Proof of correctness

From the definition of the protocol, we have that