University of Leicester


Foundations of Security Summer School, Oregon, 2003

Introduction to Lectures on Coinduction and Bisimilarity


We assume that readers already have a reasonable understanding of
  1. very basic (naive) set theory;
  2. simple discrete mathematics, such as relations, functions, preordered sets, and equivalence relations;
  3. simple (naive) logic and the notion of a formal system;
  4. a programming language, preferably a functional one; language syntax presented as finite trees;
  5. acquaintance with inductively defined sets;

These lectures give an introduction to coinduction and bisimilarity. As a basic course for this summer school, they do not assume any knowledge of security, and they do not address security directly.

The main topics are covered in two parts. In part I, we give a mathematical definition of coinduction, and bisimilarity, and outline some examples of how these notions can be applied. In part II, we look at an in-depth example of the application of coinduction and bisimilarity, within the context of a (hopefully familiar) simple functional language. The use of coinduction to prove contextual equivalences via bisimulations is the central theme. In part III, we give a very brief survey of some security literature which makes use of coinduction and bisimilarity.

The lectures present material developed in the literature over the past few years. A key feature is that they attempt to give a neat and uniform account of the key facts concerning (induction and) coinduction, and also bisimilarity. Another feature is that the functional language is based on simple function declarations, and so there is no variable binding. (The accounts in the literature focus on languages with nameless functions and recursion.) Thus we do not have to deal with the awkward consequences of binders, but still retain a framework in which key ideas and key technical issues can be explained. The lecture notes attempt to point out the key stages in proofs of results, giving just the proof procedure for easy results, and giving example steps from proofs of more difficult results.

Learning Outcomes

By attending these lectures, and completing at least some of the exercises, you should

  1. be able to state the definition of inductively and coinductively specified sets;
  2. be able to state the associated proof principles;
  3. give simple examples and work out more of your own;
  4. show how coinduction can be used to prove equivalences;
  5. know when coinduction can be used to prove equalities;
  6. give the definition of similarity and bisimilarity;
  7. understand how to give a labelled transition semantics to a functional language;
  8. be able to define contextual equivalence, and bisimilarity, of programs;
  9. have an overall understanding of a proof that contextual equivalence and bisimilarity coincide; in particular, you should be able to go on to read the technical proofs in the literature;
  10. understand that proving contextual equivalences can be difficult, but that establishing bisimilarity is more tractable;
  11. be able to understand the more complex bisimilarity examples given in the literature;
  12. be aware of some papers on security that utilize ideas presented in the lectures.

The Lecture Slides and Related Material

Author: Roy Crole.
© University of Leicester April 2013. Last modified: 9th March 2013, 10:15:10
Informatics Web Maintainer. This document has been approved by the Head of Department.