Deception, Delay, and Detection of Strategies
Michael Erdmann

TL;DR
This paper explores how strategies in complex systems can be concealed or revealed in stages, analyzing the structure of informative sequences that expose strategies in nondeterministic and stochastic graphs.
Contribution
It provides detailed proof and analysis of the existence and structure of informative action release sequences in strategy complexes of controllable graphs.
Findings
Maximal strategies contain at least one informative sequence of length at least n-1.
Number of such sequences is at least (n-1)! for each strategy.
Strategies can be hidden or revealed in stages, affecting detection and bluffing.
Abstract
Homology generators in a relation offer individuals the ability to delay identification, by guiding the order via which the individuals reveal their attributes (see arXiv:1712.04130). This perspective applies as well to the identification of goal-attaining strategies in systems with errorful control, since the strategy complex of a fully controllable nondeterministic or stochastic graph is homotopic to a sphere. Specifically, such a graph contains for each state a maximal strategy that converges to state from all other states in the graph and whose identity may be shrouded in the following sense: One may reveal certain actions of in a particular order so that the full strategy becomes known only after at least of these actions have been revealed, with none of the actions revealed definitively inferable from those previously revealed. Here is the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsTopological and Geometric Data Analysis · Machine Learning and Algorithms · Complexity and Algorithms in Graphs
Deception, Delay, and Detection
of Strategies
Michael Erdmann
Carnegie Mellon University
June 27, 2019 This report is based upon work supported in part by the National Science Foundation under award number IIS-1409003. Any opinions, findings and conclusions or recommendations expressed in this report are those of the author and do not necessarily reflect the views of the Government or the National Science Foundation.
(© 2019 Michael Erdmann)
Abstract
Homology generators in a relation offer individuals the ability to delay identification, by guiding the order via which the individuals reveal their attributes [6]. This perspective applies as well to the identification of goal-attaining strategies in systems with errorful control, since the strategy complex of a fully controllable nondeterministic or stochastic graph is homotopic to a sphere. Specifically, such a graph contains for each state a maximal strategy that converges to state from all other states in the graph and whose identity may be shrouded in the following sense: One may reveal certain actions of in a particular order so that the full strategy becomes known only after at least of these actions have been revealed, with none of the actions revealed definitively inferable from those previously revealed. Here is the number of states in the graph. Moreover, the strategy contains at least such informative action release sequences, each of length at least .
The earlier work described above sketched a proof that *every * maximal strategy in a *pure nondeterministic * or *pure stochastic * graph contains *at least one * informative action release sequence of length at least . The primary purpose of the current report is to fill in the details of that sketch. To build intuition, the report first discusses several simpler examples. These examples suggest an underlying structure for hiding capabilities or bluffing capabilities, as well as for detecting such deceit.
Contents
-
2.4 Sample Graphs, Relations, and Informative Action Release Sequences
-
4.2 Core Cycle Actions, Leaf Covers, Disruptive Sets of Actions
-
4.9 Informative Action Release Sequences for Maximal Strategies
-
4.10.2 A Pure Nondeterministic Graph with Several Nondeterministic Actions
-
4.10.3 A Directed Graph with Several Cycles, Represented Hierarchically
-
4.10.4 A Directed Graph with a Disruptive but not Cycle-Breaking Strategy
-
5.1 Expanding Fully Controllable Subgraphs via Minimal Nonfaces
-
5.2 Informative Action Release Sequences from Expansive Sets of Actions
-
5.4.3 A Pure Stochastic Graph Highlighting Expansive Set Order
-
6.3 A Counterexample with a Small Goal Set and Nonequivalent Inferences
1 Introductory Examples
1.1 Paths and Constituent Transitions
Figure 1 shows four islands connected by bridges, as might be found in one of the great oceanic cities of the world. One of the bridges allows traffic in two directions, the others are one-way bridges. Of interest are the possible paths a bus of tourists or the motorcade of a prominent dignitary might take from the Hotel Island to the Palace Island, via one or two intermediary islands (the Left Island and/or the Right Island).
Since the bridge between Left Island and Right Island is bidirectional, there are infinitely many such paths, parameterized by the number of times the bus or motorcade cycles over the two-way bridge. For the purposes of this report, we will disallow such infinite cycling. One can imagine different restrictions. In this first example, we impose the restriction that a vehicle may traverse the two-way bridge at most once in each of its possible directions (perhaps for legal or monetary reasons). In a more general setting, we would disallow traversing any bridge in the same direction more than once. Later, in Section 1.2, we will discuss a different example with a different restriction that prevents infinite cycling.
We define a permissible path to be any path that a vehicle might take from Hotel Island to Palace Island, subject to the “no directional transition twice” restriction. The next page enumerates all permissible paths; there are six. For clarity, we abbreviate each island name to its first letter and give paths the names . Throughout this subsection, we consider only these six paths, each of which starts at Hotel Island and ends at Palace Island.
[TABLE]
Figure 2 describes the islands and bridges of Figure 1 as a directed graph, and the six permissible paths as a relation. The relation has a row for each permissible path and a column for each directed edge in the graph, that is, for each directional transition across a bridge. Since a permissible path may traverse any bridge direction at most once, each permissible path defines a set of directed edges, modeling all directional bridge transitions in the path. The relation therefore contains a nonblank entry for a given path and a given directed edge if and only if path includes transition .
Identifying Paths from Transitions at Execution Time
Suppose an observer is watching a bus drive from the Hotel Island to the Palace Island. At what point during the trip can the observer identify uniquely the specific path followed by the bus, assuming the bus is traversing one of the permissible paths , or ?
- •
Certainly, once the bus arrives at its destination, Palace Island, the observer can identify the path uniquely, since at that point the observer knows that he/she has seen the entire path.
- •
The observer cannot identify any path uniquely after observing only the first bridge transition. For instance, after observing transition , the possible paths consistent with this observation are , , and . Similarly, after observing transition , the possible paths consistent with the observation are , , and .
- •
Consider paths and path , each of which consists of two transitions. By the previous point, the observer must see the entire path in order to identify either of these paths uniquely.
- •
The first two transitions of paths and are the same, namely and . Consequently, upon observing these transitions, the observer cannot identify a path uniquely; the path could be either or . Path consists of three transitions. Thus, if the actual path is , the observer must see the entire path before identifying the path as . A similar argument holds for path .
- •
Paths and contain four transitions. For each of these two paths, the observer only needs to see the first three transitions in order to identify the path; no other permissible path shares those same three transitions with the path being observed.
In summary: Paths , , , and can only be identified uniquely after seeing all their transitions, assuming one observes transitions in consecutive order. Paths and can be identified uniquely after seeing the first three of their four transitions, again assuming one observes transitions in consecutive order.
Identifying Paths from Transitions in Arbitrary Order
Previously we assumed that the observer was observing consecutive motions of a bus. Suppose now that the observer merely learns of particular transitions made by the bus, *without * any explicit ordering in time. For instance, perhaps the observer is listening to stories told by tourists on the bus after their trip, from which the observer attempts to reconstruct the path taken. Or perhaps the observations are coming from many trips taken over the course of several days by a bus following a particular fixed bus route each day. Or perhaps the observer overhears the bus driver commenting on particular bridges he will encounter on his next trip, from which the observer is trying to predict the path yet to be taken.
We now ask: What *set * of transitions allows an observer to identify a path uniquely?
- •
Recall that path consists of the set of transitions . Previously, when observing transitions in consecutive order, seeing both these transitions identified path uniquely. That is no longer true when transitions may be observed nonconsecutively. The reason is that path contains these same transitions, plus others. In fact, it is no longer possible to identify path uniquely. Similarly, it is no longer possible to identify path uniquely.
- •
If the observer learns that a path contains the transitions and , then the observer can infer that the path must also contain the transition and must in fact be path . Whereas previously an observer needed to see the entire path in order to identify it uniquely, now a pair of nonconsecutive transitions identifies the path. In effect, continuity of paths allows the observer to infer an unobserved transition. A similar argument holds for path . Of course, if a story teller wishes to draw out identification of the path, he/she might simply talk about the sights seen during the bus ride in consecutive order, thus preventing such a leap of inference.
- •
If the observer learns that a path contains the transitions and , then the observer can actually infer two unobserved transitions, namely and , thereby concluding that the path is . A similar inference is possible for path . The observer is in effect taking advantage both of path continuity and knowledge of the path’s destination. Again, a story teller could draw out identification of path slightly by reporting transitions in consecutive order.
Figure 3 encodes these conclusions geometrically, using simplicial complexes [11, 13, 6]. As in the relation of Figure 2, we now view each path as a set of directed edges. These sets constitute the generating simplices of the left simplicial complex shown in Figure 3. The vertices in this complex are the directed edges of the graph of Figure 2. Path generates a one-dimensional simplex (edge) in the complex. This simplex is a subset of the three-dimensional simplex (tetrahedron) generated by path , modeling the earlier conclusion that one cannot identify path uniquely when observing transitions in arbitrary order. Observe that the set is a free face***Simplicial complexes in this report are abstract, i.e., collections of sets and all their subsets. A simplex is a *free face * of an abstract simplicial complex if it is a proper subset of exactly one maximal simplex in the complex. in the complex and is not itself a path. This geometry models the inference and identification of path discussed previously. Similarly, the set forms a free face in the complex, modeling the inferences and identification of path discussed above. (The set is an undrawn “diagonal” of the tetrahedron labeled .)
The right simplicial complex of Figure 3 contains the same information as the left complex, but in dual form. The duality is with respect to the relation of Figure 2. (Details of such “Dowker duality” are discussed further in [6].)
The vertices in the right complex are the permissible paths of the graph of Figure 2. The generating simplices of the complex are given by the columns of the relation of Figure 2. In other words, each generating simplex consists of all the paths that share a given directed edge. Thus the right complex tells us how to interpret observations of transitions as intersections of generating simplices. For instance, if we know that a path contains the transitions and , then we can intersect the triangle labeled with and the triangle labeled with to see that the possible paths are and . (This geometric intersection is exactly the intersection of the two columns indexed by and in the relation of Figure 2.)
Considering such intersections, our earlier observations plus some others are immediate:
- •
and are not uniquely identifiable.
- •
Observing and identifies path .
- •
Observing and identifies path .
- •
Observing and identifies path (as does observing and ).
- •
Observing and identifies path (as does observing and ).
(These are the smallest sets of identifying observations for each path; there exist larger sets of observations as well.)
1.2 Strategies and Underlying Capabilities
Figure 4 shows a river with two islands, a fishing area upstream of the islands, and a marina downstream from the islands. The two islands create three passages within the river that boats may traverse, either upstream or downstream, as they move between the fishing area and the marina. The three passages produce currents of different strengths. One of these currents is so strong that only boats with powerful motors are able to traverse the current going upstream. Fish in the fishing area like to gather near the start of that strong current. Consequently, boats with powerful motors have an advantage reaching nice fish over boats with weaker motors. On the other hand, revealing that one has a powerful motor leads to envy and other competitions. As a result, skippers tend to underplay the power of their motors.
We will examine the possible strategies for reaching the fishing area (along with strategies for reaching the marina). We will further examine the extent to which someone can reveal portions of a strategy without revealing the entire strategy. Conversely, we will examine the extent to which an observer can infer that a boat has a powerful motor even when the observer never sees the boat traversing upstream over the strong current.
Figure 5 describes the river setting of Figure 4 using a directed graph, much as we did in the earlier example of Section 1.1. We will be interested primarily in the transitions upstream and downstream through the passages beside the islands, so we give those directed edges explicit names: , , , , , , as shown in the right panel of the figure.
In the example of Section 1.1, we focused on paths. In the current example, we adopt a slightly different perspective. We are interested in a generalization of what is frequently called a control law, namely a mapping from states to commanded motions. The generalization is that of a strategy, to be reviewed in Section 2.1. A strategy is a mapping from states to *sets * of possible motions, in this case sets of directed edges. The semantics are as follows: When a boat is at a particular location, a strategy specifies a set of directed edges leading from that location to some neighboring locations. The boat must move along some one of those directions, with the particular direction determined possibly by circumstance rather than chosen by the skipper. (The strategy specifies a set since sometimes the precise direction is not so important as is a general direction. For instance, a boat with a powerful motor that is currently at the marina might be instructed to move toward any of the three passages in the river. A corresponding strategy would therefore include the set of transitions .) If the set specified for a particular location is empty, then the boat must stop if it is at that location.
In the example of Section 1.1, we prevented infinite cycling by disallowing any path that traversed any directed edge more than once. With strategies, it is more natural to disallow any strategy whose motion sets might cause the system to revisit a state.
There is a well-developed theory for strategies in graphs with directed edges [1, 8, 9] as well as in graphs with nondeterministic and/or stochastic transitions [4, 5]. One can model the collection of all strategies as a simplicial complex, similar to the constructions of Section 1.1. In a directed graph, a strategy is a set of directed edges that produces no cycle(s) in the graph. A graph’s strategies constitute the simplices of a simplicial complex whose underlying vertex set consists of the graph’s directed edges. For a strongly connected directed graph, this simplicial complex has the homotopy type of a sphere, namely , with the number of states in the graph [8]. For the graph of Figure 5, the simplicial complex is therefore homotopic to .
Since a sphere has homology, our prior work on privacy [6] offers some lower bounds on how long a skipper may delay identification of a strategy or a boat’s final destination, relative to all possible strategies in the graph of Figure 5. However, rather than explore the entire space of strategies, we will focus in this example on some simpler scenarios.
Strategies for Attaining the Fishing Area
For the moment, let us consider only all maximal strategies that ultimately attain the fishing area from anywhere in the graph. (By a *maximal strategy * we mean here a cycle-free set of directed edges in the graph of Figure 5 that is maximal among all such sets.)
- •
Here is one such strategy, consisting of all possible upstream motions in the graph of Figure 5:
[TABLE]
(This strategy contains the three upstream transitions , , and , with .)
- •
The strategy only makes sense for a boat with a powerful enough motor to traverse the strong current of Figure 4. A boat without such a powerful motor might instead use the following strategy:
[TABLE]
(This strategy contains downstream transition and upstream transitions and .)
Strategy is very similar to strategy , but in place of the upstream transitions and , the strategy contains the downstream transitions and . As a result, if necessary, the boat will first return to the marina via the leftmost passage of Figure 4, then move up to the fishing area via either of the other two passages.
Permissible Strategies:
Strategy specifies two transitions at state #4, namely and . A boat moving under strategy may therefore reach the fishing area from state #4 either by moving directly to the fishing area or by moving first downstream to the marina then upstream via one of the other passages. Intuitively, this bifurcation arises because there are two arcs between any two points on a circle. Some maximal strategy must contain both.
While generally useful, motion multiplicity may merely add bookkeeping clutter, so we restrict it: To start, we define a *permissible strategy * to be a maximal strategy that (i) attains the fishing area from anywhere in the graph and (ii) specifies a unique motion at each state in the set . We also stipulate that whenever a strategy specifies a passage transition and some other motion at a boat’s current location, then the boat will move through the passage.
We may now model permissible strategies via the relation of Figure 6. The relation contains a row for each permissible strategy and a column for each passage transition. An entry in the relation is nonblank if and only if the given strategy contains the given transition. Every maximal strategy in the graph of Figure 5 must contain exactly one transition from each of the three sets , . Furthermore, among the *permissible * strategies, each strategy is uniquely characterized by the three passage transitions it contains. (Of course, it is impossible for a permissible strategy to contain all three downstream transitions , , , since then the strategy would not be guaranteed to attain the fishing area from the marina.) Figure 6 further depicts a simplicial complex generated by the strategies of the relation. The underlying vertex set of this complex is , comprising the six passage transitions in the river.
Each of the free faces in the complex of Figure 6 consists of a pair of downstream transitions, e.g., , suggesting inference of an upstream transition, e.g., . Indeed, if an observer learns that a permissible strategy specifies downstream motion through two passages, then the observer can infer that the strategy must specify an upstream motion through the remaining passage (since the fishing area is given as destination). Consequently, observing two downstream transitions in a permissible strategy identifies the strategy uniquely. There are no other free faces in the complex. Consequently, observing any other proper subset of a permissible strategy’s passage transitions does not identify that strategy uniquely.
Comment:
On a given fishing expedition, an observer may only see a boat move through a single passage, but over the course of several days the observer may see the boat take different routes. Or perhaps a crewmember speaks of the transitions specified by a strategy. Assuming the skipper’s strategy is constant, the observer may be able to eventually infer the overall permissible strategy, much like an observer could infer a bus route in Section 1.1, after observing different bridge crossings on different days or by listening to tourist stories.
Inferring Motor Strength:
How might an observer of a boat’s transitions infer that the boat has a strong motor? Directly observing the upstream transition is one way, of course. Additionally, if the observer learns that a strategy specifies downstream transitions and *and * if the observer knows that these are part of a strategy to reach the fishing area, then the observer can infer that the strategy must contain the upstream transition , implying that the boat has a powerful motor. (We assume that each boat only follows strategies it can execute.)
Four of the permissible strategies in Figure 6, namely , , , and , presuppose a powerful motor. If a skipper is following one of the strategies , , or , then the skipper can carefully reveal up to two different passage transitions while still hiding the motor’s power. In contrast, for strategy , the skipper can reveal at most one passage transition; revealing a second transition necessarily exposes or implies the motor’s power.
Strategies for Attaining the Fishing Area and Strategies
for Attaining the Marina
Let us augment our collection of permissible strategies, in order to model boat excursions that are *either * outbound to the fishing area *or * returning to the marina. We now permit any maximal strategy for attaining the fishing area that specifies a unique motion at each state in the set , plus any maximal strategy for attaining the marina that specifies a unique motion at each state in the set . (We retain the stipulation regarding passage transitions.)
Focusing on the subcollection of strategies for attaining the marina, we may again construct a simplicial complex whose underlying vertex set is , much as in Figure 6, now with the upstream and downstream transitions interchanged. We thus have two simplicial complexes, one for the fishing-attaining strategies, the other for the marina-attaining strategies. We wish to combine these complexes. In order to not confuse simplices, we conify each complex with a vertex identifying the complex. We then glue the resulting two complexes together at common boundary locations. The final simplicial complex thus obtained is homotopic to .
In order to visualize this construction more easily, let us simplify the problem, by removing one of the islands, as in Figure 7. Now there are only two passages, one with a strong current requiring a powerful motor for the upstream direction, the other with a mild current, traversable by all boats in both directions. (The new graph’s state and transition names are consistent with those of Figure 5. State #0 is the marina and state #7 is the fishing area.)
There are now three permissible strategies that attain the fishing area from anywhere in the graph. We name them , , and . Similarly, there are three permissible strategies that attain the marina from anywhere in the graph. We name them , , and . Figure 8 describes these six strategies via a relation. Strategy names index the rows of the relation. The upstream and downstream transitions, , , , and , plus two additional attributes, and , index the columns of the relation. Previously, when we were considering only permissible strategies for attaining the fishing area, the component upstream and downstream transitions of that strategy fully determined the strategy (given that the strategy was permissible). Now, knowing a strategy’s upstream and downstream transitions *may not * fully determine the strategy. However, each permissible strategy in the set is fully determined by its upstream and downstream transitions and by its destination. The attributes and model this destination. Attribute means a strategy’s destination is the fishing area and attribute means the strategy’s destination is the marina. For each permissible strategy, the relation lists the strategy’s upstream and downstream transitions along with its destination.
Comment:
One may readily observe a boat traversing a passage, but what does it mean to observe attribute or ? One possibility is that a skipper announces a boat’s destination. Another possibility is that the “observation” of or is actually an inference made from other observations. For instance, if an observer learns that the skipper has made preparations for both transitions and , then the observer may conclude that the boat’s destination is the fishing area. Or perhaps someone observes a boat departing the marina, for instance by making the transition . Then the observer knows that the boat’s destination cannot be the marina, and so has “observed ” (assuming the strategy being observed is permissible).
We will now construct a simplicial complex to represent the relation of Figure 8, much as we constructed the complex in Figure 6. Let us proceed in steps. First, we construct a simplicial complex representing the permissible strategies for attaining the fishing area and a separate simplicial complex representing the permissible strategies for attaining the marina. In both cases, we let the underlying vertex set be . See Figure 9. Observe that attribute is a cone apex for the complex generated by the fishing-attaining strategies, while attribute is a cone apex for the complex generated by the marina-attaining strategies.†††A cone apex for a finite simplicial complex is a vertex contained in every maximal simplex of the complex. Finally, we glue these two simplicial complexes together along shared simplices, obtaining the complex of Figure 10. The homotopy type of this complex is , suggesting some ability to delay identification of strategies [6]. Observe in particular that every upstream or downstream transition appears in three permissible strategies.
Considering the free and nonfree faces of the simplicial complex in Figure 10, or directly from the relation of Figure 8, we may make the following inferences:
- •
Observing upstream transitions and in a boat’s strategy implies attribute . In other words, one may infer that the boat’s destination is the fishing area and that the encompassing permissible strategy is . This inference reflects the physical reality that a boat cannot have the marina as destination if its strategy always entails moving upstream, via the two passages on both sides of the island.
- •
Similarly, observation of and implies and identifies strategy .
- •
Observing an upstream transition in one passage and a downstream transition in the other passage (without knowing which occurred first) leaves the boat’s destination ambiguous. This ambiguity reflects the physical reality that the boat could have rounded either the upstream end or the downstream end of the island.
- •
Knowing the boat’s destination and observing a passage transition *away * from that destination implies the other passage transition and thus the overall permissible strategy. For instance, knowing that the boat is heading to the fishing area () and observing the boat move downstream along the strong current () means the boat’s strategy must also specify a motion upstream over the mild current (). The geometry of the river forces this implication and thus identifies the strategy (assuming strategies are permissible).
- •
Knowing the boat’s destination and observing a passage transition *toward * that destination leaves open the directionality of the transition through the other passage. For instance, knowing that the boat is heading to the marina () and observing the boat move downstream along the mild current () does not nail down whether the strategy specifies an upstream or a downstream transition through the passage with the strong current. There remains an ambiguity as to whether the encompassing permissible strategy is or .
Deception and Detection
Skippers of boats with motors capable of moving upstream over the strong current tend to hide their strength for when it is really needed, such as a competition to snag nice fish at the head of the strong current. They may hide their strength either by never exercising it or by moving upstream over the strong current only under cover of fog or darkness.
Let us suppose that this deception is so pervasive that, for all intents and purposes, the upstream transition is *never * observable. Two questions emerge:
How does the unobservability of change the relation of Figure 8 and the complex of Figure 10? 2. 2.
How can one distinguish between a boat that is truly incapable of moving upstream over the strong current and a boat whose skipper is merely hiding that capability?
An initial answer to question #2 is that one cannot distinguish the two types of boats *if * the powerful boat *always * acts like the weaker boat. However, if the powerful boat does sometimes exercise its capabilities, then other observations *may * imply the boat’s power.
Figure 11 answers question #1. The relation one obtains when is unobservable is the same as the original relation of Figure 8, except that the column indexed by the upstream transition disappears. The resulting simplicial complex is now the deletion , with the complex of Figure 10. (Formally, . In other words, the resulting complex contains all simplices of the original complex except those that included .)
In the new complex, some strategies that appeared as triangles originally now appear as edges. These are the strategies , , and , namely all strategies that include the now unobservable upstream transition .
The observable portions of two of those strategies, namely and , are subsets of other strategies. For instance, the observable portion of is a subset of strategy . This means: If one observes the upstream transition and if one knows that the boat’s destination is the fishing area (attribute ), then there remains an ambiguity regarding the strategy’s specified transition over the strong current; it could be either upstream (as in ) or downstream (as in ). Consequently, if a skipper with a powerful motor always follows strategy , but traverses the strong current only during fog and the mild current during clear weather, then no one will know of the boat’s power. (This assumes that the traversal times are unmeasured or constant, e.g., the skipper avoids traversing the mild current excessively quickly with the strong motor.)
In contrast, strategy generates a maximal simplex even in the new complex and is thus uniquely identifiable from its observable attributes. This means: If one observes the downstream transition but knows that the overall destination of the boat is the fishing area (attribute ), then one can conclude that the strategy must be and that the boat will traverse the strong current upstream. In other words, even though is unobservable, one can infer its existence and conclude that the boat has a powerful motor.
It is instructive to construct the strategy relation and attendant simplicial complex for a boat that truly is incapable of traversing the strong current upstream. These appear in Figure 12. Not only does the transition now disappear, but so do all strategies that relied on that transition. (Again, we assume that the boat only follows strategies which it is capable of executing.)
The space of strategies is much smaller now. The resulting simplicial complex looks similar to that in which was merely unobservable, but there is a key difference: The simplex is gone. (In fact, all three strategies that once contained are now gone, but only one of those, namely , formed a maximal simplex previously in the complex of Figure 11.) The new complex tells us that it is *inconsistent * for a boat with a weak motor to announce its destination as the fishing area (attribute ) but to traverse the mild current downstream (attribute ).
Report [6] described how inconsistent observations sometimes suggest or identify unmodeled properties. Here, observing the inconsistency might suggest that the actual strategies for the boat being observed are not those of Figure 12 but those of Figure 11.
We may therefore interpret the difference between the two relations and complexes of Figures 11 and 12 as follows:
- •
The relations and complexes tell an *actor * what behavior to avoid, in order to *be successful * at deception.
- •
The relations and complexes tell an *observer * how to *look for * inconsistencies in behavior, in order to *detect * deception.
Inferences, Free Faces, Geometry
The simplicial complex of Figure 12 is a cone with apex . This geometry arises because *every * permissible strategy in the relation of that figure contains the downstream transition . Said differently, if a boat is incapable of moving upstream through the passage with the strong current, then there is no choice but to include the downstream transition in every permissible strategy for that boat. (Recall that a permissible strategy consists of a *maximal * set of motions that a boat *might * make to attain its destination without cycling.) One can thus infer the transition “for free”, i.e., without observing or learning of the motion directly, assuming one knows that the boat has a weak motor.
Let us therefore remove vertex from the complex of Figure 12 to obtain the following:
This simplified complex highlights some inferences that are possible when observing boats known to have weak motors (as usual, we also assume that the strategies under consideration are permissible strategies and that each boat only follows strategies it can execute):
- •
: If one knows that a boat is heading to the fishing area, then one can infer that the boat must move upstream when traversing the mild current.
- •
: If one observes a boat moving downstream over the mild current, then the boat must be heading to the marina.
These conclusions reflect the geometry of the fishing area and marina relative to the passages. Said differently, the geometry of the simplicial complex models the geometry of the river in such a way that one can draw conclusions about boat motions from the free faces in the complex. We saw this property as well when modeling paths in the example of Section 1.1.
1.3 Hidden State
The examples and discussion of this introduction have assumed that the underlying state is known to the observer. For example, the analysis of Section 1.2 assumed a state space defined by the river geometry, along with strategies whose motions were not allowed to revisit states.
In reality, a skipper might have additional hidden state. The restriction on revisiting states would then apply to the composite of observable and hidden states but not necessarily to the observable states alone. For instance, a skipper might be willing to revisit some parts of the river once or twice, relative to some hidden internal counter (perhaps fuel consumption). A skipper could then selectively hide some motions and reveal other motions, in order to bluff the capability of a strong motor. (An observer unaware of the skipper’s hidden state might infer from observations even though the boat only has a weak motor and has made surreptitious cyclic motions not involving in order to give the appearance of a strong motor.)
One possible approach for dealing with such hidden state is to construct many possible models of that state, then hope to observe inconsistencies in behavior to rule out or imply some of these models. We leave such higher-order deception and detection for future work.
2 Review of Prior Work and Notation
This section briefly reviews key concepts and notation regarding strategy complexes and relations. Detailed discussions of strategies and strategy complexes appear in [4, 5]. The connection of strategies to relations appears in [6]. Background material on topology may be found in [11, 13], on posets in [15], and on privacy in [14, 2, 12, 3].
Assumption: All graphs, relations, and simplicial complexes in this report are finite.
2.1 Graphs and Strategies
This subsection reviews material on strategies, taken fairly directly from [5], with some descriptions verbatim.
Nondeterministic and Stochastic Graphs:
We are interested in finite graphs, viewed as state spaces with errorful transitions. We model any such graph as a pair , consisting of a finite set of *states * and a finite collection of *actions * . Each action consists of a *source * state and a nonempty set of targets, with and .
If consists of a single state , we say that the action is deterministic. We may write a deterministic action as , just like a directed edge in a directed graph. If contains more than one state, there are two possibilities: The action is either *nondeterministic * or stochastic. We discuss each of these possibilities next. We may also regard a deterministic action as a special instance of a nondeterministic action and/or as a special instance of a stochastic action.
We write a nondeterministic action as . The semantics of such an action are as follows: Action may be executed whenever the system is at state . When action is executed, the system moves from state to one of the target states in . If , then the precise target attained is not predictable in advance, but is known after execution completes. Different execution instances of action could attain different target states within . An adversary might be choosing the target attained.
We write a stochastic action as , with a strictly positive probability distribution , such that . The semantics of a stochastic action are very similar to those of a nondeterministic action, except that the target state attained at execution time is now determined stochastically, according to the probability distribution , rather than nondeterministically. Different execution instances of action are assumed to be independent of each other.
We say that a graph is a pure nondeterministic graph if all the actions in are either deterministic or nondeterministic. We say that a graph is a *pure stochastic * graph if all the actions in are either deterministic or stochastic. This report is primarily interested in such pure graphs. However, see [5] for a discussion of graphs with a mix of deterministic, nondeterministic, and stochastic actions. See also Section 6.
Suppose action has source and targets . We refer to each possible transition , with , as an action edge (of action ).
Comment: We permit multiple actions to be distinct yet have the same source and the same target set (and the same probability distribution if the actions are stochastic). Such duplication flexibility is useful, for instance when forming quotient graphs (see page 2.1).
Strategies and Strategy Complexes:
We next define strategies and strategy complexes via a series of intermediate concepts. Intuitively, a strategy is a generalization of a control law, now viewed as a mapping from states to sets of actions.
Let be a graph as on page 2.1, and suppose . We view as a generalized control law as follows: Suppose the system is currently at state . The set may contain zero, one, or several actions with source . The system stops moving precisely when contains no action with source . Otherwise, the system must execute some action with source . If there are several such actions, any one of the actions might execute, determined nondeterministically. (Worst-case, an adversary might make the choice. In Section 1.2, perhaps sometimes a boat’s skipper could.) Upon execution of action , the system finds itself at one of the targets of action . The process then repeats, with the system’s new current state.
We are interested in only those control laws that eventually stop at some state or states. Intuitively, for pure nondeterministic graphs, this means that executing any of the actions contained in will never cause the system to cycle (i.e., revisit a previously encountered state). For pure stochastic graphs, it means that no subset of the actions contained in forms a recurrent Markov chain. We model these requirements with the following definitions, again taken fairly directly from [5]:
Let be a graph as on page 2.1.
- •
With , let denote the source of action . When , define ’s *source set * as the set of all the individual actions’ sources: .
- •
With , let denote the set of targets of action .
- •
Let and . We say that action moves off (in ) if and one (or both) of the following is true: (i) action is nondeterministic with all of its targets in , or (ii) action is stochastic with at least one of its targets in . (The two requirements are identical when is deterministic.)
- •
Let . We say *contains a circuit * if, for some nonempty subset of , no action of moves off . We say *converges * or *is convergent * if does not contain a circuit. Comment: If is convergent and , then necessarily .
- •
If , then the strategy complex of is the simplicial complex whose underlying vertex set is and whose simplices are all the convergent subsets of . Every simplex of is called a strategy. The empty simplex is one such strategy, modeling no motion. It appears in whenever . If , then one would let be the void complex, containing no simplices. (This report will always require .)
- •
If is a strategy in , then is called the *goal * or *goal set * of . The goal set consists of all states in the graph at which does not specify a motion. We may say that *converges to * . If the goal set is a singleton , we may refer directly to state as ’s goal.
- •
Suppose . We say that is *fully controllable * if every nonempty subset of is the goal set of some strategy in . Observe that is fully controllable if and only if every singleton state is the goal set of at least one *maximal * strategy (simplex) in .
- •
Topologically, is fully controllable if and only if is homotopic to the sphere , with . See [4, 5].
We will soon model strategy complexes via relations. The maximal simplices of a strategy complex will index the rows of the relation and the graph’s actions will index the columns. Of interest will be how to reveal the constituent actions of a maximal strategy in such a way as to delay identification of the strategy for as long as possible.
We end this subsection with two definitions that will be useful later in the report:
Subgraphs:
Suppose is a graph as on page 2.1. By a subgraph of we mean a graph in its own right such that and .
Quotient graphs:
Suppose is a graph as on page 2.1 and suppose .
We define the *quotient graph * as follows:
- •
The state space is .
Here is a new state. It represents the set of states all identified to one state.‡‡‡In this report, identify typically means determine identity of, but sometimes, as here, it means *treat as same *.
- •
The actions are in one-to-one correspondence with the actions , but source and target states of actions in are relabeled to match the new state space. Specifically, any source or target in remains unchanged, while any source or target in becomes .
The relabeling of targets may identify some or all of the targets of an action . For a stochastic action of the form , with , one therefore sums the transition probabilities of the targets in in order to determine the transition probability to state of the relabeled action .
Comment: “one-to-one correspondence” means that distinct actions of remain distinct in even if their sources become the same and their target sets become the same (and even if their probability distributions become the same, in the stochastic case).
The following facts are easy to establish:
A convergent set of actions in may contain a circuit once one views the actions in . (In particular, individual actions may become nonconvergent.) However, the set of actions remains convergent if its source set does not overlap . 2. 2.
Any convergent set of actions in will remain convergent if one views the actions back in their original form in . 3. 3.
If is fully controllable, then so is .
Generalization:
Suppose are nonempty pairwise disjoint subsets of , with . Let be new and distinct states. The definition of quotient graph given above generalizes to this setting: For each , we identify all states of that lie in to the single state . We denote the resulting quotient graph by .
2.2 Relations and Dowker Complexes
This subsection reviews material on relations, taken fairly directly from [6], with some descriptions verbatim.
Let and be nonempty finite discrete spaces. A relation on is a set of ordered pairs constituting a subset of the cross product . We frequently view as a matrix of blank and nonblank entries, with indexing rows and indexing columns. We often refer to elements of as individuals and to elements of as attributes.
For each , we let be the set of attributes that individual has. Formally, . We may view as the row of indexed by (or more precisely, as all the attributes with nonblank entries in the row indexed by ). Similarly, for each , we let be the set of individuals who have attribute , that is, . We may view as the column of indexed by (or more precisely, as all the individuals with nonblank entries in the column indexed by ).
Given a relation , we define two simplicial complexes, and , as follows:
is called the Dowker attribute complex. It has underlying vertex set and is generated by the rows of . is called the Dowker association complex. It has underlying vertex set and is generated by the columns of . Thus:
[TABLE]
(The symbol <$$\sigma$$> means the simplicial complex generated by , that is, the collection of all subsets of , including the empty simplex and itself.)
We define two interpretation maps, and , as follows:
[TABLE]
Thus consists of all attributes shared by at least all the individuals in , while consists of all individuals who each have at least all the attributes in .
Observe that and .
One may regard both as an interpretation map as well as a test for membership in the Dowker complex . Specifically, for all , if and only if . Moreover, if , then .
Similarly, for all , if and only if . And whenever .
We say that individual is identifiable via whenever . In other words, an individual is identifiable when no other individual’s attributes include all of ’s attributes.
The following facts are useful to remember [6]:
Each of and is inclusion-reversing. 2. 2.
For all , . Similarly for . 3. 3.
If is a maximal simplex of , then . Similarly for . 4. 4.
Each of the compositions and is idempotent. 5. 5.
. Similarly with the roles of and interchanged.
The maps and define homotopy equivalences between the two Dowker complexes [6]. In particular, the compositions and are homotopy equivalent to the identity maps on their respective simplicial complexes. These equivalences allow one to construct a poset whose elements may be viewed as pairs of sets satisfying and . This poset has an encompassing lattice structure and is amenable to topological analysis: When the poset has high-dimensional homology, one can be assured that it contains long chains. We will not need the details of that poset construction in this report. Instead, we jump directly to one additional definition that we will need:
Informative Attribute Release Sequences:
An informative attribute release sequence (for relation ), abbreviated as iars, is a nonempty set of attributes in released in a particular sequential order
[TABLE]
satisfying
[TABLE]
In order to understand this last condition, recall from [6] that , with , is the set of all attributes inferable from . For instance, one may have directly observed attributes for some unknown individual known to be modeled by relation . Then the set of attributes is inferable without direct observation. Thus the condition above requires that no attribute in the sequence be inferable from the attributes released before . In particular, must not be inferable “for free”, i.e., without observation. (The cone apex of the complex in Figure 12 on page 12 was inferable for free and thus would never appear in an informative attribute release sequence for the relation in that figure.)
Comment: An informative attribute release sequence might not form a simplex in , but any proper prefix of the sequence will. It may at first seem counterintuitive to have a nonsimplex be informative, but the inconsistency one obtains with the last attribute released may provide information in some relation containing , as discussed in [6].
Of interest in some privacy settings is how long one can delay identifying an individual while revealing information: Given an individual , how large can one make in defining an informative attribute release sequence for which ? Topology offers lower bounds [6]. In this report, we will consider that question with strategies in place of individuals and actions in place of attributes. We will argue from first principles.
Relations from Complexes:
Suppose is a nonvoid simplicial complex with underlying vertex set . We can define a relation on , with the maximal simplices of :
[TABLE]
One readily sees that . (See footnote §§§Void vs. Empty: The void complex is the simplicial complex , containing no simplices. In contrast, the empty complex is the simplicial complex , containing a single simplex, namely the empty simplex . One may construct from the empty complex, assuming . In that case, , , and . for a side comment.)
Observe that every maximal simplex of , i.e., every , is identifiable via relation .
Action Relations:
Suppose is a graph as on page 2.1, now with both and . We may substitute for in the previous construction to obtain a relation on , with the maximal simplices of . We refer to such a relation as an action relation, or more specifically, as graph ’s action relation. In an action relation, maximal strategies¶¶¶The term *maximal strategy (in or ) * is synonymous with maximal simplex (in ). play the role of individuals while actions play the role of attributes. The strategy relations of Section 1.2 were of this form, though there we were only considering subcomplexes of the full strategy complex.
In this context, informative *attribute * release sequences become informative *action * release sequences. We may thus ask the question:
How many actions can one reveal informatively before one has identified a maximal strategy?
Caution:
The order via which actions are revealed in an informative action release sequence need not correspond to the order in which actions might be executed at runtime.
Terminology:
Let be a graph as on page 2.1. We will make statements of the form “maximal strategy in contains informative action release sequence ”. This statement means that the following three conditions hold:
- (a)
is a maximal simplex in .
- (b)
.
- (c)
is an informative attribute release sequence for ’s action relation.
In particular, the order of the actions is significant. If we view the same set of actions in a different order we obtain a different sequence. Consequently, a statement of the form “ contains different informative action release sequences” has meaning even when . (Caution: A permutation of an informative attribute release sequence need not itself be an informative attribute release sequence. See page 2.4.2.)
2.3 Minimal Nonfaces
Suppose is a simplicial complex with underlying vertex set . A minimal nonface of (or in) is a subset of that is not itself a simplex in but all of whose proper subsets are simplices in .
If we arrange the vertices of a minimal nonface in any order, we obtain an informative attribute release sequence. That fact is the content of our first lemma:
Lemma 1** (Minimal Nonfaces as Informative Attribute Release Sequences).**
Let be a relation on , with both and nonempty. Suppose is a minimal nonface of . Then any ordering of the attributes in is an informative attribute release sequence for .
Proof.
Suppose the lemma fails for some minimal nonface of . Necessarily, . Let . Then, for some ordering of the attributes in , must be implied by (if , this means is inferable “for free”). Since is a minimal nonface of , is a simplex in . Thus . By supposition, . Consequently, , contradicting the assumption that is a nonface of . ∎
Suppose all individuals in a relation are identifiable. Then all rows of are distinct and each row forms a maximal simplex in the attribute complex . Suppose an observer has observed attributes for some unknown individual known to be modeled by relation . Even if is a proper subset of , it is possible that identifies , meaning . In that case, is the only maximal simplex containing . Conversely, if the observed attributes do not identify individual , then must be contained in some maximal simplex besides . Thus there exists an attribute that is not one of ’s attributes but that is consistent with all the observed attributes of , meaning . The following lemma characterizes this situation more generally for a simplicial complex, in terms of minimal nonfaces.
Lemma 2** (Minimal Nonfaces between a Maximal Simplex and a Separate Vertex).**
Suppose is a simplicial complex with underlying vertex set . Let be a maximal simplex of and let such that . Define
[TABLE]
Suppose . Let .
Then if and only if for every .
Comments: (i) , since is a maximal simplex in and . (ii) If , then consists solely of and , no matter what is. Indeed, no can be in . (iii) If , then cannot be the empty simplex. Every now contains at least two vertices, namely and some element of . Therefore the lemma’s assertion for is clear. (iv) More generally, the lemma says: Even though vertex cannot enlarge simplex , it may be able to enlarge a face of . Such enlargement is possible precisely when the enlarged set contains no minimal nonfaces of the type described by .
Proof.
Suppose . If for some , , then would contain as a minimal nonface, a contradiction. Now suppose . Then must contain some minimal nonface, necessarily a set in since . Thus . ∎
Minimal Nonfaces in a Strategy Complex:
Specializing to minimal nonfaces of a strategy complex yields additional results, as discussed below.
Lemma 3** (Minimal Nonfaces in Strategy Complexes).**
Let be a graph as on page 2.1, with . Suppose is a minimal nonface of . Then the actions in all have distinct sources and no action in moves off in .
Proof.
Let . Since , .
Write . For each , define , that is, remove one action from . Then , for . Thus, for every , some action in must move off . On the other hand, , so for some , no action in moves off . Consequently , establishing the second assertion of the lemma.
The first assertion is trivial if , so assume and suppose . Then . Some action in moves off . That contradicts the previous paragraph, thereby establishing the first assertion of the lemma. ∎
Interpreting Minimal Nonfaces in Strategy Complexes:
Let us examine the meaning of minimal nonfaces for the two types of pure graphs discussed in this report. Assume the notation of Lemma 3 and its proof.
- •
Suppose is a pure nondeterministic graph. Inductively, Lemma 3 produces a cycle of actions , …, , such that , for (here indices wrap around, so that again means ). Moreover, for each action , exactly one of the action’s targets lies in ; any additional targets lie outside . (Otherwise, one could create a shorter cycle and thus a proper subset of would be a nonface of .)
- •
Suppose is a pure stochastic graph. In the definition of “moves off” from page • ‣ 2.1, the quantification over targets is different for stochastic actions than for nondeterministic actions. Consequently, Lemma 3 now implies that *all * targets of every action in must lie within . One may therefore create a subgraph of defined by . One sees that is also a minimal nonface in , that is the boundary complex∥∥∥The boundary complex on the set (with finite) is the simplicial complex whose underlying vertex set is and whose simplices are all the proper subsets of . on the set , and that is a fully controllable pure stochastic graph. In fact, defines an irreducible Markov chain [7, 10, 5].
2.4 Sample Graphs, Relations, and Informative Action Release Sequences
This subsection provides examples of graphs, action relations, and strategy complexes, along with discussion of the extent to which strategy or goal identification may be delayed. (Actions here are deterministic or nondeterministic. Stochastic actions appear in Sections 5 and 6.)
2.4.1 A Directed Cycle Graph
As a first example, consider the directed graph in the left panel of Figure 14. The graph contains four states and four directed edges. (The directed edges represent deterministic actions.) These edges form a directed cycle. Any proper subset of the four directed edges does not form a cycle. Consequently, any set of three directed edges forms a strategy, in fact a maximal strategy, that converges to one of the states in the graph, from any other state in the graph. For instance, the strategy , consisting of the set of directed edges, converges to state #4, for any initial starting state of the system.
Comment: Any subset of a maximal strategy is also a strategy, since it too will be acyclic. For instance, the set of directed edges is a strategy that stops at either state #2 or state #3. (The precise stopping point depends on the starting point during a particular execution of the strategy.) The set is a strategy but it it is *not * a *maximal * strategy.
The middle panel of Figure 14 shows graph ’s action relation, describing each maximal strategy by its constituent actions. For each state , there is a maximal strategy converging to that state from anywhere else in the graph. Therefore, is fully controllable. The strategy complex is in fact generated by four such maximal strategies, each consisting of three directed edges. Consequently, the strategy complex is a hollow tetrahedron, as shown in the right panel of the figure. In particular, the strategy complex contains a single minimal nonface, namely the set , consisting of all four directed edges (actions) in the graph.
There are no free faces in the strategy complex, so it is impossible to infer any actions of a strategy from any actions revealed — “attribute privacy is preserved” [6]. Thus it is impossible to identify a maximal strategy uniquely if one knows only a proper subset of its actions. Each maximal strategy consists of three actions and has no free faces. Consequently, each maximal strategy contains different informative action release sequences that identify the strategy, and each such sequence has length 3. For instance, the six sequences for strategy are:
[TABLE]
Ability to Delay Strategy Identification:
Let be a fully controllable graph with . The following property holds [6]: For every state , there is some maximal strategy such that has goal and contains at least different informative action release sequences of length at least each. For each such sequence , this means the following: An observer cannot infer (via ’s action relation) that contains action merely from knowing that contains the set of actions appearing earlier in the sequence. In particular, an observer cannot identify uniquely before seeing all actions in the sequence . Moreover, .
Comment: In the example of Figure 14, the six informative action release sequences of length 3 within each maximal strategy were permutations of the strategy’s three constituent actions. In general, the different sequences need not be permutations of each other.
2.4.2 A Graph with a Subspace Cycle
As a second example, let us consider a graph with a directed cycle merely on a proper subset of the state space, as shown in Figure 15. The graph again consists of four states. The set of deterministic actions forms a directed cycle on the set of states . In addition, there is a deterministic action that moves off this cycle space, specifically from state #2 to state #4. Finally, there is a nondeterministic action that moves from state #4 back to the set of target states . (To say that the action is nondeterministic means that the precise target state attained cannot be predicted in advance, not even stochastically.)
The actions , , and form a directed cycle. Any two of these actions form a convergent strategy. The remaining two actions, and , taken together, could cause the system to cycle between states #2 and #4. Any one of these actions is convergent by itself. Therefore, the two sets of actions and each form a minimal nonface in the strategy complex . In fact, these are the only minimal nonfaces in the strategy complex. They are independent of each other. Consequently, ’s strategy complex is the simplicial join of the boundary of the triangle and the boundary of the edge . In other words, is a suspension [11, 15] of a triangle boundary. Figure 16 depicts this complex along with ’s action relation. Observe that the complex is homotopic to , consistent with being fully controllable.
As in the example of Section 2.4.1, contains no free faces. So, again, it is impossible to identify a maximal strategy uniquely from a proper subset of its constituent actions.
One salient difference between this example and the previous one is that some maximal strategies now have goal sets with more than one state in them. For instance, strategy , consisting of actions has goal set . This multi-state goal arises because the actions and , taken together, converge to state #3 *assuming * the system state lies within the subset of states . However, if the starting state happens to be state #4, then the system will simply remain at that state. Consequently, the strategy has goal set . That strategy is not itself maximal. One can augment it either with action , in which case the resulting maximal strategy would be , converging to state #3. Or one can augment with action to produce . Adding action introduces some nondeterminism at state #2, but nothing that changes the overall goal set; it remains .
Informative Action Release Sequences:
As in the example of Section 2.4.1, the longest informative action release sequences within each maximal strategy in are simply permutations of the strategy’s constituent actions. Whenever a maximal strategy has no free faces, one can release its actions in any order without definitively identifying the strategy before all actions have been released.
In order to understand the more general picture, suppose we simply interchange the roles of strategies and actions in this example. The “individuals” are now , , , , and the “attributes” are , , , , , . We are thus interested in the Dowker association complex of the original action relation. That complex appears in Figure 17. (Comment: We are not asserting that this complex is the strategy complex of a fully controllable graph, merely using the complex to illustrate a point. One can however construct fully controllable graphs with strategy complexes that make the same underlying point: permutations of informative attribute release sequences need not themselves be informative attribute release sequences.)
Each maximal simplex of continues to offer (at least) different informative release sequences of length 3 each, with elements in each sequence drawn from the simplex’s vertices. Two of the maximal simplices (namely, the “endcaps” in the figure) are solid triangles with no free faces, so their sequences are again simply permutations of each other. Three of the maximal simplices are solid tetrahedra. The undrawn “diagonals” of these tetrahedra are free faces, so releasing their endpoints would completely identify the tetrahedron. For instance, releasing vertices and identifies the tetrahedron labeled . Consequently, one cannot simply choose arbitrary sequences of length 3 and expect them to be informative. Nonetheless, each tetrahedron does contain 16 informative release sequences of length 3. Here are the sequences for the tetrahedron labeled :
[TABLE]
Incorporating Additional Constraints:
Suppose, in some context, the system only executes strategies that converge to singleton goals. From an inference perspective, the action relation and strategy complex of Figure 16 would be misleading. To understand the possible inferences, one should consider a relation that models all the maximal strategies with singleton goal sets, and only those, as shown in Figure 18.
With this added information, it is no longer true that one can find different informative action release sequences of length within every maximal strategy. For instance, action identifies strategy . Consequently, as soon as one releases that action, the other two actions in , if not previously released, would be implied. As a result, there are only two informative action release sequences of length 3 for identifying strategy , namely and .
Similarly, action implies action , again limiting the ordering of any sequences containing both those actions. Strategy now contains only three, rather than six, informative action release sequences of length 3, namely:
[TABLE]
Ability to Delay Goal Identification:
Suppose is a fully controllable graph with . The following property holds [6]: For every state , there is some maximal strategy such that has goal and contains an informative action release sequence whose sequential release leaves the goal ambiguous at least until all actions in the sequence have been revealed. Moreover, the sequence reduces the goal ambiguity by at most one state with each action revealed, so the sequence has length at least .
One sees this property in the complex of Figure 18 since: (i) every maximal simplex contains a vertex shared by three strategies with different goals and (ii) the vertex lies within one of the simplex’s edges that is shared by two strategies with different goals.
2.4.3 An Augmented Cycle Graph
Let us augment the graph of Figure 14 with two nondeterministic actions, as shown in Figure 19. The actions are and .
The new graph has a strategy complex described by the action relation shown in Figure 19. The complex is a partially puffed up version of the hollow tetrahedron from Figure 14, now consisting of three solid tetrahedra and two solid triangles glued together to enclose an hole. Figure 20 shows the 1-skeleton of this complex.
The maximal strategies from the original strategy complex are still present in . Two of these strategies now lie within larger maximal simplices. For instance, strategy for attaining goal state #2 in the original graph consisted of the actions , whereas now the corresponding maximal simplex consists of the actions . The original strategy always executed action when the system was at state #1, thus transitioning to state #3. In the new graph , the new might execute either action or action at state #1, selected nondeterministically (possibly by an adversary). Action will transition either to state #2 (the goal) or to state #3. (If an adversary controls the outcome of action , then the adversary might choose to make action mimic action , in which case the old and the new would behave equivalently.)
Actions and both appear in both the original strategies and of . In the new graph , the set contains a circuit, as does the set . Consequently, one cannot augment the strategies and with either of the actions or . These strategies remain unchanged as one passes from to , that is, and .
There are five maximal strategies in the new graph, whereas there were four previously. New strategy has the same goal state, namely state #4, as does strategy , but arrives there with different actions, trading off action for action . The minimal nonface of hints at this possible tradeoff.
The ability to delay strategy identification mentioned on page 2.4.1, as well as our analysis of the original graph , ensures that each of contains (at least) 6 informative action release sequences of length (at least) 3 each. What can we say about strategy ?
Releasing both of the two nondeterministic actions and identifies . Releasing either one of these actions implies both deterministic actions in . Consequently, one obtains the longest possible informative action release sequences within by first revealing the two deterministic actions (in either order) and then the two nondeterministic actions (in either order). Here are the four possible longest informative action release sequences within :
[TABLE]
(The previous reasoning can be generalized and formalized using lattice representations of links, as discussed in [6], but we will not develop or use that machinery in this report.)
Informative Action Release Sequences for Maximal Strategies in Pure Graphs:
Suppose is a fully controllable graph containing states, with . Suppose further that is either pure nondeterministic or pure stochastic. The remainder of this report will provide proofs that *every * maximal strategy in contains at least one informative action release sequence of length at least . The proofs will be different for the two types of graphs. This property need not hold for graphs containing a mix of nondeterministic and stochastic actions. See [6] and Section 6 for counterexamples.
3 Basic Tools
Graphs and strategies were defined in Section 2.1. We wish to prove the following theorem:
Theorem 4** (Informative Action Release Sequences for Maximal Strategies).**
Let be a fully controllable graph with . Suppose that is either pure nondeterministic or pure stochastic. Then every maximal strategy in contains an informative action release sequence of length at least .*
Section 4 will prove Theorem 4 for the pure nondeterministic case, while Section 5 will prove Theorem 4 for the pure stochastic case.
This section builds some tools that are useful for both settings. Throughout this section the graph may in fact contain a mix of deterministic, nondeterministic, and stochastic actions.
Terminology and Notation:
- •
We frequently abbreviate informative action release sequence as iars, for both the singular and plural cases.
- •
If is a graph, the phrase * is an iars for * means that is an informative action release sequence for ’s action relation as defined on page 2.2.
- •
Suppose is a graph and is some quotient graph of . Recall from page 2.1 that the sets of actions and are in one-to-one correspondence. Corresponding actions and differ only in that the source and/or target states of action may have changed from those of action in order to reflect the quotient graph’s state identifications. One may therefore view any action of in the form , with being the unique action of corresponding to . We will use this prime notation from now on.
Our first tool allows us to combine two strategies when one of the strategies comes from a subgraph and the other comes from a quotient graph formed by collapsing that subgraph to a single state.
Lemma 5** (Combining Quotient and Subgraph Strategies).**
Let be a graph and let be a subgraph of . (As always, both and are assumed to be nonempty.)
If and , then .
(Prime notation indicates corresponding actions in a graph and a quotient, as discussed.)
Comment: Since all sources and targets of actions in lie within , no such action is convergent in the quotient graph . Therefore .
Proof.
Suppose . We need to show that some action of moves off in .
If , then this assertion follows from Lemma 7.3(b)(i) in [5].
Otherwise, let . Then , so some action in moves off in . If is nondeterministic, then all its targets lie in the set \big{(}(V\setminus W)\cup\{\diamond\}\big{)}\setminus\hbox{\hskip 0.2pt}\mathop{\rm src}(\kappa^{\prime}). If is stochastic, then at least one of its targets lies in that set. (As usual, represents identified to a single state in .) Since contains an action with source in , contains an action with source . Thus \big{(}(V\setminus W)\cup\{\diamond\}\big{)}\setminus\hbox{\hskip 0.2pt}\mathop{\rm src}(\kappa^{\prime})\;=\;V\setminus\big{(}W\cup\mskip 0.5mu\mathop{\rm src}(\kappa^{\prime})\big{)}\;=\;V\setminus\big{(}W\cup\mskip 1.0mu\mathop{\rm src}(\kappa)\big{)}\;\subseteq\;V\setminus\mathop{\rm src}(\tau). That means action lies in and moves off in . ∎
The next lemma ensures that unquotienting a simplicial informative action release sequence (iars) again produces an informative action release sequence, when the quotienting is over a proper subspace that is fully controllable.
Lemma 6** (Lifting Quotient IARS).**
Let be a graph and let be a fully controllable subgraph of , with .
Suppose is an iars for , with and .
Then is an iars for .
Proof.
Let be ’s action relation. We need to show that
[TABLE]
Suppose this assertion is false for some . Then is contained in every maximal simplex of that contains .
Let be the actions of the quotient graph . Since is an iars for and , there exist actions , with , such that
[TABLE]
Let be a minimal nonface of contained in . (Since , contains at least two actions, one of them being .) By Lemma 3 on page 3, no action of moves off in .
We consider two cases below, deriving a contradiction for each.
By Lemma 3, there are no further cases.
State represents identified to a single state in the quotient graph , as per page 2.1.
- I:
No action in has source :
Then , so no action of moves off in .
On the other hand, , by Fact 2 on page 2.1.
So , by the falsity assumption above. Since , that means and some action of must move off in , a contradiction.
- II:
Exactly one action in has source :
Suppose the source of the corresponding action in is . Then . Let , with a strategy that attains from anywhere in using actions of . Then . Since no action of moves off in and since has all its sources and targets in , no action of moves off in .
Since and , Lemma 5 on page 5 implies that . By the falsity assumption, . Now , so , and some action of must move off in , again a contradiction.
∎
Combining Informative Action Release Sequences:
The next lemma shows how one may combine an iars in a graph with an iars from a subgraph. The subsequent corollary leverages this result with those discussed earlier, showing how one may combine an iars from a quotient graph with an iars from a fully controllable subgraph. That combinability forms a stepping stone in several proofs during the rest of the report.
Lemma 7** (Combining Graph and Subgraph Informative Action Release Sequences).**
Let be a graph and let be a subgraph of (with both and nonempty).
Suppose , with , is an iars for , such that:
- (i)
, for , and
- (ii)
, for every .
Suppose is an iars for , with and .
Then is an iars for , with .
Comment: The lemma also holds when , meaning every iars for is also an iars for .
Proof.
Suppose the iars part of the assertion is false. Let be ’s action relation.
Then, for some , .
(When , this notation means .)
Consequently, every maximal simplex of containing also contains .
Since is an iars for ’s action relation, there exists a maximal simplex such that but .
By assumption, . Consequently, . Thus \tau\cup\{b_{i+1}\}={\mathfrak{B}}\cap\big{(}\{a_{1},\ldots,a_{k},b_{i+1}\}\cup\tau\big{)}\in\Delta_{H}, contradicting the maximality of in . ∎
Corollary 8** (Lifting and Combining Informative Action Release Sequences).**
Let be a graph and let be a fully controllable subgraph of with .
Suppose is an iars for , with and .
Suppose further that is an iars for , with and .
Then is an iars for , with .
Proof.
By Lemma 6, is an iars for . By Lemma 5, , for every . Since actions of become self-loops in , , for . The desired result therefore follows from Lemma 7. ∎
Comment: The corollary also holds if one of or is [math].
4 The Nondeterministic Setting
The aim of this section is to prove Theorem 4 from page 4 for the case in which the graph is pure nondeterministic. Throughout, this section assumes that all graphs are pure nondeterministic, meaning each action is either deterministic or nondeterministic (but not stochastic). First, we need some additional definitions and results.
4.1 Hierarchical Cyclic Graphs
We start with a recursive definition:
Definition 9** (Hierarchical Cyclic Graph).**
A pure nondeterministic graph is a hierarchical cyclic graph if one of conditions (i) or (ii) holds:
- (i)
* and .* 2. (ii)
There exist , , , with , such that:
- (a)
* are nonempty pairwise disjoint subsets of and .* 2. (b)
* consists of all actions in whose sources and targets lie in , for .* 3. (c)
* is a hierarchical cyclic graph, for .* 4. (d)
. 5. (e)
*For , and *
- (here indices wrap around, so again means ).*
The decomposition above need not be unique. We implicitly assume a specific decomposition when stating that a graph is hierarchical cyclic. We refer to it as the tree decomposition of .
A graph of type (i) is a leaf and a graph of type (ii) is a node.
When is a node, we refer to the subgraphs in ’s tree decomposition as the children of . Each subgraph is itself either a leaf or a node, with parent . When is a node, we may then speak of its children, and so forth. Transitively, we may therefore speak of all the nodes and leaves within (that includes ). Finally, we may speak of the root of the tree decomposition of , meaning the node or leaf , i.e., itself.
For a graph of type (ii), the actions are the (top-level) cycle actions of . Similarly, if is any node within , the cycle actions of are the top-level cycle actions of when is viewed as a hierarchical cyclic graph in its own right.
Comments and Observations:
- •
Given a hierarchical cyclic graph of type (ii) as above, we can form the quotient graph (see again page 2.1). This quotient graph has state space , where represents all of identified to a single state, for .
All actions in each become nonconvergent in (actions in become self-loops on state ), so we may ignore them. In contrast, each action turns into a deterministic transition from state to state .
We may therefore view the quotient graph as the cycle graph
[TABLE]
(the first and last states in the diagram above are the same state, namely ).
- •
More generally, suppose is a hierarchical cyclic graph and is some node that appears within the tree decomposition of . We can form the quotient graph . The quotienting identifies all of to a single state . The actions become self-loops on state . Technically, includes these self-loops, but there is no harm ignoring them, thereby allowing us to view as a hierarchical cyclic graph. If is itself, then we may view as the leaf . Otherwise, the tree decomposition of is largely unchanged from that of , except that one node, along with the subtree rooted at that node, has now become a leaf, and any actions of with source or target states in have had those states relabeled as . The only actions that become nonconvergent (by creating self-loops) are those in , which we now ignore and discard.
- •
Conversely, suppose is a leaf that appears in the tree decomposition of a hierarchical cyclic graph . Suppose is another hierarchical cyclic graph, with states and actions distinct from those of .
We can replace the leaf with node , to form a new hierarchical cyclic graph .
Here . In forming from , we have some choices:
Suppose is an action in . We create a corresponding action as follows:
- –
If , we let be *any * state in and define .
- –
If , we let be *any * nonempty subset of and then define , with .
- –
In all other cases, .
- •
A special case of the previous construction is to replace a single state in a hierarchical cyclic graph with a deterministic cycle on some new set of states, while adjusting all other actions of the encompassing graph accordingly. Actions of the encompassing graph that used to start at now start at an arbitrary state of the cycle. Actions that used to have a transition to now might transition to one or more states comprising the cycle.
- •
Every hierarchical cyclic graph is fully controllable and each of its actions is convergent.
- •
Conversely, the lemma below shows that every fully controllable pure nondeterministic graph contains a hierarchical cyclic subgraph with the same state space. (There may be more than one such subgraph.)
Lemma 10** (Hierarchical Cyclic Subgraphs).**
Let , with , be a fully controllable pure nondeterministic graph. Then contains a hierarchical cyclic subgraph .
Proof.
By strong induction on . The base case is clear, so suppose . For every state in one can find a nonlooping deterministic action with target (since is fully controllable and pure nondeterministic). Backchaining such actions produces a deterministic cycle on some subspace of (possibly all of ), containing at least two states.
Consider . Here , with representing . is fully controllable (by Fact 3 on page 2.1) and pure nondeterministic, with , so the induction hypothesis applies. We therefore obtain a hierarchical cyclic subgraph of .
We may now replace leaf in with cycle on state space . When adjusting the encompassing actions , we choose sources and targets so as to undo any relabeling of states that occurred in forming . These adjustments produce a hierarchical cyclic subgraph of . ∎
4.2 Core Cycle Actions, Leaf Covers, Disruptive Sets of Actions
Suppose is a hierarchical cyclic graph with . Each state of appears as a leaf in the tree decomposition of and has some parent node . Some action , necessarily a cycle action of , must be deterministic with target . We refer to as ’s core cycle action. This action is determined uniquely by and the tree decomposition of . ( may contain multiple deterministic actions with target , but one and only one of those actions will be a cycle action in the parent node of .)
With that construct in mind, we now make a series of definitions and observations.
Definition 11** (Core Cycle Actions).**
Let be a hierarchical cyclic graph. The set of core cycle actions of is
[TABLE]
Definition 12** (Leaf Covers).**
Let be a node in a hierarchical cyclic graph . We say that covers only leaves in whenever each of ’s children is a leaf in ’s tree decomposition.
Definition 13** (Disruptive Sets of Actions).**
Let be a hierarchical cyclic graph and suppose . We say that is disruptive (in ) whenever the following condition is satisfied:
For every node that covers only leaves in ,
at least two of the node’s cycle actions are missing from .
Observations:
- •
When a hierarchical cyclic graph contains at least two states, .
- •
A node covers only leaves in if and only if all the node’s cycle actions lie in .
- •
The empty set of actions is always disruptive, even when is a leaf.
4.3 Cycle-Breaking Strategies
Sets of actions that do not contain any node’s full set of cycle actions are convergent and may be arranged informatively, as the following definition and lemmas make precise.
Definition 14** (Cycle-Breaking).**
Suppose is a hierarchical cyclic graph. A set of actions is cycle-breaking (in ) if, for each node in the tree decomposition of , does not contain all of ’s cycle actions.
Lemma 15** (Cycle-Breaking is Convergent).**
Suppose is a cycle-breaking set of actions in a hierarchical cyclic graph . Then .
Proof.
By structural induction on the tree decomposition of . The lemma holds if is a leaf, since only is possible. Otherwise, suppose the children of are . Inductively, the lemma holds for the set of actions in the hierarchical cyclic graph , for . Let consist of the top-level cycle actions of that are in . Since is a directed cycle graph (see top of page • ‣ 4.1) and since is cycle-breaking, . Thus, by repeated application of Lemma 5 on page 5, . ∎
Caution:
Not all strategies in a hierarchical cyclic graph need be cycle-breaking (see page 25).
Lemma 16** (Cycle-Breaking is Informative).**
Suppose is a nonempty cycle-breaking set of actions in a hierarchical cyclic graph . Then some ordering of all the actions in is an informative action release sequence for .
Proof.
The proof will associate to each leaf and node of an informative action release sequence, with the sequence associated to the root of comprising all of .
For the purposes of this proof, it will be convenient to consider the empty sequence of actions as an informative action release sequence. Since is nonempty, the final sequence produced below will be nonempty, satisfying the standard requirement of page 2.2 that informative attribute release sequences be nonempty.
Base Case: Associate to each leaf of the empty sequence.
Inductive Step: Consider a node of and assume each child of has an associated informative action release sequence consisting of all the actions of that appear in the graph . View as a hierarchical cyclic subgraph in its own right, and form the quotient graph obtained by identifying each child to a singleton state. The cycle actions of create a deterministic directed cycle in . This cycle forms a minimal nonface in . By Lemma 1 on page 1, any sequential ordering of the directed edges comprising this cycle forms an iars for , any proper subset of which is convergent. Let be the set of ’s cycle actions in , this being with when none of ’s cycle actions lie in . Since is cycle-breaking, the reasoning just given implies and is an iars for .
Since the children of are fully controllable subgraphs of , repeated application of Corollary 8 on page 8 shows that is an iars for , with being some concatenation of all the informative action release sequences associated to ’s children. Associate to . Observe that this iars consists of all actions of that appear in the graph . Associated to itself therefore is an iars consisting of all of . ∎
4.4 Markings
Let be a hierarchical cyclic graph. We will view each node of as being either *marked * or unmarked. Each node is unmarked initially. Later, we will define an algorithm that marks nodes according to some criteria. Once marked, a node remains marked.
In order to consider marking a node , we first require that each child of be either a leaf or an already marked node. The collection of marked nodes at any instant therefore defines a set of maximal marked nodes, consisting of those nodes that are marked but have no marked parent. After some nodes have been marked, , for some , with the sets nonempty and pairwise disjoint. We may therefore form the quotient graph , which we abbreviate as . We view as a hierarchical cyclic graph, much as on page • ‣ 4.1, by discarding any actions that have become self-loops.
The process will be iterative, adding an additional node to the collection of marked nodes with each step. We abbreviate the notation by writing to mean the maximal marked nodes at the step, with , and by writing to mean . We also define and .
Observation:
Any node covering only leaves in corresponds to a node in that is not yet marked but that could be marked at the step, and vice-versa.
4.5 Forward Projections
Strategies in a pure nondeterministic graph define partial orders. One may view those partial orders as forward projections of possible system states.
Definition 17** (A Strategy’s Partial Order).**
Let be a pure nondeterministic graph. If , then induces a partial order on as follows:
For each , if and only if either or there exist actions , with , such that:
- (i)
,
- (ii)
, for , and
- (iii)
.
Thus, if and only if is or the system might move from to while executing strategy (in the diagram below, , , and , for ):
[TABLE]
The partial order is well-defined since cannot create any cycles.
Definition 18** (Forward Projection).**
Suppose is a pure nondeterministic graph. Let and . The forward projection of under is the set
[TABLE]
In other words, consists of all states that the system might pass through or stop at, assuming the system starts at some state in and moves according to strategy . (In some papers, forward projection refers only to the states the system might stop at. Here, *forward projection * includes all states through which the system might move, including starting states.)
Lemma 19** (Disjoint Forward Projections — Core Cycle Actions).**
**
Let be a hierarchical cyclic graph and suppose .
Define and .
For each , let , with being the unique target of action . Then:
(a) The sets in the family are pairwise disjoint.
(b) Suppose further that is disruptive. Let . Write . Then .
In words: We split the core cycle actions of into two sets, those that lie in the strategy and those that do not. The first set is itself a strategy, so we can consider forward projections under that strategy. For each core cycle action that is not in , we consider the forward projection of that action’s target state. The lemma asserts that the resulting forward projections are pairwise disjoint. Moreover, if is disruptive, then each such forward projection does not loop back far enough to include the source state of its generating core cycle action.
These properties will help us later to construct minimal nonfaces from which we can then extract an informative action release sequence that is sufficiently long to establish Theorem 4.
Proof.
(a) Let be the partial order induced by on . Suppose , with . Write and . Then and . Since , backchaining from produces a unique backwards path of action edges in , with each edge actually being a deterministic action. (The path could be degenerate, consisting of no edges, just the state .) That backwards path eventually encounters both and , establishing that and are comparable. For example, would establish . Since core cycle actions and are missing from , this is only possible if , meaning .
(b) Suppose , with and . Arguing as in (a), we now obtain a cycle:
[TABLE]
All but one of the actions comprising this cycle lie in .
The exception is , which lies in .
All the actions comprising the cycle lie in . Consider any action of . The depth******Here, the depth of a node or leaf in a tree is defined recursively as follows:
The depth of the tree’s root is 0. The depth of a child is one more than the depth of its parent. of the leaf in the tree decomposition of must be greater than or equal to the depth of the leaf . Consequently, all the states in the cycle appear in as leaves at the same depth and with the same parent node. The cycle must therefore consist of that parent node’s cycle actions and the parent node cannot contain any other children. So, the parent node covers only leaves. Since is disruptive, at least two of the node’s cycle actions lie in , not just one, establishing a contradiction. ∎
4.6 Quotienting until Disruption
The proof path now is to iteratively mark and quotient by nodes that prevent a strategy from being disruptive. Concurrently, one assembles several sets of actions that satisfy a property similar to the disjointness of forward projections described in Lemma 19.
Construction 20** (Acyclic Dissection).**
Let be a hierarchical cyclic graph. Suppose . An acyclic dissection of in is defined iteratively as follows:
Initialize and . Assume all nodes in the tree decomposition of are unmarked and initialize , as per Section 4.4.
Set Done to true if is disruptive in and to false otherwise. 2. 2.
While not Done, run the following loop, starting from :
- (a)
At this stage, consists of actions in and is not disruptive in . Let be some unmarked node in such that the corresponding quotient node in covers only leaves and at most one of the cycle actions in is absent from . 2. (b)
Suppose has cycle actions . Discard one of these, so that the rest all lie in . Without loss of generality, assume one may discard . Now let
[TABLE]
Inductively: consists of (unquotiented) actions in . In fact, . 3. (c)
Mark node , then let be the quotient graph formed from the resulting maximal marked nodes, as per page 4.4, again viewed as a hierarchical cyclic graph. 4. (d)
Suppose . Let . So is nearly the same as , except that ignores any action of whose source and targets all lie within any one maximal marked node of . (Prime notation indicates the correspondence between an action in and its relabeled form in a quotient graph.) 5. (e)
If is disruptive in , set Done to true. The loop ends. Otherwise, the loop continues, with in place of . 3. 3.
If was already disruptive in , let , , and . Otherwise, let , , and , with as above when the loop ends. In either case, is disruptive in . Finally, let . In other words, is the set of actions in that become core cycle actions in the quotient graph . 4. 4.
Define as follows ( contains a marked node if and only if the loop of step 2 was run):
Start with . Then, for each *unmarked * node in , let be ’s cycle actions. If is a proper subset of , add all of to . Otherwise, select an action in . Add the actions to . (Why does exist? If not, let be the node in corresponding to . It is well-defined since is unmarked. Then would cover only leaves in and thus would not be disruptive in , a contradiction.) 5. 5.
Step 3 defined . Now define , and .
Lemma 21**.**
Construction 20 produces an acyclic dissection of such that:
- (i)
* and ,*
- (ii)
* and ,*
- (iii)
* is cycle-breaking in , and*
- (iv)
.
Proof.
The loop in step 2 of Construction 20 runs at most a finite number of times, since the graph is finite. As a result, an acyclic dissection of is well-defined by step 5.
Assertions (i), (ii), and (iii) are clear from the construction.
To establish assertion (iv), suppose . Let prime notation denote quotienting from to , with as defined in step 3 of the construction, and assume the rest of the notation from the construction.
Then , , and .
So , implying , with the cycle actions of some unmarked node in .
If is proper subset of , then , by step 4 of the construction, producing a contradiction.
So . Let be the action removed in step 4 of the construction. So . Since , , and , it must be that , but that contradicts . ∎
And here is a generalization of Lemma 19:
Lemma 22** (Disjoint Forward Projections).**
Suppose is a hierarchical cyclic graph and . Construct from as per Construction 20. Let .
Given , write and define
[TABLE]
(The definition is sensible since is cycle-breaking in and so .)
Then:
- (a)
The sets in the family are pairwise disjoint.
- (b)
For each , .
Proof.
Let prime notation denote quotienting from to , where sensible, with as in step 3 of the construction. Write , viewed with a tree decomposition derived from that of .
Since arises only from cycle actions of unmarked nodes, each action in is a well-defined convergent action in . By construction, is cycle-breaking in , so . Since , is disruptive in . Consequently, Lemma 19 applies to the graph and the disruptive strategy .
In , we have and . Therefore, each action corresponds to an action in , and each action corresponds to an action . (Recall the comment about “one-to-one correspondence” on page 2.1.)
Let be the partial order induced by on and let be the partial order induced by on . Suppose , with . Then , with being the state relabelings of and , respectively. (Why? If there is a path of action edges from to with the actions drawn from , then there is a path of action edges from to with the actions drawn from . Some of the action edges between states in may become self-loops when sources and targets are relabeled as states in . Indeed, is possible even if . Any such self-loops could only come from actions in . Conversely, all actions in are self-loops. One discards those actions in forming , leaving only from . Thus there is a path of action edges from to with the actions drawn from .)
It follows that implies , with defined for and as in Lemma 19, now using in place of , in place of , and in place of . (To see this, write . The set of targets becomes a single state , since . Write . If , then for some , so , and thus .)
Consequently, Lemma 19 establishes the claims of the current lemma. ∎
4.7 Alternate Development: Quotienting until Disruption
This subsection restates Construction 20 recursively without mentioning markings, then provides induction proofs of the corresponding lemmas. The key steps are the same as before. The rest of Section 4 will prove Theorem 4 for pure nondeterministic graphs using the earlier iterative construction, side-stepping any issue of strategy maximality in quotient graphs. Section 5 will engage that issue when proving Theorem 4 for pure stochastic graphs.
Construction 23** (Alternate Construction: Acyclic Dissection).**
Let be a hierarchical cyclic graph. Suppose . An acyclic dissection of in is defined recursively as follows:
- I.
Suppose is disruptive in :
Define as follows, starting from :
For each node in , let be ’s cycle actions. If is a proper subset of , add all of to . Otherwise, there is at least one action in . (If not, then would cover only leaves in and thus would not be disruptive.) Pick one such action and add the remaining actions to . 2. 2.
Let , , and .
- II.
Suppose is not disruptive in :
Let be a node in that covers only leaves and at most one of whose cycle actions is absent from . The actions are necessarily ’s cycle actions. Discard one of those actions, so the rest all lie in . Denote that resulting set by . 2. 2.
Let be the hierarchical cyclic graph formed from the quotient graph by discarding self-loops. Let be a recursively constructed acyclic dissection of in . (As usual, prime notation describes the correspondence between actions of and actions of .) 3. 3.
Now define the sets of actions , , and by unquotienting, that is, by direct correspondence from the sets of actions , , and , respectively. Finally, let , with formed from by unquotienting.
Proof of Lemma 21, assuming alternate acyclic
dissection given by Construction 23:
Proof.
The construction terminates because is finite and each recursive invocation of the construction replaces a node with a leaf.
The proof of the specific assertions is by induction, with Case I of the construction defining the base case and Case II defining the inductive step:
- I:
In the base case, assertions (i), (ii), and (iii) are immediate from the construction. Assertion (iv) follows as it did in the earlier proof of Lemma 21, but now working directly with rather than needing to form a quotient.
- II:
Inductively, we assume assertions (i)–(iv) hold for an acyclic dissection of in , using the notation from the construction. Then:
- (i)
, so and , so .
- (ii)
, so , since .
, so . Since all actions in become self-loops and are discarded when forming from , , and so .
- (iii)
is cycle-breaking in , so is cycle-breaking in , since consists of a proper subset of one node’s cycle actions and since does not include any of that node’s actions.
- (iv)
, so . Since , it follows that .
∎
Proof of Lemma 22, assuming alternate acyclic
dissection given by Construction 23:
Proof.
Again by induction:
- I:
The base case follows from Lemma 19, with in place of , since is a disruptive strategy by Lemmas 21 and 15.
- II:
Inductively, the argument is much the same as in the earlier proof of this lemma. One assumes the assertions hold for the hierarchical cyclic quotient graph . In moving back to , one state of turns back into a cycle of states, with all but one of the cycle actions added to to form . The other sets of actions in the dissection do not change as one moves back from to , except for relabelings of sources and targets. Consequently, execution paths of (within ) imply execution paths of (within ), thereby establishing the lemma’s assertions for .
∎
4.8 Acyclic Dissection Sizes
This subsection measures the size of the set in an acyclic dissection.
When reading the lemma below, recall that Construction 20 marks nodes in .
Lemma 24** (Subgraph Sizes).**
Suppose is a hierarchical cyclic graph and . Let and be derived from as per step 3 in Construction 20 on page 20.
For each , define as follows: If , let be the leaf of . If , let be the maximal marked node of for which represents .
Then , for each .
Proof.
The proof is by induction on the iteration count in the loop of Construction 20, now using in place of , in place of , and with the collection of marked nodes dependent on . The base case, , corresponds to all being in , for which the lemma’s assertion is clear. Inductively, suppose the lemma’s assertion is true for .
In forming from , one marks an unmarked node of whose corresponding node in covers only leaves. So is now a maximal marked node. Let be the states of , the states of , and the states of . Then W^{(j+1)}=\big{(}W^{(j)}\setminus V^{\prime}\big{)}\;\cup\;\{\diamond\}, with representing the states identified to a singleton.
Let and be the cycle actions and children of in , respectively. Without loss of generality, . One has .
Case I: Suppose . Then the definition of is the same via as via . So . Since is either a leaf or a marked node of at the iteration of the loop in Construction 20, contains none of node ’s cycle actions. Thus and so , inductively.
Case II: Suppose . Then the definition of via is , so and . The states of in are in one-to-one correspondence with the children of . Inductively, . Again, . Moreover,
[TABLE]
By reasoning about markings, one further knows that . Therefore
[TABLE]
and
[TABLE]
∎
Corollary 25** (Dissection Sizes).**
Suppose is a hierarchical cyclic graph and . Let , , , and be derived from as per Construction 20 on page 20.
Let and .
If is a leaf, then . If is a node, then .
Proof.
Suppose is a leaf. Then , for some , and . Using the notation of Lemma 24, must be all of . The lemma then implies that , as claimed.
Suppose is a node. Let be the states of . For each , let be defined as in Lemma 24. Since is formed from cycle actions in marked nodes of , . We also know that . Thus, by the lemma,
[TABLE]
Let and be as in Construction 20. Then , so . Consequently, , as claimed. ∎
4.9 Informative Action Release Sequences for Maximal Strategies
This subsection assembles the previous results to prove Theorem 4 for pure nondeterministic graphs.
Lemma 26** (Minimal Nonfaces Overlapping Forward Projections).**
Let be a fully controllable pure nondeterministic graph with and suppose is a hierarchical cyclic subgraph of . (Recall that exists, by Lemma 10 on page 10.)
Let be a maximal strategy in , define , let be an acyclic dissection of obtained from Construction 20, and set .
Suppose . Write and define
[TABLE]
Then and for every .
Comment:
The lemma tells us that every action is part of a minimal nonface of whose remaining actions lie in , and that at least one of those actions has its source, but not all its targets, in the forward projection of ’s targets. Here the forward projection is based on those actions of that lie in the acyclic dissection sets and . Intuitively, it is useful to think of as a single node defining a directed cycle, with the projection of onto that cycle being disruptive. Disruption means that the cycle splits into at least two pairwise disjoint directed arcs, as follows: The cycle edges present in constitute , the cycle edges missing from constitute , and is empty in this simple scenario. There is one directed arc for each action , starting at ’s target. Each arc is formed from contiguous action edges of . Each arc has a forward projection flow defined on it by the directionality of those action edges. A directed arc ends when it encounters the source of another action in . An arc may be degenerate, consisting of a single state. The lemma says that, for each missing cycle edge , there is some action whose source lies in an arc that starts at ’s target, such that at least one of ’s targets lies outside this arc and such that and appear together in a minimal nonface of . As we will see shortly, the “ or ?” choice is therefore informative.
Proof.
By Lemma 21(iv) on page 21, . So, since is maximal in , .
Let be given. Define . Since is a minimal nonface of , no action of moves off , by Lemma 3 on page 3. Since and , . By Lemma 22(b) on page 22, , so . Thus and .
Now suppose the lemma’s second assertion is false for this . Then every action in has all its targets in . Pick some . Since , there exists such that . We see therefore that and that no action of moves off . Consequently, , which contradicts being a minimal nonface of . ∎
Imagine revealing actions of some secret maximal strategy to an observer who knows but initially merely that is maximal in . Suppose is an action in , as previously defined. So and . Let be as before. The next corollary says that so long as one has not explicitly revealed any actions of , the observer cannot exclude the possibility that one is revealing actions of some maximal strategy other than , some strategy that does include action . Moreover, there exists some unrevealed and unimplied action in that one may yet release informatively. (The explicitly revealed actions may imply some actions in , but so long as none of the explicitly revealed actions themselves lie in , these assertions hold.)
Corollary 27** (Informative Actions in Forward Projections).**
Let the hypotheses and notation be as in Lemma 26. In particular, is maximal in and .
Suppose such that .
Let be ’s action relation and define . Then:
- (i)
.
- (ii)
* and \,\big{(}\kappa\cap\sigma_{c}\big{)}\setminus\overline{\gamma}\;\neq\;\emptyset\, for every .*
Proof.
We may prove (i) by establishing that \psi_{A}\big{(}\overline{\gamma}\cup\{c\}\big{)}\neq\emptyset. By reasoning similar to that on page 122 in [6], \psi_{A}\big{(}\overline{\gamma}\cup\{c\}\big{)}=\psi_{A}\big{(}\gamma\cup\{c\}\big{)}, so it is enough to show that . Suppose this is false. Then there exists a minimal nonface of such that , so . By Lemma 26, . That establishes a contradiction to and .
Turning to (ii), by Lemma 26. Suppose now that . Establishing the second part of (ii) for this particular will establish it for all hypothesized , by monotonicity of closure operators. By (i), . Since is maximal in , . Since and by Lemma 2 on page 2, for every . Since and , \;\kappa\setminus(\overline{\gamma}\cup\{c\})=\big{(}\kappa\cap\sigma_{c}\big{)}\setminus\overline{\gamma}, completing the proof. ∎
The following theorem has as corollary Theorem 4 of page 4 for pure nondeterministic graphs:
Theorem 28** **(Informative Action Release Sequences :
Pure Nondeterministic Graphs).
**
Let be a fully controllable pure nondeterministic graph with and suppose is a hierarchical cyclic subgraph of .
Suppose is a maximal strategy in . Set , then define by step 3 of Construction 20 on page 20.
- I.
If is a leaf, then contains an informative action release sequence for of length at least .
- II.
If is a node, then contains an informative action release sequence for of length at least .
Proof.
Throughout the proof we assume notation as given in Construction 20 and Lemma 26. Observe that , since is fully controllable with .
I. Suppose is a leaf. Then . By Lemma 21 on page 21, and is cycle-breaking in ; by Corollary 25 on page 25, ; and by Lemma 16 on page 16, one may find an ordering of the actions in such that they form an informative action release sequence for . This sequence is also informative for by the comment after Lemma 7 on page 7.
II. Suppose is a node. As in part I, one may find an ordering of the actions in such that they form an informative action release sequence for (, by maximality of and full controllability of ). Write this sequence as . It is contained in .
By Corollary 25, . Since is disruptive in , . Of course, one cannot release the actions in , since they are not in . Instead, as we will see shortly, for each one may release some action of informatively, thereby completing the proof.
First, observe that \big{(}{\tau_{\circ}}\cup{\tau_{+}}\big{)}\cap\sigma_{c}=\emptyset, for every . To see this, write and suppose and for some . Write . Let be the partial order induced on by . Then for some . Since , for every . So for every , meaning . Consequently, .
Inductively, suppose we have released, for some sequence of distinct actions in , with , a corresponding sequence of distinct actions in , such that , for , and such that the overall sequence is an iars for . If , we are done. Otherwise, we need to show how to extend this sequence.
Let and , with being ’s action relation. Pick some . We already observed that \big{(}{\tau_{\circ}}\cup{\tau_{+}}\big{)}\cap\sigma_{c}=\emptyset. By construction, , for . By part (a) of Lemma 22 on page 22, , for . Consequently, . By Corollary 27, there exist and b\in\big{(}\kappa\cap\sigma_{c}\big{)}\setminus\overline{\gamma}, so may be released informatively. Let and . ∎
4.10 Examples for Pure Nondeterministic Graphs
This subsection shows how the proof of Theorem 28 produces informative action release sequences for various pure nondeterministic graphs and strategies.
4.10.1 A Hierarchical Pure Nondeterministic Graph
The first example considers the pure nondeterministic graph of Figure 15 on page 15. The graph may be viewed directly as a hierarchical cyclic graph, as indicated by Figure 21.
Let us consider two maximal strategies and see how our constructions generate informative action release sequences using the hierarchical cyclic graph . Since and have the same actions, in Construction 20 on page 20 is the maximal strategy under consideration.
(This strategy converges to state #1.)
- •
Not used by the construction, but just for reference: is cycle-breaking in .
- •
is not disruptive in , so we run the loop of step 2 in Construction 20:
First we mark node , defining . 2. 2.
Then we mark node , defining .
- •
At step 3, is a leaf. So and .
- •
The proof of Lemma 16 on page 16 now produces either the sequence or the sequence as an informative action release sequence.
(This strategy converges to the set of states .)
- •
is cycle-breaking in .
- •
is not disruptive in , so we run the loop of step 2 in the construction:
First we mark node , defining . 2. 2.
Then we mark node , defining .
- •
At step 3, is a leaf. So is again all of and .
- •
Again, one may release the actions of informatively, as per the proof of Lemma 16, for instance as the sequence .
Comments: (i) ’s action relation in Figure 16 on page 16 shows that no maximal strategy is disruptive in , so Construction 20 will always run the loop of step 2. (ii) The construction will always assemble the entire strategy as an iars. In fact, as Figure 16 shows, the strategy complex is a triangulation of , and in particular has no free faces. Consequently, any ordering of the actions in a maximal strategy will be an informative action release sequence for .
4.10.2 A Pure Nondeterministic Graph with Several Nondeterministic Actions
Let us add some nondeterministic actions to the previous graph, as shown in Figure 22.
The earlier hierarchical cyclic graph of Figure 21 is a subgraph of the new , on the same state space (but with fewer actions), so we can use the same as before to construct informative action release sequences for maximal strategies, now in the new . Almost every maximal strategy in the new is either identical to or a proper superset of a maximal strategy in the old . Intersecting one of these strategies with the actions of , as Theorem 28 requires, therefore produces the same constructions as before.
There is one exception: The new contains a maximal strategy, namely , that does not restrict to a maximal strategy in the old . Let us look at that strategy more carefully:
(This strategy converges to state #4.)
- •
is the intersection of with the actions of , so .
- •
is cycle-breaking in .
- •
Now *is * disruptive in , so Construction 20 *does not * run the loop of step 2, but skips directly to step 3.
- •
At step 3, is all of , so .
- •
consists of all the core cycle actions of , so .
- •
The construction of in step 4 incorporates all of , starting from , as follows:
For node , step 4 adds action to . 2. 2.
For node , step 4 adds action to .
- •
Thus and .
- •
The actions of may be released informatively in depth order, as the sequence .
- •
For each action in , one finds an action in as per the proof of Theorem 28:
For action , action lies “downstream” from , forms a minimal nonface with , and is not implied by . 2. 2.
For action , action lies “downstream” from , forms a minimal nonface with , and is not implied by .
(The term “downstream” refers to the partial order determined by . Since , that simply means here. Specifically, the phrase “action lies downstream from action ” means that ’s source lies in the forward projection of ’s targets under , that is, “, for some ”.
Moreover, this and subsequent examples, following the proof of Theorem 28, further choose so that *not * all of ’s targets lie within the forward projection of ’s targets.)
Consequently, one may arrange all four actions of () into an informative action release sequence for . This is consistent with Theorem 28, since is a node in the construction. For instance, the sequence is an iars. There are other orderings that will also produce iars of length 4, but not all will do so. For instance, releasing action as the first action in a sequence would limit the length of that sequence as an iars to 2. See [6] for further discussion of this example.
4.10.3 A Directed Graph with Several Cycles, Represented Hierarchically
Consider the directed graph of Figure 23. All the actions in this graph are deterministic. The graph has several directed cycles in it, giving us the opportunity to explore more than one hierarchical decomposition for . The figure also shows a maximal strategy in . We will focus on this one strategy, using two different hierarchical cyclic subgraphs of to construct informative action release sequences for in two different ways, such that each sequence consists of actions contained in . For reference, ’s full action relation appears in Figure 24.
A Multi-Node Hierarchical Decomposition:
The decomposition shown in Figure 25 models directly as a hierarchical cyclic graph, meaning and contain the same states and actions. In this decomposition, the smaller two cycles of define two nodes. Each of these nodes contains only leaves, comprising the state spaces and , respectively. The root of the tree has these two nodes as children, connected by a two-cycle.
- •
Since , also .
- •
is not cycle-breaking in , since it contains both cycle actions of ’s root node.
- •
is not disruptive in , so Construction 20 runs the loop of step 2. The construction may mark nodes and in either order. Here we start with .
Mark node , defining . 2. 2.
Mark node , defining . 3. 3.
Mark node . Since contains both of ’s cycle actions, the construction could add either action to in defining . Here we add , so .
- •
At step 3, is a leaf. So and .
- •
One may release the actions of informatively in depth order, as per the proof of Lemma 16 on page 16, for instance as the sequence .
- •
Observe that is almost all of , excluding only action . The construction discarded that one action when forming .
A Flat Decomposition:
Figure 26 shows another hierarchical cyclic subgraph of , on the same state space but with fewer actions. In this subgraph, the Hamiltonian cycle of defines a single node, necessarily the root of , with all six states as leaves. Two of ’s actions do not appear in .
- •
is the intersection of with ’s actions, so .
- •
is both cycle-breaking and disruptive in .
- •
Since is disruptive, and in step 3 of Construction 20.
- •
consists of all the core cycle actions of , which means all the actions of since defines a Hamiltonian cycle. So .
- •
The construction of incorporates all of , since consists of a single unmarked node. Thus and .
- •
The actions of may be released informatively in any order, for instance as the sequence .
- •
For each action in , one finds an action in as per the proof of Theorem 28:
(Again, “downstream” refers to the partial order determined by .)
For action , action lies “downstream” from , participates in the minimal nonface with , and is not implied by . 2. 2.
For action , action lies “downstream” from , participates in the minimal nonface with , and is not implied by .
- •
Consequently, all actions of may be arranged into the informative action release sequence .
Comment:
We have seen the following: (i) With as in Figure 25, Construction 20 produces an informative action release sequence for consisting of actions in . (ii) With as in Figure 26, the construction produces an informative action release sequence consisting of all actions in . These sequence lengths match the assertions of Theorem 28 on page 28.
4.10.4 A Directed Graph with a Disruptive but not Cycle-Breaking Strategy
This example will illustrate an instance in which contains all the cycle actions in a node during step 4 of Construction 20. Figure 27 depicts a graph and a maximal strategy . Figure 28 displays ’s action relation. Figure 29 shows a hierarchical cyclic subgraph of , on the same state space (but with fewer actions). (Other such subgraphs exist, of course.)
- •
is the intersection of with ’s actions, so .
- •
is not cycle-breaking in , since it contains both cycle actions of ’s root node.
- •
is disruptive in , since it contains only one of node ’s three cycle actions.
- •
Since is disruptive, and in step 3 of Construction 20.
- •
consists of all the core cycle actions of , so .
- •
The construction of in step 4 occurs as follows, starting from :
For node , and , so one adds action to . 2. 2.
For node , and , so one must discard some action of that is not in . That action is . One adds action to .
- •
Consequently, and .
- •
The actions of may be released informatively in depth order, so as the sequence .
- •
For each action in , one finds an action in as per the proof of Theorem 28:
(Once again, “downstream” refers to the partial order determined by .)
For action , action lies “downstream” from , forms a minimal nonface with , and is not implied by . 2. 2.
For action , action lies “downstream” from , forms a minimal nonface with , and is not implied by .
- •
Therefore is an informative action release sequence for , contained in .
(The order matters: Revealing either or at the beginning of the sequence would narrow the set of maximal strategies consistent with the revealed action to two instantly. One then could reveal only one more action informatively before identifying , that action being the other “” action not yet revealed. Indeed, revealing actions and in either order identifies the maximal strategy to be . Revealing action implies action , while revealing at the beginning does not imply . Although not part of the construction, observe that revealing would in and of itself declare the goal to be state #3.)
5 The Stochastic Setting
The aim of this section is to prove Theorem 4 from page 4 for the case in which the graph is pure stochastic. Throughout, this section assumes that all graphs are pure stochastic, meaning each action is either deterministic or stochastic (but not nondeterministic).
Caution:
Even though all actions in a pure stochastic graph are deterministic or stochastic, there may still be a component of nondeterminism in a strategy: When multiple actions have the same source state, any one of those actions might execute from that state, with the choice potentially made by an adversary. (See again the discussion of generalized control laws on page 2.1, as well as the definitions of “moves off”, “contains a circuit”, and “strategy complex”.)
5.1 Expanding Fully Controllable Subgraphs via Minimal Nonfaces
As mentioned on page 2.3, a minimal nonface of in a pure stochastic graph defines an irreducible Markov chain and thus a fully controllable subgraph of . If is itself fully controllable, one may construct such a minimal nonface for each maximal strategy , for instance by considering some action at a goal state of . The actions of the minimal nonface that lie within then form an informative action release sequence for , contained in .
One may expand the state space covered by this minimal nonface by considering some action outside , in a manner to be discussed. This process yields a new minimal nonface and thus additional actions of with which to enlarge the informative action release sequence . Repeating this process one may eventually encounter a situation in which there are no further useful actions outside . Instead, one forms a quotient graph by identifying all the states covered thus far. Recursively, one obtains an informative action release sequence within this quotient graph. Patching the two sequences together gives an overall informative action release sequence contained in of length one less than the number of states in ’s state space.
The following construction and subsequent results describe this process formally:
Construction 29** (Minimal Nonface Expansion).**
Let be a fully controllable pure stochastic graph with and suppose is a maximal strategy in .
Construct a collection of convergent actions in , a collection of minimal nonfaces of , a collection of subsets of , and a collection of subsets of , with , as follows:
Let . Choose so that and . Such an action exists since is fully controllable and . 2. 2.
Since is maximal, , so there exists a minimal nonface of such that . (For later reference, observe also that .) 3. 3.
Let and . 4. 4.
Set Done to false. While not Done, run the following loop, starting from :
- (a)
Consider the quotient graph and let prime notation refer to the correspondence between actions in and , as per the discussion on page 2.1. 2. (b)
Define . So , , and . 3. (c)
By Fact 1 on page 2.1, , so extend to a maximal simplex . 4. (d)
If , then set to the current value of and Done to true. The loop ends.
Otherwise:
–
Let .
–
As in step 2, there exists a minimal nonface of such that . (Again, .)
–
Let and .
–
The loop continues, with in place of .
Lemma 30** (Expansive Subspaces).**
Let the hypotheses and notation be as in Construction 29.
Then , for all such that and are well-defined.
(Consequently, the loop of step 4 in the construction ends, that is, is well-defined finite.)
Proof.
It is enough to show that . Suppose otherwise. Since , that would mean and . (The inclusion holds because is a minimal nonface in , so no action of moves off , and because is pure stochastic.) Thus would become self-looping in , contradicting . ∎
Lemma 31** (Fully Controllable Expansion).**
Let the hypotheses and notation be as in Construction 29. Then is a fully controllable pure stochastic graph, for .
Proof.
Observe that , since .
Base Case: . Since is a minimal nonface in the strategy complex of a pure stochastic graph, is a fully controllable pure stochastic graph.
Inductive Step: As in the base case, is a fully controllable pure stochastic graph. Inductively, is a fully controllable pure stochastic graph. Showing that would therefore establish full controllability of the pure stochastic graph . Suppose this intersection is empty. Then is a minimal nonface in . On the other hand, , so , producing a contradiction. ∎
Lemma 32** (Distinct Actions).**
Let the hypotheses and notation be as in Construction 29.
Then , that is, the actions are distinct.
Proof.
Suppose . Then and . Since , action is self-looping in and thus cannot be a candidate for . ∎
Lemma 33** (Expansive Sets of Actions).**
Let hypotheses and notation be as in Construction 29. Suppose . Let . (By Lemma 30, .)
Then there exist actions \hbox{\hskip 1.0pt}{\mathcal{E}}_{i}\subseteq\kappa_{i}\!\setminus\!\big{(}{\mathcal{A}}_{i-1}\cup\{b_{i}\}\big{)} such that and at most one action in has its source in . (We refer to as an expansive set of actions.)
Moreover, suppose for all \,{\mathcal{E}}\subseteq\kappa_{i}\!\setminus\!\big{(}{\mathcal{A}}_{i-1}\cup\{b_{i}\}\big{)} with , . Then and one may choose to contain an action such that and such that the probability of reaching from under actions of is nonzero.
Comments: (a) Let , , and . Then the lemma holds for , with . (b) For , , since and .
Proof.
Assume . Readily, and Thus \;W_{i}\setminus W_{i-1}\;=\;\mathop{\rm src}(\kappa_{i})\setminus\mathop{\rm src}({\mathcal{A}}_{i-1})\;\subseteq\;\mathop{\rm src}\big{(}\kappa_{i}\setminus{\mathcal{A}}_{i-1}\big{)}, meaning each state in is the source of some action in that is not also an action in . If in fact every state in is the source of some action in that is neither an action in nor the action , then we may construct \mskip 1.5mu{\mathcal{E}}_{i}\subseteq\kappa_{i}\!\setminus\!\big{(}{\mathcal{A}}_{i-1}\cup\{b_{i}\}\big{)}\mskip 2.0mu such that and .
Otherwise, since all actions in a minimal nonface have distinct sources, it is only possible to find actions in \kappa_{i}\!\setminus\!\big{(}{\mathcal{A}}_{i-1}\cup\{b_{i}\}\big{)} whose sources lie outside . Moreover, . By the proof of Lemma 31, , meaning contains at least one action with source in . We now show by backchaining from how to select one such action so that may consist of action and the actions just mentioned.
To reduce index clutter, we fix and make the following definitions for the rest of the proof:
[TABLE]
(By assumption for this case, and .)
We now define a backchaining algorithm, with a loop index , for constructing sets of actions . Inductively, each iteration assumes that (i) , (ii) , and (iii) for each , there exists a sequence of zero or more action edges leading from to , with the edges coming from actions in .
We initialize the loop with . The loop will end by defining an action such that we may let , establishing the lemma. The loop starts from :
- (a)
Since is a minimal nonface in , with pure stochastic, is a fully controllable graph in its own right and , by Lemma 3 on page 3. Thus some action moves off in this graph. 2. (b)
If we can pick so that , then we do so and in that case we let . Either way, we define . Condition (iii) above is satisfied by since it is satisfied by and . 3. (c)
If step (b) defined action , then the loop ends.
Otherwise, necessarily . Thus, in this case, also satisfies conditions (ii) and (i) above, since in particular some action of has source in but no action of does. The loop continues, with in place of .
By finiteness, the loop must eventually end, for some . The probability of reaching from under actions of is nonzero by condition (iii), so the same will be true under actions of . Moreover, e\in\kappa\!\setminus\!\big{(}{\mathcal{A}}\cup\{b\}\big{)} with , since and , whereas , for all , and . ∎
For the remainder of Section 5:
Assume the hypotheses and notation of Construction 29 starting on page 29. Let and . Define , for , with . Each is a fully controllable pure stochastic graph, by Lemma 31. Also, for , is a subgraph of , with and , by Lemmas 30 and 32, and since . Let . For , define via Lemma 33, choosing so that whenever possible.
Corollary 34** (Expansion Independence).**
Let hypotheses and notation be as above.
Suppose . Then , for every .
Proof.
If , then the lemma’s assertion follows from Lemma 7.3(b)(i) in [5].
Otherwise, . Let be as per Lemma 33. There exists a sequence of action edges
[TABLE]
for some , with , , and , for all . Moreover, , , for , and .
Suppose , for some . Let be a minimal nonface of , with . Some or all of the actions lie in . Certainly , again by Lemma 7.3(b)(i) in [5]. Since is a minimal nonface, is the only action of with source . Since , . The actions in all have distinct sources. Thus no action in other than (if is even in ) can have source , for .
Consequently, there is a nonzero probability that the system will transition to and stop at a state outside when started at , while moving under actions of . Some action of therefore moves off , which is a contradiction. ∎
Corollary 35** (Cardinality of Expansive Actions).**
Let hypotheses and notation be as above.
Then \,\big{\lvert}\mskip-2.25mu\bigcup_{i=1}^{k}{\mathcal{E}}_{i}\mskip 1.0mu\big{\rvert}=\lvert W_{k}\rvert-1.
Proof.
By Construction 29, Lemma 33, and subsequent comments,
[TABLE]
∎
5.2 Informative Action Release Sequences from Expansive Sets of Actions
This subsection shows how the constructions of the previous subsection produce informative action release sequences. Some notational abbreviations will be useful:
Notation and Terminology:
Rather than merely write sequences of actions, , we may write sequences of sets of actions , assuming the sets are nonempty and pairwise disjoint.
The meaning of a set of actions is to indicate a multiplicity of sequences of actions, one for each possible permutation of the actions in the set . The sequence of sets represents all possible orderings of the actions consistent with the top-level ordering . Here, “consistent” means actions in must appear before actions in whenever , but the ordering is otherwise unconstrained.
For example, the sequence of sets represents 12 sequences of actions:
[TABLE] 2. 2.
We say that a sequence of sets of actions is informative for if each of the sequences of actions it represents is an informative action release sequence for graph . 3. 3.
In place of a singleton set, we may also simply write the action it contains. For instance, we could write the top-level sequence in the example above as .
Lemma 36** (Expanding Informative Actions).**
Suppose is a fully controllable pure stochastic graph with . Let be a maximal strategy in .
From and construct and , with , as per Construction 29 on page 29, Lemma 33 on page 33, and the definitions and notation of page 5.1.
Then, for each , with , the sequence is informative for .
Proof.
By induction on . Let , with , be given.
The set is a nonempty proper subset of a minimal nonface of and thus of . By Lemma 1 on page 1, every ordering of actions in is an informative action release sequence for . Moreover, .
If , these observations establish the base case.
If , then inductively is informative for and .
By Corollary 34 on page 34, , for every . By construction, no action in is an action in the graph . Therefore, by Lemma 7 on page 7, is informative for . Moreover, , since, for instance, . ∎
Corollary 37** (Expanding Informative Actions in ).**
Let the hypotheses and notation be as for Lemma 36. For each with , the sequence is informative for .
Proof.
By the previous lemma, is informative for . The comment after the statement of Lemma 7 on page 7 establishes the corollary. ∎
5.3 An Informative Action Release Sequence from a Quotient
The loop in Construction 29 may end in step 4(d) (on page 4d) with . This will occur if and only if . In that case, Corollary 37 (above) and Corollary 35 (on page 35) imply that the sequence provides an informative action release sequence for of length , with all actions of the sequence contained in , and with .
Otherwise, the following lemma ensures that one may add a prefix of informative actions to that sequence whenever one can find an informative sequence in the quotient graph .
Lemma 38** (Informative Actions from Quotient).**
Suppose is a fully controllable pure stochastic graph with . Let be a maximal strategy in .
From and construct , , , , and , as per Construction 29 on page 29, Lemma 33 on page 33, and the definitions and notation of page 5.1. (Recall that .)
Suppose further that is an informative action release sequence for , with and .
Then is informative for , with all actions contained in .
Proof.
By construction, and .
By Lemma 31 on page 31, is a fully controllable subgraph of . Also, .
By Lemma 36 on page 36, is informative for . Any informative sequence of actions formed from is a subset of , therefore convergent in both and .
Corollary 8 on page 8 therefore establishes the desired result. ∎
The following theorem instantiates Theorem 4 of page 4 for pure stochastic graphs:
Theorem 39** **(Informative Action Release Sequences :
Pure Stochastic Graphs).
**
Let be a fully controllable pure stochastic graph with .
Suppose is a maximal strategy in .
Then contains an informative action release sequence for of length at least .
Proof.
By induction on .
Base Case: .
In this case, consists of two (nonempty) maximal strategies, one for each state in . (The strategy for state consists of all actions with source that are not deterministic self-loops. The strategy converges to the other state.) Any single action in one of these strategies constitutes an informative action release sequence for and is contained in the given strategy.
Inductive Step: .
From and construct , , , and , using Construction 29 on page 29, Lemma 33 on page 33, and subsequent comments. Recall that .
As discussed on page 5.3, if , then the sequence provides an informative action release sequence for of length , consisting of actions in .
Otherwise, let . Then . The quotient graph is pure stochastic and fully controllable, by Fact 3 on page 2.1. It has state space , with representing all of identified to a single state.
Since the minimal nonface in Construction 29 contains at least two actions, contains at least two states. Therefore . Inductively, the theorem holds for graph and maximal strategy , producing an informative action release sequence for with . By Lemma 38, is informative for , with all actions contained in . Any consequent informative action release sequence has length , by Corollary 35 on page 35. ∎
5.4 Examples for Pure Stochastic Graphs
This subsection shows how the proof of Theorem 39 produces informative action release sequences for some pure stochastic graphs and strategies. For clarity, figures discard self-loops.
5.4.1 A Directed Graph with Several Cycles
Consider again the strongly connected directed graph and maximal strategy of Figure 23 on page 23. Earlier, we viewed as a pure nondeterministic graph with different hierarchical cyclic subgraphs. Now, we view as a pure stochastic graph and apply Construction 29 to obtain an informative action release sequence of length 5 for , contained in .
For this example, it turns out that the loop of step 4 in the construction runs once, ending with , but without having covered the entire state space of the graph. Consequently, as indicated by Theorem 39’s inductive proof, one needs to invoke the construction again, on a quotient graph. Again, the loop runs only once. In total, there are three invocations of the construction. The synopses below show how local variables in the construction are instantiated.
In the first invocation of Construction 29, the graph is as in Figure 23 and the maximal strategy is . For , one may use either state in ’s goal set . Using , one finds , yielding the minimal nonface . Thus . The comments at the top of page 5.1 produce .
Running the loop of step 4 in the construction, with , one obtains . In , has a single maximal extension, namely . Figure 30 shows both and , with representing all of identified to a singleton.
Since , the loop ends with . 2. 2.
In the second invocation of Construction 29, the graph is and the maximal strategy is . The strategy has goal state , so let . Therefore, in this invocation of the construction, , yielding the minimal nonface . (We use single prime notation to indicate actions in , including references to local variables within this invocation of Construction 29.)
We now write for , in order to avoid confusion with the earlier . Thus . The comments at the top of page 5.1 produce .
(Below, we will now also use double prime notation, specifically to indicate actions in , including references to local variables within Construction 29. We therefore write in place of in step 4(b) and in place of in step 4(c).)
Running the loop of step 4, with , one obtains . In , has a single maximal extension, namely itself. We refer to that extension as , in order to avoid confusion with the earlier . Figure 31 shows both and , with as before and representing all of identified to a singleton.
Since , the loop ends with . 3. 3.
Since the graph has only two states, one could now simply refer to the base case in the proof of Theorem 39. However, we will invoke Construction 29 yet a third time, with graph and maximal strategy . This strategy has goal state , thus yielding minimal nonface with source set . The comments at the top of page 5.1 produce the expansive set of actions . The loop ends because the source set is the entire state space, as discussed at the beginning of Section 5.3 on page 5.3.
Finally, one assembles the various expansive sets in reverse order of the recursive invocations of Construction 29. This process produces the following sequence of sets of actions in :
[TABLE]
That sequence of sets represents four informative action release sequences for , each consisting of actions in :
[TABLE]
(We know from Section 4.10.3 that also contains other informative action release sequences.)
5.4.2 A Pure Stochastic Graph
Figure 32 depicts a fully controllable pure stochastic graph , along with a maximal strategy that contains an action with stochastic transitions. The strategy complex appears in Figure 33, along with ’s action relation. The maximal strategy under consideration is .
Unlike in a pure nondeterministic graph, cycling is permitted in a pure stochastic graph, so long as the cycling is transient. The definition of “moves off” from page • ‣ 2.1 captures this distinction. For instance, in the current example, is a convergent (nonmaximal) strategy, with goal state #3. The set of actions would not be convergent if action were nondeterministic, since then an adversary could force infinite cycling between states #1 and #2. However, is stochastic, so there is a nonzero probability that the system will exit such a cycle, transitioning to state #3 instead. The precise transition probabilities of action affect expected convergence times, as discussed in [5, 4], but not overall convergence.
Given and as in Figure 32, Construction 29 computes as follows:
There is one state outside , so . Action in the construction should be an action with source , meaning it is action of Figure 32. 2. 2.
One may then use minimal nonface . (Another possibility is .) 3. 3.
So and . 4. 4.
Now the loop of the construction runs:
- :
- (a)
Figure 34 depicts graph , omitting the self-looping actions at state . 2. (b)
. 3. (c)
is not maximal in . It has unique maximal extension . 4. (d)
. Since , . Thus , , and .
- :
- (a)
Graph , with representing all states of identified to a singleton. So , the empty simplicial complex. 2. (b)
. 3. (c)
is maximal in , so . 4. (d)
, so the loop ends, with .
Lemma 33 and subsequent comments construct expansive sets and as follows (variable bindings for , , , , , , and are as above, actions and are as in Figure 32):
Let . 2. 1.
Since , . (See also page 5.1.) 3. 2.
While , , so .
By Corollary 37, the sequence is informative for , with all actions contained in . We thus obtain the informative action release sequence . Side note: This is not the only iars contained in . The longest such iars consists of all actions in , in the order .
Interpretation:
Figure 35 depicts as a graph. The graph consists of two independent two-cycles. Relationally, we may think of these two two-cycles as two independent bits of information, forming a basis for informative action release sequences. In more general examples (see Section 5.4.3), there may be less independence. Consequently, Lemma 33 (page 33) constructs expansive sets of actions, which Lemma 36 (page 36) then arranges informatively.
5.4.3 A Pure Stochastic Graph Highlighting Expansive Set Order
We now apply Construction 29 to the pure stochastic graph and maximal strategy of Figure 36. We may let . Then , , and . Thus . Now , so there is a choice in constructing . If we choose , then and so . There are two minimal nonfaces within . Let us use . Thus and the loop ends with k=2. Constructing involves a choice since actions and each have action ’s source as a target. Let us pick .
Corollary 37 on page 37 arranges the expansive sets of actions in the order . Indeed, both and are informative action release sequences for . Notice that action implies action in relation . Consequently, the order would *not * be acceptable.
Comment: We can lengthen to the iars . In fact, 12 of the 24 possible permutations of all the actions in constitute informative action release sequences for .
6 Counterexamples for Mixed Graphs
The assertion of Theorem 4 on page 4 need not hold for graphs containing a mix of deterministic, nondeterministic, and stochastic actions. Of course, there are many settings in which the assertion does hold. For instance, if one can find a hierarchical cyclic subgraph with the same state space as the given graph, then one can again prove the theorem, even if the graph contains stochastic actions. All the proof needs is for the hierarchical cyclic subgraph to be composed only of deterministic and nondeterministic actions. Absent such structure, it is very easy to construct a counterexample involving a mix of deterministic, nondeterministic, and stochastic actions. With some added effort, one may also construct counterexamples involving maximal strategies that attain singleton goals. This section presents such counterexamples.
6.1 A Counterexample with a Large Goal Set
Consider the graph and action relation of Figure 37. The graph contains two actions that have identical action edges, but differ in that one action is stochastic and the other action is nondeterministic. The stochastic action is , for some probability distribution ascribing nonzero probabilities to each target, and the nondeterministic action is . Additionally, the graph contains three deterministic action, , for .
The graph is fully controllable based just on the set of actions , as one can see from the action relation or as follows: The system can attain state #1 from any other state by using strategy . The system can reach a desired state in the set by repeatedly trying to do so using the stochastic action , cycling back to state #1 if that action transitions to the wrong state. For instance, strategy will converge to state #4.
None of the actions can be in a strategy together with action , but action can be. In fact, is a maximal strategy. The longest informative action release sequence contained in is the strategy itself, revealed in the order . That iars has length 2, which is less than the number 3 demanded by Theorem 4.
One may easily generalize this example to graphs with states, for , such that some maximal strategy consists of only two actions and therefore has an iars of length at most 2.
Key to this example is the oddity of having two nearly identical actions, with the only difference being that one action is stochastic and the other is nondeterministic. The graph would not be fully controllable with just the nondeterministic action. The stochastic action is needed to “sample with replacement”, i.e., “try and try again, until success”.
From a worst-case perspective, the strategy consisting of the nearly identical stochastic and nondeterministic actions amounts to no more than the nondeterministic action itself. So, why even include the nondeterministic action in the graph?
The answer is that it is a choice a system may make. Executing the stochastic action may entail greater cost than executing the nondeterministic action, because the nondeterministic action relieves the system of guaranteeing stochastic behavior. That may be desirable in some settings. At first it seems hardly so, because the only goal set one can attain using any strategy containing the nondeterministic action is a very large set (consisting of states in the generalized version). However, not caring about precise transitions is sensible when the graph is part of a larger graph and it does not matter what state the system passes through as a subgoal while attaining some overall goal. The next subsection explores such graphs further.
6.2 A Counterexample with a Small Goal Set
Previously, we saw the basis for a family of counterexamples in which the graph has states but contains a maximal strategy consisting of two actions with a goal set of size . One might therefore hypothesize that Theorem 4 should merely assert the existence of an informative action release sequence of length , with being the size of the goal set. In fact, such a theorem would also be false, since one can construct counterexamples to Theorem 4 using strategies that have goal sets of size 1, as this subsection demonstrates.
In constructing such counterexamples, one may take the fully controllable graph on states of the previous subsection and glue the set to another graph, permitting direct motion from any state in to a new state, #. In order to retain full controllability, the system also needs to be able to move back from state #. In this subsection, we use a single nondeterministic action. In the next subsection, will will use different nondeterministic actions. Numerous variations exist.
Figure 38 replicates a counterexample taken from [6], showing a graph and its action relation. Maximal strategy converges to singleton goal state #5. The strategy contains 5 actions, but the longest informative action release sequences contained in have length 3, which is less than the 4 demanded by Theorem 4. The reason no longer iars exists is because any one of the “downward” actions in the set implies the other two. That fact is clear from the action relation, but can also be understood as follows: First, knowing that a strategy contains one of the actions , , or means the strategy cannot contain the nondeterministic action . Second, for a maximal strategy, not containing means the strategy must contain the entire set .
6.3 A Counterexample with a Small Goal Set and Nonequivalent Inferences
Finally, we construct a counterexample similar to that of Figure 38, but without requiring equivalence between the deterministic downward actions flowing into state #. Instead, any *two * of these downward actions will imply all the downward actions. One may achieve this inference by replacing the single nondeterministic action at state # with different nondeterministic actions. Each of these actions now has a target set of size contained within the set . With this counterexample in mind, one may see yet another infinite family of counterexamples, parameterized now by the number of downward actions that may be released before all are implied (with sufficiently large).
Figure 39 shows a graph in three panels. Figure 40 shows ’s action relation. There are six states. Four of the graph’s deterministic actions, namely , , , , transition to state #6, while four nondeterministic actions, , , , , transition away from state #6. Each of those nondeterministic actions has a target set of size three that is a subset of . The following table shows which pairings of and actions create minimal nonfaces in . One sees that any single action drawn from is potentially consistent with strategies not involving any other action, but that any two of the actions imply them all. (Any two of the eliminate all , so the given maximal strategy must contain all .)
[TABLE]
Maximal strategy converges to goal state #6 and contains actions. However, since at most two of the actions are informative, the longest informative action release sequences contained in have length 4. That is less than the 5 demanded by Theorem 4.
Acknowledgments
Many thanks to Rob Ghrist, Steve LaValle, Ben Mann, and Matt Mason, for advice and support related to this research and its earlier foundations within SToMP.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] A. Björner and V. Welker. Complexes of directed graphs. SIAM J. Discrete Math , 12(4):413–424, 1999.
- 2[2] I. Dinur and K. Nissim. Revealing information while preserving privacy. In Proceedings of the 22nd ACM Symposium on Principles of Database Systems , pages 202–210, 2003.
- 3[3] C. Dwork. A firm foundation for private data analysis. Communications of the ACM , 54(1):86–95, 2011.
- 4[4] M. A. Erdmann. On the topology of discrete strategies. International Journal of Robotics Research , 29(7):855–896, 2010.
- 5[5] M. A. Erdmann. On the topology of discrete planning with uncertainty. In A. Zomorodian, editor, Advances in Applied and Computational Topology , pages 147–194. AMS, 2012.
- 6[6] M. A. Erdmann. Topology of privacy: Lattice structures and information bubbles for inference and obfuscation. http://arxiv.org/abs/1712.04130 , 2017.
- 7[7] W. Feller. An Introduction to Probability Theory and Its Applications , volume 1. John Wiley & Sons, New York, third edition, 1968.
- 8[8] A. Hultman. Directed subgraph complexes. Elec. J. Combinatorics , 11(1):R 75, 2004.
