enrich ipaydetails-set , imessage-set , EINV-Props with functions getFromExLog : name × epaydetailsset → ipaydetailsset; getToExLog : name × epaydetailsset → ipaydetailsset; predicates inboxInEther : name × (name → imessageset) × emessageset × (name → tidset); etherInInbox : name × (name → imessageset) × emessageset × (name → tidset); outboxEQ : (name → imessage) × (name → emessage); variables outbox : name → imessage; inbox : name → imessageset; eoutbox : name → emessage; na1 : name; axioms getFromExLog-empty : ⊦ getFromExLog(na, ∅) = ∅; getFromExLog-rec : ⊦ getFromExLog(na, epds ++ epd) = ((epd .from ≠ na ⊃ getFromExLog(na, epds); getFromExLog(na, epds) ++ mkipd(epd .to, epd .value, epd .tid))) ; getToExLog-empty : ⊦ getToExLog(na, ∅) = ∅; getToExLog-rec : ⊦ getToExLog(na, epds ++ epd) = ((epd .to ≠ na ⊃ getToExLog(na, epds); getToExLog(na, epds) ++ mkipd(epd .from, epd .value, epd .tid))) ; inboxInEther-def : ⊦ inboxInEther(na, inbox, eether, usedTids) ↔ (∀ imsg. imsg ∈ inbox(na) → imsg ≠ none ∧ (isIReq(imsg) → EReq(mkepd(na, imsg .na, imsg .value, imsg .tid)) ∈ eether ∧ ¬ imsg .tid ∈ usedTids(na)) ∧ (isIVal(imsg) → EVal(mkepd(imsg .na, na, imsg .value, imsg .tid)) ∈ eether) ∧ (isIAck(imsg) → EAck(mkepd(na, imsg .na, imsg .value, imsg .tid)) ∈ eether)) ; outboxEQ-def : ⊦ outboxEQ(outbox, eoutbox) ↔ (∀ na, na1, n, tid. authentic(na) → (eoutbox(na) = EReq(mkepd(na1, na, n, tid)) ↔ outbox(na) = IReq(mkipd(na1, n, tid))) ∧ (eoutbox(na) = EVal(mkepd(na, na1, n, tid)) ↔ outbox(na) = IVal(mkipd(na1, n, tid))) ∧ (eoutbox(na) = EAck(mkepd(na1, na, n, tid)) ↔ outbox(na) = IAck(mkipd(na1, n, tid))) ∧ (eoutbox(na) = none ↔ outbox(na) = none)) ; end enrich