Lemma 4. If there is a time t after which a correct proposer pi in state proposing cannot execute Line 31, then xx eventually decides.
Lemma 4. 1 of Section 4) For all r > 0, every process p, and every correct process q, if p executes round r until the end, then q executes round r until the end. Proof (sketch): This follows from a simple induction on r. We only proof the inductive step: assume that the lemma holds for r − 1, and that p executes round r > 1 until the end; we show that every correct process executes round r until the end. From the inductive hypothesis, all cor- rect processes execute round r− 1 until the end, and so, execute W-ABroadcast(r, −) in round r. From validity of the ordering oracles, all correct processes eventually execute W-ADeliver(r, −). It also follows that since there are n − f correct processes that execute send(first, r, −) at line 12, no correct process remains blocked forever at the wait statement at line 13, and executes round r until the end, concluding the proof. Q Lemma C.2 (Lemma 4.2 of Section 4) For all r > 0, every process p that executes round r until the end, and every process q that executes round r +1 until the end, deliveredr is a prefix of deliveredr+1. Proof (sketch): Assume p executed round r until the end. Then, p received at line 13 n − f messages of the type (first, r, v), and from lines 16 and 19, allSeqp and deliveredr are prefixes of v. Since there are n − f processes that execute send(first, r, v), and f < n/3, for every process u that executes lines 14–15, we have that allSeqp and deliveredr are prefixes of estimater , where estimater is the value of estimateu right after process u executes line 14–15. Let q be a process that executes line 13 of round r + 1. Then q receives n − f messages of the type (first,r + 1, vj), where vj = estimater , and so, allSeqp and deliveredr are prefixes of
Lemma 4. Let K be a CM field of degree 2g with an odd prime g and let Φ be a CM type of K. Let P = (A, θ, ϕ) be a g-dimensional polarized abelian variety of type (K, Φ) with CM by K. If A is simple over C and the field of moduli MQ of (A, ϕ) is Q then K is cyclic over Q, the CM type Φ is primitive and we have I0(Φr) = IKr .
Lemma 4. Let P be a principally polarized simple abelian threefold over C that has CM by the maximal order of a CM class number one sextic CM field K. Then we have (ρP : P ) = 1, where ρ is complex conjugation.
Lemma 4. 3.11. Let K be a cyclic sextic CM field with h∗K = 4 and let Φ be a primitive CM type of K. Let F be the totally real cubic subfield 2 r of K. Let p0F = p1p2p3 and pi0K = Pi . Suppose I0(Φ ) = IKr . Then there is ti ∈ F⨮0 such that phF = ti0F for each i ∈ {1, 2, 3} and of order 4.
Lemma 4. Let O be an imaginary quadratic order and let m be an odd prime number. Then O = Z[σ] for some σ ∈ O of norm coprime to m. Proof. Let τ ∈ O be a generator of O, suppose of norm divisible by m. Then for any k ∈ Z, N (τ + k) = N (τ ) + k(tr(τ ) + k) ≡ k(tr(τ ) + k) mod m. Since m ≥ 3 we can thus always find k ∈ Z such that m ∤ N (τ + k).
Lemma 4. Suppose that less than an fAV-fraction of the parties is dishonest and all honest parties input v to ΠHBA. Further, suppose that no honest party outputs in ΠHBA at time tj < tout. Then every honest party outputs v in ΠHBA at time tout + ∆ + tSBA.
Lemma 4. 22. Suppose that less than nfAV parties are dishonest and all honest parties input v to ΠETHBA. Further, suppose that no honest party outputs in ΠETHBA at time tj < tout. Then every honest party outputs v in ΠETHBA at time tout + tSBC + tSBA + ∆.
Lemma 4. 6 Let the graph G, hypergraph H, the function h, the relative density α, and the partition ∆i be defined as above. Then the following holds: ind(h, (∆i)p ) = ind(H, (∆i)p ) − α2.
Lemma 4. For any Schwarzian ϕ ∈ T holomorphic in the disk Δ𝑟* = {|𝑧| > 𝑟}, 𝑟 < 1, there exist a sequence of torsion free Fuchsian groups Γ𝑟 of the first kind acting on Δ*𝑟 , which does not depend on ϕ, and a sequence of elements ϕ𝑚 ∈ T(Γ𝑟 ) canonically determined by ϕ and converging to ϕ uniformly on Δ*; hence, lim ϕ𝑚 − ϕ B = 0. ∞
