Deriving the correctness of quantum protocols in the probabilistic logic for quantum programs

This paper presents a sound axiomatization for a probabilistic modal dynamic logic of quantum programs. The logic can express whether a state is separable or entangled, information that is local to a subsystem of the whole quantum system, and the probability of positive answers to quantum tests of certain properties. The power of this axiomatization is demonstrated with proofs of properties concerning bases of a finite-dimensional Hilbert space, composite systems, entangled and separable states, and with proofs of the correctness of two probabilistic quantum protocols (the quantum leader election protocol and the BB84 quantum key distribution protocol).


Introduction
There is a large literature on logics for classical computation. These include Hoare logic (1969), propositional dynamic logic (Fischer and Ladner 1979), other dynamic logics (Harel et al. 2000), and temporal logics (Hodkinson and Reynolds 2007), and they aid in proving correctness of protocols and programs. With the increased prospects of quantum devices and computers, there is a growing interest in quantum analogs for these logics.
Quantum logic, which was originally used to clarify properties of quantum physics (Birkhoff and Neumann 1936), has developed into a broader field, with many logics addressing algebraic structures of quantum systems (Dalla Chiara and Giuntini 2002;Dalla Chiara et al. 2004). A significant recent development is the strengthening of quantum logic to be able to address quantum computation as well (Dunn et al. 2013). This coincides with development to formalize the semantics of quantum programs (D'Hondt and Panangaden 2006b) and the development of model checkers and verification tools for quantum systems (Gay et al. 2008;Feng et al. 2013;Ying et al. 2013).
Recent work toward the development of quantum logics for computation yielded probabilistic dynamic quantum logics that are decidable, such as Baltag et al. (2013Baltag et al. ( , 2014, and the correctness of many quantum protocols can be expressed in these languages. However, an axiomatization of these probabilistic systems is lacking. In the non-probabilistic setting, a sound axiomatization relevant to our work was developed in Baltag and Smets (2006) for the Logic of Quantum Programs, a quantum analog of the propositional dynamic logic, which was used to prove the correctness of the quantum teleportation protocol and the quantum secret sharing protocol. But the logic of quantum programs could not express quantities, and could only account for the correctness of qualitative properties of algorithms and protocols considered, and that work considered a probabilistic extension to be a greater goal of the program.
This paper lays a foundation for an axiomatization for a probabilistic variant of the Logic of Quantum Programs. The language involves dynamic modalities for quantum programs as well as probabilistic modalities, and is similar to the decidable logic in Baltag et al. (2014), and hence we give it the same name: the Probabilistic Logic of Quantum Programs. Among the differences between our language here and the one in Baltag et al. (2014) is that our language here simplifies the formulas for locality to describing full separability with respect to a given set of components. This simplification of the language allows us to highlight basic properties in the proof system that are essential to properties of bases of a finite-dimensional Hilbert space. We develop a sound proof system for this logic, and we use it to prove properties of the quantum leader election protocol of D' Hondt and Panangaden (2006a) and the BB84 quantum key distribution protocol Brassard 1984, 2014).
The quantum leader election protocol is a method for selecting exactly one of n many members, giving each member equal chance of being selected. This is analogous to establishing a fair n-sided die, and such selections are important for distributive systems. We prove in our language the existence and correctness of the W -state as a shared state whose measurement would select a leader with the correct probability. The BB84 quantum key distribution protocol is a secure distribution key protocol. We prove in our language the correctness of this protocol in the event that there is no eavesdropping of communication. These two protocols are just examples of what our system can prove, and we are sure there are many others. But our logic also lays a foundation for further development in axiomatizing logics for quantum systems, particularly those that involve probability.
There have been other developments in forming axiomatizations of quantum logics. Goldblatt (1974), developed a complete axiomatization of orthologic and orthomodular quantum logic. There has also been development of Gentzen style proof systems for orthologic (Nishimura 2009). Selinger (2007), uses a graphical language to axiomatize properties for dagger compact closed categories, and shows in Selinger (2011Selinger ( , 2012) that this axiomatic system is also complete with respect to finite-dimensional Hilbert spaces. Abramsky and Bob (2009), use a diagrammatic axiomatization to prove the correctness of quantum teleportation, logic gate teleportation, and entanglement swapping protocols. An axiomatization of a quantum logic that involve probabilities is given in Mateus and Sernadas (2006). Our logic differs from these in that it builds on the work of Baltag and Smets (2006) and Baltag et al. (2014), and can be viewed as a probabilistic quantum analog of propositional dynamic logic.
Our paper is organized as follows. In Sect. 2, we introduce probabilistic quantum structures, the basic structures for our semantics, which are mild abstractions of Hilbert spaces. In Sect. 3, we introduce the syntax and semantics for our probabilistic logic of quantum programs. We then present in Sect. 4 the deductive system and prove some properties in the language from it, including properties concerning orthonormal bases. In Sect. 5, we prove the correctness of the quantum leader election protocol and the BB84 protocol.

Probabilistic quantum structure
Let H be a finite-dimensional Hilbert space with an orthonormal basis B = (b 0 , . . . , b n−1 ). Let V B denote the set of all functions f : B → C. It is well known that there is a bijective correspondence between the vectors in H and the elements of V B given by mapping every v in H to the function b i → v, b i . A state of H is a one-dimensional subspace s of H. We represent the states of H by a subset of V B , each representing a canonical representative of the one-dimensional subspace. This subset is the set of complex probability mass function defined as follows.
Definition 2.1 (Complex probability mass functions) Let B = {b i | 0 ≤ i < n} for some positive n ∈ N be an ordered set (which we call an ordered basis). A function f : B → C is called a complex probability mass function on B if 1. there exists an i ∈ n such that Let S B denote the set of all complex probability mass functions on B.
Note that if f is a complex probability mass function, the function f 2 : B → [0, 1] is a (real) probability mass function. In this sense, a complex probability mass function can be seen as an appropriate "square root" of a probability mass function. Every function f ∈ V B can be converted into a function S B as follows.

Definition 2.2 (Strong normalization) For every nonzero function
where in general z is the complex conjugate of z.
It is easy to see that the strong normalization transforms any nonzero function f : B → C into a complex probability mass function. The set of complex probability mass functions is identified with the set of states of a Hilbert spaces by the following proposition. such that the function f v = v, · : B → C is a complex probability mass function over the ordered orthonormal basis B.
Since the basis B is orthonormal, it is easy to see that f (b j ) = v, b j . By condition 3 of the definition of a complex probability mass function, v is a unit vector. 2. Let s be a one-dimensional subspace of H, and let w be any nonzero vector in s. We identify w with a nonzero function in f w ∈ V B . Let v be a vector corresponding to sn( f w ). As v only differs from w by a constant multiple, v ∈ s. Furthermore, as sn( f w ) is a complex probability mass function, v is a unit vector. To see that v is unique, we observe that for any complex number c = 1 and any complex probability mass function f , the function is not a complex probability mass function.
Because every state can be represented by a complex probability mass function, we will use the term state to mean either a one-dimensional subspace or a complex probability mass function. We will also use the same notation for both concepts. Also, throughout this paper, we will identify each natural number n ∈ N := {0, 1, 2, . . . } with the set {0, 1, . . . , n − 1} of elements preceding it. If we write i < N without a lower bound, we intend for i to range from i = 0 to i = N − 1.

Maps between bases and states
We require the basis to be ordered so that we can have a canonical representation of each state via a vector representative of its one-dimensional subspace (for the same reason, vectors are written as ordered tuples, also assuming an order to its basis). Were we to reorder the basis elements, we could then map each vector representative in the original ordering to its unique corresponding representative in the new order (this mapping is, in this context, an identity map on states). This concept is generalized to change-of-basis maps as follows.
The tensor product of two ordered bases is the Cartesian product of the elements ordered by the dictionary order.
The tensor product of s ∈ S B and t ∈ S C , denoted s ⊗ t, is given by It is easy to see that in general (s ⊗ t) ⊗ r ∼ = s ⊗ (t ⊗ r ). As the tensor product is associative given our strictest notion of isomorphism, we will ignore internal parentheses when taking tensor products of more than two bases.

Agents and separability
We write S M I (or S I if M is understood from context) for S M I , and S (or S M ) for S N (or S M N ). In what follows, given a finite ordered set J = {x 1 , . . . , x m } for some m < N (with the sequence (x i ) being strictly increasing), we use the notation (b i ) i∈J for the tuple (b x 1 , . . . , b x m ).
Definition 2.7 (Tensor product of agent components) Let M = (B 0 , . . . , B N −1 ) be an N -PQM, and let I, J ⊆ N , such that I ∩ J = ∅. The M-tensor product M I ⊗ M M J is defined to be M I ∪J , but where for each s ∈ S I and t ∈ S J , we have for each sequence ( Note that although ⊗ is not commutative, ⊗ M is. Also note that ⊗ M is associative; hence we generally omit parentheses.

Definition 2.8 (Separable and entangled states) Given an
Separability will play an important role in the semantics of the logic we define in the next section.

Probabilistic quantum logic
In this section, we define the syntax and semantics of our language, and provide some useful syntactic abbreviations.

Syntax
Let N be a set of agents and let Prop be a (countable) set of proposition letters denoted with p, q, . . . . The language is three-sorted, with formulas φ, programs α, and probability terms t, and is defined by where p ∈ Prop, I ⊆ N , Π ⊂ P(N ) is a partition of N , and ρ ∈ Q. The set of formulas φ is denoted by L N , and the set of terms t is denoted by Terms.
We have the standard logical connectives ¬φ, φ ∧ ψ and [α]φ with the meaning not φ, φ and ψ and after any successful execution of program α, φ holds respectively.
Here the programs α are φ?, a quantum test whether or not φ holds; α ∪ β, an arbitrary choice between two programs α and β; and α; β, the sequential execution of two programs α and β.
We also have three nonstandard, but useful connectives. Atom(φ) intuitively means that φ is only true at one and only one state. Sep(φ) means intuitively that all states making φ true are separable into each agent, that is, these states are of the form M i<N s {i} for some s {i} ∈ S {i} for each i < N . φ I intuitively represents the information that the local system I has about φ , that is, if any measurement that can be performed within the local system I cannot refute φ, then φ I true.
Lastly, we have t ≥ ρ, which intuitively means the probability of t is greater than or equal to ρ. Here t is a linear combination of Pr(φ), the probability that a test for φ is successful.
We have chosen the language to express several examples in the simplest way. However, one could easily imagine ways to extend the expressibility of this language. For example, we could extend this language with unitary operators α ::= U | U † ; however, we do not use these operators in the examples we discuss.

Semantics
The semantics is defined with respect to an N -PQM M. We will make use of the following concepts. We first observe that from just an ordered basis B = {b 0 , . . . , b n−1 } we can recover the Hilbert space structure, such as the inner product, as follows. For any two states s, t ∈ S B , we define the inner product of s and t to be where in general z is the complex conjugate of z. Then R := {(s, t) | s, t = 0} relates any two states that are non-orthogonal. We define the orthocomplement of a set of states X by ∼X := {s ∈ S | (s, x) / ∈ R for all x ∈ X } and let T := {P ⊆ S | P = ∼∼P} be the set of testable properties. For each P ∈ T , we then let R P := (s, t) ∈ S 2 t ∈ P and | s, u | 2 < | s, t | 2 for all u ∈ P\{t} .
Note that each P ∈ T corresponds to a linear closed subspace in a Hilbert space and that the relation R P in fact corresponds to the projection onto the subspace P.
It is easy to see that each singleton is testable, and hence that R = P∈T R P . Given an N -PQM M with carrier set S = S M and a valuation V : Prop → P S, we interpret formulas by a function · M : L N → P S, we interpret each program α by a relation R M α ⊆ S × S, and we interpret probability terms by a family of functions · M s : Terms → R for each s ∈ S as follows (we typically omit the superscript when it is understood by context). To interpret formulas φ: To interpret programs α: To interpret terms t:

Abbreviations
With this language, we can express many notions in quantum mechanics. Some are so important and natural to use, we introduce abbreviations for them ( be viewed as the modal operator for the non-orthogonality relation R. We abbreviate ∼φ by ¬φ for the following reason. The orthocomplement of φ, denoted by ∼φ, is true at any state s that is orthogonal to the set of states that make φ true. Equivalently, every state that makes φ true is orthogonal to s, and hence every state non-orthogonal to s makes ¬φ true. This means that ¬φ is true at s. With the orthocomplement, we can also define the quantum join: φ ψ := ∼(∼φ ∧∼ψ). The quantum join φ ψ can be thought of as the smallest testable property containing φ and ψ. Our quantum models satisfy the superposition principle: every state can reach any other state in two non-orthogonal steps, that is R; R = S × S. This gives us the power to express that a formula is valid in a model: ∀φ := φ is true at a state iff φ is true at every state in the model. With this global modality, we can express many relations between formulas that are globally true, such as inequality: As can be seen from the definition of the semantics, the logical operators for probability Pr(φ) and for tests φ? are only meaningful if the formula φ is testable. Noting that every testable property is closed under taking double orthocomplement, we can express testability by Similarly, in a multi-agent setting, the formula φ must be separable in I for φ I to represent the information I has about φ (that is, I's local state). We say that φ is I-local if I (φ) := (φ ≡ φ I ), that is, the truth of φ is fully determined by the local state of I .
In Table 2, we have abbreviations concerning probabilities. All but the last two are standard abbreviations for terms and pure probabilistic formulas taken from (Fagin et al. 1990, p. 83). Concerning the last two, we are often interested in the probability of successfully testing φ as well as the outcome := a 1 Pr(φ 1 ) + · · · + a n Pr(φ n ) of a successful test. We abbreviate this with the formulas φ? =ρ ψ and φ? >ρ ψ.

Deductive system
Our deductive proof system contains three rules (Table 3), where φ σ is obtained from φ by replacing all occurrences of p with σ ( p), and a list of axioms (Table 4), divided into the following five categories: standard propositional dynamic logic axioms, standard axioms about linear inequalities, basic axioms for quantum systems, probabilistic axioms for quantum systems and axioms for quantum systems concerning atoms and separability.
A proof for φ is a finite sequence of formulas, such that the last formula is φ and every formula is either an axiom listed below or obtained by applying an inference rule to (a) formula(s) appearing earlier in the sequence.
The three rules in Table 3 are standard, but we can deduce some nonstandard rules concerning the abbreviations ∀, ≤, ≡ and T (·), which will be given in Lemma 4.3.
The axioms for programs and for linear inequalities are standard, so we will only discuss the axioms in the last three categories. Basic axioms for quantum systems The first axiom Q1 states that equivalent formulas have equivalent tests. The second axiom Q2 expresses our design that when we test for a formula φ we actually test for the smallest closed linear subset containing φ , that is ∼∼φ.
For the axioms Q3 to Q9 one should remember that corresponds to the non-orthogonality relation and [ p?] corresponds to the projection onto P, where P = ∼∼ p .
Axiom Q3 is related to the superposition principle, which is the principle that for every two states there is a third state that is non-orthogonal to both of them (or any two states can reach each other by two non-orthogonal steps).
Axiom Q4 states that if a successful test for p results in a state satisfying q, then the state is non-orthogonal to q , so we can successfully test for q. Axiom Q5 corresponds to the fact that each projection is a partial function.
A successful test for a testable property P always results in a state inside P. When inquiring about a property Q that is not testable, our framework tests for the smallest testable property containing Q. Axiom Q6 corresponds to these facts, where ∼∼ p corresponds to the smallest testable property containing p.
If s ∈ P, then the projection is reflexive on s, that is, (s, s) ∈ R P . So if a state makes p true, a successful test for p always ends up in the same state. This is captured by axiom Q7.
Axiom Q8 corresponds to the self-adjointness of projections with respect to the inner product, that is, where Proj P (s) is the projection of vector s onto the space P (s R P t where t = sn(Proj P (s))). In non-probabilistic terms, this means that if the projection of s onto P is non-orthogonal to a state t, then the projection of t onto P is non-orthogonal to s.
The projection t of a state s onto P should be the closest state to s that is inside P. This can be expressed by: (s, t) ∈ R P iff for all u ∈ P we have u Rs iff u Rt. This statement is partially captured by axiom Q9: looking at the right-to-left part of the biconditional, if a state s is non-orthogonal to a state satisfying p, and if all states satisfying p that are nonorthogonal to s are also non-orthogonal to a state satisfying p ∧q, then the property p ∧q is "close to s", and a successful test for p at state s results in a state that satisfies q. Probabilistic axioms for quantum systems Axiom P1 and P2 are standard probability axioms ensuring the probability values are in the interval [0, 1]. Axiom P3 establishes the correspondence between orthogonality and zero probability.
Equivalent formulas should have equal probabilities, which is captured by axiom P4. Normally we can add the probabilities of disjoint sets, but in quantum systems we need the sets to be orthogonal. This is stated by axiom P5.
Axiom P6 is the probabilistic version of the superposition statement. If p and q are orthogonal we can superpose them into a state with probability ρ to p and probability 1 − ρ to q. Axiom P7 relates to conditional probabilities: the probability of p ∧ q is equal to the probability of p given q (which is τ in the axiom) times the probability of q (which is ρ in the axiom).
Probabilistic axioms for quantum systems P1 Axioms for atoms and separability Axioms for atoms and separability Atoms are the smallest nonempty sets; therefore, any nonempty set smaller than an atom is equal to that atom. This is captured by axiom A1.
As atoms are singleton states, a formula φ is satisfied at this state if and only if the atom implies φ. This is reflected by axiom A2.
For singleton states s that are non-orthogonal to a testable property Q, we have ( In other words, the projection of an atom is again an atom. This is captured by axiom A3. Axiom A4 provides a characterisation of an atom under the condition that the formula is separable. Axiom A5 asserts that two fully separable atoms are equivalent if and only if each of their local components are equivalent. Axiom A6 expresses the fact that two fully separable properties are orthogonal if one of their local components are orthogonal. Table 3 and the axioms in Table 4 are sound with respect to multi-agent probabilistic quantum models (N -PQM).

Theorem 4.1 The rules in
Proof Many of the axioms are standard from the literature. For example, PL, K, PDL1, and PDL2 are from propositional dynamic logic (see for example Harel et al. 2000). The axioms I1-I6 are from Fagin and Halpern (1994). The axioms P1, P2 and variations of P4 are common among probability logics (see for example Fagin and Halpern 1994). The axioms Q4-Q8 are from Baltag and Smets (2005) and Smets and Baltag (2006). The validity of some others may be obvious from the discussion above. We now prove the soundness of select axioms.
Q9: Suppose p and q are testable, i.e., p = ∼∼ p and q = ∼∼ q . Let s ∈ p? q . Then, by definition of R p there exists a t ∈ S such that (s, t) ∈ R p and t ∈ p ; since s ∈ p? q , it also holds that t ∈ q . As p ∧ q = p ∩ q , we have t ∈ p ∧ q . As R p corresponds to the projection onto p , we know each state u ∈ p that is nonorthogonal to s is also non-orthogonal to t.
) . Then we have s ∈ ♦ p , so s is non-orthogonal to p , and therefore we have (s, t) ∈ R p for some unique t ∈ p . Then since Suppose towards a contradiction t / ∈ q . Since t / ∈ p ∧ q = ∼∼ p ∧ q , we know there exists a v ∈ ∼ p ∧ q such that t Rv. Therefore, v is non-orthogonal to p , so there exists a unique w ∈ p such that (v, w) ∈ R p . Now w (as the projection of v onto p ) can be characterized by being the element of p where v Ru iff w Ru for all u ∈ p (see, for example, Bergfeld et al. 2015, Proposition 2.15). So we have w Rx iff v Rx for all x ∈ p ⊃ p ∧ q , and therefore we have w ∈ p ∩ ∼ p ∧ q . We also have w Rt, which implies w Rs (because t is the projec- . Let x ∈ p and y ∈ q . Since s ∈ p ⊥ q , p ⊆ ∼q , and hence p and q are orthogonal, and hence x, y = 0. Consider the vector z = √ ρx + √ (1 − ρ)y. One can easily check that z = sn(z), and is hence in S. Furthermore, as y ⊥ x, the projection of z onto ∼∼ p is the vector √ ρx, whose normalization is x ∈ p , and hence z ∈ p? p . The probability of projecting onto ∼∼ p is then | z, x | 2 = ρ; thus z ∈ p? =ρ p . We can similarly show that z ∈ q? =1−ρ q . Therefore, z ∈ p? =ρ p ∧ q? =1−ρ q , and thus s ∈ ∃( p? =ρ p ∧ q? =1−ρ q) , as desired.
P7: Let Q = ∼∼ q and P = ∼∼ p . Suppose s ∈ ( p ≤ q) ∧ q? =ρ (Pr( p) = τ ) . Because s ∈ p ≤ q , we have that p ≤ q = ∅, and thus p ⊆ q , giving us P ⊆ Q. Also, s ∈ q? =ρ (Pr( p) = τ ) and hence there exists a t, such that s R Q t, | s, t | 2 = ρ, and t ∈ Pr( p) = τ ) . Then there exists a u ∈ P, such that t R P u and | t, u | 2 = τ . Now let η = s, t t be the actual vector when projecting s onto Q. Let ξ = η, u u be the actual vector when projecting η onto P. Let ω = s, v v be the actual vector when projecting s onto P. Since P ⊆ Q, ξ = ω (to see this, one can change the basis so that P is the span of a subset of the basis elements, Q the span of a larger subset of the basis elements, and then project by removing the coefficients for basis elements not in the set we are projecting onto). Thus u = v and η, u = s, u . Expanding η, we have s, t t, v = s, u . Hence ρτ = | s, t | 2 | t, v | 2 = | s, u | 2 is the probability of projecting s onto P. Hence s ∈ Pr( p) = ρτ .
A4: First, we claim that for any ∅ I N and any p we have T ( p I ) ∧ ∃p I = S (where S is the whole state space) if and only if it holds that p I = {s I } ⊗ M S N \I for some fixed s I ∈ S I . Before we prove this claim, let us show the soundness of A4 with this claim.
Suppose we have that s ∈ Sep( p) ∧ Atom( p) . Then Sep (  Combining these results, we know p = {s}, and therefore p is an atom, i.e., Atom( p) = S. Therefore, s ∈ Atom( p) .
To prove the claim, we first note that if T (q) = S, we have q = ∼∼ q . Therefore, if s, t ∈ q we also have √ ρs + √ 1 − ρt ∈ q for any ρ ∈ [0, 1], because any state that is orthogonal to both s and t is also orthogonal to By definition of p I , any s ∈ p I is of the form s I ⊗ M s N \I . Suppose s I ⊗ M s N \I , t I ⊗ M t N \I ∈ p I such that s I = t I . Without loss of generality we may also assume s N \I = t N \I , because if s I ⊗ M s N \I ∈ p I , then s I ⊗ M s N \I ∈ p I for any other s N \I ∈ S N \I . If we look at the sum √ ρ(s I ⊗ M s N \I ) + √ 1 − ρ(t I ⊗ M t N \I ), with ρ = 0, 1, it is not hard to see that this sum is not equal to u I ⊗ M u N \I for any u I ∈ S I and u N \I ∈ S N \I . In other words, Combining the above two results, we have that if p I = ∅ and T ( p I ) = S, then p I = {s I } ⊗ M S N \I for some fixed s I ∈ S I .
For the other direction, we have that {s I } ⊗ M S N \I is isomorphic to S N \I , because every vector in the space spanned by {s I } ⊗ M S N \I is a constant multiple of an element of {s I } ⊗ M S N \I . Hence {s I } ⊗ M S N \I represents a subspace, and is therefore bi-orthogonally closed. Every topologically closed linear subspace is bi-orthogonally closed (Birkhoff and Neumann 1936), and it is well known that every subspace of a finite-dimensional Hilbert space is isomorphic to C n and therefore topologically closed. This finishes the proof of the claim.

Deducible basic properties of quantum models
We will now use our system to deduce several properties that are standard in most quantum logics, like weak modularity. In the first lemma, we will show the connection between projections ( φ? ) and non-orthogonality (♦). Also we show non-orthogonality is both reflexive and symmetric.

Lemma 4.2
The following formulas are deducible. p? q → ♦q, observe by axiom Q4 that p? q → q? tt, where the right side is equivalent to ♦q. The proofs for p → ♦ p and p → ♦ p can be found in Table 5.
Proof The upper row follows from two applications of necessitation; the lower row follows from reflexivity (Lemma 4.2-(4.3), which is equivalent to p → p).
Throughout this text, we will often apply the above lemma without reference. The following lemma states that every atom is nonempty.

Lemma 4.4
The following formula is deducible.
We have p ≤ tt, so by A2 we have Atom( p) → ∃( p ∧ tt) and as we have The following lemma collects several properties of the orthocomplement, in particular the three defining properties p ≤ ∼∼p, p ≤ q implies ∼q ≤ ∼p, and ( p ∧ ∼p) ≡ ff. Note that the first property p ≤ ∼∼p is weaker than the standard property found in many quantum logics p ≡ ∼∼p, but the latter only holds in quantum models that only consider testable properties.
Proof The proofs of these formulas can be found in Table 6.  (7) 13 As shown in Baltag and Smets (2006), the set of testable properties T contains all singletons and is closed under taking orthocomplement and intersections. The following lemma establishes the latter property. The former property will be deduced in Lemma 4.11, because we first need to show weak modularity.
Lemma 4.6 (Testable properties) The following formulas are deducible.
Proof The proof of these formulas can be found in Table 7.
The following lemma collects several properties of the quantum join. Most of these properties are intuitive when one thinks of the quantum join p q as the smallest closed linear subspace containing both p and q. For (4.16), if r is orthogonal to both p and q, then r is orthogonal to each element in the span of p and q, which is the quantum join p q.
Lemma 4.7 (Quantum join) The following formulas are deducible.
Abb. (9) 11 Proof The proof for the first five formulas can be found in Table 8.
We need a more general version of Lemma 4.7-(4.16) that considers the quantum join of n formulas instead of just two.

Corollary 4.8 For all finite n and for all sets of formulas B of size n, the following formula is deducible
Proof We prove this by induction on n. For n = 1 the statement holds trivially. Now suppose the statement holds for n. Let B be a set of formulas of size n and let b n+1 be a formula. By the induction hypothesis we have One of the main difference between classical logic and quantum logic is the lack of distributivity. Classical models satisfy distributivity ( p ∧ (q ∨ r ) = ( p ∧ q) ∨ ( p ∧ r )), but quantum models only satisfy a weaker version of distributivity called weak modularity, which we will show in the following lemma.

Lemma 4.9 (Weak modularity)
The following formula is deducible.

Corollary 4.10
The following formula is deducible.
Proof This is basically the dual of Lemma 4.9, that is, taking the orthocomplement. See Table 10.
With weak modularity we can show each atom is testable.

Lemma 4.11
The following formula is deducible.

Deducible probabilistic properties of quantum models
The following lemma collects several deducible properties of probabilistic quantum logic.

Lemma 4.12
The following formulas are deducible: Proof The proof of (4.21) is in Table 11. We now show (4.22). By Lemma 4.5 we have p ⊥ ∼p and p ∼ p, and hence by axiom P1, P4 and P5 we obtain the desired result Pr( p) + Pr(∼ p) = 1.
We now show (4.23). By uniform substitution in (4.22) we have Pr(∼ p) + Pr(∼∼ p) = 1. From this we can use the inequality axioms to show the second result Pr( p) = Pr(∼∼ p).
The following lemma shows that probability (Pr(·)) is monotone.
Axiom P5 only considers a pair of orthogonal states, but can be generalized to a finite set of n pairwise orthogonal states.
Lemma 4.14 For all n, the following formula is deducible.
Proof We prove this by induction. For n = 2, the statement holds by Axiom P5. Now suppose the statement holds for n (IH). Given the induction hypothesis (IH), the proof of is given in Table 12.
Using Lemma 4.14, we obtain a nice characterisation for the quantum join of a set of orthogonal states involving probabilities, which we show in the following corollary.

I1-I3
Corollary 4.15 For all finite n the following formula is deducible.
Proof For n ≥ 2 we know T ( i<n b i ) is derivable by Lemma 4.6, so by Lemma 4.12-(4.24), we have (Pr( i≤n b i ) = 1) ↔ i≤n b i . By Lemma 4.14, we know Combining these results, we get our desired result.
Similar to axiom P5, we can generalize axiom P7 by considering the quantum join of a finite set of formulas.

Lemma 4.16
The following formula is deducible.
By Lemma 4.7-(4.12), we also know b i ≤ j≤n b j , so the statement follows from axiom P7 and propositional logic.

Deducible properties of a basis
Since the notion of an orthonormal basis is very important in the two protocols we will discuss in Section 5, as well as many other protocols, we discuss the definition of a basis and prove several properties.
Let M be an N -PQM and let B be a finite set of formulas. The set B is called an orthosubbasis of M if the following formula is satisfied in M: In the following lemmas, we show that the probabilities of elements in an orthosubbasis B add up to 1.

Lemma 4.17 For a finite set of testable formulas B the following formula is deducible.
Proof This lemma follows directly from the definition of an orthosubbasis combined with Lemma 4.14 and axiom P1.
An orthosubbasis B is an orthobasis if any proper superset of B is not a subbasis. This happens precisely when B consists only of atoms.
We are going to show that each basis has the same number of elements. To show this we will first show that within a quantum join we can replace one atom p by another atom q without changing the quantum join p r , so long as these two atoms are "close" enough (q is also under the join, but not under r ).

Lemma 4.18
The following formula is deducible.
The following lemma uses the previous lemma to establish that a quantum join of n formulas can contain at most n orthogonal states.

Lemma 4.19
For any finite n and any set B of size n and any set C of finite size m > n, the following is deducible.
Proof We prove this by induction on n. For n = 1, the formula follows immediately from A1 and Lemma 4.4. Suppose the formula holds true for any set B of size smaller than n and any set C of size bigger than the size of B (IH). Consider the following formula (which is the negation of the desired formula): It suffices to prove χ → ff. Take any order on B = {b 0 , . . . , b n−1 }. We will use Lemma 4.18 to replace each b by a c one by one, such that the quantum join remains the same.
First step, remove b 0 : By the induction hypothesis (IH) and propositional logic, there exists a c 0 ∈ C such that χ → c 0 B\{b 0 }. Given that c 0 ≤ B, Atom(b 0 ) and Atom(c 0 ) are also provable from χ , we can apply Lemma 4.18 and obtain Steps 2-n. Suppose we have a set C of l elements such that for B = {b l , . . . , b n−1 } we have Now we remove b l and obtain a c l ∈ C\C in a completely similar way as in step 1, such that Final step. After n steps, we have a set C C such that χ → ( B ≡ C ). We know there exists a c ∈ C\C for which we have χ → c ∈C c ⊥ c and therefore by Corollary 4.8, we have χ → (c ⊥ C ), which means Now we can show that each basis contains the same number of atoms.
Theorem 4.20 For any two finite sets of formulas B and C such that |B| = |C| the following formula is deducible.
Proof We first abbreviate the antecedent with: We wish to show that ψ → Basis(C). As many conditions for C to be a basis are already in ψ, it suffices to show that ψ → ( C ≡ tt). Since ψ → Basis(B), it suffices to show ψ → ( C ≡ B). To prove this, we follow a similar construction as was given in the inductive step for Lemma 4.19. We enumerate B = {b 0 , . . . , b n−1 }, and will replace these elements with elements of C one by one.
First step, remove b 0 : by Lemma 4.19, there is a c 0 ∈ C, such that ψ → c 0 B\{b 0 }. Just as we did in the proof of Lemma 4.19, we then apply Lemma 4.18 and obtain ψ → ( B ≡ ( (B\{b 0 }) {c 0 })). Note that the only difference between this step and that of the proof of Lemma 4.19 is that we applied Lemma 4.19 directly rather than used induction. Steps 2-n differ from those of Lemma 4.19 in precisely the same way.
In the final step we have obtained a set C ⊆ C such that ψ → ( B ≡ C ) and |B| = |C |. But we know that |C| = |B| and therefore C = C (thus instead of a contradiction we get the desired result). For most protocols, we do not just require a basis for the whole system, but a basis for each local subsystem. In those cases, the basis for the whole system will be the tensor product of the basis for the local subsystems. We will refer to these basis as locally orthogonal (fully) separable orthobasis (LOSB), which can be expressed by The second to last line asserts that local components that are not equal must be orthogonal, and the last line asserts that each local component has dimension at least two.
The following lemma states that any LOSB B is the tensor product of its local states. The following formula is deducible: Proof Let χ be the negation of what we are trying to prove: Let It suffices to show that χ → ff. First note that Furthermore by definition of LOSB and propositional logic, for every f ∈ B N and b ∈ B, ). Written another way, we have χ → ( f ∈B N ( B ≤ ∼ f (i))).
As We next show that (4.26) is provable from Ant. By propositional logic, using the conjunct for LOSB(B) and for LOSB(C), we have Then by modal logic we have Putting these together, we obtain by propositional logic

To show
Ant → Basis(D), by Theorem 4.20, it remains to show that Ant → d =d ∈D d ⊥ d . For each d, d ∈ D, because Sep(d) is a conjunct of Ant for each d ∈ D, and because Ant → d∈D Atom(d), we apply axiom A5 to get we have by propositional logic To show (4.27), let us fix an i < N and let φ(i, B) be So for a fixed i we assume the negation of (4.27) and we assume all d ∈ D are equal to some b ∈ B at location i. We wish to show Ant ∧ φ(i, B) → ff. By definition of ≡ and modal reasoning, the first conjunct , that is, all d ∈ D are locally equivalent at location i. Combined with the second conjunct we get As LOSB(B) is a conjunct of Ant, we have Using propositional reasoning we obtain By axiom A6, this implies Now we can apply Corollary 4.8 We have already shown that Ant → Basis(D), and as D ≡ tt is a conjunct of Basis(D) we conclude We can show this result for any i < N and replacing B by C.
As a result we get This is equivalent to the desired result:

Examples
In this section, we will discuss how to express and prove correctness for two quantum protocols: the quantum leader election protocol (Sect. 5.1) and the BB84 quantum key distribution protocol (Sect. 5.2).

Example 1: quantum leader election
The quantum leader election protocol aims to randomly select a leader in a group of agents such that each agent has equal probability to be selected as the leader. There exist several ways to solve this problem using quantum theory, e.g., D'Hondt and Panangaden (2006a) and Tani et al. (2012). The ones given in Tani et al. (2012) rely heavily on communication, and as we do not explicitly model communication, we will discuss the version given in D' Hondt and Panangaden (2006a), which omits explicit communication.
Given a set N of agents, the protocol assigns a quantum bit (a two dimensional Hilbert space) to each agent i ∈ N together with a basis {|0 i , |1 i }. Then the following state, called the W -state, is considered: This state entangles the qubits in such a way that, after the agents measure their qubit, only one agent measures |1 and all other agents measure |0 . In our logic, we express and prove the existence of the Wstate, showing that it has the desired probabilistic behavior. Our formula for correctness applies not only to the case where each agent has a qubit, but where each agent has a Hilbert space with dimension at least 2 (no smaller than a qubit). We could alternatively have enforced the property that each agent has precisely one qubit using as a conjunct and the proofs in this section would have been essentially the same.
Let B be a LOSB. Then an ordered subset W = {W i | i ∈ N + 1} ⊂ B is Quantum Leader Election compatible (QLE compatible) if the following formula is satisfied (somewhere in) M: We interpret this formula as follows. The last element W N should be seen as the tensor product M i∈N 0 i , where 0 i is the qubit for agent i corresponding to the classical bit 0 (one of the basis elements of the qubit). For i < N , the element W i is similarly a tensor product of classical bits, where each component k = i is similarly 0 k , but where component k = i is 1 k instead. Note that we are interpreting basis elements of the components as classical bits, rather that defining the basis elements of the components with respect to predetermined classical bits.
The correctness of the quantum leader election is expressed by where W ⊂ N +1 B ranges over all subsets {W 0 , . . . , W N } of B of size N + 1. We will first show that for any set B = {b 0 , . . . , b n−1 } of n pairwise orthogonal properties we have a state that has probability 1 n for each property in B. Let us define Proposition 5.1 For all n ≥ 1 and for any set B = {b 0 , . . . , b n−1 } of n formulas, the following formula is deducible.
Induction hypothesis (IH): suppose for n we have Ort(B n ) → ∃( i∈n Pr(b i ) = 1 n ). Let B n+1 = B n ∪ {b n }. In Table 13, we show how to deduce The following theorem proves the correctness of the quantum leader election.
Theorem 5.2 For any finite set of formulas B, it is provable that QLE-Cor(B), that is,

Example 2: BB84
The BB84 protocol is designed to provide two agents with the same random bitstring, to be used as a key for both encryption and description. The protocol works as follows: the first agent Alice has the ability to produce qubits in two different basis: {|0 , |1 } and {|− , |+ }. Alice chooses two equally sized random bitstrings; the first is the message to be sent, the second determines the basis in which each individual bit of the message bitstring is sent. She sends the qubits to Bob, who has chosen a random bitstring as well to determine which basis he uses to measure each received qubit. After all qubits have been sent and measured, Alice and Bob publicly compare the basis bitstring they have used to create and measure the qubits respectively. On those positions where the basis bitstring matches, the corresponding bit in the message bitstring should correspond as well. On all other positions, those bits in the message bitstring could be different and are thus discarded. In the end, Alice and Bob have a corresponding random bitstring which is in general about half the size of the random bitstring Alice started with. Of course, this is in the ideal situation where no eavesdropper disturbs the channel. This section proves properties of this ideal situation.
We first need to characterize the message space. Let us fix the number of qubits at N and let M be the tensor product of N identical two dimensional quantum models. Let B 1 and B + be two LOSB's that are locally probabilistically far apart (PFA), that is The message space M of 4 N proposition letters can be defined by requiring each proposition to be locally equivalent either to some b ∈ B 1 or to some b ∈ B + . The term Pr s (φ) represents the probability of φ holding true after measuring the state using basis B s , in the event that φ is testable (φ needs to be testable for this reading to hold). The term Pr M (φ) represents the probability of φ holding true after using a randomly selected one of the 2 N chosen bases of states in M.
The correctness of the BB84 protocol, when there is no eavesdropper, can be expressed by The probability of Match being equal to 1 reflects that without interference Bob should have received Ann's message perfectly among those coordinates where they used the same basis.
Proof We will first show Ant → Pr s (Match) = 1 for all s ∈ {1, +} N . The desired result will then follow from the inequality axioms. By Lemma 4.23, we know Ant → LOSB(B s ), and therefore by Lemma 4.17, Ant → b∈B s Pr(b) = 1. So all we need to show is that Ant → Pr(b) = Pr(b ∧ Match) for all b ∈ M.
Let us define Thus Match = i<N Match i . We will show that for each By Proposition 4.13, (Pr(b ∧ Match) ≤ Pr(b)). Thus by P2 and inequality axioms Pr(b) = 0 → Pr(b) = Pr(b ∧ Match). Hence, from (5.3), we use these steps to arrive at Ant → Pr(b) = Pr(b ∧ Match).
To prove (5.3), let us fix an i < N . We will discuss several cases, expressed by the following formulas: Rewriting, we have

Conclusion
This paper lays a foundation for an axiomatization of probabilistic quantum logics in the style of propositional dynamic logic. The axiomatization provided in this work is powerful enough to prove the correctness of quantum protocols, such as the quantum leader election of D'Hondt and Panangaden (2006a) and the BB84 quantum key distribution. As probability plays an important role in so many quantum protocols, we expect that our logic can be used and adapted to a much wider range of quantum protocols. We also hope that future work will clarify the prospects for a complete proof system. This work may pave the way for powerful axiomatic system of stronger logics. For example, an axiomatic analysis of the construction of the W -state is left for future work; such an analysis would benefit from a more powerful logic that explicitly reasons about unitary operations. When involving unitaries for quantum protocols and programs, it would be further beneficial to either characterize commonly used logic gates, such as the Hadamard gate, or to include them as constants.
Another potential extension of the logic is to add the power to explicitly express both the quantum and classical communication involved in various protocols. This may help in expressing important properties of a communicationrich variant of the quantum leader election protocol given in Tani et al. (2012), as well as the relationships among the classical and quantum communication in the quantum teleportation protocol.
Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecomm ons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.