologies 
\(\hbox {K}[\alpha ]\)  \( [\alpha ](p \rightarrow q) \rightarrow ([\alpha ]p \rightarrow [\alpha ]q) \) 
PDL1  \( [\alpha ;\beta ]p \leftrightarrow [\alpha ][\beta ]p \) 
PDL2  \( [\alpha \cup \beta ]p \leftrightarrow [\alpha ]p \wedge [\beta ]p \) 
Axioms for linear inequalities  
I1  \(t \ge \beta \leftrightarrow t + 0P_a(\phi )\ge \beta \) 
I2  \(\sum _{k=1}^n \alpha _k P_a(\phi _k)\ge \beta \rightarrow \sum _{k=1}^n \alpha _{j_k} P_a(\phi _{j_k})\ge q\beta \) for any permutation \( j_1,\cdots , j_n \text { of }1, \dots , n\) 
I3  \(\sum _{k=1}^n \alpha _k P_a(\phi _k)\ge \beta \wedge \sum _{k=1}^n \alpha _k'P_a(\phi _k) \ge \beta ' \rightarrow \sum _{k=1}^n(\alpha _k+\alpha '_k)P_a(\phi _k) \ge (\beta +\beta ')\) 
I4  \(t\ge \beta \leftrightarrow dt \ge d\beta \) if \(d>0\) 
I5  \(t\ge \beta \vee t\le \beta \) 
I6  \(t\ge \beta \rightarrow t\ge \gamma \) if \(\beta >\gamma \) 
Basic axioms for quantum systems  
Q1  \( (p \equiv q) \rightarrow ([ p? ]r \leftrightarrow [ q? ]r) \) 
Q2  \( [p?]q \leftrightarrow [{\sim }{\sim }p?]q\) 
Q3  \( \square \square p \leftrightarrow \square \square \square p \) 
Q4  \( {\langle p? \rangle }q \rightarrow {\langle q? \rangle }{\mathtt {tt}}\) 
Q5  \( {\langle p? \rangle }q \rightarrow [p?]q \) 
Q6  \( [p?]{\sim }{\sim }p \) 
Q7  \( p \rightarrow (q \rightarrow {\langle p? \rangle }q) \) 
Q8  \( p \rightarrow [q?]\square {\langle q? \rangle }\lozenge p \) 
Q9  \( T(p) \wedge T(q) \rightarrow ( {\langle p? \rangle } q \leftrightarrow (\Diamond p \wedge \square (p \rightarrow \Diamond ( p \wedge q ))) ) \) 
Probabilistic axioms for quantum systems  
P1  \( \Pr ({\mathtt {tt}}) = 1\) 
P2  \( \Pr (p)\ge 0\) 
P3  \( \Pr (p) = 0 \leftrightarrow {\sim }p \) 
P4  \( (p \equiv q) \rightarrow \Pr (p) = \Pr (q) \) 
P5  \( (p \perp q) \rightarrow \Pr (p \sqcup q) = \Pr (p) + \Pr (q) \) 
P6  \( \left( (p \perp q) \wedge \exists p \wedge \exists q \right) \rightarrow \exists ( {\langle p? \rangle }_{= \rho }p \wedge {\langle q? \rangle }_{= 1  \rho }q )\) 
P7  \( (p \le q) \wedge {\langle q? \rangle }_{=\rho }(\Pr (p) = \tau ) \rightarrow (\Pr (p) = \rho \tau ) \) 
Axioms for atoms and separability  
A1  \( \left( {\textsf {Atom}}(p) \wedge (q \not \equiv {\mathtt {ff}}) \wedge (q \le p) \right) \rightarrow (q \equiv p) \) 
A2  \( {\textsf {Atom}}(p) \rightarrow \left( \exists (p \wedge q) \leftrightarrow (p \le q) \right) \) 
A3  \( ({\textsf {Atom}}(p) \wedge (p \le \Diamond q) \wedge T(q)) \rightarrow {\textsf {Atom}}((p \sqcup {\sim }q) \wedge q)\) 
A4  \( {\mathsf {Sep}}(p) \rightarrow ({\textsf {Atom}}(p) \leftrightarrow (\exists p \wedge \bigwedge _{i < N} T(p_{\{i\}})))\) 
A5  \( {\mathsf {Sep}}(p) \wedge {\mathsf {Sep}}(q) \wedge {\textsf {Atom}}(p) \wedge {\textsf {Atom}}(q) \rightarrow ((p\equiv q) \leftrightarrow \bigwedge _{i<N}(p_{\{i\}} \equiv q_{\{i\}}))\) 
A6  \( {\mathsf {Sep}}(p) \wedge {\mathsf {Sep}}(q) \rightarrow ( \bigvee _{i < N} (p_{\{i\}} \perp q_{\{i\}}) \rightarrow (p \perp q)) \) 
A proof for \( \phi \) is a finite sequence of formulas, such that the last formula is \( \phi \) and every formula is either an axiom listed below or obtained by applying an inference rule to (a) formula(s) appearing earlier in the sequence.
The three rules in Table 3 are standard, but we can deduce some nonstandard rules concerning the abbreviations \( \forall \), \( \le \), \( \equiv \) and \( T(\cdot ) \), which will be given in Lemma 4.3.
The axioms for programs and for linear inequalities are standard, so we will only discuss the axioms in the last three categories.
Basic axioms for quantum systems The first axiom Q1 states that equivalent formulas have equivalent tests. The second axiom Q2 expresses our design that when we test for a formula \( \phi \) we actually test for the smallest closed linear subset containing \( {\llbracket \phi \rrbracket } \), that is \( {\sim }{\sim }\phi \).
For the axioms Q3 to Q9 one should remember that \( \square \) corresponds to the nonorthogonality relation and \( [ p? ] \) corresponds to the projection onto P , where \( P = {\sim }{\sim }{\llbracket p \rrbracket } \).
Axiom Q3 is related to the superposition principle, which is the principle that for every two states there is a third state that is nonorthogonal to both of them (or any two states can reach each other by two nonorthogonal steps).
Axiom Q4 states that if a successful test for p results in a state satisfying q , then the state is nonorthogonal to \( {\llbracket q \rrbracket } \), so we can successfully test for q . Axiom Q5 corresponds to the fact that each projection is a partial function.
A successful test for a testable property P always results in a state inside P. When inquiring about a property Q that is not testable, our framework tests for the smallest testable property containing Q. Axiom Q6 corresponds to these facts, where \({\sim }{\sim }p\) corresponds to the smallest testable property containing p.
If \( s \in P \), then the projection is reflexive on s , that is, \( (s,s) \in R_P \). So if a state makes p true, a successful test for p always ends up in the same state. This is captured by axiom Q7.
The projection t of a state s onto P should be the closest state to s that is inside P . This can be expressed by: \( (s,t) \in R_P \) iff for all \( u \in P \) we have uRs iff uRt . This statement is partially captured by axiom Q9: looking at the righttoleft part of the biconditional, if a state s is nonorthogonal to a state satisfying p, and if all states satisfying p that are nonorthogonal to s are also nonorthogonal to a state satisfying \(p\wedge q\), then the property \(p\wedge q\) is “close to s”, and a successful test for p at state s results in a state that satisfies q.
Probabilistic axioms for quantum systems Axiom P1 and P2 are standard probability axioms ensuring the probability values are in the interval [0, 1]. Axiom P3 establishes the correspondence between orthogonality and zero probability.
Equivalent formulas should have equal probabilities, which is captured by axiom P4. Normally we can add the probabilities of disjoint sets, but in quantum systems we need the sets to be orthogonal. This is stated by axiom P5.
Axiom P6 is the probabilistic version of the superposition statement. If p and q are orthogonal we can superpose them into a state with probability \( \rho \) to p and probability \( 1  \rho \) to q . Axiom P7 relates to conditional probabilities: the probability of \(p\wedge q\) is equal to the probability of p given q (which is \(\tau \) in the axiom) times the probability of q (which is \(\rho \) in the axiom).
Axioms for atoms and separability Atoms are the smallest nonempty sets; therefore, any nonempty set smaller than an atom is equal to that atom. This is captured by axiom A1. As atoms are singleton states, a formula \( \phi \) is satisfied at this state if and only if the atom implies \( \phi \). This is reflected by axiom A2.
For singleton states s that are nonorthogonal to a testable property Q , we have \( (s,t) \in R_Q \) iff \( \{t\} = (\{s\} \sqcup {\sim }Q) \cap Q \). In other words, the projection of an atom is again an atom. This is captured by axiom A3.
Axiom A4 provides a characterisation of an atom under the condition that the formula is separable. Axiom A5 asserts that two fully separable atoms are equivalent if and only if each of their local components are equivalent. Axiom A6 expresses the fact that two fully separable properties are orthogonal if one of their local components are orthogonal.
Theorem 4.1
The rules in Table 3 and the axioms in Table 4 are sound with respect to multiagent probabilistic quantum models (NPQM).
Proof
Many of the axioms are standard from the literature. For example, PL, K, PDL1, and PDL2 are from propositional dynamic logic (see for example Harel et al. 2000). The axioms I1–I6 are from Fagin and Halpern (1994). The axioms P1, P2 and variations of P4 are common among probability logics (see for example Fagin and Halpern 1994). The axioms Q4–Q8 are from Baltag and Smets (2005) and Smets and Baltag (2006). The validity of some others may be obvious from the discussion above. We now prove the soundness of select axioms.
Q9: Suppose p and q are testable, i.e., \( {\llbracket p \rrbracket } = {\sim }{\sim }{\llbracket p \rrbracket } \) and \( {\llbracket q \rrbracket } = {\sim }{\sim }{\llbracket q \rrbracket } \). Let \( s \in {\llbracket {\langle p? \rangle }q \rrbracket } \). Then, by definition of \( R_{{\llbracket p \rrbracket }} \) there exists a \( t \in S \) such that \( (s,t) \in R_{{\llbracket p \rrbracket }} \) and \( t \in {\llbracket p \rrbracket } \); since \( s \in {\llbracket {\langle p? \rangle }q \rrbracket } \), it also holds that \( t \in {\llbracket q \rrbracket } \). As \({\llbracket p\wedge q \rrbracket } = {\llbracket p \rrbracket }\cap {\llbracket q \rrbracket }\), we have \(t\in {\llbracket p\wedge q \rrbracket }\). As \(R_{{\llbracket p \rrbracket }} \) corresponds to the projection onto \( {\llbracket p \rrbracket } \), we know each state \( u \in {\llbracket p \rrbracket } \) that is nonorthogonal to s is also nonorthogonal to t . Since \(t\in {\llbracket p\wedge q \rrbracket }\), this means that \( s \in {\llbracket \Diamond p \wedge \square (p \rightarrow \Diamond (p \wedge q)) \rrbracket } \).
Now w (as the projection of v onto \({\llbracket p \rrbracket }\)) can be characterized by being the element of \({\llbracket p \rrbracket }\) where vRu iff wRu for all \(u\in {\llbracket p \rrbracket }\) (see, for example, Bergfeld et al. 2015, Proposition 2.15). So we have wRx iff vRx for all \( x \in {\llbracket p \rrbracket } \supset {\llbracket p\wedge q \rrbracket } \), and therefore we have \( w \in {\llbracket p \rrbracket } \cap {\sim }{\llbracket p \wedge q \rrbracket } \). We also have wRt , which implies wRs (because t is the projection of s onto \({\llbracket p \rrbracket }\)). Since \( s \in {\llbracket \square (p \rightarrow \Diamond (p \wedge q)) \rrbracket } \) we have \( w \in {\llbracket \Diamond (p \wedge q) \rrbracket } \), contradicting the fact that \(w \in {\sim }{\llbracket p\wedge q \rrbracket }\). Thus \( t \in {\llbracket q \rrbracket } \) and \( s \in {\llbracket {\langle p? \rangle }q \rrbracket } \).
P6: Let \(s\in {\llbracket \left( (p \perp q) \wedge \exists p \wedge \exists q \right) \rrbracket }\). Let \(x\in {\llbracket p \rrbracket }\) and \(y\in {\llbracket q \rrbracket }\). Since \(s\in {\llbracket p\perp q \rrbracket }\), \({\llbracket p \rrbracket }\subseteq {\llbracket {\sim }q \rrbracket }\), and hence \({\llbracket p \rrbracket }\) and \({\llbracket q \rrbracket }\) are orthogonal, and hence \({\langle x,y\rangle }=0\). Consider the vector \(z = \sqrt{\rho }x+\sqrt{(1\rho )}y\). One can easily check that \(z={\mathsf {sn}}(z)\), and is hence in S. Furthermore, as \(y\perp x\), the projection of z onto \({\sim }{\sim }{\llbracket p \rrbracket }\) is the vector \(\sqrt{\rho }x\), whose normalization is \(x\in {\llbracket p \rrbracket }\), and hence \(z\in {\llbracket {\langle p? \rangle }p \rrbracket }\). The probability of projecting onto \({\sim }{\sim }{\llbracket p \rrbracket }\) is then \({\langle z,x\rangle }^2 = \rho \); thus \(z\in {\llbracket {\langle p? \rangle }_{=\rho }p \rrbracket }\). We can similarly show that \(z\in {\llbracket {\langle q? \rangle }_{=1\rho }q \rrbracket }\). Therefore, \(z\in {\llbracket {\langle p? \rangle }_{=\rho }p\wedge {\langle q? \rangle }_{=1\rho }q \rrbracket }\), and thus \(s\in {\llbracket \exists ({\langle p? \rangle }_{=\rho }p\wedge {\langle q? \rangle }_{=1\rho }q) \rrbracket }\), as desired.
P7: Let \(Q = {\sim }{\sim }{\llbracket q \rrbracket }\) and \(P= {\sim }{\sim }{\llbracket p \rrbracket }\). Suppose \(s\in {\llbracket (p \le q) \wedge {\langle q? \rangle }_{=\rho }(\Pr (p) = \tau ) \rrbracket }\). Because \(s\in {\llbracket p\le q \rrbracket }\), we have that \({\llbracket p\le q \rrbracket }\ne \emptyset \), and thus \({\llbracket p \rrbracket }\subseteq {\llbracket q \rrbracket }\), giving us \(P\subseteq Q\). Also, \(s\in {\llbracket {\langle q? \rangle }_{=\rho }(\Pr (p) = \tau ) \rrbracket }\) and hence there exists a t, such that \(sR_Qt\), \({\langle s,t\rangle }^2 = \rho \), and \(t\in {\llbracket \Pr (p) = \tau ) \rrbracket }\). Then there exists a \(u\in P\), such that \(tR_Pu\) and \({\langle t,u\rangle }^2 =\tau \).
Now let \(\eta = {\langle s,t\rangle }t\) be the actual vector when projecting s onto Q. Let \(\xi = {\langle \eta ,u\rangle }u\) be the actual vector when projecting \(\eta \) onto P. Let \(\omega = {\langle s,v\rangle }v\) be the actual vector when projecting s onto P. Since \(P\subseteq Q\), \(\xi = \omega \) (to see this, one can change the basis so that P is the span of a subset of the basis elements, Q the span of a larger subset of the basis elements, and then project by removing the coefficients for basis elements not in the set we are projecting onto). Thus \(u = v\) and \({\langle \eta ,u\rangle } = {\langle s,u\rangle }\). Expanding \(\eta \), we have \(\overline{{\langle s,t\rangle }}{\langle t,v\rangle } = {\langle s,u\rangle }\). Hence \(\rho \tau = {\langle s,t\rangle }^2{\langle t,v\rangle }^2 = {\langle s,u\rangle }^2\) is the probability of projecting s onto P. Hence \(s\in {\llbracket \Pr (p) = \rho \tau \rrbracket }\).
A4: First, we claim that for any \( \emptyset \subsetneq I \subsetneq N \) and any p we have \( {\llbracket T(p_I) \wedge \exists p_I \rrbracket } = S \) (where S is the whole state space) if and only if it holds that \( {\llbracket p_I \rrbracket } = \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I}\) for some fixed \( s_I \in S_{ I} \). Before we prove this claim, let us show the soundness of A4 with this claim.
Suppose we have that \(s\in {\llbracket {\mathsf {Sep}}(p) \wedge {\textsf {Atom}}(p) \rrbracket }\). Then \( {\llbracket {\mathsf {Sep}}(p) \wedge {\textsf {Atom}}(p) \rrbracket } = S \). Then \( {\llbracket p \rrbracket } = \{ \bigotimes _{i<N}^\mathfrak {M}s_{\{i\}} \} \) for some \( s_{\{i\}} \in S_{\{i\}} \) for each \( i < N \). Therefore, we have \( {\llbracket p_{\{i\}} \rrbracket } = \{ s_{\{i\}} \} \otimes ^\mathfrak {M}S_{N {\setminus } \{i\}} \), and thus by the claim, \( p_{\{i\}} \) is testable, i.e., \( {\llbracket T(p_{\{i\}}) \rrbracket } = S \) for each \( i < N \). Because p is an atom, we also know that \({\llbracket \exists p \rrbracket } = S\). Thus \(s \in {\llbracket \exists p \wedge \bigwedge _{i<N} T(p_{\{i\}}) \rrbracket }\).
Now suppose \(s\in {\llbracket {\mathsf {Sep}}(p) \wedge \exists p \wedge \bigwedge _{i < N} T(p_{\{i\}}) \rrbracket }\). Then we have \( {\llbracket {\mathsf {Sep}}(p) \wedge \exists p \wedge \bigwedge _{i < N} T(p_{\{i\}}) \rrbracket } = S \). From \( {\llbracket \exists p \rrbracket } = S \), we deduce \( {\llbracket p \rrbracket } \ne \emptyset \). By \( {\llbracket {\mathsf {Sep}}(p) \rrbracket } = S \) we know \( {\llbracket p \rrbracket } \subseteq \bigcap _{i<N} {\llbracket p_{\{i\}} \rrbracket } \). By the claim we know \( \bigcap _{i<N} {\llbracket p_{\{i\}} \rrbracket } = \{ \bigotimes ^\mathfrak {M}_{i < N} s_{\{i\}} \} \) for some \( s_{\{i\}} \in S_{\{i\}} \) for each \( i < N \). Combining these results, we know \( {\llbracket p \rrbracket } = \{ s \} \), and therefore p is an atom, i.e., \( {\llbracket {\textsf {Atom}}(p) \rrbracket } = S \). Therefore, \(s\in {\llbracket {\textsf {Atom}}(p) \rrbracket }\).
To prove the claim, we first note that if \( {\llbracket T(q) \rrbracket }=S \), we have \( {\llbracket q \rrbracket } = {\sim }{\sim }{\llbracket q \rrbracket } \). Therefore, if \( s, t \in {\llbracket q \rrbracket } \) we also have \( \sqrt{\rho }s + \sqrt{1  \rho }t \in {\llbracket q \rrbracket } \) for any \(\rho \in [0,1]\), because any state that is orthogonal to both s and t is also orthogonal to \( \sqrt{\rho }s + \sqrt{1  \rho }t \), so we find \( \sqrt{\rho }s + \sqrt{1  \rho }t \in {\sim }{\sim }\{s,t\} \subseteq {\sim }{\sim }{\llbracket q \rrbracket } = {\llbracket q \rrbracket } \).
By definition of \( {\llbracket p_I \rrbracket } \), any \( s \in {\llbracket p_I \rrbracket } \) is of the form \( s_I \otimes ^\mathfrak {M}s_{N {\setminus } I} \). Suppose \( s_I \otimes ^\mathfrak {M}s_{N {\setminus } I}, t_I \otimes ^\mathfrak {M}t_{N {\setminus } I} \in {\llbracket p_I \rrbracket } \) such that \( s_I \ne t_I \). Without loss of generality we may also assume \( s_{N {\setminus } I} \ne t_{N {\setminus } I} \), because if \( s_I \otimes ^\mathfrak {M}s_{N {\setminus } I} \in {\llbracket p_I \rrbracket } \), then \( s_I \otimes ^\mathfrak {M}s'_{N {\setminus } I} \in {\llbracket p_I \rrbracket } \) for any other \( s'_{N {\setminus } I} \in S_{N {\setminus } I} \). If we look at the sum \( \sqrt{\rho }(s_I \otimes ^\mathfrak {M}s_{N {\setminus } I}) + \sqrt{1  \rho } (t_I \otimes ^\mathfrak {M}t_{N {\setminus } I}) \), with \( \rho \ne 0,1 \), it is not hard to see that this sum is not equal to \( u_I \otimes ^\mathfrak {M}u_{N {\setminus } I} \) for any \( u_I \in S_I \) and \( u_{N {\setminus } I} \in S_{N {\setminus } I} \). In other words, \( \sqrt{\rho }(s_I \otimes ^\mathfrak {M}s_{N {\setminus } I}) + \sqrt{1  \rho } (t_I \otimes ^\mathfrak {M}t_{N {\setminus } I}) \notin {\llbracket p_I \rrbracket } \).
Combining the above two results, we have that if \( {\llbracket p_I \rrbracket } \ne \emptyset \) and \( {\llbracket T(p_I) \rrbracket }=S \), then \( {\llbracket p_I \rrbracket } = \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) for some fixed \( s_I \in S_I \).
For the other direction, we have that \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) is isomorphic to \( S_{N{\setminus } I}\), because every vector in the space spanned by \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) is a constant multiple of an element of \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \). Hence \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) represents a subspace, and is therefore biorthogonally closed. Every topologically closed linear subspace is biorthogonally closed (Birkhoff and Neumann 1936), and it is well known that every subspace of a finitedimensional Hilbert space is isomorphic to \({\mathbb {C}}^n\) and therefore topologically closed. This finishes the proof of the claim. \(\square \)
4.1 Deducible basic properties of quantum models
We will now use our system to deduce several properties that are standard in most quantum logics, like weak modularity. In the first lemma, we will show the connection between projections (\( {\langle \phi ? \rangle }\)) and nonorthogonality (\(\Diamond \)). Also we show nonorthogonality is both reflexive and symmetric.
Lemma 4.2
Proof
To prove \(\vdash {\langle p? \rangle }{\mathtt {tt}}\leftrightarrow \Diamond p \), we first observe that \(\vdash p\equiv \lnot \lnot p\). Then using universal substitution on Q1 and propositional logic, we obtain \( \vdash \lnot [ p? ]{\mathtt {ff}}\leftrightarrow \lnot [ \lnot \lnot p? ]{\mathtt {ff}}\), which is precisely what \( \vdash {\langle p? \rangle }{\mathtt {tt}}\leftrightarrow \Diamond p \) abbreviates.
A proof of \( \vdash p \rightarrow \Diamond p \) and \( \vdash p \rightarrow \square \Diamond p \)
1  \( {\mathtt {tt}}\)  PL 
2  \( {\mathtt {tt}}\rightarrow ( p \rightarrow {\langle {\mathtt {tt}}? \rangle }p ) \)  Q7 + US 
3  \( p \rightarrow {\langle {\mathtt {tt}}? \rangle }p \)  MP(1,2) 
4  \( {\langle {\mathtt {tt}}? \rangle }p \rightarrow \Diamond p \)  (4.2) + US 
5  \( p \rightarrow \Diamond p \)  PL(3,4) 
6  \( {\langle {\mathtt {tt}}? \rangle }p \rightarrow [{\mathtt {tt}}?]p \)  Q5 + US 
7  \( p \rightarrow [{\mathtt {tt}}?]p \)  PL(3,6) 
8  \( [{\mathtt {tt}}?]p \rightarrow p \)  PL(3) + US 
9  \( {\langle {\mathtt {tt}}? \rangle }p \rightarrow p \)  PL(7) + US 
10  \( p \rightarrow [{\mathtt {tt}}?]\square {\langle {\mathtt {tt}}? \rangle }\Diamond p \)  Q8 + US 
11  \( p \rightarrow \square \Diamond p \)  PL(8,9,10) + US 
With a proof of reflexivity, we can deduce the following four bidirectional rules (each column has both directions):
Lemma 4.3
Proof
The upper row follows from two applications of necessitation; the lower row follows from reflexivity (Lemma 4.2(4.3), which is equivalent to \( \vdash \square p \rightarrow p \)). \(\square \)
Throughout this text, we will often apply the above lemma without reference. The following lemma states that every atom is nonempty.
Lemma 4.4
Proof
\( p \not \equiv {\mathtt {ff}}\) abbreviates \( \lnot \square \square (p \leftrightarrow {\mathtt {ff}}) \), which is equivalent to \( \Diamond \Diamond ((p \wedge \lnot {\mathtt {ff}}) \vee (\lnot p \wedge {\mathtt {ff}})) \). By standard modal reasoning, this is equivalent to \( \Diamond \Diamond p \), or in abbreviated form \( \exists p \).
We have \( \vdash p \le {\mathtt {tt}}\), so by A2 we have \( \vdash {\textsf {Atom}}(p) \rightarrow \exists (p \wedge {\mathtt {tt}}) \) and as we have \( \vdash p \equiv (p \wedge {\mathtt {tt}}) \) we have \( \vdash {\textsf {Atom}}(p) \rightarrow (p \not \equiv {\mathtt {ff}}) \). \(\square \)
The following lemma collects several properties of the orthocomplement, in particular the three defining properties \( p \le {\sim }{\sim }p \), \( p \le q \) implies \( {\sim }q \le {\sim }p \), and \( (p \wedge {\sim }p) \equiv {\mathtt {ff}}\). Note that the first property \( p \le {\sim }{\sim }p \) is weaker than the standard property found in many quantum logics \( p \equiv {\sim }{\sim }p \), but the latter only holds in quantum models that only consider testable properties.
Lemma 4.5
Proof
The proofs of these formulas can be found in Table 6. \(\square \)
A proof of \( \vdash p \le {\sim }{\sim }p \), \( \vdash (p \le q) \rightarrow ({\sim }q \le {\sim }p) \), \( \vdash {\sim }p \equiv {\sim }{\sim }{\sim }p \), \( \vdash (p \,{\wedge }\,{\sim } p) \equiv {\mathtt {ff}}\) and \( \vdash (p \perp q) \leftrightarrow (q \perp p) \)
1  \(p \rightarrow \square \Diamond p\)  Lemma 4.2 
2  \(p \rightarrow {\sim }{\sim }p\)  Abb.(1) 
3  \(p \le {\sim }{\sim }p\)  Lemma 4.3 
4  \(\square \square (p \rightarrow q) \rightarrow \square \square (\lnot q \rightarrow \lnot p)\)  ML 
5  \(\square \square (p \rightarrow q) \rightarrow \square \square \square (\lnot q \rightarrow \lnot p)\)  Q3 
6  \(\square \square (p \rightarrow q) \rightarrow \square \square (\square \lnot q \rightarrow \square \lnot p) \)  ML(5) 
7  \((p \le q) \rightarrow ({\sim }q \le {\sim }p) \)  Abb.(6) 
8  \(\square \lnot p \rightarrow \lnot p \)  Lemma 4.2 
9  \((p \wedge \square \lnot p) \rightarrow {\mathtt {ff}}\)  PL(8) 
10  \((p \wedge {\sim }p) \equiv {\mathtt {ff}}\)  Lemma 4.3 
11  \({\sim }p \le {\sim }{\sim }{\sim }p \)  US(3) 
12  \((p \le {\sim }{\sim }p) \rightarrow ({\sim }{\sim }{\sim }p \le {\sim }p) \)  US(7) 
13  \(({\sim }{\sim }{\sim }p \le {\sim }p) \)  MP(3,12) 
14  \({\sim }p \equiv {\sim }{\sim }{\sim }p \)  PL(11,13) 
15  \((p \le {\sim }q) \rightarrow ({\sim }{\sim }q \le {\sim }p) \)  US(7) 
16  \((p \le {\sim }q) \rightarrow (q \le {\sim }p) \)  PL(2,15) 
17  \((p \perp q) \rightarrow (q \perp p) \)  Abb.(16) 
18  \((q \perp p) \rightarrow (p \perp q) \)  US(17) 
19  \((p \perp q) \leftrightarrow (q \perp p) \)  PL(17,18) 
Lemma 4.6
Proof
A proof of \(T({\sim }p)\) and \( \vdash T(p) \wedge T(q) \rightarrow T(p \wedge q) \)
1  \( {\sim }p \equiv {\sim }{\sim }{\sim }p \)  (4.8) 
2  \(T({\sim }p) \)  Abb.(1) 
3  \((p \wedge q) \le {\sim }{\sim }(p \wedge q) \)  (4.5) 
4  \((p \wedge q) \le p \)  PL 
5  \({\sim }{\sim }(p \wedge q) \le {\sim }{\sim }p \)  (4.6) 
6  \({\sim }{\sim }(p \wedge q) \le {\sim }{\sim }q \)  US(5) 
7  \({\sim }{\sim }(p \wedge q) \le ({\sim }{\sim }p \wedge {\sim }{\sim }q) \)  PL(5,6) 
8  \((T(p) \wedge T(q)) \rightarrow (({\sim }{\sim }p \wedge {\sim }{\sim }q) \equiv (p \wedge q)) \)  ML 
9  \((T(p) \wedge T(q)) \rightarrow ({\sim }{\sim }(p \wedge q) \le (p \wedge q)) \)  ML(7,8) 
10  \((T(p) \wedge T(q)) \rightarrow ((p \wedge q) \equiv {\sim }{\sim }(p \wedge q)) \)  PL(3,9) 
11  \((T(p) \wedge T(q)) \rightarrow T(p \wedge q) \)  Abb.(10) 
The following lemma collects several properties of the quantum join. Most of these properties are intuitive when one thinks of the quantum join \( p \sqcup q \) as the smallest closed linear subspace containing both p and q . For (4.16), if r is orthogonal to both p and q , then r is orthogonal to each element in the span of p and q , which is the quantum join \( p \sqcup q \).
Lemma 4.7
Proof
A proof of \( \vdash p \le p \sqcup q \), \( \vdash (p \sqcup q) \equiv ({\sim }{\sim }p \sqcup {\sim }{\sim }q) \), \((T(p) \wedge T(q)) \rightarrow ({\sim }(p \wedge q) \equiv ({\sim }p \sqcup {\sim }q))\), \({\sim }(p \sqcup q) \equiv ({\sim }p \wedge {\sim }q)\), and \( \vdash ((r \perp p) \wedge (r \perp q)) \leftrightarrow (r \perp (p \sqcup q)) \)
1  \( p \le {\sim }{\sim }p \)  Lemma 4.5 
2  \( ({\sim }p \wedge {\sim }q) \le {\sim }p \)  PL + Lemma 4.3 
3  \( {\sim }{\sim }p \le {\sim }({\sim }p \wedge {\sim }q) \)  Lemma 4.5 + US 
4  \( p \le {\sim }({\sim }p \wedge {\sim }q) \)  ML(1,3) 
5  \( p \le (p \sqcup q) \)  Abb.(4) 
6  \( {\sim }p \equiv {\sim }{\sim }{\sim }p \)  Lemma 4.5 
7  \( {\sim }({\sim }p \wedge {\sim }q) \equiv {\sim }({\sim }{\sim }{\sim }p \wedge {\sim }{\sim }{\sim }q) \)  ML(6) 
8  \( (p \sqcup q) \equiv ({\sim }{\sim }p \sqcup {\sim }{\sim }q) \)  Abb.(7) 
9  \((T(p) \wedge T(q)) \rightarrow ({\sim }(p \wedge q) \equiv {\sim }({\sim }{\sim }p \wedge {\sim }{\sim }p))\)  ML 
10  \((T(p) \wedge T(q)) \rightarrow ({\sim }(p \wedge q) \equiv ({\sim }p \sqcup {\sim }q))\)  Abb.(9) 
11  \(T({\sim }{\sim }({\sim }p \wedge {\sim }q)) \)  Lemma 4.6 
12  \({\sim }{\sim }({\sim }p \wedge {\sim }q) \equiv ({\sim }p \wedge {\sim }q) \)  Abb.(11) 
13  \({\sim }(p \sqcup q) \equiv ({\sim }p \wedge {\sim }q) \)  Abb.(12) 
14  \( (r \perp p) \leftrightarrow \forall (r \rightarrow {\sim }p) \)  Abb. 
15  \( (r \perp q) \leftrightarrow \forall (r \rightarrow {\sim }q) \)  Abb. 
16  \(((r \perp p) \wedge (r \perp q)) \leftrightarrow \forall (r \rightarrow ({\sim }p \wedge {\sim }q)) \)  PL(14,15) 
17  \(T({\sim }p \wedge {\sim }q) \)  Lemma 4.6 
18  \(({\sim }p \wedge {\sim }q) \leftrightarrow {\sim }{\sim }({\sim }p \wedge {\sim }q) \)  Lemma 4.3(17) 
19  \(((r \perp p) \wedge (r \perp q)) \leftrightarrow \forall (r \rightarrow {\sim }{\sim }({\sim }p \wedge {\sim }q))\)  PL(16,18) 
20  \( ((r \perp p) \wedge (r \perp q)) \leftrightarrow (r \perp (p \sqcup q)) \)  Abb.(19) 
To show \(\vdash (p\sqcup {\sim }p)\equiv {\mathtt {tt}}\), we observe by Lemma 4.5(4.7) that \(\vdash (p\wedge {\sim }p) \equiv {\mathtt {ff}}\). Hence \(\vdash \lnot (p\wedge {\sim }p) \equiv {\mathtt {tt}}\). By modal logic, we have that \(\vdash {\sim }(p\wedge {\sim }p) \equiv \Box {\mathtt {tt}}\). Using necessitation and propositional logic, we have \(\vdash {\mathtt {tt}}\equiv \Box {\mathtt {tt}}\). The desired result follows from this and modal logic.
To prove (4.18), we use Lemma 4.5(4.6) to get \( \vdash (p \le r) \rightarrow ({\sim }r \le {\sim }p) \) and \( \vdash (q \le r) \rightarrow {\sim }r \le {\sim }p \), and hence \(\vdash (p\le r)\wedge (q\le r) \rightarrow ({\sim }r \le ({\sim }p \wedge {\sim }q) ).\) Using Lemma 4.5(4.6) again we have \( \vdash (p\le r)\wedge (q\le r) \rightarrow {\sim }({\sim }p \wedge {\sim }q) \le {\sim }{\sim }r \). Adding T(r) to the antecedent, the desired result follows from the previous observation and modal logic. \(\square \)
We need a more general version of Lemma 4.7(4.16) that considers the quantum join of n formulas instead of just two.
Corollary 4.8
Proof
We prove this by induction on n. For \( n = 1 \) the statement holds trivially. Now suppose the statement holds for n . Let \( \mathcal {B}\) be a set of formulas of size n and let \( b_{n+1} \) be a formula. By the induction hypothesis we have \( \vdash (\bigwedge _{b \in \mathcal {B}} p \perp b) \rightarrow (p \perp \bigsqcup \mathcal {B}) \). By Lemma 4.7(4.16) we have \( \vdash (p \perp b_{n+1}) \wedge (p \perp \bigsqcup \mathcal {B}) \rightarrow (p \perp (\bigsqcup \mathcal {B}) \sqcup b_{n+1}) \). Combining the two results gives the desired result.
For (4.20), Note that Open image in new window . Thus by the contrapositive of (4.19), we have Open image in new window . \(\square \)
One of the main difference between classical logic and quantum logic is the lack of distributivity. Classical models satisfy distributivity (\(p \wedge (q \vee r) = (p \wedge q) \vee (p \wedge r) \)), but quantum models only satisfy a weaker version of distributivity called weak modularity, which we will show in the following lemma.
Lemma 4.9
Proof
The proof can be found in Table 9. \(\square \)
A proof of \( \vdash (T(p) \wedge T(q) \wedge (q \le p)) \rightarrow (q \equiv (p \wedge ({\sim }p \sqcup q))) \)
1  \( q \le ({\sim }p \sqcup q) \)  Lemma 4.7 
2  \( (q \le p) \rightarrow (q \le (p \wedge ({\sim }p \sqcup q))) \)  ML(1) 
3  \( p \rightarrow \Diamond p \)  Lemma 4.2 
4  \( (q \le p) \rightarrow (q \equiv (p \wedge q)) \)  ML 
5  \( T(p)\rightarrow ((p \wedge ({\sim }p \sqcup q)) \equiv (p \wedge \square \lnot (p \wedge \square \lnot q))) \)  ML 
6  \( (q\le p) \rightarrow (\square \lnot (p \wedge \square \lnot q) \leftrightarrow \square (p \rightarrow \Diamond (p \wedge q))) \)  ML(4) 
7  \((q\le p) \rightarrow (p \wedge \square \lnot (p \wedge \square \lnot q) \rightarrow \Diamond p \wedge \square (p \rightarrow \Diamond (p \wedge q))) \)  PL(3,6) 
8  \( (T(p) \wedge T(q) \wedge \Diamond p \wedge \square (p \rightarrow \Diamond p \wedge q)) \rightarrow {\langle p? \rangle }q \)  Q9 
9  \(\left( T(p) \wedge T(q) \wedge (q \le p) \right) \rightarrow \left( (p \wedge ({\sim }p \sqcup q)) \rightarrow {\langle p? \rangle }q \right) \)  PL(5,7,8) 
10  \( p \rightarrow ([ p? ]q \rightarrow q) \)  Q7 
11  \( {\langle p? \rangle }q \rightarrow [ p? ]q \)  Q5 
12  \( (p \wedge {\langle p? \rangle }q) \rightarrow q \)  PL(10,11) 
13  \( (T(p) \wedge T(q) \wedge (q \le p)) \rightarrow ((p \wedge ({\sim }p \sqcup q)) \rightarrow q) \)  PL(9,12) 
14  \((T(p) \wedge T(q) \wedge (q \le p)) \leftrightarrow \forall (T(p) \wedge T(q) \wedge (q \le p)) \)  Lemma 4.3 
15  \((T(p) \wedge T(q) \wedge (q \le p)) \rightarrow ((p \wedge ({\sim }p \sqcup q)) \le q) \)  Nec(13,14) 
16  \((T(p) \wedge T(q) \wedge (q \le p)) \rightarrow (q \equiv (p \wedge ({\sim }p \sqcup q))) \)  ML(2,15) 
We also need the dual of weak modularity, which we will show in the following corollary.
Corollary 4.10
Proof
This is basically the dual of Lemma 4.9, that is, taking the orthocomplement. See Table 10. \(\square \)
A proof of \( \vdash (T(q) \wedge (p \le q)) \rightarrow (q \equiv p \sqcup ({\sim }p \wedge q)) \)
1  \( (p \le q) \rightarrow ({\sim }q \le {\sim }p) \)  Lemma 4.5 
2  \( T({\sim }p) \)  Lemma 4.6 
3  \( ({\sim }q \le {\sim }p) \rightarrow ({\sim }q \equiv {\sim }p \wedge ({\sim }{\sim }p \sqcup {\sim }q)) \)  Lemma 4.9 
4  \( (p \le q) \rightarrow ({\sim }{\sim }q \equiv {\sim }({\sim }p \wedge (p \sqcup {\sim }q))) \)  ML(1,2,3) 
5  \( (p \le q) \rightarrow ({\sim }{\sim }q \equiv ({\sim }{\sim }p \sqcup {\sim }(p \sqcup {\sim }q))) \)  Lemma 4.7 
6  \( (p \le q) \rightarrow ({\sim }{\sim }q \equiv (p \sqcup ({\sim }p \wedge {\sim }{\sim }q))) \)  Lemma 4.7 
7  \( (T(q) \wedge (p \le q)) \rightarrow (q \equiv p \sqcup ({\sim }p \wedge q)) \)  ML(6) 
With weak modularity we can show each atom is testable.
Lemma 4.11
Proof
By Lemma 4.5 we have \( \vdash p \le {\sim }{\sim }p \), and by Lemma 4.2(4.3) we have \( \vdash {\sim }{\sim }p \le \Diamond {\sim }{\sim }p \). So we can deduce \( \vdash p \le \Diamond {\sim }{\sim }p \). By Lemma 4.6, we have \( \vdash T({\sim }{\sim }p) \). Therefore, we can apply axiom A3 and (4.8) to deduce \( \vdash {\textsf {Atom}}(p) \rightarrow {\textsf {Atom}}((p \sqcup {\sim }p) \wedge {\sim }{\sim }p) \). By Lemma 4.7 we have \( \vdash (p \sqcup {\sim }p) \equiv {\mathtt {tt}}\), so we can deduce \( \vdash {\textsf {Atom}}(p) \rightarrow {\textsf {Atom}}({\sim }{\sim }p) \). By Lemma 4.4 we have \(\vdash {\textsf {Atom}}(p) \rightarrow ({\mathtt {ff}}\not \equiv p) \), and we already have \(\vdash p\le {\sim }{\sim }p \), so we can deduce \( \vdash {\textsf {Atom}}(p) \rightarrow (p \equiv {\sim }{\sim }p) \) by axiom A1. This is equivalent to the desired result. \(\square \)
4.2 Deducible probabilistic properties of quantum models
The following lemma collects several deducible properties of probabilistic quantum logic.
Lemma 4.12
Proof
The proof of (4.21) is in Table 11.
We now show (4.22). By Lemma 4.5 we have \(\vdash p \perp {\sim }p\) and \(\vdash p \sqcup {\sim }p\), and hence by axiom P1, P4 and P5 we obtain the desired result \( \vdash \Pr (p) + \Pr ({\sim }p) = 1 \).
We now show (4.23). By uniform substitution in (4.22) we have \(\vdash \Pr ({\sim }p) + \Pr ({\sim }{\sim }p) = 1\). From this we can use the inequality axioms to show the second result \( \vdash \Pr (p) = \Pr ({\sim }{\sim }p) \).
We now show (4.24). Since T(p) abbreviates \( p \equiv {\sim }{\sim }p \), from the axiom \(\vdash \Pr (p) = 0 \leftrightarrow {\sim }p \) it follows that \( \vdash T(p) \rightarrow p\leftrightarrow \Pr ({\sim }p) = 0 \). From the inequality axioms and propositional reasoning we obtain the third result \( \vdash T(p) \rightarrow p \leftrightarrow \Pr (p) = 1 \).
We now show (4.25). By Lemma 4.5 we also have \( \vdash p \rightarrow {\sim }{\sim }p \) and \( \vdash T({\sim }({\sim }p)) \), combining this with \( \vdash \Pr (p) = \Pr ({\sim }{\sim }p) \), we obtain the last result \( \vdash p \rightarrow \Pr (p) = 1 \). \(\square \)
A proof of \( \vdash \Diamond p \leftrightarrow \Pr (p) > 0 \)
1  \(\Pr (p) \ne 0 \leftrightarrow \Diamond p\)  P3 + PL 
2  \(\Pr (p) > 0 \leftrightarrow \Diamond p\)  PL(1) + P2 
The following lemma shows that probability (\(\Pr (\cdot )\)) is monotone.
Proposition 4.13
Proof
First, by (4.5) and modal logic, we have \( \vdash p \le q \rightarrow p \le {\sim }{\sim }q \) and by Lemma 4.6, we have \( \vdash T({\sim }{\sim }q) \). Therefore, by Corollary 4.10 we have \( \vdash p \le q \rightarrow {\sim }{\sim }q \equiv p \sqcup ({\sim }p \wedge {\sim }{\sim }q) \). Hence by P4, \(\vdash p\le q \rightarrow P({\sim }{\sim }q) = P(p\sqcup ({\sim }p \wedge {\sim }{\sim }q))\). Note that \( \vdash p \perp ({\sim }p \wedge {\sim }{\sim }q)\), since clearly \( \vdash {\sim }p \wedge {\sim }{\sim }q \le {\sim }p \). Thus by P5, \( \vdash \Pr (p \sqcup ({\sim }p \wedge {\sim }{\sim }q)) = \Pr (p) + \Pr ({\sim }p \wedge {\sim }{\sim }q) \). By (4.23), \(\vdash \Pr (q)= \Pr ({\sim }{\sim }q)\). Using inequality axioms, we obtain \( \vdash p\le q \rightarrow \Pr (q) = \Pr (p) + \Pr ({\sim }p \wedge {\sim }{\sim }q) \). The desired result follows from this and the inequality axioms. \(\square \)
Axiom P5 only considers a pair of orthogonal states, but can be generalized to a finite set of n pairwise orthogonal states.
Lemma 4.14
Proof
A proof of \( \vdash ( \bigwedge \nolimits _{i < j < n} b_i \perp b_j ) \rightarrow ( \Pr (\bigsqcup \nolimits _{i \le n} b_i) = \sum \nolimits _{i < n} \Pr (b_i) ) \)
1  \( \bigwedge _{i<j<n+1} (b_i \perp b_j) \rightarrow (b_n \perp \bigsqcup _{i < n} b_i) \)  Corollary 4.8 
2  \( \Pr (\bigsqcup _{i<n+1} b_i) = \Pr ((\bigsqcup _{i<n} b_i) \sqcup b_n) \)  Abb. 
3  \((b_n \perp \bigsqcup _{i < n} b_i) \rightarrow (\Pr ((\bigsqcup _{i<n} b_i) \sqcup b_n) = \Pr (\bigsqcup _{i<n} b_i) + \Pr (b_n))\)  P5 
4  \(\bigwedge _{i<j<n} (b_i \perp b_j) \rightarrow \Pr (\bigsqcup _{i<n} b_i) = \sum _{i < n} \Pr (b_i) \)  (IH) 
5  \(\bigwedge _{i<j<n+1} (b_i \perp b_j) \rightarrow \Pr (\bigsqcup _{i<n+1} b_i) = \sum _{i < n+1} \Pr (b_i) \)  I1–I3 
Using Lemma 4.14, we obtain a nice characterisation for the quantum join of a set of orthogonal states involving probabilities, which we show in the following corollary.
Corollary 4.15
Proof
Similar to axiom P5, we can generalize axiom P7 by considering the quantum join of a finite set of formulas.
Lemma 4.16
Proof
By modal logic, \( \vdash {\langle \bigsqcup _{i \le n} b_i? \rangle }_{=\rho } \bigwedge _{i \le n} (\Pr (b_i) = \rho _i) \rightarrow \bigwedge _{i \le n} {\langle \bigsqcup _{i \le n} b_i? \rangle }_{=\rho } (\Pr (b_i) = \rho _i) \). By Lemma 4.7(4.12), we also know \( \vdash b_i \le \bigsqcup _{j \le n} b_j \), so the statement follows from axiom P7 and propositional logic. \(\square \)
4.3 Deducible properties of a basis
Since the notion of an orthonormal basis is very important in the two protocols we will discuss in Section 5, as well as many other protocols, we discuss the definition of a basis and prove several properties.
Lemma 4.17
Proof
This lemma follows directly from the definition of an orthosubbasis combined with Lemma 4.14 and axiom P1.
\(\square \)
Lemma 4.18
Proof
Because \( \vdash {\textsf {Ant}}\rightarrow T(r) \) we have \(\vdash {\textsf {Ant}}\rightarrow (p \nleq r \leftrightarrow p \nleq {\sim }{\sim }r) \). Hence, we have \(\vdash {\textsf {Ant}}\rightarrow (p \nleq {\sim }{\sim }r)\). Unpacking the notation, this is equivalent to \(\vdash {\textsf {Ant}}\rightarrow \exists (p \wedge \Diamond {\sim }r) \). Because \(\vdash {\textsf {Ant}}\rightarrow {\textsf {Atom}}(p) \), we find that \( \vdash {\textsf {Ant}}\rightarrow ( \exists (p \wedge \Diamond {\sim }r)p \leftrightarrow (p \le \Diamond {\sim }r)) \) by A2. Hence, \(\vdash {\textsf {Ant}}\rightarrow (p \le \Diamond {\sim }r)\).
The following lemma uses the previous lemma to establish that a quantum join of n formulas can contain at most n orthogonal states.
Lemma 4.19
Proof
We prove this by induction on n. For \( n = 1 \), the formula follows immediately from A1 and Lemma 4.4.
First step, remove \( b_0 \): By the induction hypothesis (IH) and propositional logic, there exists a \( c_0 \in {\mathcal {C}} \) such that \( \vdash \chi \rightarrow c_0 \nleq \bigsqcup \mathcal {B}{\setminus } \{b_0\} \). Given that \( c_0 \le \bigsqcup \mathcal {B}\), \( {\textsf {Atom}}(b_0) \) and \( {\textsf {Atom}}(c_0) \) are also provable from \(\chi \), we can apply Lemma 4.18 and obtain \(\vdash \chi \rightarrow (\bigsqcup \mathcal {B}\equiv (\bigsqcup (\mathcal {B}{\setminus } \{b_0\}) \sqcup \{c_0\})) \).
Now we can show that each basis contains the same number of atoms.
Theorem 4.20
Proof
First step, remove \(b_0\): by Lemma 4.19, there is a \(c_0\in {\mathcal {C}}\), such that \( \vdash \psi \rightarrow c_0 \nleq \bigsqcup \mathcal {B}{\setminus } \{b_0\} \). Just as we did in the proof of Lemma 4.19, we then apply Lemma 4.18 and obtain \(\vdash \psi \rightarrow (\bigsqcup \mathcal {B}\equiv (\bigsqcup (\mathcal {B}{\setminus } \{b_0\}) \sqcup \{c_0\})) \). Note that the only difference between this step and that of the proof of Lemma 4.19 is that we applied Lemma 4.19 directly rather than used induction. Steps 2–n differ from those of Lemma 4.19 in precisely the same way.
In the final step we have obtained a set \( {\mathcal {C}}' \subseteq {\mathcal {C}} \) such that \(\vdash \psi \rightarrow (\bigsqcup \mathcal {B}\equiv \bigsqcup {\mathcal {C}}' )\) and \(  \mathcal {B} =  {\mathcal {C}}'  \). But we know that \(  {\mathcal {C}}  =  \mathcal {B} \) and therefore \( {\mathcal {C}} = {\mathcal {C}}' \) (thus instead of a contradiction we get the desired result). \(\square \)
Corollary 4.21
If \( \mathfrak {M}\vDash {\textsf {Basis}}(\mathcal {B}) \) and \( \mathfrak {M}\vDash {\textsf {Basis}}({\mathcal {C}}) \) then \( \mathcal {B} = {\mathcal {C}} \).
The following lemma states that any LOSB \( \mathcal {B}\) is the tensor product of its local states.
Lemma 4.22
For a finite set of formulas \( \mathcal {B}\), Let \(\mathcal {B}^N\) be the set of functions from \(\{0,\cdots ,N1\}\) to \(\mathcal {B}\).
Proof
Let \(\chi \) be the negation of what we are trying to prove:
By modal reasoning \(\vdash {\mathtt {tt}}\equiv {\sim }{\mathtt {ff}}\) and by Lemma 4.5(4.6), \(\vdash (\phi \not \equiv {\mathtt {ff}}) \leftrightarrow ({\sim }\phi \not \equiv {\mathtt {tt}})\). As for each \(i<N\), \(f(i)\in \mathcal {B}\) and Open image in new window is a conjunct of \({{\textsf {SubBasis}}}(\mathcal {B})\) and hence a conjunct of \(\chi \), we have that \(\vdash \chi \rightarrow ({\sim }f(i) \not \equiv {\mathtt {tt}})\). As \(\vdash (\phi \le \psi )\wedge (\psi \ne {\mathtt {tt}}) \rightarrow (\phi \ne {\mathtt {tt}})\), we have from this and \(\vdash \chi \rightarrow (\bigvee _{f\in \mathcal {B}^N} (\bigsqcup \mathcal {B}\le {\sim }f(i)))\) that \(\vdash \chi \rightarrow (\bigsqcup \mathcal {B}\ne {\mathtt {tt}})\). This together with the fact that \(\bigsqcup \mathcal {B}={\mathtt {tt}}\) is a conjunct of \({{\textsf {SubBasis}}}(\mathcal {B})\) and hence of \(\chi \) gives us that \(\vdash \chi \rightarrow {\mathtt {ff}}\).
\(\square \)
Given two LOSBs \( \mathcal {B}\) and \( {\mathcal {C}} \), we can construct a new LOSB \( \mathcal {D} \), such that for all \( i < N \), either for all \( d \in \mathcal {D} \) we have \( d_{\{i\}} \equiv b_{\{i\}} \) for some \( b \in \mathcal {B}\) or for all \( d \in \mathcal {D} \) we have \( d_{\{i\}} \equiv c_{\{i\}} \) for some \( c \in {\mathcal {C}}\). The following lemma proves this fact.
Lemma 4.23
Proof
By extracting a conjunct from \({\textsf {Ant}}\), we already have \( \vdash {\textsf {Ant}}\rightarrow \bigwedge _{d \in \mathcal {D}} {\mathsf {Sep}}(d) \).
As an intermediate step, we show that \( \vdash {\textsf {Ant}}\rightarrow \bigwedge _{d \in \mathcal {D}} {\textsf {Atom}}(d) \). By axiom A4 we have \( \vdash {\textsf {Ant}}\rightarrow T(b_{\{i\}}) \) and \( \vdash {\textsf {Ant}}\rightarrow T(c_{\{i\}}) \) for all \( b \in \mathcal {B}\), \( c \in {\mathcal {C}} \) and \( i < N \). As \({\textsf {Ant}}\) asserts the equivalence of each \(d_{\{i\}}\) with either \(b_{\{i\}}\) or \(c_{\{i\}}\), propositional reasoning gives us \(\vdash {\textsf {Ant}}\rightarrow T(d_{\{i\}}) \) for all \( d \in \mathcal {D}\) and \( i < N \). So, by axiom A4, we have \(\vdash {\textsf {Ant}}\rightarrow {\textsf {Atom}}(d) \) for all \( d \in \mathcal {D}\).
5 Examples
In this section, we will discuss how to express and prove correctness for two quantum protocols: the quantum leader election protocol (Sect. 5.1) and the BB84 quantum key distribution protocol (Sect. 5.2).
5.1 Example 1: quantum leader election
The quantum leader election protocol aims to randomly select a leader in a group of agents such that each agent has equal probability to be selected as the leader. There exist several ways to solve this problem using quantum theory, e.g., D’Hondt and Panangaden (2006a) and Tani et al. (2012). The ones given in Tani et al. (2012) rely heavily on communication, and as we do not explicitly model communication, we will discuss the version given in D’Hondt and Panangaden (2006a), which omits explicit communication.
Proposition 5.1
Proof
With induction: for \( n = 1 \) we have \( \vdash {\mathsf {Ort}}(\mathcal {B}) \rightarrow (b \not \equiv {\mathtt {ff}}) \), which by Lemma 4.4 implies \(\vdash {\mathsf {Ort}}(\mathcal {B}) \rightarrow \exists b \). By Lemma 4.12(4.25), we have \( \vdash b \rightarrow \Pr (b) = 1 \), so we have \( \vdash {\mathsf {Ort}} \rightarrow \exists (\Pr (b) = 1) \), which finishes the case \( n = 1 \).
A proof of \( {\mathsf {Ort}}\left( \mathcal {B}_{n+1}\right) \rightarrow \exists \left( \bigwedge \limits _{i \le n + 1} \Pr (b_i) = \frac{1}{n+1}\right) \)
1  \( {\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow \exists b_n \)  Lemma 4.4 
2  \( {\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow \exists \left( \bigwedge _{i < n} \Pr (b_i) = \frac{1}{n} \right) \)  IH 
3  \( {\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow (b_{n} \perp \bigsqcup _{i \in n} b_i) \)  Corollary 4.8 
4  \({\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow (\bigwedge _{i < n} \Pr (b_i) = \frac{1}{n}) \le (\bigsqcup _{i < n} b_i) \)  Corollary 4.15 
5  \( {\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow (b_{n} \perp (\bigwedge _{i < n} \Pr (b_i) = \frac{1}{n})) \)  ML(3,4) 
6  \({\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow \exists \left( \begin{aligned}&{\langle b_n? \rangle }_{= \frac{1}{n+1}}b_n \\ \wedge&{\langle q? \rangle }_{=\frac{n}{n+1}}q \end{aligned} \right) \text {with } q = \bigwedge _{i < n} \Pr (b_i) = \frac{1}{n}\)  P6 
7  \({\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow \exists \left( \Pr (b_{n}) = \frac{1}{n+1} \right. \left. \wedge \bigwedge _{i < n} \Pr (b_i) = \frac{1}{n + 1}\right) \)  Lemma 4.16 
8  \( {\mathsf {Ort}}(\mathcal {B}_{n+1}) \rightarrow \exists \left( \bigwedge _{i \le n + 1} \Pr (b_i) = \frac{1}{n+1} \right) \)  PL(8) 
The following theorem proves the correctness of the quantum leader election.
Theorem 5.2
Proof
5.2 Example 2: BB84
The BB84 protocol is designed to provide two agents with the same random bitstring, to be used as a key for both encryption and description. The protocol works as follows: the first agent Alice has the ability to produce qubits in two different basis: Open image in new window and Open image in new window . Alice chooses two equally sized random bitstrings; the first is the message to be sent, the second determines the basis in which each individual bit of the message bitstring is sent. She sends the qubits to Bob, who has chosen a random bitstring as well to determine which basis he uses to measure each received qubit. After all qubits have been sent and measured, Alice and Bob publicly compare the basis bitstring they have used to create and measure the qubits respectively. On those positions where the basis bitstring matches, the corresponding bit in the message bitstring should correspond as well. On all other positions, those bits in the message bitstring could be different and are thus discarded. In the end, Alice and Bob have a corresponding random bitstring which is in general about half the size of the random bitstring Alice started with. Of course, this is in the ideal situation where no eavesdropper disturbs the channel. This section proves properties of this ideal situation.

\(\Pr _s(\phi ) :=\sum _{b \in \mathcal {B}_s} \Pr (b \wedge \phi )\)

\(\Pr _{{\mathcal {M}}}(\phi ) :=\sum _{s \in \{ 1, + \}^N} \frac{1}{2^N} \Pr _s(\phi )\)
Lemma 5.3
Proof
We will first show \( \vdash {\mathsf {Ant}} \rightarrow \Pr _s({{\mathsf {Match}}}) = 1 \) for all \( s \in \{1, +\}^N \). The desired result will then follow from the inequality axioms. By Lemma 4.23, we know \( \vdash {\textsf {Ant}}\rightarrow {{\textsf {LOSB}}}(\mathcal {B}_s) \), and therefore by Lemma 4.17, \(\vdash {\textsf {Ant}}\rightarrow \sum _{b \in \mathcal {B}_s} \Pr (b) = 1 \). So all we need to show is that \( \vdash {\mathsf {Ant}} \rightarrow \Pr (b) = \Pr (b \wedge {\mathsf {Match}}) \) for all \( b \in {\mathcal {M}} \).
Case \(\phi \): First note that \(\vdash {\textsf {Ant}}\wedge \phi \rightarrow \bigvee \{ b \in {\mathcal {M}} \mid b_{\{i\}} \equiv k_{\{i\}} \}\)
Now we have \(\vdash {\textsf {Ant}}\wedge \omega \rightarrow (\Pr (b) = 0 \vee (b\equiv (b\wedge {\mathsf {Match}}_i))\), for each \(\omega \in \{\phi ,\psi ,\chi \}\). Together with \(\vdash \phi \vee \psi \vee \chi \), and repeating for each \(i<N\), we have (5.3). \(\square \)
6 Conclusion
This paper lays a foundation for an axiomatization of probabilistic quantum logics in the style of propositional dynamic logic. The axiomatization provided in this work is powerful enough to prove the correctness of quantum protocols, such as the quantum leader election of D’Hondt and Panangaden (2006a) and the BB84 quantum key distribution. As probability plays an important role in so many quantum protocols, we expect that our logic can be used and adapted to a much wider range of quantum protocols. We also hope that future work will clarify the prospects for a complete proof system.
This work may pave the way for powerful axiomatic system of stronger logics. For example, an axiomatic analysis of the construction of the Wstate is left for future work; such an analysis would benefit from a more powerful logic that explicitly reasons about unitary operations. When involving unitaries for quantum protocols and programs, it would be further beneficial to either characterize commonly used logic gates, such as the Hadamard gate, or to include them as constants.
Another potential extension of the logic is to add the power to explicitly express both the quantum and classical communication involved in various protocols. This may help in expressing important properties of a communicationrich variant of the quantum leader election protocol given in Tani et al. (2012), as well as the relationships among the classical and quantum communication in the quantum teleportation protocol.
References
 Abramsky S, Coecke B (2009) Categorical quantum mechanics. In: Lehmann D, Engesser K, Gabbay DM (eds) Handbook of quantum logic and quantum structures. Elsevier, Amsterdam, pp 261–323CrossRefGoogle Scholar
 Baltag A, Smets S (2005) Complete axiomatizations for quantum actions. Int J Theor Phys 44(12):2267–2282MathSciNetCrossRefzbMATHGoogle Scholar
 Baltag A, Smets S (2006) LQP: the dynamic logic of quantum information. Math Struct Comput Sci 16(3):491–525MathSciNetCrossRefzbMATHGoogle Scholar
 Baltag A, Bergfeld J, Kishida K, Sack J, Smets S, Zhong S (2013) Quantum probabilistic dyadic secondorder logic. In: Libkin L, Kohlenbach U, de Queiroz R (eds) Logic, language, information, and computation, lecture notes in computer science, vol 8071. Springer, Berlin, Heidelberg, pp 64–80Google Scholar
 Baltag A, Bergfeld J, Kishida K, Sack J, Smets S, Zhong S (2014) PLQP & company: decidable logics for quantum algorithms. Int J Theor Phys 53(10):3628–3647MathSciNetCrossRefzbMATHGoogle Scholar
 Bennett CH, Brassard G (1984) Quantum cryptography: public key distribution and coin tossing. In: Proceedings of IEEE international conference on computers, systems and signal processing, pp 175–179Google Scholar
 Bennett CH, Brassard G (2014) Quantum cryptography: public key distribution and coin tossing. In: Theoretical computer science 560, Part 1, theoretical aspects of quantum cryptography—celebrating 30 years of BB84, pp 7–11Google Scholar
 Bergfeld JM, Kishida K, Sack J, Zhong S (2015) Duality for the logic of quantum actions. Stud Log 103(4):781–805. doi: 10.1007/s112250149592x
 Birkhoff G, von Neumann J (1936) The logic of quantum mechanics. Ann Math 37:823–843MathSciNetCrossRefzbMATHGoogle Scholar
 Dalla Chiara ML, Giuntini R (2002) Quantum logics. In: Gabbay D, Guenthner F (eds) Handbook of philosophical logic. Kluwer Academic Publishers, Dordrecht, pp 129–228CrossRefGoogle Scholar
 Dalla Chiara ML, Giuntini R, Greechie R (2004) Reasoning in quantum theory: sharp and unsharp quantum logics, trends in logic, vol 22. Kluwer Academic Press, DordrechtzbMATHGoogle Scholar
 D’Hondt E, Panangaden P (2006a) The computational power of the W and GHZ states. Quantum Inf Comput 6(2):173–183Google Scholar
 D’Hondt E, Panangaden P (2006b) Quantum weakest preconditions. Math Struct Comput Sci 16:429–451 6Google Scholar
 Dunn JM, Moss LS, Wang Z (2013) Editors’ introduction: the third life of quantum logic: quantum logic inspired by quantum computing. J Philos Log 42(3):443–459MathSciNetCrossRefzbMATHGoogle Scholar
 Fagin R, Halpern JY (1994) Reasoning about knowledge and probability. J ACM 41(2):340–367MathSciNetCrossRefzbMATHGoogle Scholar
 Fagin R, Halpern JY, Megiddo N (1990) A logic for reasoning about probabilities. Inf Comput 87(1):78–128MathSciNetCrossRefzbMATHGoogle Scholar
 Feng Y, Nengkun Y, Ying M (2013) Model checking quantum Markov chains. J Comput Syst Sci 79(7):1181–1198MathSciNetCrossRefzbMATHGoogle Scholar
 Fischer MJ, Ladner RE (1979) Propositional dynamic logic of regular programs. J Comput Syst Sci 18(2):194–211MathSciNetCrossRefzbMATHGoogle Scholar
 Gay SJ, Nagarajan R, Papanikolaou N (2008) QMC: a model checker for quantum systems. In: Proceedings of the 20th international conference on computer aided verification, CAV ’08. Springer, Berlin, Heidelberg, pp 543–547Google Scholar
 Goldblatt RI (1974) Semantic analysis of orthologic. J Philos Log 3(1–2):19–35MathSciNetCrossRefzbMATHGoogle Scholar
 Harel D, Tiuryn J, Kozen D (2000) Dynamic logic. MIT Press, CambridgezbMATHGoogle Scholar
 Hoare TCAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10):576–580CrossRefzbMATHGoogle Scholar
 Hodkinson I, Reynolds M (2007) Temporal logic. In: Blackburn P, Van Benthem J, Wolter F (eds) Handbook of modal logic, studies in logic and practical reasoning, chapter 11, vol 3. Elsevier, pp 655–720Google Scholar
 Mateus P, Sernadas A (2006) Weakly complete axiomatization of exogenous quantum propositional logic. Inf Comput 204(5):771–794MathSciNetCrossRefzbMATHGoogle Scholar
 Nishimura H (2009) Gentzen methods in quantum logic. In: Lehmann D, Engesser K, Gabbay DM (eds) Handbook of quantum logic and quantum structures. Elsevier, Amsterdam, pp 227–260CrossRefGoogle Scholar
 Selinger P (2007) Dagger compact closed categories and completely positive maps: (extended abstract). In: Electronic notes in theoretical computer science. Proceedings of the 3rd international workshop on quantum programming languages (QPL 2005), vol 170, pp 139–163Google Scholar
 Selinger P (2011) Finite dimensional Hilbert spaces are complete for dagger compact closed categories (extended abstract). In: Electronic notes in theoretical computer science. Proceedings of the joint 5th international workshop on quantum physics and logic and 4th workshop on developments in computational models (QPL/DCM 2008), vol 270(1), pp 113–119Google Scholar
 Selinger P (2012) Finite dimensional Hilbert spaces are complete for dagger compact closed categories. Log Methods Comput Sci 8:1–12MathSciNetCrossRefzbMATHGoogle Scholar
 Smets S, Baltag A (2006) Logics for quantum information flow. In: Presented at the 18th European Summer School of Logic, Language and Information. http://www.vub.ac.be/CLWF/SS/slides.html. Accessed 14 Dec 2014
 Tani S, Kobayashi H, Matsumoto K (2012) Exact quantum algorithms for the leader election problem. ACM Trans Comput Theory 4(1):1:1–1:24Google Scholar
 Ying M, Nengkun Y, Feng Y, Duan R (2013) Verification of quantum programs. Sci Comput Program 78(9):1679–1700CrossRefGoogle Scholar
Copyright information
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.