Abstract
This paper presents a sound axiomatization for a probabilistic modal dynamic logic of quantum programs. The logic can express whether a state is separable or entangled, information that is local to a subsystem of the whole quantum system, and the probability of positive answers to quantum tests of certain properties. The power of this axiomatization is demonstrated with proofs of properties concerning bases of a finitedimensional Hilbert space, composite systems, entangled and separable states, and with proofs of the correctness of two probabilistic quantum protocols (the quantum leader election protocol and the BB84 quantum key distribution protocol).
Introduction
There is a large literature on logics for classical computation. These include Hoare logic (1969), propositional dynamic logic (Fischer and Ladner 1979), other dynamic logics (Harel et al. 2000), and temporal logics (Hodkinson and Reynolds 2007), and they aid in proving correctness of protocols and programs. With the increased prospects of quantum devices and computers, there is a growing interest in quantum analogs for these logics.
Quantum logic, which was originally used to clarify properties of quantum physics (Birkhoff and Neumann 1936), has developed into a broader field, with many logics addressing algebraic structures of quantum systems (Dalla Chiara and Giuntini 2002; Dalla Chiara et al. 2004). A significant recent development is the strengthening of quantum logic to be able to address quantum computation as well (Dunn et al. 2013). This coincides with development to formalize the semantics of quantum programs (D’Hondt and Panangaden 2006b) and the development of model checkers and verification tools for quantum systems (Gay et al. 2008; Feng et al. 2013; Ying et al. 2013).
Recent work toward the development of quantum logics for computation yielded probabilistic dynamic quantum logics that are decidable, such as Baltag et al. (2013, 2014), and the correctness of many quantum protocols can be expressed in these languages. However, an axiomatization of these probabilistic systems is lacking. In the nonprobabilistic setting, a sound axiomatization relevant to our work was developed in Baltag and Smets (2006) for the Logic of Quantum Programs, a quantum analog of the propositional dynamic logic, which was used to prove the correctness of the quantum teleportation protocol and the quantum secret sharing protocol. But the logic of quantum programs could not express quantities, and could only account for the correctness of qualitative properties of algorithms and protocols considered, and that work considered a probabilistic extension to be a greater goal of the program.
This paper lays a foundation for an axiomatization for a probabilistic variant of the Logic of Quantum Programs. The language involves dynamic modalities for quantum programs as well as probabilistic modalities, and is similar to the decidable logic in Baltag et al. (2014), and hence we give it the same name: the Probabilistic Logic of Quantum Programs. Among the differences between our language here and the one in Baltag et al. (2014) is that our language here simplifies the formulas for locality to describing full separability with respect to a given set of components. This simplification of the language allows us to highlight basic properties in the proof system that are essential to properties of bases of a finitedimensional Hilbert space. We develop a sound proof system for this logic, and we use it to prove properties of the quantum leader election protocol of D’Hondt and Panangaden (2006a) and the BB84 quantum key distribution protocol (Bennett and Brassard 1984, 2014).
The quantum leader election protocol is a method for selecting exactly one of n many members, giving each member equal chance of being selected. This is analogous to establishing a fair nsided die, and such selections are important for distributive systems. We prove in our language the existence and correctness of the Wstate as a shared state whose measurement would select a leader with the correct probability. The BB84 quantum key distribution protocol is a secure distribution key protocol. We prove in our language the correctness of this protocol in the event that there is no eavesdropping of communication. These two protocols are just examples of what our system can prove, and we are sure there are many others. But our logic also lays a foundation for further development in axiomatizing logics for quantum systems, particularly those that involve probability.
There have been other developments in forming axiomatizations of quantum logics. Goldblatt (1974), developed a complete axiomatization of orthologic and orthomodular quantum logic. There has also been development of Gentzen style proof systems for orthologic (Nishimura 2009). Selinger (2007), uses a graphical language to axiomatize properties for dagger compact closed categories, and shows in Selinger (2011, 2012) that this axiomatic system is also complete with respect to finitedimensional Hilbert spaces. Abramsky and Bob (2009), use a diagrammatic axiomatization to prove the correctness of quantum teleportation, logic gate teleportation, and entanglement swapping protocols. An axiomatization of a quantum logic that involve probabilities is given in Mateus and Sernadas (2006). Our logic differs from these in that it builds on the work of Baltag and Smets (2006) and Baltag et al. (2014), and can be viewed as a probabilistic quantum analog of propositional dynamic logic.
Our paper is organized as follows. In Sect. 2, we introduce probabilistic quantum structures, the basic structures for our semantics, which are mild abstractions of Hilbert spaces. In Sect. 3, we introduce the syntax and semantics for our probabilistic logic of quantum programs. We then present in Sect. 4 the deductive system and prove some properties in the language from it, including properties concerning orthonormal bases. In Sect. 5, we prove the correctness of the quantum leader election protocol and the BB84 protocol.
Probabilistic quantum structure
Let \({\mathcal {H}}\) be a finitedimensional Hilbert space with an orthonormal basis \(\mathbf{B}=(\mathbf{b}_0,\cdots ,\mathbf{b}_{n1})\). Let \(V_{\mathbf{B}}\) denote the set of all functions \(f:\mathbf{B}\rightarrow {\mathbb {C}}\). It is well known that there is a bijective correspondence between the vectors in \({\mathcal {H}}\) and the elements of \(V_{\mathbf{B}}\) given by mapping every \(\mathbf{v}\) in \({\mathcal {H}}\) to the function \(\mathbf{b}_i\mapsto \langle \mathbf{v},\mathbf{b}_i\rangle \). A state of \({\mathcal {H}}\) is a onedimensional subspace s of \({\mathcal {H}}\). We represent the states of \({\mathcal {H}}\) by a subset of \(V_{\mathbf{B}}\), each representing a canonical representative of the onedimensional subspace. This subset is the set of complex probability mass function defined as follows.
Definition 2.1
(Complex probability mass functions) Let \( B = \{ b_i \mid 0\le i < n \} \) for some positive \(n\in \mathbb {N}\) be an ordered set (which we call an ordered basis). A function \( f : B \rightarrow {\mathbb {C}}\) is called a complex probability mass function on B if

1.
there exists an \( i \in n \) such that

(a)
\( f(b_j) = 0 \) for all \( j < i \), and

(b)
\( f(b_i) \in (0,1] \),

(a)

2.
\( f(b_i)^2 \in [0,1] \), and

3.
\( \sum _{i \in N} f(b_i)^2 = 1 \).
Let \( S_B \) denote the set of all complex probability mass functions on B .
Note that if f is a complex probability mass function, the function \(f^2:B\rightarrow [0,1]\) is a (real) probability mass function. In this sense, a complex probability mass function can be seen as an appropriate “square root” of a probability mass function.
Every function \(f\in V_B\) can be converted into a function \(S_B\) as follows.
Definition 2.2
(Strong normalization) For every nonzero function \(f:\mathbf{B}\rightarrow {\mathbb {C}}\), where \(c=f(\mathbf{b}_i)\) for the smallest i such that \(f(\mathbf{b}_i)\ne 0\), we define the strong normalization \({\mathsf {sn}}(f)\) of f by
where in general \(\overline{z}\) is the complex conjugate of z.
It is easy to see that the strong normalization transforms any nonzero function \(f:\mathbf{B}\rightarrow {\mathbb {C}}\) into a complex probability mass function. The set of complex probability mass functions is identified with the set of states of a Hilbert spaces by the following proposition.
Proposition 2.3
Let \({\mathcal {H}}\) be a Hilbert space with \(\mathbf{B}= \{\mathbf{b_0},\cdots ,\mathbf{b_{n1}}\}\) an ordered orthonormal basis. The following both hold.

1.
Given a complex probability mass function \(f:\mathbf{B}\rightarrow {\mathbb {C}}\), there exists a unique unit vector \(\mathbf{v}\) in \({\mathcal {H}}\), such that for each j, \(f(\mathbf{b_j}) = \langle \mathbf{v},\mathbf{b_j}\rangle \).

2.
Given any state s of \({\mathcal {H}}\), there is a unique unit vector \(\mathbf{v}\) in s, such that the function \(f_{\mathbf{v}} = \langle \mathbf{v},\cdot \rangle :\mathbf{B}\rightarrow {\mathbb {C}}\) is a complex probability mass function over the ordered orthonormal basis \(\mathbf{B}\).
Proof

1.
Given \(f\in S_{\mathbf{B}}\), we define the vector \(\mathbf{v}\) to be
$$\begin{aligned} \mathbf{v}=\sum _{j\in n} f(\mathbf{b}_\mathbf{j})\mathbf{b}_\mathbf{j}. \end{aligned}$$Since the basis \(\mathbf{B}\) is orthonormal, it is easy to see that \(f(\mathbf{b_j}) = \langle \mathbf{v},\mathbf{b_j}\rangle \). By condition 3 of the definition of a complex probability mass function, \(\mathbf{v}\) is a unit vector.

2.
Let s be a onedimensional subspace of \({\mathcal {H}}\), and let \(\mathbf{w}\) be any nonzero vector in s. We identify \(\mathbf{w}\) with a nonzero function in \(f_{\mathbf{w}}\in V_{\mathbf{B}}\). Let \(\mathbf{v}\) be a vector corresponding to \({\mathsf {sn}}(f_{\mathbf{w}})\). As \(\mathbf{v}\) only differs from \(\mathbf{w}\) by a constant multiple, \(\mathbf{v}\in s\). Furthermore, as \({\mathsf {sn}}(f_{\mathbf{w}})\) is a complex probability mass function, \(\mathbf{v}\) is a unit vector. To see that \(\mathbf{v}\) is unique, we observe that for any complex number \(c\ne 1\) and any complex probability mass function f, the function \(c\cdot f: \mathbf{b}\mapsto c\cdot f(\mathbf{b})\) is not a complex probability mass function. \(\square \)
Because every state can be represented by a complex probability mass function, we will use the term state to mean either a onedimensional subspace or a complex probability mass function. We will also use the same notation for both concepts. Also, throughout this paper, we will identify each natural number \(n\in \mathbb {N}:=\{0,1,2,\cdots \}\) with the set \(\{0,1,\cdots ,n1\}\) of elements preceding it. If we write \( i < N \) without a lower bound, we intend for i to range from \( i = 0 \) to \( i = N 1 \).
Maps between bases and states
We require the basis to be ordered so that we can have a canonical representation of each state via a vector representative of its onedimensional subspace (for the same reason, vectors are written as ordered tuples, also assuming an order to its basis). Were we to reorder the basis elements, we could then map each vector representative in the original ordering to its unique corresponding representative in the new order (this mapping is, in this context, an identity map on states). This concept is generalized to changeofbasis maps as follows.
Definition 2.4
(Changeofbasis isomorphism) Let \( B = \{ b_i \mid i < d_B \} \) and \( C = \{ c_i \mid i < d_C \} \) be two ordered basis (where C could be a reordering of B). A function \( h : S_B \rightarrow S_C \) is a changeofbasis isomorphism iff there is a bijection \( \eta : C \rightarrow B \) (which implies \( d_B = d_C \)) such that for all \( s \in S_B \) and for all \( i < d_C \)
We call h an order isomorphism if in addition \( \eta (c_i) = b_i \) for all \( i < d_C \). We write \(B\cong C\) and \(S_B\cong S_C\) if there is an order isomorphism between \(S_B\) and \(S_C\). We write \(s\cong t\) for \(s\in S_B\) and \(t\in S_C\) if there is an order isomorphism \(h:S_B\rightarrow S_C\), such that \(h(s)=t\).
The tensor product of two ordered bases is the Cartesian product of the elements ordered by the dictionary order.
Definition 2.5
(Tensor product) The tensor product of two ordered bases \(B = (b_0,\cdots ,b_{n1})\) and \(C = (c_0,\cdots ,c_{m1})\) is \(D= (d_0,\cdots ,d_{nm1})\), such that \(d_k = (b_i,c_j)\) where \(i = \lfloor k/m \rfloor \) and \(j = k \mod m\). The tensor product of \(s\in S_B\) and \(t\in S_C\), denoted \(s\otimes t\), is given by
It is easy to see that in general \((s\otimes t)\otimes r \cong s\otimes (t\otimes r)\). As the tensor product is associative given our strictest notion of isomorphism, we will ignore internal parentheses when taking tensor products of more than two bases.
Agents and separability
Definition 2.6
(Multiagent PQM and components) Let \( N= \{0,\cdots ,N1\}\) be a finite set of agents. An Nprobabilistic quantum model (NPQM) is a tuple \(\mathfrak {M}=(B_0,\cdots ,B_{N1})\) of ordered bases. Let \(I\subseteq N\). Then \(\mathfrak {M}_I :=\{B_i \mid i\in I\}\) is said to be a component of \(\mathfrak {M}\).
If \(I = \{x_1,\cdots ,x_m\}\subseteq N\) for some \(m < N\) (where \((x_i)\) is strictly increasing), we write \(\bigotimes \mathfrak {M}_I = B_{x_1}\otimes B_{x_2}\otimes \cdots \otimes B_{x_m}\). We write \(S^{\mathfrak {M}}_I\) (or \(S_I\) if \(\mathfrak {M}\) is understood from context) for \(S_{\bigotimes \mathfrak {M}_I}\), and S (or \(S^{\mathfrak {M}}\)) for \(S_N\) (or \(S^{\mathfrak {M}}_N\)). In what follows, given a finite ordered set \(J = \{x_1,\cdots ,x_m\}\) for some \(m < N\) (with the sequence \((x_i)\) being strictly increasing), we use the notation \((b_i)_{i\in J}\) for the tuple \((b_{x_1},\cdots ,b_{x_m})\).
Definition 2.7
(Tensor product of agent components) Let \(\mathfrak {M}=(B_0,\cdots ,B_{N1})\) be an NPQM, and let \(I,J\subseteq N\), such that \(I\cap J=\emptyset \). The \(\mathfrak {M}\)tensor product \(\mathfrak {M}_I \otimes ^{\mathfrak {M}} \mathfrak {M}_J\) is defined to be \(\mathfrak {M}_{I\cup J}\), but where for each \(s\in S_I\) and \(t\in S_{J}\), we have for each sequence \((x_i)\) with \(b_{x_i}\in B_i\) that
Give sets \(X\subseteq S_I\) and \(Y\subseteq S_{J}\), let \(X\otimes ^\mathfrak {M}Y :=\{x\otimes ^\mathfrak {M}y\mid x\in X, y\in Y\}\).
Note that although \(\otimes \) is not commutative, \(\otimes ^{\mathfrak {M}}\) is. Also note that \(\otimes ^\mathfrak {M}\) is associative; hence we generally omit parentheses.
Definition 2.8
(Separable and entangled states) Given an NPQM \(\mathfrak {M}\), a set \(J\subseteq N\), a partition \(\varPi = \{X_1,\cdots ,X_k\}\) of N, and a state \(s\in S^{\mathfrak {M}}\), we say than

s is \(\mathfrak {M}\)separable in J if there exist \(s_J\in S_J\) and \(s_{N{\setminus } J}\in S_{N\setminus J}\) such that \(s \cong s_J\otimes ^{\mathfrak {M}} s_{N\setminus J}\). If s is not \(\mathfrak {M}\)separable in J we say that s is \(\mathfrak {M}\)entangled in J.

s is \(\mathfrak {M}\)separable in \(\varPi \) if there exists \(s_i\in S_{X_i}\) such that \(s\cong s_1\otimes ^\mathfrak {M}\cdots \otimes ^\mathfrak {M}s_k\). If s is not \(\mathfrak {M}\)separable in \(\varPi \) we say that s is \(\mathfrak {M}\)entangled in \(\varPi \). If \(\mathfrak {M}\) is separable in \(\{\{i\}\mid i\in N\}\), we say \(\mathfrak {M}\) is fully separable.
Separability will play an important role in the semantics of the logic we define in the next section.
Probabilistic quantum logic
In this section, we define the syntax and semantics of our language, and provide some useful syntactic abbreviations.
Syntax
Let N be a set of agents and let \( {\text {Prop}}\) be a (countable) set of proposition letters denoted with \( p, q, \dots . \) The language is threesorted, with formulas \(\phi \), programs \(\alpha \), and probability terms t, and is defined by
where \( p \in {\text {Prop}}\), \( I \subseteq N \), \( \varPi \subset \mathcal {P}(N) \) is a partition of N , and \( \rho \in \mathbb {Q} \). The set of formulas \(\phi \) is denoted by \(\mathcal {L}_N\), and the set of terms t is denoted by \({\text {Terms}}\).
We have the standard logical connectives \( \lnot \phi , \phi \wedge \psi \) and \( [\alpha ]\phi \) with the meaning not \( \phi \), \( \phi \) and \( \psi \) and after any successful execution of program \( \alpha \), \( \phi \) holds respectively.
Here the programs \( \alpha \) are \( \phi ? \), a quantum test whether or not \( \phi \) holds; \(\alpha \cup \beta \), an arbitrary choice between two programs \( \alpha \) and \( \beta \); and \( \alpha ;\beta \), the sequential execution of two programs \( \alpha \) and \( \beta \).
We also have three nonstandard, but useful connectives. \( {\textsf {Atom}}(\phi ) \) intuitively means that \( \phi \) is only true at one and only one state. \( {\mathsf {Sep}}(\phi ) \) means intuitively that all states making \( \phi \) true are separable into each agent, that is, these states are of the form \( \bigotimes ^\mathfrak {M}_{i < N} s_{\{i\}} \) for some \( s_{\{i\}} \in S_{\{i\}} \) for each \( i < N \). \( \phi _I \) intuitively represents the information that the local system I has about \( \phi \) , that is, if any measurement that can be performed within the local system I cannot refute \( \phi \), then \( \phi _I \) true.
Lastly, we have \( t \ge \rho \), which intuitively means the probability of t is greater than or equal to \( \rho \). Here t is a linear combination of \( \Pr (\phi ) \), the probability that a test for \( \phi \) is successful.
We have chosen the language to express several examples in the simplest way. However, one could easily imagine ways to extend the expressibility of this language. For example, we could extend this language with unitary operators \(\alpha \,\,{::=}\,\, U \mid U^\dagger \); however, we do not use these operators in the examples we discuss.
Semantics
The semantics is defined with respect to an NPQM \( \mathfrak {M}\). We will make use of the following concepts. We first observe that from just an ordered basis \(B = \{b_0,\cdots ,b_{n1}\}\) we can recover the Hilbert space structure, such as the inner product, as follows. For any two states \(s,t\in S_B\), we define the inner product of s and t to be
where in general \(\overline{z}\) is the complex conjugate of z. Then \(R :=\{ (s,t) \mid {\langle s,t\rangle } \ne 0 \}\) relates any two states that are nonorthogonal. We define the orthocomplement of a set of states X by
and let \(\mathcal {T}:=\{ P \subseteq S \mid P = {\sim }{\sim }P \} \) be the set of testable properties. For each \( P \in \mathcal {T}\), we then let
Note that each \( P \in \mathcal {T}\) corresponds to a linear closed subspace in a Hilbert space and that the relation \( R_P \) in fact corresponds to the projection onto the subspace P .
It is easy to see that each singleton is testable, and hence that \(R = \bigcup _{P\in \mathcal {T}} R_P\). Given an NPQM \(\mathfrak {M}\) with carrier set \(S = S_{\bigotimes \mathfrak {M}}\) and a valuation \( V : {\text {Prop}}\rightarrow \mathcal {P}S \), we interpret formulas by a function \( {\llbracket \cdot \rrbracket }^{\mathfrak {M}} : \mathcal {L}_N \rightarrow \mathcal {P}S \), we interpret each program \(\alpha \) by a relation \(R^{\mathfrak {M}}_\alpha \subseteq S\times S\), and we interpret probability terms by a family of functions \({\llbracket \cdot \rrbracket }^{\mathfrak {M}}_s: {\text {Terms}}\rightarrow \mathbb {R}\) for each \(s\in S\) as follows (we typically omit the superscript when it is understood by context). To interpret formulas \( \phi \):
To interpret programs \( \alpha \):
To interpret terms t :
Abbreviations
With this language, we can express many notions in quantum mechanics. Some are so important and natural to use, we introduce abbreviations for them (Table 1). We have the standard abbreviations \( {\mathtt {tt}}, {\mathtt {ff}}\) and \( \vee \). Note that if \([ \lnot \phi ? ]{\mathtt {ff}}\) holds in a state s, then any test from s will result in a state with property \(\phi \), or equivalently, any nonorthogonal state has property \(\phi \). We abbreviate \([ \lnot \phi ? ]{\mathtt {ff}}\) using \(\Box \phi \), where \(\square \) can be viewed as the modal operator for the nonorthogonality relation R. We abbreviate \({\sim }\phi \) by \(\Box \lnot \phi \) for the following reason. The orthocomplement of \( \phi \), denoted by \( {\sim }\phi \), is true at any state s that is orthogonal to the set of states that make \(\phi \) true. Equivalently, every state that makes \(\phi \) true is orthogonal to s, and hence every state nonorthogonal to s makes \(\lnot \phi \) true. This means that \(\Box \lnot \phi \) is true at s. With the orthocomplement, we can also define the quantum join: \( \phi \sqcup \psi :={\sim }( {\sim }\phi \wedge {\sim }\psi ) \). The quantum join \( \phi \sqcup \psi \) can be thought of as the smallest testable property containing \( \phi \) and \( \psi \).
Our quantum models satisfy the superposition principle: every state can reach any other state in two nonorthogonal steps, that is \( R ; R = S \times S \). This gives us the power to express that a formula is valid in a model: \( \forall \phi :=\square \square \phi \) is true at a state iff \( \phi \) is true at every state in the model. With this global modality, we can express many relations between formulas that are globally true, such as inequality: \( (\phi \le \psi ) :=\forall (\phi \rightarrow \psi ) \), equality: \( (\phi \equiv \psi ) :=\forall (\phi \leftrightarrow \psi ) \), and orthogonal formulas: \( (\phi \perp \psi ) :=(\phi \le {\sim }\psi ) \).
As can be seen from the definition of the semantics, the logical operators for probability \( \Pr (\phi ) \) and for tests \( \phi ? \) are only meaningful if the formula \( \phi \) is testable. Noting that every testable property is closed under taking double orthocomplement, we can express testability by \( T(\phi ) :=(\phi \equiv {\sim }{\sim }\phi ) \).
Similarly, in a multiagent setting, the formula \(\phi \) must be separable in I for \(\phi _I\) to represent the information I has about \(\phi \) (that is, I’s local state). We say that \(\phi \) is Ilocal if \( I(\phi ) :=(\phi \equiv \phi _I) \), that is, the truth of \( \phi \) is fully determined by the local state of I.
In Table 2, we have abbreviations concerning probabilities. All but the last two are standard abbreviations for terms and pure probabilistic formulas taken from (Fagin et al. 1990, p. 83). Concerning the last two, we are often interested in the probability of successfully testing \( \phi \) as well as the outcome of a successful test. We abbreviate this with the formulas \( {\langle \phi ? \rangle }_{= \rho } \psi \) and \( {\langle \phi ? \rangle }_{> \rho } \psi \).
Deductive system
Our deductive proof system contains three rules (Table 3), where \( \phi ^\sigma \) is obtained from \( \phi \) by replacing all occurrences of p with \( \sigma (p) \), and a list of axioms (Table 4), divided into the following five categories: standard propositional dynamic logic axioms, standard axioms about linear inequalities, basic axioms for quantum systems, probabilistic axioms for quantum systems and axioms for quantum systems concerning atoms and separability.
A proof for \( \phi \) is a finite sequence of formulas, such that the last formula is \( \phi \) and every formula is either an axiom listed below or obtained by applying an inference rule to (a) formula(s) appearing earlier in the sequence.
The three rules in Table 3 are standard, but we can deduce some nonstandard rules concerning the abbreviations \( \forall \), \( \le \), \( \equiv \) and \( T(\cdot ) \), which will be given in Lemma 4.3.
The axioms for programs and for linear inequalities are standard, so we will only discuss the axioms in the last three categories.
Basic axioms for quantum systems The first axiom Q1 states that equivalent formulas have equivalent tests. The second axiom Q2 expresses our design that when we test for a formula \( \phi \) we actually test for the smallest closed linear subset containing \( {\llbracket \phi \rrbracket } \), that is \( {\sim }{\sim }\phi \).
For the axioms Q3 to Q9 one should remember that \( \square \) corresponds to the nonorthogonality relation and \( [ p? ] \) corresponds to the projection onto P , where \( P = {\sim }{\sim }{\llbracket p \rrbracket } \).
Axiom Q3 is related to the superposition principle, which is the principle that for every two states there is a third state that is nonorthogonal to both of them (or any two states can reach each other by two nonorthogonal steps).
Axiom Q4 states that if a successful test for p results in a state satisfying q , then the state is nonorthogonal to \( {\llbracket q \rrbracket } \), so we can successfully test for q . Axiom Q5 corresponds to the fact that each projection is a partial function.
A successful test for a testable property P always results in a state inside P. When inquiring about a property Q that is not testable, our framework tests for the smallest testable property containing Q. Axiom Q6 corresponds to these facts, where \({\sim }{\sim }p\) corresponds to the smallest testable property containing p.
If \( s \in P \), then the projection is reflexive on s , that is, \( (s,s) \in R_P \). So if a state makes p true, a successful test for p always ends up in the same state. This is captured by axiom Q7.
Axiom Q8 corresponds to the selfadjointness of projections with respect to the inner product, that is,
where \(\mathrm {Proj}_P(s)\) is the projection of vector s onto the space P (\(sR_Pt\) where \(t = {\mathsf {sn}}(\mathrm {Proj}_P(s))\)). In nonprobabilistic terms, this means that if the projection of s onto P is nonorthogonal to a state t , then the projection of t onto P is nonorthogonal to s .
The projection t of a state s onto P should be the closest state to s that is inside P . This can be expressed by: \( (s,t) \in R_P \) iff for all \( u \in P \) we have uRs iff uRt . This statement is partially captured by axiom Q9: looking at the righttoleft part of the biconditional, if a state s is nonorthogonal to a state satisfying p, and if all states satisfying p that are nonorthogonal to s are also nonorthogonal to a state satisfying \(p\wedge q\), then the property \(p\wedge q\) is “close to s”, and a successful test for p at state s results in a state that satisfies q.
Probabilistic axioms for quantum systems Axiom P1 and P2 are standard probability axioms ensuring the probability values are in the interval [0, 1]. Axiom P3 establishes the correspondence between orthogonality and zero probability.
Equivalent formulas should have equal probabilities, which is captured by axiom P4. Normally we can add the probabilities of disjoint sets, but in quantum systems we need the sets to be orthogonal. This is stated by axiom P5.
Axiom P6 is the probabilistic version of the superposition statement. If p and q are orthogonal we can superpose them into a state with probability \( \rho \) to p and probability \( 1  \rho \) to q . Axiom P7 relates to conditional probabilities: the probability of \(p\wedge q\) is equal to the probability of p given q (which is \(\tau \) in the axiom) times the probability of q (which is \(\rho \) in the axiom).
Axioms for atoms and separability Atoms are the smallest nonempty sets; therefore, any nonempty set smaller than an atom is equal to that atom. This is captured by axiom A1. As atoms are singleton states, a formula \( \phi \) is satisfied at this state if and only if the atom implies \( \phi \). This is reflected by axiom A2.
For singleton states s that are nonorthogonal to a testable property Q , we have \( (s,t) \in R_Q \) iff \( \{t\} = (\{s\} \sqcup {\sim }Q) \cap Q \). In other words, the projection of an atom is again an atom. This is captured by axiom A3.
Axiom A4 provides a characterisation of an atom under the condition that the formula is separable. Axiom A5 asserts that two fully separable atoms are equivalent if and only if each of their local components are equivalent. Axiom A6 expresses the fact that two fully separable properties are orthogonal if one of their local components are orthogonal.
Theorem 4.1
The rules in Table 3 and the axioms in Table 4 are sound with respect to multiagent probabilistic quantum models (NPQM).
Proof
Many of the axioms are standard from the literature. For example, PL, K, PDL1, and PDL2 are from propositional dynamic logic (see for example Harel et al. 2000). The axioms I1–I6 are from Fagin and Halpern (1994). The axioms P1, P2 and variations of P4 are common among probability logics (see for example Fagin and Halpern 1994). The axioms Q4–Q8 are from Baltag and Smets (2005) and Smets and Baltag (2006). The validity of some others may be obvious from the discussion above. We now prove the soundness of select axioms.
Q9: Suppose p and q are testable, i.e., \( {\llbracket p \rrbracket } = {\sim }{\sim }{\llbracket p \rrbracket } \) and \( {\llbracket q \rrbracket } = {\sim }{\sim }{\llbracket q \rrbracket } \). Let \( s \in {\llbracket {\langle p? \rangle }q \rrbracket } \). Then, by definition of \( R_{{\llbracket p \rrbracket }} \) there exists a \( t \in S \) such that \( (s,t) \in R_{{\llbracket p \rrbracket }} \) and \( t \in {\llbracket p \rrbracket } \); since \( s \in {\llbracket {\langle p? \rangle }q \rrbracket } \), it also holds that \( t \in {\llbracket q \rrbracket } \). As \({\llbracket p\wedge q \rrbracket } = {\llbracket p \rrbracket }\cap {\llbracket q \rrbracket }\), we have \(t\in {\llbracket p\wedge q \rrbracket }\). As \(R_{{\llbracket p \rrbracket }} \) corresponds to the projection onto \( {\llbracket p \rrbracket } \), we know each state \( u \in {\llbracket p \rrbracket } \) that is nonorthogonal to s is also nonorthogonal to t . Since \(t\in {\llbracket p\wedge q \rrbracket }\), this means that \( s \in {\llbracket \Diamond p \wedge \square (p \rightarrow \Diamond (p \wedge q)) \rrbracket } \).
Now suppose \( s \in {\llbracket \Diamond p \wedge \square (p \rightarrow \Diamond (p \wedge q)) \rrbracket } \). Then we have \( s \in {\llbracket \Diamond p \rrbracket } \), so s is nonorthogonal to \( {\llbracket p \rrbracket } \), and therefore we have \( (s,t) \in R_{{\llbracket p \rrbracket }} \) for some unique \( t \in {\llbracket p \rrbracket } \). Then since \( s \in {\llbracket \square (p \rightarrow \Diamond (p \wedge q)) \rrbracket } \), we know that \( t \in {\llbracket \Diamond (p \wedge q) \rrbracket } \); thus there exists a \( u \in {\llbracket p \wedge q \rrbracket } = {\llbracket p \rrbracket } \cap {\llbracket q \rrbracket } \), such that tRu. Now
Suppose towards a contradiction \( t \notin {\llbracket q \rrbracket } \). Since \( t \notin {\llbracket p \wedge q \rrbracket } = {\sim }{\sim }{\llbracket p \wedge q \rrbracket } \), we know there exists a \( v \in {\sim }{\llbracket p \wedge q \rrbracket } \) such that tRv . Therefore, v is nonorthogonal to \( {\llbracket p \rrbracket } \), so there exists a unique \( w \in {\llbracket p \rrbracket } \) such that \( (v,w) \in R_{{{\llbracket p \rrbracket }}} \).
Now w (as the projection of v onto \({\llbracket p \rrbracket }\)) can be characterized by being the element of \({\llbracket p \rrbracket }\) where vRu iff wRu for all \(u\in {\llbracket p \rrbracket }\) (see, for example, Bergfeld et al. 2015, Proposition 2.15). So we have wRx iff vRx for all \( x \in {\llbracket p \rrbracket } \supset {\llbracket p\wedge q \rrbracket } \), and therefore we have \( w \in {\llbracket p \rrbracket } \cap {\sim }{\llbracket p \wedge q \rrbracket } \). We also have wRt , which implies wRs (because t is the projection of s onto \({\llbracket p \rrbracket }\)). Since \( s \in {\llbracket \square (p \rightarrow \Diamond (p \wedge q)) \rrbracket } \) we have \( w \in {\llbracket \Diamond (p \wedge q) \rrbracket } \), contradicting the fact that \(w \in {\sim }{\llbracket p\wedge q \rrbracket }\). Thus \( t \in {\llbracket q \rrbracket } \) and \( s \in {\llbracket {\langle p? \rangle }q \rrbracket } \).
P6: Let \(s\in {\llbracket \left( (p \perp q) \wedge \exists p \wedge \exists q \right) \rrbracket }\). Let \(x\in {\llbracket p \rrbracket }\) and \(y\in {\llbracket q \rrbracket }\). Since \(s\in {\llbracket p\perp q \rrbracket }\), \({\llbracket p \rrbracket }\subseteq {\llbracket {\sim }q \rrbracket }\), and hence \({\llbracket p \rrbracket }\) and \({\llbracket q \rrbracket }\) are orthogonal, and hence \({\langle x,y\rangle }=0\). Consider the vector \(z = \sqrt{\rho }x+\sqrt{(1\rho )}y\). One can easily check that \(z={\mathsf {sn}}(z)\), and is hence in S. Furthermore, as \(y\perp x\), the projection of z onto \({\sim }{\sim }{\llbracket p \rrbracket }\) is the vector \(\sqrt{\rho }x\), whose normalization is \(x\in {\llbracket p \rrbracket }\), and hence \(z\in {\llbracket {\langle p? \rangle }p \rrbracket }\). The probability of projecting onto \({\sim }{\sim }{\llbracket p \rrbracket }\) is then \({\langle z,x\rangle }^2 = \rho \); thus \(z\in {\llbracket {\langle p? \rangle }_{=\rho }p \rrbracket }\). We can similarly show that \(z\in {\llbracket {\langle q? \rangle }_{=1\rho }q \rrbracket }\). Therefore, \(z\in {\llbracket {\langle p? \rangle }_{=\rho }p\wedge {\langle q? \rangle }_{=1\rho }q \rrbracket }\), and thus \(s\in {\llbracket \exists ({\langle p? \rangle }_{=\rho }p\wedge {\langle q? \rangle }_{=1\rho }q) \rrbracket }\), as desired.
P7: Let \(Q = {\sim }{\sim }{\llbracket q \rrbracket }\) and \(P= {\sim }{\sim }{\llbracket p \rrbracket }\). Suppose \(s\in {\llbracket (p \le q) \wedge {\langle q? \rangle }_{=\rho }(\Pr (p) = \tau ) \rrbracket }\). Because \(s\in {\llbracket p\le q \rrbracket }\), we have that \({\llbracket p\le q \rrbracket }\ne \emptyset \), and thus \({\llbracket p \rrbracket }\subseteq {\llbracket q \rrbracket }\), giving us \(P\subseteq Q\). Also, \(s\in {\llbracket {\langle q? \rangle }_{=\rho }(\Pr (p) = \tau ) \rrbracket }\) and hence there exists a t, such that \(sR_Qt\), \({\langle s,t\rangle }^2 = \rho \), and \(t\in {\llbracket \Pr (p) = \tau ) \rrbracket }\). Then there exists a \(u\in P\), such that \(tR_Pu\) and \({\langle t,u\rangle }^2 =\tau \).
Now let \(\eta = {\langle s,t\rangle }t\) be the actual vector when projecting s onto Q. Let \(\xi = {\langle \eta ,u\rangle }u\) be the actual vector when projecting \(\eta \) onto P. Let \(\omega = {\langle s,v\rangle }v\) be the actual vector when projecting s onto P. Since \(P\subseteq Q\), \(\xi = \omega \) (to see this, one can change the basis so that P is the span of a subset of the basis elements, Q the span of a larger subset of the basis elements, and then project by removing the coefficients for basis elements not in the set we are projecting onto). Thus \(u = v\) and \({\langle \eta ,u\rangle } = {\langle s,u\rangle }\). Expanding \(\eta \), we have \(\overline{{\langle s,t\rangle }}{\langle t,v\rangle } = {\langle s,u\rangle }\). Hence \(\rho \tau = {\langle s,t\rangle }^2{\langle t,v\rangle }^2 = {\langle s,u\rangle }^2\) is the probability of projecting s onto P. Hence \(s\in {\llbracket \Pr (p) = \rho \tau \rrbracket }\).
A4: First, we claim that for any \( \emptyset \subsetneq I \subsetneq N \) and any p we have \( {\llbracket T(p_I) \wedge \exists p_I \rrbracket } = S \) (where S is the whole state space) if and only if it holds that \( {\llbracket p_I \rrbracket } = \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I}\) for some fixed \( s_I \in S_{ I} \). Before we prove this claim, let us show the soundness of A4 with this claim.
Suppose we have that \(s\in {\llbracket {\mathsf {Sep}}(p) \wedge {\textsf {Atom}}(p) \rrbracket }\). Then \( {\llbracket {\mathsf {Sep}}(p) \wedge {\textsf {Atom}}(p) \rrbracket } = S \). Then \( {\llbracket p \rrbracket } = \{ \bigotimes _{i<N}^\mathfrak {M}s_{\{i\}} \} \) for some \( s_{\{i\}} \in S_{\{i\}} \) for each \( i < N \). Therefore, we have \( {\llbracket p_{\{i\}} \rrbracket } = \{ s_{\{i\}} \} \otimes ^\mathfrak {M}S_{N {\setminus } \{i\}} \), and thus by the claim, \( p_{\{i\}} \) is testable, i.e., \( {\llbracket T(p_{\{i\}}) \rrbracket } = S \) for each \( i < N \). Because p is an atom, we also know that \({\llbracket \exists p \rrbracket } = S\). Thus \(s \in {\llbracket \exists p \wedge \bigwedge _{i<N} T(p_{\{i\}}) \rrbracket }\).
Now suppose \(s\in {\llbracket {\mathsf {Sep}}(p) \wedge \exists p \wedge \bigwedge _{i < N} T(p_{\{i\}}) \rrbracket }\). Then we have \( {\llbracket {\mathsf {Sep}}(p) \wedge \exists p \wedge \bigwedge _{i < N} T(p_{\{i\}}) \rrbracket } = S \). From \( {\llbracket \exists p \rrbracket } = S \), we deduce \( {\llbracket p \rrbracket } \ne \emptyset \). By \( {\llbracket {\mathsf {Sep}}(p) \rrbracket } = S \) we know \( {\llbracket p \rrbracket } \subseteq \bigcap _{i<N} {\llbracket p_{\{i\}} \rrbracket } \). By the claim we know \( \bigcap _{i<N} {\llbracket p_{\{i\}} \rrbracket } = \{ \bigotimes ^\mathfrak {M}_{i < N} s_{\{i\}} \} \) for some \( s_{\{i\}} \in S_{\{i\}} \) for each \( i < N \). Combining these results, we know \( {\llbracket p \rrbracket } = \{ s \} \), and therefore p is an atom, i.e., \( {\llbracket {\textsf {Atom}}(p) \rrbracket } = S \). Therefore, \(s\in {\llbracket {\textsf {Atom}}(p) \rrbracket }\).
To prove the claim, we first note that if \( {\llbracket T(q) \rrbracket }=S \), we have \( {\llbracket q \rrbracket } = {\sim }{\sim }{\llbracket q \rrbracket } \). Therefore, if \( s, t \in {\llbracket q \rrbracket } \) we also have \( \sqrt{\rho }s + \sqrt{1  \rho }t \in {\llbracket q \rrbracket } \) for any \(\rho \in [0,1]\), because any state that is orthogonal to both s and t is also orthogonal to \( \sqrt{\rho }s + \sqrt{1  \rho }t \), so we find \( \sqrt{\rho }s + \sqrt{1  \rho }t \in {\sim }{\sim }\{s,t\} \subseteq {\sim }{\sim }{\llbracket q \rrbracket } = {\llbracket q \rrbracket } \).
By definition of \( {\llbracket p_I \rrbracket } \), any \( s \in {\llbracket p_I \rrbracket } \) is of the form \( s_I \otimes ^\mathfrak {M}s_{N {\setminus } I} \). Suppose \( s_I \otimes ^\mathfrak {M}s_{N {\setminus } I}, t_I \otimes ^\mathfrak {M}t_{N {\setminus } I} \in {\llbracket p_I \rrbracket } \) such that \( s_I \ne t_I \). Without loss of generality we may also assume \( s_{N {\setminus } I} \ne t_{N {\setminus } I} \), because if \( s_I \otimes ^\mathfrak {M}s_{N {\setminus } I} \in {\llbracket p_I \rrbracket } \), then \( s_I \otimes ^\mathfrak {M}s'_{N {\setminus } I} \in {\llbracket p_I \rrbracket } \) for any other \( s'_{N {\setminus } I} \in S_{N {\setminus } I} \). If we look at the sum \( \sqrt{\rho }(s_I \otimes ^\mathfrak {M}s_{N {\setminus } I}) + \sqrt{1  \rho } (t_I \otimes ^\mathfrak {M}t_{N {\setminus } I}) \), with \( \rho \ne 0,1 \), it is not hard to see that this sum is not equal to \( u_I \otimes ^\mathfrak {M}u_{N {\setminus } I} \) for any \( u_I \in S_I \) and \( u_{N {\setminus } I} \in S_{N {\setminus } I} \). In other words, \( \sqrt{\rho }(s_I \otimes ^\mathfrak {M}s_{N {\setminus } I}) + \sqrt{1  \rho } (t_I \otimes ^\mathfrak {M}t_{N {\setminus } I}) \notin {\llbracket p_I \rrbracket } \).
Combining the above two results, we have that if \( {\llbracket p_I \rrbracket } \ne \emptyset \) and \( {\llbracket T(p_I) \rrbracket }=S \), then \( {\llbracket p_I \rrbracket } = \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) for some fixed \( s_I \in S_I \).
For the other direction, we have that \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) is isomorphic to \( S_{N{\setminus } I}\), because every vector in the space spanned by \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) is a constant multiple of an element of \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \). Hence \( \{ s_I \} \otimes ^\mathfrak {M}S_{N {\setminus } I} \) represents a subspace, and is therefore biorthogonally closed. Every topologically closed linear subspace is biorthogonally closed (Birkhoff and Neumann 1936), and it is well known that every subspace of a finitedimensional Hilbert space is isomorphic to \({\mathbb {C}}^n\) and therefore topologically closed. This finishes the proof of the claim. \(\square \)
Deducible basic properties of quantum models
We will now use our system to deduce several properties that are standard in most quantum logics, like weak modularity. In the first lemma, we will show the connection between projections (\( {\langle \phi ? \rangle }\)) and nonorthogonality (\(\Diamond \)). Also we show nonorthogonality is both reflexive and symmetric.
Lemma 4.2
The following formulas are deducible.
Proof
To prove \(\vdash {\langle p? \rangle }{\mathtt {tt}}\leftrightarrow \Diamond p \), we first observe that \(\vdash p\equiv \lnot \lnot p\). Then using universal substitution on Q1 and propositional logic, we obtain \( \vdash \lnot [ p? ]{\mathtt {ff}}\leftrightarrow \lnot [ \lnot \lnot p? ]{\mathtt {ff}}\), which is precisely what \( \vdash {\langle p? \rangle }{\mathtt {tt}}\leftrightarrow \Diamond p \) abbreviates.
To prove \(\vdash {\langle p? \rangle }q \rightarrow \Diamond q\), observe by axiom Q4 that \( \vdash {\langle p? \rangle }q \rightarrow {\langle q? \rangle }{\mathtt {tt}}\), where the right side is equivalent to \( \Diamond q \). The proofs for \( \vdash p \rightarrow \Diamond p \) and \( \vdash p \rightarrow \square \Diamond p \) can be found in Table 5.
With a proof of reflexivity, we can deduce the following four bidirectional rules (each column has both directions):
Lemma 4.3
The following rules hold true:
Proof
The upper row follows from two applications of necessitation; the lower row follows from reflexivity (Lemma 4.2(4.3), which is equivalent to \( \vdash \square p \rightarrow p \)). \(\square \)
Throughout this text, we will often apply the above lemma without reference. The following lemma states that every atom is nonempty.
Lemma 4.4
The following formula is deducible.
As a consequence \( \vdash {\textsf {Atom}}(p) \rightarrow (p \not \equiv {\mathtt {ff}}) \).
Proof
\( p \not \equiv {\mathtt {ff}}\) abbreviates \( \lnot \square \square (p \leftrightarrow {\mathtt {ff}}) \), which is equivalent to \( \Diamond \Diamond ((p \wedge \lnot {\mathtt {ff}}) \vee (\lnot p \wedge {\mathtt {ff}})) \). By standard modal reasoning, this is equivalent to \( \Diamond \Diamond p \), or in abbreviated form \( \exists p \).
We have \( \vdash p \le {\mathtt {tt}}\), so by A2 we have \( \vdash {\textsf {Atom}}(p) \rightarrow \exists (p \wedge {\mathtt {tt}}) \) and as we have \( \vdash p \equiv (p \wedge {\mathtt {tt}}) \) we have \( \vdash {\textsf {Atom}}(p) \rightarrow (p \not \equiv {\mathtt {ff}}) \). \(\square \)
The following lemma collects several properties of the orthocomplement, in particular the three defining properties \( p \le {\sim }{\sim }p \), \( p \le q \) implies \( {\sim }q \le {\sim }p \), and \( (p \wedge {\sim }p) \equiv {\mathtt {ff}}\). Note that the first property \( p \le {\sim }{\sim }p \) is weaker than the standard property found in many quantum logics \( p \equiv {\sim }{\sim }p \), but the latter only holds in quantum models that only consider testable properties.
Lemma 4.5
(Orthocomplement) The following formulas are deducible.
Proof
The proofs of these formulas can be found in Table 6. \(\square \)
As shown in Baltag and Smets (2006), the set of testable properties \( \mathcal {T}\) contains all singletons and is closed under taking orthocomplement and intersections. The following lemma establishes the latter property. The former property will be deduced in Lemma 4.11, because we first need to show weak modularity.
Lemma 4.6
(Testable properties) The following formulas are deducible.
Proof
The proof of these formulas can be found in Table 7. \(\square \)
The following lemma collects several properties of the quantum join. Most of these properties are intuitive when one thinks of the quantum join \( p \sqcup q \) as the smallest closed linear subspace containing both p and q . For (4.16), if r is orthogonal to both p and q , then r is orthogonal to each element in the span of p and q , which is the quantum join \( p \sqcup q \).
Lemma 4.7
(Quantum join) The following formulas are deducible.
Proof
The proof for the first five formulas can be found in Table 8.
To show \(\vdash (p\sqcup {\sim }p)\equiv {\mathtt {tt}}\), we observe by Lemma 4.5(4.7) that \(\vdash (p\wedge {\sim }p) \equiv {\mathtt {ff}}\). Hence \(\vdash \lnot (p\wedge {\sim }p) \equiv {\mathtt {tt}}\). By modal logic, we have that \(\vdash {\sim }(p\wedge {\sim }p) \equiv \Box {\mathtt {tt}}\). Using necessitation and propositional logic, we have \(\vdash {\mathtt {tt}}\equiv \Box {\mathtt {tt}}\). The desired result follows from this and modal logic.
To prove (4.18), we use Lemma 4.5(4.6) to get \( \vdash (p \le r) \rightarrow ({\sim }r \le {\sim }p) \) and \( \vdash (q \le r) \rightarrow {\sim }r \le {\sim }p \), and hence \(\vdash (p\le r)\wedge (q\le r) \rightarrow ({\sim }r \le ({\sim }p \wedge {\sim }q) ).\) Using Lemma 4.5(4.6) again we have \( \vdash (p\le r)\wedge (q\le r) \rightarrow {\sim }({\sim }p \wedge {\sim }q) \le {\sim }{\sim }r \). Adding T(r) to the antecedent, the desired result follows from the previous observation and modal logic. \(\square \)
We need a more general version of Lemma 4.7(4.16) that considers the quantum join of n formulas instead of just two.
Corollary 4.8
For all finite n and for all sets of formulas \( \mathcal {B}\) of size n , the following formula is deducible.
Proof
We prove this by induction on n. For \( n = 1 \) the statement holds trivially. Now suppose the statement holds for n . Let \( \mathcal {B}\) be a set of formulas of size n and let \( b_{n+1} \) be a formula. By the induction hypothesis we have \( \vdash (\bigwedge _{b \in \mathcal {B}} p \perp b) \rightarrow (p \perp \bigsqcup \mathcal {B}) \). By Lemma 4.7(4.16) we have \( \vdash (p \perp b_{n+1}) \wedge (p \perp \bigsqcup \mathcal {B}) \rightarrow (p \perp (\bigsqcup \mathcal {B}) \sqcup b_{n+1}) \). Combining the two results gives the desired result.
For (4.20), Note that . Thus by the contrapositive of (4.19), we have . \(\square \)
One of the main difference between classical logic and quantum logic is the lack of distributivity. Classical models satisfy distributivity (\(p \wedge (q \vee r) = (p \wedge q) \vee (p \wedge r) \)), but quantum models only satisfy a weaker version of distributivity called weak modularity, which we will show in the following lemma.
Lemma 4.9
(Weak modularity) The following formula is deducible.
Proof
The proof can be found in Table 9. \(\square \)
We also need the dual of weak modularity, which we will show in the following corollary.
Corollary 4.10
The following formula is deducible.
Proof
This is basically the dual of Lemma 4.9, that is, taking the orthocomplement. See Table 10. \(\square \)
With weak modularity we can show each atom is testable.
Lemma 4.11
The following formula is deducible.
Proof
By Lemma 4.5 we have \( \vdash p \le {\sim }{\sim }p \), and by Lemma 4.2(4.3) we have \( \vdash {\sim }{\sim }p \le \Diamond {\sim }{\sim }p \). So we can deduce \( \vdash p \le \Diamond {\sim }{\sim }p \). By Lemma 4.6, we have \( \vdash T({\sim }{\sim }p) \). Therefore, we can apply axiom A3 and (4.8) to deduce \( \vdash {\textsf {Atom}}(p) \rightarrow {\textsf {Atom}}((p \sqcup {\sim }p) \wedge {\sim }{\sim }p) \). By Lemma 4.7 we have \( \vdash (p \sqcup {\sim }p) \equiv {\mathtt {tt}}\), so we can deduce \( \vdash {\textsf {Atom}}(p) \rightarrow {\textsf {Atom}}({\sim }{\sim }p) \). By Lemma 4.4 we have \(\vdash {\textsf {Atom}}(p) \rightarrow ({\mathtt {ff}}\not \equiv p) \), and we already have \(\vdash p\le {\sim }{\sim }p \), so we can deduce \( \vdash {\textsf {Atom}}(p) \rightarrow (p \equiv {\sim }{\sim }p) \) by axiom A1. This is equivalent to the desired result. \(\square \)
Deducible probabilistic properties of quantum models
The following lemma collects several deducible properties of probabilistic quantum logic.
Lemma 4.12
The following formulas are deducible:
Proof
The proof of (4.21) is in Table 11.
We now show (4.22). By Lemma 4.5 we have \(\vdash p \perp {\sim }p\) and \(\vdash p \sqcup {\sim }p\), and hence by axiom P1, P4 and P5 we obtain the desired result \( \vdash \Pr (p) + \Pr ({\sim }p) = 1 \).
We now show (4.23). By uniform substitution in (4.22) we have \(\vdash \Pr ({\sim }p) + \Pr ({\sim }{\sim }p) = 1\). From this we can use the inequality axioms to show the second result \( \vdash \Pr (p) = \Pr ({\sim }{\sim }p) \).
We now show (4.24). Since T(p) abbreviates \( p \equiv {\sim }{\sim }p \), from the axiom \(\vdash \Pr (p) = 0 \leftrightarrow {\sim }p \) it follows that \( \vdash T(p) \rightarrow p\leftrightarrow \Pr ({\sim }p) = 0 \). From the inequality axioms and propositional reasoning we obtain the third result \( \vdash T(p) \rightarrow p \leftrightarrow \Pr (p) = 1 \).
We now show (4.25). By Lemma 4.5 we also have \( \vdash p \rightarrow {\sim }{\sim }p \) and \( \vdash T({\sim }({\sim }p)) \), combining this with \( \vdash \Pr (p) = \Pr ({\sim }{\sim }p) \), we obtain the last result \( \vdash p \rightarrow \Pr (p) = 1 \). \(\square \)
The following lemma shows that probability (\(\Pr (\cdot )\)) is monotone.
Proposition 4.13
The following formula is deducible.
Proof
First, by (4.5) and modal logic, we have \( \vdash p \le q \rightarrow p \le {\sim }{\sim }q \) and by Lemma 4.6, we have \( \vdash T({\sim }{\sim }q) \). Therefore, by Corollary 4.10 we have \( \vdash p \le q \rightarrow {\sim }{\sim }q \equiv p \sqcup ({\sim }p \wedge {\sim }{\sim }q) \). Hence by P4, \(\vdash p\le q \rightarrow P({\sim }{\sim }q) = P(p\sqcup ({\sim }p \wedge {\sim }{\sim }q))\). Note that \( \vdash p \perp ({\sim }p \wedge {\sim }{\sim }q)\), since clearly \( \vdash {\sim }p \wedge {\sim }{\sim }q \le {\sim }p \). Thus by P5, \( \vdash \Pr (p \sqcup ({\sim }p \wedge {\sim }{\sim }q)) = \Pr (p) + \Pr ({\sim }p \wedge {\sim }{\sim }q) \). By (4.23), \(\vdash \Pr (q)= \Pr ({\sim }{\sim }q)\). Using inequality axioms, we obtain \( \vdash p\le q \rightarrow \Pr (q) = \Pr (p) + \Pr ({\sim }p \wedge {\sim }{\sim }q) \). The desired result follows from this and the inequality axioms. \(\square \)
Axiom P5 only considers a pair of orthogonal states, but can be generalized to a finite set of n pairwise orthogonal states.
Lemma 4.14
For all n , the following formula is deducible.
Proof
We prove this by induction. For \(n=2\), the statement holds by Axiom P5. Now suppose the statement holds for n (IH). Given the induction hypothesis (IH), the proof of
is given in Table 12. \(\square \)
Using Lemma 4.14, we obtain a nice characterisation for the quantum join of a set of orthogonal states involving probabilities, which we show in the following corollary.
Corollary 4.15
For all finite n the following formula is deducible.
Proof
For \( n \ge 2 \) we know \( \vdash T(\bigsqcup _{i < n} b_i) \) is derivable by Lemma 4.6, so by Lemma 4.12(4.24), we have \( \vdash (\Pr (\bigsqcup _{i \le n} b_i) = 1) \leftrightarrow \bigsqcup _{i \le n} b_i \). By Lemma 4.14, we know
Combining these results, we get our desired result. \(\square \)
Similar to axiom P5, we can generalize axiom P7 by considering the quantum join of a finite set of formulas.
Lemma 4.16
The following formula is deducible.
Proof
By modal logic, \( \vdash {\langle \bigsqcup _{i \le n} b_i? \rangle }_{=\rho } \bigwedge _{i \le n} (\Pr (b_i) = \rho _i) \rightarrow \bigwedge _{i \le n} {\langle \bigsqcup _{i \le n} b_i? \rangle }_{=\rho } (\Pr (b_i) = \rho _i) \). By Lemma 4.7(4.12), we also know \( \vdash b_i \le \bigsqcup _{j \le n} b_j \), so the statement follows from axiom P7 and propositional logic. \(\square \)
Deducible properties of a basis
Since the notion of an orthonormal basis is very important in the two protocols we will discuss in Section 5, as well as many other protocols, we discuss the definition of a basis and prove several properties.
Let \( \mathfrak {M}\) be an NPQM and let \( \mathcal {B}\) be a finite set of formulas. The set \( \mathcal {B}\) is called an orthosubbasis of \( \mathfrak {M}\) if the following formula is satisfied in \( \mathfrak {M}\):
In the following lemmas, we show that the probabilities of elements in an orthosubbasis \( \mathcal {B}\) add up to 1.
Lemma 4.17
For a finite set of testable formulas \( \mathcal {B}\) the following formula is deducible.
Proof
This lemma follows directly from the definition of an orthosubbasis combined with Lemma 4.14 and axiom P1.
\(\square \)
An orthosubbasis \( \mathcal {B}\) is an orthobasis if any proper superset of \(\mathcal {B}\) is not a subbasis. This happens precisely when \(\mathcal {B}\) consists only of atoms.
We are going to show that each basis has the same number of elements. To show this we will first show that within a quantum join we can replace one atom p by another atom q without changing the quantum join \(p\sqcup r\), so long as these two atoms are “close” enough (q is also under the join, but not under r).
Lemma 4.18
The following formula is deducible.
Proof
Let us abbreviate the antecedent with
By Lemma 4.7(4.12), we know \( \vdash r \le (p \sqcup r) \) and together with the assumption \( q \le (p \sqcup r) \) from the antecedent and \(\vdash T(p\sqcup r)\) by Lemma 4.6, we get \( \vdash {\textsf {Ant}}\rightarrow (q \sqcup r \le p \sqcup r )\) by Lemma 4.7(4.18). As \( \vdash {\textsf {Ant}}\rightarrow (q \nleq r) \) we get by basic reasoning \(\vdash {\textsf {Ant}}\rightarrow (q\sqcup r \nleq r)\), and by the above \(\vdash {\textsf {Ant}}\rightarrow (p\sqcup r \nleq r)\). Thus \( \vdash {\textsf {Ant}}\rightarrow (p \nleq r) \).
Because \( \vdash {\textsf {Ant}}\rightarrow T(r) \) we have \(\vdash {\textsf {Ant}}\rightarrow (p \nleq r \leftrightarrow p \nleq {\sim }{\sim }r) \). Hence, we have \(\vdash {\textsf {Ant}}\rightarrow (p \nleq {\sim }{\sim }r)\). Unpacking the notation, this is equivalent to \(\vdash {\textsf {Ant}}\rightarrow \exists (p \wedge \Diamond {\sim }r) \). Because \(\vdash {\textsf {Ant}}\rightarrow {\textsf {Atom}}(p) \), we find that \( \vdash {\textsf {Ant}}\rightarrow ( \exists (p \wedge \Diamond {\sim }r)p \leftrightarrow (p \le \Diamond {\sim }r)) \) by A2. Hence, \(\vdash {\textsf {Ant}}\rightarrow (p \le \Diamond {\sim }r)\).
Since \(\vdash {\textsf {Ant}}\rightarrow ((q \sqcup r) \le (p \sqcup r)) \), we know that \(\vdash {\textsf {Ant}}\rightarrow (((q \sqcup r) \wedge {\sim }r) \le ((p \sqcup r) \wedge {\sim }r)) \). Applying A1 and A3 we obtain \( \vdash {\textsf {Ant}}\rightarrow (((q \sqcup r) \wedge {\sim }r) \equiv ((p \sqcup r) \wedge {\sim }r)) \). Now we can apply weak modularity (Corollary 4.10) to get the desired result.
\(\square \)
The following lemma uses the previous lemma to establish that a quantum join of n formulas can contain at most n orthogonal states.
Lemma 4.19
For any finite n and any set \( \mathcal {B}\) of size n and any set \( {\mathcal {C}} \) of finite size \( m > n \), the following is deducible.
Proof
We prove this by induction on n. For \( n = 1 \), the formula follows immediately from A1 and Lemma 4.4.
Suppose the formula holds true for any set \( \mathcal {B}\) of size smaller than n and any set \( {\mathcal {C}} \) of size bigger than the size of \( \mathcal {B}\) (IH). Consider the following formula (which is the negation of the desired formula):
It suffices to prove \(\vdash \chi \rightarrow {\mathtt {ff}}\). Take any order on \( \mathcal {B}= \{ b_0, \dots , b_{n1} \} \). We will use Lemma 4.18 to replace each b by a c one by one, such that the quantum join remains the same.
First step, remove \( b_0 \): By the induction hypothesis (IH) and propositional logic, there exists a \( c_0 \in {\mathcal {C}} \) such that \( \vdash \chi \rightarrow c_0 \nleq \bigsqcup \mathcal {B}{\setminus } \{b_0\} \). Given that \( c_0 \le \bigsqcup \mathcal {B}\), \( {\textsf {Atom}}(b_0) \) and \( {\textsf {Atom}}(c_0) \) are also provable from \(\chi \), we can apply Lemma 4.18 and obtain \(\vdash \chi \rightarrow (\bigsqcup \mathcal {B}\equiv (\bigsqcup (\mathcal {B}{\setminus } \{b_0\}) \sqcup \{c_0\})) \).
Steps 2–n. Suppose we have a set \( {\mathcal {C}}' \) of l elements such that for \( \mathcal {B}' = \{ b_l, \dots , b_{n1} \} \) we have
Now we remove \( b_l \) and obtain a \( c_l \in {\mathcal {C}} {\setminus } {\mathcal {C}}' \) in a completely similar way as in step 1, such that
Final step. After n steps, we have a set \( {\mathcal {C}}' \subsetneq {\mathcal {C}} \) such that \(\vdash \chi \rightarrow ( \bigsqcup \mathcal {B}\equiv \bigsqcup {\mathcal {C}}' )\). We know there exists a \( c \in {\mathcal {C}} {\setminus } {\mathcal {C}}' \) for which we have \(\vdash \chi \rightarrow \bigwedge _{c' \in {\mathcal {C}}'} c \perp c' \) and therefore by Corollary 4.8, we have \(\vdash \chi \rightarrow ( c \perp \bigsqcup {\mathcal {C}}' )\), which means \( \vdash \chi \rightarrow (c \nleq \bigsqcup \mathcal {B}) \). Recall that \(c\le \bigsqcup \mathcal {B}\) is a conjunct of \(\chi \). Thus \(\vdash \chi \rightarrow {\mathtt {ff}}\). \(\square \)
Now we can show that each basis contains the same number of atoms.
Theorem 4.20
For any two finite sets of formulas \( \mathcal {B}\) and \( {\mathcal {C}} \) such that \( \mathcal {B} = {\mathcal {C}} \) the following formula is deducible.
Proof
We first abbreviate the antecedent with:
We wish to show that \(\vdash \psi \rightarrow {\textsf {Basis}}({\mathcal {C}})\). As many conditions for \({\mathcal {C}}\) to be a basis are already in \(\psi \), it suffices to show that \(\vdash \psi \rightarrow (\bigsqcup {\mathcal {C}} \equiv {\mathtt {tt}})\). Since \(\vdash \psi \rightarrow {\textsf {Basis}}(\mathcal {B})\), it suffices to show \(\vdash \psi \rightarrow (\bigsqcup {\mathcal {C}}\equiv \bigsqcup \mathcal {B})\). To prove this, we follow a similar construction as was given in the inductive step for Lemma 4.19. We enumerate \(\mathcal {B}= \{b_0,\cdots ,b_{n1}\}\), and will replace these elements with elements of \({\mathcal {C}}\) one by one.
First step, remove \(b_0\): by Lemma 4.19, there is a \(c_0\in {\mathcal {C}}\), such that \( \vdash \psi \rightarrow c_0 \nleq \bigsqcup \mathcal {B}{\setminus } \{b_0\} \). Just as we did in the proof of Lemma 4.19, we then apply Lemma 4.18 and obtain \(\vdash \psi \rightarrow (\bigsqcup \mathcal {B}\equiv (\bigsqcup (\mathcal {B}{\setminus } \{b_0\}) \sqcup \{c_0\})) \). Note that the only difference between this step and that of the proof of Lemma 4.19 is that we applied Lemma 4.19 directly rather than used induction. Steps 2–n differ from those of Lemma 4.19 in precisely the same way.
In the final step we have obtained a set \( {\mathcal {C}}' \subseteq {\mathcal {C}} \) such that \(\vdash \psi \rightarrow (\bigsqcup \mathcal {B}\equiv \bigsqcup {\mathcal {C}}' )\) and \(  \mathcal {B} =  {\mathcal {C}}'  \). But we know that \(  {\mathcal {C}}  =  \mathcal {B} \) and therefore \( {\mathcal {C}} = {\mathcal {C}}' \) (thus instead of a contradiction we get the desired result). \(\square \)
Corollary 4.21
If \( \mathfrak {M}\vDash {\textsf {Basis}}(\mathcal {B}) \) and \( \mathfrak {M}\vDash {\textsf {Basis}}({\mathcal {C}}) \) then \( \mathcal {B} = {\mathcal {C}} \).
For most protocols, we do not just require a basis for the whole system, but a basis for each local subsystem. In those cases, the basis for the whole system will be the tensor product of the basis for the local subsystems. We will refer to these basis as locally orthogonal (fully) separable orthobasis (LOSB), which can be expressed by
The second to last line asserts that local components that are not equal must be orthogonal, and the last line asserts that each local component has dimension at least two.
The following lemma states that any LOSB \( \mathcal {B}\) is the tensor product of its local states.
Lemma 4.22
For a finite set of formulas \( \mathcal {B}\), Let \(\mathcal {B}^N\) be the set of functions from \(\{0,\cdots ,N1\}\) to \(\mathcal {B}\).
The following formula is deducible:
Proof
Let \(\chi \) be the negation of what we are trying to prove:
Let
It suffices to show that \(\vdash \chi \rightarrow {\mathtt {ff}}\). First note that
Furthermore by definition of \({{\textsf {LOSB}}}\) and propositional logic, for every \(f\in \mathcal {B}^N\) and \(b\in \mathcal {B}\),
Thus
By A6 we have \(\vdash \chi \rightarrow ( \bigvee _{f\in \mathcal {B}^N} \bigwedge _{b\in \mathcal {B}} (b\perp f(i) ))\). Then by Lemma 4.8, \(\vdash \chi \rightarrow (\bigvee _{f\in \mathcal {B}^N} (f(i) \perp \bigsqcup \mathcal {B}))\). Written another way, we have \(\vdash \chi \rightarrow (\bigvee _{f\in \mathcal {B}^N} (\bigsqcup \mathcal {B}\le {\sim }f(i)))\).
By modal reasoning \(\vdash {\mathtt {tt}}\equiv {\sim }{\mathtt {ff}}\) and by Lemma 4.5(4.6), \(\vdash (\phi \not \equiv {\mathtt {ff}}) \leftrightarrow ({\sim }\phi \not \equiv {\mathtt {tt}})\). As for each \(i<N\), \(f(i)\in \mathcal {B}\) and is a conjunct of \({{\textsf {SubBasis}}}(\mathcal {B})\) and hence a conjunct of \(\chi \), we have that \(\vdash \chi \rightarrow ({\sim }f(i) \not \equiv {\mathtt {tt}})\). As \(\vdash (\phi \le \psi )\wedge (\psi \ne {\mathtt {tt}}) \rightarrow (\phi \ne {\mathtt {tt}})\), we have from this and \(\vdash \chi \rightarrow (\bigvee _{f\in \mathcal {B}^N} (\bigsqcup \mathcal {B}\le {\sim }f(i)))\) that \(\vdash \chi \rightarrow (\bigsqcup \mathcal {B}\ne {\mathtt {tt}})\). This together with the fact that \(\bigsqcup \mathcal {B}={\mathtt {tt}}\) is a conjunct of \({{\textsf {SubBasis}}}(\mathcal {B})\) and hence of \(\chi \) gives us that \(\vdash \chi \rightarrow {\mathtt {ff}}\).
\(\square \)
Given two LOSBs \( \mathcal {B}\) and \( {\mathcal {C}} \), we can construct a new LOSB \( \mathcal {D} \), such that for all \( i < N \), either for all \( d \in \mathcal {D} \) we have \( d_{\{i\}} \equiv b_{\{i\}} \) for some \( b \in \mathcal {B}\) or for all \( d \in \mathcal {D} \) we have \( d_{\{i\}} \equiv c_{\{i\}} \) for some \( c \in {\mathcal {C}}\). The following lemma proves this fact.
Lemma 4.23
Let \( \mathcal {B}, {\mathcal {C}} \) and \( \mathcal {D}\) be three sets of proposition letters of equal size, i.e., \( \mathcal {B} = {\mathcal {C}} = \mathcal {D} \). The following formula is deducible:
where
Proof
To show \( \vdash {\textsf {Ant}}\rightarrow {{\textsf {LOSB}}}(\mathcal {D}) \) it suffices to show that \( {\textsf {Basis}}(\mathcal {D}) \), \( \bigwedge _{d \in \mathcal {D}} {\mathsf {Sep}}(d) \),
and
are provable from \( {\textsf {Ant}}\).
By extracting a conjunct from \({\textsf {Ant}}\), we already have \( \vdash {\textsf {Ant}}\rightarrow \bigwedge _{d \in \mathcal {D}} {\mathsf {Sep}}(d) \).
As an intermediate step, we show that \( \vdash {\textsf {Ant}}\rightarrow \bigwedge _{d \in \mathcal {D}} {\textsf {Atom}}(d) \). By axiom A4 we have \( \vdash {\textsf {Ant}}\rightarrow T(b_{\{i\}}) \) and \( \vdash {\textsf {Ant}}\rightarrow T(c_{\{i\}}) \) for all \( b \in \mathcal {B}\), \( c \in {\mathcal {C}} \) and \( i < N \). As \({\textsf {Ant}}\) asserts the equivalence of each \(d_{\{i\}}\) with either \(b_{\{i\}}\) or \(c_{\{i\}}\), propositional reasoning gives us \(\vdash {\textsf {Ant}}\rightarrow T(d_{\{i\}}) \) for all \( d \in \mathcal {D}\) and \( i < N \). So, by axiom A4, we have \(\vdash {\textsf {Ant}}\rightarrow {\textsf {Atom}}(d) \) for all \( d \in \mathcal {D}\).
We next show that (4.26) is provable from \({\textsf {Ant}}\). By propositional logic, using the conjunct for \({{\textsf {LOSB}}}(\mathcal {B})\) and for \({{\textsf {LOSB}}}({\mathcal {C}})\), we have
where
Then by modal logic we have
and similarly
Putting these together, we obtain by propositional logic
To show \(\vdash {\textsf {Ant}}\rightarrow {\textsf {Basis}}(\mathcal {D})\), by Theorem 4.20, it remains to show that \(\vdash {\textsf {Ant}}\rightarrow \bigwedge _{d\ne d'\in \mathcal {D}} d\perp d'\). For each \(d,d'\in \mathcal {D}\), because \({\mathsf {Sep}}(d)\) is a conjunct of \({\textsf {Ant}}\) for each \(d\in \mathcal {D}\), and because \(\vdash {\textsf {Ant}}\rightarrow \bigwedge _{d\in \mathcal {D}}{\textsf {Atom}}(d)\), we apply axiom A5 to get
Then
Because
we have by propositional logic
Thus by axiom A6, \(\vdash {\textsf {Ant}}\rightarrow \bigwedge _{d\ne d'\in \mathcal {D}} (d \perp d')\).
To show (4.27), let us fix an \( i < N \) and let \( \phi (i,\mathcal {B}) \) be
So for a fixed i we assume the negation of (4.27) and we assume all \( d \in \mathcal {D}\) are equal to some \( b \in \mathcal {B}\) at location i . We wish to show \( \vdash {\textsf {Ant}}\wedge \phi (i,\mathcal {B}) \rightarrow {\mathtt {ff}}\).
By definition of \( \equiv \) and modal reasoning, the first conjunct of \( \phi (i,\mathcal {B}) \) implies \( \bigwedge _{d,d' \in \mathcal {D}} (d_{\{i\}} \equiv d'_{\{i\}}) \), that is, all \( d \in \mathcal {D}\) are locally equivalent at location i . Combined with the second conjunct we get
As \( {{\textsf {LOSB}}}(\mathcal {B}) \) is a conjunct of \( {\textsf {Ant}}\), we have
Moreover, we have
Using propositional reasoning we obtain
By axiom A6, this implies
Now we can apply Corollary 4.8
We have already shown that \( \vdash {\textsf {Ant}}\rightarrow {\textsf {Basis}}(\mathcal {D}) \), and as \( \bigsqcup \mathcal {D}\equiv {\mathtt {tt}}\) is a conjunct of \( {\textsf {Basis}}(\mathcal {D}) \) we conclude
We can show this result for any \( i < N \) and replacing \( \mathcal {B}\) by \( {\mathcal {C}} \). As a result we get
This is equivalent to the desired result:
\(\square \)
Examples
In this section, we will discuss how to express and prove correctness for two quantum protocols: the quantum leader election protocol (Sect. 5.1) and the BB84 quantum key distribution protocol (Sect. 5.2).
Example 1: quantum leader election
The quantum leader election protocol aims to randomly select a leader in a group of agents such that each agent has equal probability to be selected as the leader. There exist several ways to solve this problem using quantum theory, e.g., D’Hondt and Panangaden (2006a) and Tani et al. (2012). The ones given in Tani et al. (2012) rely heavily on communication, and as we do not explicitly model communication, we will discuss the version given in D’Hondt and Panangaden (2006a), which omits explicit communication.
Given a set N of agents, the protocol assigns a quantum bit (a two dimensional Hilbert space) to each agent \( i \in N \) together with a basis . Then the following state, called the Wstate, is considered:
This state entangles the qubits in such a way that, after the agents measure their qubit, only one agent measures and all other agents measure .
In our logic, we express and prove the existence of the Wstate, showing that it has the desired probabilistic behavior. Our formula for correctness applies not only to the case where each agent has a qubit, but where each agent has a Hilbert space with dimension at least 2 (no smaller than a qubit). We could alternatively have enforced the property that each agent has precisely one qubit using as a conjunct
and the proofs in this section would have been essentially the same.
Let \( \mathcal {B}\) be a LOSB. Then an ordered subset \( \mathcal {W}= \{ W^i \mid i \in N + 1 \} \subset \mathcal {B}\) is Quantum Leader Election compatible (QLE compatible) if the following formula is satisfied (somewhere in) \( \mathfrak {M}\):
We interpret this formula as follows. The last element \( W^N \) should be seen as the tensor product \(\bigotimes ^\mathfrak {M}_{i\in N} \mathbf {0}_i\), where \(\mathbf {0}_i\) is the qubit for agent i corresponding to the classical bit 0 (one of the basis elements of the qubit). For \(i<N\), the element \( W^i \) is similarly a tensor product of classical bits, where each component \(k\ne i\) is similarly \(\mathbf {0}_k\), but where component \(k=i\) is \(\mathbf {1}_k\) instead. Note that we are interpreting basis elements of the components as classical bits, rather that defining the basis elements of the components with respect to predetermined classical bits.
The correctness of the quantum leader election is expressed by
where \( \mathcal {W}\subset _{N+1} \mathcal {B}\) ranges over all subsets \(\{W^0,\cdots ,W^{N}\}\) of \( \mathcal {B}\) of size \( N+1 \).
We will first show that for any set \(\mathcal {B}= \{b_0,\cdots ,b_{n1}\}\) of n pairwise orthogonal properties we have a state that has probability \( \frac{1}{n} \) for each property in \(\mathcal {B}\). Let us define
Proposition 5.1
For all \( n \ge 1 \) and for any set \( \mathcal {B}= \{b_0,\cdots ,b_{n1}\} \) of n formulas, the following formula is deducible.
Proof
With induction: for \( n = 1 \) we have \( \vdash {\mathsf {Ort}}(\mathcal {B}) \rightarrow (b \not \equiv {\mathtt {ff}}) \), which by Lemma 4.4 implies \(\vdash {\mathsf {Ort}}(\mathcal {B}) \rightarrow \exists b \). By Lemma 4.12(4.25), we have \( \vdash b \rightarrow \Pr (b) = 1 \), so we have \( \vdash {\mathsf {Ort}} \rightarrow \exists (\Pr (b) = 1) \), which finishes the case \( n = 1 \).
Induction hypothesis (IH): suppose for n we have \( \vdash {\mathsf {Ort}}(\mathcal {B}_n) \rightarrow \exists (\bigwedge _{i \in n} \Pr (b_i) = \frac{1}{n}) \). Let \( \mathcal {B}_{n+1} = \mathcal {B}_n \cup \{ b_{n} \} \). In Table 13, we show how to deduce
\(\square \)
The following theorem proves the correctness of the quantum leader election.
Theorem 5.2
For any finite set of formulas \( \mathcal {B}\), it is provable that \(\vdash {\textsf {QLECor}}(\mathcal {B})\), that is,
where \( \mathcal {W}\subset _{N+1} \mathcal {B}\) ranges over all subsets \(\{W^0,\cdots ,W^{N}\}\) of \( \mathcal {B}\) of size \( N+1 \).
Proof
For any \(\mathcal {W}= \{ W^0, \cdots , W^N \} \subset _{N+1} \mathcal {B}\), we can extract conjuncts from \({{\textsf {LOSB}}}(\mathcal {B})\) and apply Lemma 4.11 to obtain \(\vdash {{\textsf {LOSB}}}(\mathcal {B}) \rightarrow {\mathsf {Ort}}(\mathcal {W}) \). It is easy to see that for any \(\mathcal {W}'\subset _{N} \mathcal {W}\), we have that \(\vdash {\mathsf {Ort}}(\mathcal {W})\rightarrow {\mathsf {Ort}}(\mathcal {W}')\). Thus by this and Proposition 5.1, we have for any \(\mathcal {W}\subset _{N+1}\mathcal {B}\)
To show that \( \vdash {{\textsf {LOSB}}}(\mathcal {B}) \rightarrow \bigvee _{\mathcal {W}\subset _{N+1} \mathcal {B}} {\mathsf {QLE}}(\mathcal {W}) \), we select any \(b\in \mathcal {B}\) to be \(W^N\). Note that
For a given set \( \mathcal {V}= \{b^i \mid i < N \} \subset \mathcal {B}\) and each \(i<N\), let \(f^\mathcal {V}_i:\{0,\cdots ,N1\}\rightarrow \mathcal {B}\), such that \(f^\mathcal {V}_i(j) = W^N\) if \(i \ne j\) and \(f^\mathcal {V}_i(i) = b^i\). Then for each \(i<N\), we can apply Lemma 4.22 using \(f^\mathcal {V}_i\) to obtain a \(W^i \in \mathcal {B}\) such that \( W^i_{\{i\}} \equiv b^i_{\{i\}} \) and \( W^i_{\{j\}} \equiv W^N_{\{j\}} \) for any \( j \ne i \). By (5.2) we know that for some \( \mathcal {V}\subset \mathcal {B}\) the resulting set \(\mathcal {W}= \{W^0,\cdots ,W^{N1},W^N\}\) will be QLE compatible. Hence, using Lemma 4.22 and (5.2), we obtain \( \vdash {{\textsf {LOSB}}}(\mathcal {B}) \rightarrow \bigvee _{\mathcal {W}\subset _{N+1} \mathcal {B}} {\mathsf {QLE}}(\mathcal {W}) \). The desired result follows from this, (5.1), and propositional logic. \(\square \)
Example 2: BB84
The BB84 protocol is designed to provide two agents with the same random bitstring, to be used as a key for both encryption and description. The protocol works as follows: the first agent Alice has the ability to produce qubits in two different basis: and . Alice chooses two equally sized random bitstrings; the first is the message to be sent, the second determines the basis in which each individual bit of the message bitstring is sent. She sends the qubits to Bob, who has chosen a random bitstring as well to determine which basis he uses to measure each received qubit. After all qubits have been sent and measured, Alice and Bob publicly compare the basis bitstring they have used to create and measure the qubits respectively. On those positions where the basis bitstring matches, the corresponding bit in the message bitstring should correspond as well. On all other positions, those bits in the message bitstring could be different and are thus discarded. In the end, Alice and Bob have a corresponding random bitstring which is in general about half the size of the random bitstring Alice started with. Of course, this is in the ideal situation where no eavesdropper disturbs the channel. This section proves properties of this ideal situation.
We first need to characterize the message space. Let us fix the number of qubits at N and let \( \mathfrak {M}\) be the tensor product of N identical two dimensional quantum models. Let \( \mathcal {B}_1 \) and \( \mathcal {B}_+ \) be two LOSB’s that are locally probabilistically far apart (PFA), that is
Intuitively, \( \mathcal {B}_1 \) represents the N tensor product of the local basis and \( \mathcal {B}_+ \) represents the N tensor product of the local basis . We introduce two new abbreviations for the remainder of this section:
The message space \( {\mathcal {M}} \) of \( 4^N \) proposition letters can be defined by requiring each proposition to be locally equivalent either to some \( b \in \mathcal {B}_1 \) or to some \( b \in \mathcal {B}_+ \).
Let k be some element of \({\mathcal {M}}\). This represents Ann’s message and choice of basis for each component.
For any string \(s \in \{1,+\}^N\), let \( s_i \) denote the i’th coordinate. We define the set of propositions \(\mathcal {B}_s \subseteq {\mathcal {M}}\) by
In words, \(\mathcal {B}_s\) is the set of formulas where the i’th coordinate of each element b of \(\mathcal {B}_s\) is in \(\{ 0, 1 \}\) if the i’th coordinate of s is 1, and where the i’th coordinate of b in \(\{ , + \}\) otherwise. Note that by Lemma 4.23, for each \( s \in \{ 1, + \}^N \) the resulting set \( \mathcal {B}_s \) is an LOSB.
Furthermore, given a string \(s \in \{1,+\}^N\), define the term abbreviation:

\(\Pr _s(\phi ) :=\sum _{b \in \mathcal {B}_s} \Pr (b \wedge \phi )\)

\(\Pr _{{\mathcal {M}}}(\phi ) :=\sum _{s \in \{ 1, + \}^N} \frac{1}{2^N} \Pr _s(\phi )\)
The term \(\Pr _s(\phi )\) represents the probability of \(\phi \) holding true after measuring the state using basis \(\mathcal {B}_s\), in the event that \(\phi \) is testable (\(\phi \) needs to be testable for this reading to hold). The term \(\Pr _{{\mathcal {M}}}(\phi )\) represents the probability of \(\phi \) holding true after using a randomly selected one of the \(2^N\) chosen bases of states in \({\mathcal {M}}\).
The correctness of the BB84 protocol, when there is no eavesdropper, can be expressed by
where
and \( {\mathsf {Match}} \) states that at those coordinates where the choice of basis of Alice and Bob agree, Bob’s measured result agrees with Alice’s original message k. Formally this is expressed by
where
The probability of \({\mathsf {Match}}\) being equal to 1 reflects that without interference Bob should have received Ann’s message perfectly among those coordinates where they used the same basis.
Lemma 5.3
The following formula is deducible.
Proof
We will first show \( \vdash {\mathsf {Ant}} \rightarrow \Pr _s({{\mathsf {Match}}}) = 1 \) for all \( s \in \{1, +\}^N \). The desired result will then follow from the inequality axioms. By Lemma 4.23, we know \( \vdash {\textsf {Ant}}\rightarrow {{\textsf {LOSB}}}(\mathcal {B}_s) \), and therefore by Lemma 4.17, \(\vdash {\textsf {Ant}}\rightarrow \sum _{b \in \mathcal {B}_s} \Pr (b) = 1 \). So all we need to show is that \( \vdash {\mathsf {Ant}} \rightarrow \Pr (b) = \Pr (b \wedge {\mathsf {Match}}) \) for all \( b \in {\mathcal {M}} \).
Let us define
Thus \({\mathsf {Match}} = \bigwedge _{i<N} {\mathsf {Match}}_i\). We will show that for each \(b\in \mathfrak {M}\),
hence
By P4, \(\vdash (b\equiv (b\wedge {\mathsf {Match}}) \rightarrow \Pr (b) = \Pr (b\wedge {\mathsf {Match}})\). By Proposition 4.13, \(\vdash (\Pr (b \wedge {\mathsf {Match}}) \le \Pr (b)) \). Thus by P2 and inequality axioms \(\vdash \Pr (b)=0 \rightarrow \Pr (b) = \Pr (b\wedge {\mathsf {Match}})\). Hence, from (5.3), we use these steps to arrive at \(\vdash {\textsf {Ant}}\rightarrow \Pr (b)= \Pr (b\wedge {\mathsf {Match}})\).
To prove (5.3), let us fix an \( i < N \). We will discuss several cases, expressed by the following formulas:
By propositional logic, we have \(\vdash \phi \vee \psi \vee \chi \).
Case \(\phi \): First note that \(\vdash {\textsf {Ant}}\wedge \phi \rightarrow \bigvee \{ b \in {\mathcal {M}} \mid b_{\{i\}} \equiv k_{\{i\}} \}\)
Therefore, we have
Rewriting, we have \(\vdash {\textsf {Ant}}\wedge \phi \rightarrow (b\equiv (b\wedge {\mathsf {Match}}_i))\). Hence \(\vdash {\textsf {Ant}}\wedge \phi \rightarrow (\Pr (b) = 0 \vee (b\equiv (b\wedge {\mathsf {Match}}_i))\).
Case \(\psi \): By extracting conjuncts from \({\textsf {Ant}}\), we have \(\vdash {\textsf {Ant}}\wedge \psi \rightarrow {{\textsf {LOSB}}}(\mathcal {B}_1) \wedge {{\textsf {LOSB}}}(\mathcal {B}_+)\). Expanding \(\psi \), we have
Thus by propositional logic, \(\vdash {\textsf {Ant}}\wedge \psi \rightarrow (b_{\{i\}} \perp k_{\{i\}})\) for each \(i<N\). By axiom A6, \(\vdash {\textsf {Ant}}\wedge \psi \rightarrow (b \perp k) \) and therefore by axiom P3, \(\vdash {\textsf {Ant}}\wedge \psi \rightarrow (k \le \Pr (b) = 0) \). By Lemma 4.2(4.3), \(\vdash {\textsf {Ant}}\wedge \psi \rightarrow \Pr (b) = 0 \). Hence \(\vdash {\textsf {Ant}}\wedge \psi \rightarrow (\Pr (b) = 0 \vee (b\equiv (b\wedge {\mathsf {Match}}_i))\).
Case \(\chi \): By expanding \(\chi \), we have
By this and modal logic, we have that \(\vdash {\textsf {Ant}}\wedge \chi \rightarrow (b\le \lnot {\mathsf {BasisOf}}(k_{\{i\}}))\). Thus \(\vdash {\textsf {Ant}}\wedge \chi \rightarrow (b\le {\mathsf {Match}}_i)\), which is equivalent to \(\vdash {\textsf {Ant}}\wedge \chi (b \equiv b\wedge {\mathsf {Match}}_i)\). Thus \(\vdash {\textsf {Ant}}\wedge \chi \rightarrow (\Pr (b) = 0 \vee (b\equiv (b\wedge {\mathsf {Match}}_i))\).
Now we have \(\vdash {\textsf {Ant}}\wedge \omega \rightarrow (\Pr (b) = 0 \vee (b\equiv (b\wedge {\mathsf {Match}}_i))\), for each \(\omega \in \{\phi ,\psi ,\chi \}\). Together with \(\vdash \phi \vee \psi \vee \chi \), and repeating for each \(i<N\), we have (5.3). \(\square \)
Conclusion
This paper lays a foundation for an axiomatization of probabilistic quantum logics in the style of propositional dynamic logic. The axiomatization provided in this work is powerful enough to prove the correctness of quantum protocols, such as the quantum leader election of D’Hondt and Panangaden (2006a) and the BB84 quantum key distribution. As probability plays an important role in so many quantum protocols, we expect that our logic can be used and adapted to a much wider range of quantum protocols. We also hope that future work will clarify the prospects for a complete proof system.
This work may pave the way for powerful axiomatic system of stronger logics. For example, an axiomatic analysis of the construction of the Wstate is left for future work; such an analysis would benefit from a more powerful logic that explicitly reasons about unitary operations. When involving unitaries for quantum protocols and programs, it would be further beneficial to either characterize commonly used logic gates, such as the Hadamard gate, or to include them as constants.
Another potential extension of the logic is to add the power to explicitly express both the quantum and classical communication involved in various protocols. This may help in expressing important properties of a communicationrich variant of the quantum leader election protocol given in Tani et al. (2012), as well as the relationships among the classical and quantum communication in the quantum teleportation protocol.
References
Abramsky S, Coecke B (2009) Categorical quantum mechanics. In: Lehmann D, Engesser K, Gabbay DM (eds) Handbook of quantum logic and quantum structures. Elsevier, Amsterdam, pp 261–323
Baltag A, Smets S (2005) Complete axiomatizations for quantum actions. Int J Theor Phys 44(12):2267–2282
Baltag A, Smets S (2006) LQP: the dynamic logic of quantum information. Math Struct Comput Sci 16(3):491–525
Baltag A, Bergfeld J, Kishida K, Sack J, Smets S, Zhong S (2013) Quantum probabilistic dyadic secondorder logic. In: Libkin L, Kohlenbach U, de Queiroz R (eds) Logic, language, information, and computation, lecture notes in computer science, vol 8071. Springer, Berlin, Heidelberg, pp 64–80
Baltag A, Bergfeld J, Kishida K, Sack J, Smets S, Zhong S (2014) PLQP & company: decidable logics for quantum algorithms. Int J Theor Phys 53(10):3628–3647
Bennett CH, Brassard G (1984) Quantum cryptography: public key distribution and coin tossing. In: Proceedings of IEEE international conference on computers, systems and signal processing, pp 175–179
Bennett CH, Brassard G (2014) Quantum cryptography: public key distribution and coin tossing. In: Theoretical computer science 560, Part 1, theoretical aspects of quantum cryptography—celebrating 30 years of BB84, pp 7–11
Bergfeld JM, Kishida K, Sack J, Zhong S (2015) Duality for the logic of quantum actions. Stud Log 103(4):781–805. doi:10.1007/s112250149592x
Birkhoff G, von Neumann J (1936) The logic of quantum mechanics. Ann Math 37:823–843
Dalla Chiara ML, Giuntini R (2002) Quantum logics. In: Gabbay D, Guenthner F (eds) Handbook of philosophical logic. Kluwer Academic Publishers, Dordrecht, pp 129–228
Dalla Chiara ML, Giuntini R, Greechie R (2004) Reasoning in quantum theory: sharp and unsharp quantum logics, trends in logic, vol 22. Kluwer Academic Press, Dordrecht
D’Hondt E, Panangaden P (2006a) The computational power of the W and GHZ states. Quantum Inf Comput 6(2):173–183
D’Hondt E, Panangaden P (2006b) Quantum weakest preconditions. Math Struct Comput Sci 16:429–451 6
Dunn JM, Moss LS, Wang Z (2013) Editors’ introduction: the third life of quantum logic: quantum logic inspired by quantum computing. J Philos Log 42(3):443–459
Fagin R, Halpern JY (1994) Reasoning about knowledge and probability. J ACM 41(2):340–367
Fagin R, Halpern JY, Megiddo N (1990) A logic for reasoning about probabilities. Inf Comput 87(1):78–128
Feng Y, Nengkun Y, Ying M (2013) Model checking quantum Markov chains. J Comput Syst Sci 79(7):1181–1198
Fischer MJ, Ladner RE (1979) Propositional dynamic logic of regular programs. J Comput Syst Sci 18(2):194–211
Gay SJ, Nagarajan R, Papanikolaou N (2008) QMC: a model checker for quantum systems. In: Proceedings of the 20th international conference on computer aided verification, CAV ’08. Springer, Berlin, Heidelberg, pp 543–547
Goldblatt RI (1974) Semantic analysis of orthologic. J Philos Log 3(1–2):19–35
Harel D, Tiuryn J, Kozen D (2000) Dynamic logic. MIT Press, Cambridge
Hoare TCAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10):576–580
Hodkinson I, Reynolds M (2007) Temporal logic. In: Blackburn P, Van Benthem J, Wolter F (eds) Handbook of modal logic, studies in logic and practical reasoning, chapter 11, vol 3. Elsevier, pp 655–720
Mateus P, Sernadas A (2006) Weakly complete axiomatization of exogenous quantum propositional logic. Inf Comput 204(5):771–794
Nishimura H (2009) Gentzen methods in quantum logic. In: Lehmann D, Engesser K, Gabbay DM (eds) Handbook of quantum logic and quantum structures. Elsevier, Amsterdam, pp 227–260
Selinger P (2007) Dagger compact closed categories and completely positive maps: (extended abstract). In: Electronic notes in theoretical computer science. Proceedings of the 3rd international workshop on quantum programming languages (QPL 2005), vol 170, pp 139–163
Selinger P (2011) Finite dimensional Hilbert spaces are complete for dagger compact closed categories (extended abstract). In: Electronic notes in theoretical computer science. Proceedings of the joint 5th international workshop on quantum physics and logic and 4th workshop on developments in computational models (QPL/DCM 2008), vol 270(1), pp 113–119
Selinger P (2012) Finite dimensional Hilbert spaces are complete for dagger compact closed categories. Log Methods Comput Sci 8:1–12
Smets S, Baltag A (2006) Logics for quantum information flow. In: Presented at the 18th European Summer School of Logic, Language and Information. http://www.vub.ac.be/CLWF/SS/slides.html. Accessed 14 Dec 2014
Tani S, Kobayashi H, Matsumoto K (2012) Exact quantum algorithms for the leader election problem. ACM Trans Comput Theory 4(1):1:1–1:24
Ying M, Nengkun Y, Feng Y, Duan R (2013) Verification of quantum programs. Sci Comput Program 78(9):1679–1700
Author information
Affiliations
Corresponding author
Additional information
The research of these authors has been made possible by VIDI Grant 639.072.904 of the Netherlands Organization for Scientific Research (NWO).
Communicated by M. L. Dalla Chiara, R. Giuntini, E. Negri and S. Smets.
Rights and permissions
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.
About this article
Cite this article
Bergfeld, J.M., Sack, J. Deriving the correctness of quantum protocols in the probabilistic logic for quantum programs. Soft Comput 21, 1421–1441 (2017). https://doi.org/10.1007/s0050001518026
Published:
Issue Date:
DOI: https://doi.org/10.1007/s0050001518026
Keywords
 Probability
 Quantum logic
 Axiomatization
 Quantum computation
 Quantum protocols