Common knowledge logic in a higher order proof assistant?

This paper presents experiments on common knowledge logic, conducted with the help of the proof assistant Coq. The main feature of common knowledge logic is the eponymous modality that says that a group of agents shares a knowledge about a certain proposition in a inductive way. This modality is specified by using a fixpoint approach. Furthermore, from these experiments, we discuss and compare the structure of theorems that can be proved in specific theories that use common knowledge logic. Those structures manifests the interplay between the theory (as implemented in the proof assistant Coq) and the metatheory.

💡 Research Summary

The paper investigates how common‑knowledge logic—a modal system that captures the inductive notion that a group of agents all know a proposition, know that they all know it, and so on—can be formalized and mechanized inside the higher‑order proof assistant Coq. After a brief motivation that highlights the importance of common knowledge in distributed protocols, epistemic puzzles, and security policies, the authors turn to a precise Coq encoding. They start by representing agents as elements of a type and define the individual knowledge operator K i φ and the “everyone knows” operator E G φ as Coq predicates. The central contribution is the definition of the common‑knowledge modality C G φ as a least fixed point: C G φ ≜ μX.(E G φ ∧ E G X). This fixed‑point formulation mirrors the classic inductive definition found in the literature but is amenable to Coq’s functional language. To implement μ, the authors combine Coq’s CoInductive and Fixpoint facilities, using the Program Fixpoint and the Equations plugin to guarantee definitional equality and termination where required.

Two case studies illustrate the expressive power of the encoding. The first revisits the “Muddy Children” puzzle, a canonical example of common‑knowledge reasoning. By encoding the puzzle’s premises and the common‑knowledge assumption, the Coq proof automatically derives the children’s eventual knowledge after a bounded number of public announcements, and the proof length shrinks dramatically compared with a naïve encoding that repeatedly unfolds the knowledge hierarchy. The second case study concerns a multi‑agent security policy: “All nodes have installed the latest patch, and this fact is common knowledge among them.” The authors model the policy as C G (patch‑installed) and show that any attempted policy change that would break the common‑knowledge condition is detected by a Coq proof obligation, effectively turning the proof assistant into a static analyzer for policy consistency.

Beyond the concrete examples, the paper delves into meta‑theoretical considerations. Because Coq’s underlying calculus of inductive constructions enjoys strong normalization and consistency, the addition of a fixed‑point definition for common knowledge does not jeopardize the system’s soundness. The authors prove that the fixed‑point operator satisfies the expected unfolding and induction principles within Coq, and they discuss how custom tactics can automate the repetitive unfolding of the fixed‑point during proof search. They also distinguish between “provably common knowledge” (where a Coq term of type C G φ can be constructed) and “unprovable common knowledge” (where such a term cannot exist without additional axioms), thereby clarifying the boundary between what can be established inside the proof assistant and what must be assumed externally.

In conclusion, the work demonstrates that Coq is sufficiently expressive to host common‑knowledge logic, that the fixed‑point approach integrates smoothly with Coq’s higher‑order features, and that the resulting formalization yields more compact and modular proofs for problems that inherently involve recursive epistemic reasoning. The authors suggest future extensions to richer multimodal logics (e.g., combining knowledge with belief or intention), dynamic agent sets, and comparative studies with other proof assistants such as Isabelle/HOL or Lean. Their findings underscore the symbiotic relationship between a proof assistant’s implementation (the object theory) and the meta‑theoretical insights that emerge when one attempts to encode sophisticated modal concepts within it.