src/HOL/Auth/Yahalom.thy
changeset 2032 1bbf1bdcaf56
parent 1995 c80e58e78d9c
child 2110 d01151e66cd4
     1.1 --- a/src/HOL/Auth/Yahalom.thy	Thu Sep 26 12:47:47 1996 +0200
     1.2 +++ b/src/HOL/Auth/Yahalom.thy	Thu Sep 26 12:50:48 1996 +0200
     1.3 @@ -12,34 +12,35 @@
     1.4  
     1.5  Yahalom = Shared + 
     1.6  
     1.7 -consts  yahalom   :: "event list set"
     1.8 -inductive yahalom
     1.9 +consts  yahalom   :: "agent set => event list set"
    1.10 +inductive "yahalom lost"
    1.11    intrs 
    1.12           (*Initial trace is empty*)
    1.13 -    Nil  "[]: yahalom"
    1.14 +    Nil  "[]: yahalom lost"
    1.15  
    1.16 -         (*The enemy MAY say anything he CAN say.  We do not expect him to
    1.17 +         (*The spy MAY say anything he CAN say.  We do not expect him to
    1.18             invent new nonces here, but he can also use NS1.  Common to
    1.19             all similar protocols.*)
    1.20 -    Fake "[| evs: yahalom;  B ~= Enemy;  X: synth (analz (sees Enemy evs)) |]
    1.21 -          ==> Says Enemy B X  # evs : yahalom"
    1.22 +    Fake "[| evs: yahalom lost;  B ~= Spy;  
    1.23 +             X: synth (analz (sees lost Spy evs)) |]
    1.24 +          ==> Says Spy B X  # evs : yahalom lost"
    1.25  
    1.26           (*Alice initiates a protocol run*)
    1.27 -    YM1  "[| evs: yahalom;  A ~= B |]
    1.28 -          ==> Says A B {|Agent A, Nonce (newN evs)|} # evs : yahalom"
    1.29 +    YM1  "[| evs: yahalom lost;  A ~= B |]
    1.30 +          ==> Says A B {|Agent A, Nonce (newN evs)|} # evs : yahalom lost"
    1.31  
    1.32           (*Bob's response to Alice's message.  Bob doesn't know who 
    1.33  	   the sender is, hence the A' in the sender field.*)
    1.34 -    YM2  "[| evs: yahalom;  B ~= Server;
    1.35 +    YM2  "[| evs: yahalom lost;  B ~= Server;
    1.36               Says A' B {|Agent A, Nonce NA|} : set_of_list evs |]
    1.37            ==> Says B Server 
    1.38                    {|Agent B, 
    1.39                      Crypt {|Agent A, Nonce NA, Nonce (newN evs)|} (shrK B)|}
    1.40 -                 # evs : yahalom"
    1.41 +                 # evs : yahalom lost"
    1.42  
    1.43           (*The Server receives Bob's message.  He responds by sending a
    1.44              new session key to Alice, with a packet for forwarding to Bob.*)
    1.45 -    YM3  "[| evs: yahalom;  A ~= Server;
    1.46 +    YM3  "[| evs: yahalom lost;  A ~= Server;
    1.47               Says B' Server 
    1.48                    {|Agent B, Crypt {|Agent A, Nonce NA, Nonce NB|} (shrK B)|}
    1.49                 : set_of_list evs |]
    1.50 @@ -47,15 +48,15 @@
    1.51                    {|Crypt {|Agent B, Key (newK evs), 
    1.52                              Nonce NA, Nonce NB|} (shrK A),
    1.53                      Crypt {|Agent A, Key (newK evs)|} (shrK B)|}
    1.54 -                 # evs : yahalom"
    1.55 +                 # evs : yahalom lost"
    1.56  
    1.57           (*Alice receives the Server's (?) message, checks her Nonce, and
    1.58             uses the new session key to send Bob his Nonce.*)
    1.59 -    YM4  "[| evs: yahalom;  A ~= B;  
    1.60 +    YM4  "[| evs: yahalom lost;  A ~= B;  
    1.61               Says S A {|Crypt {|Agent B, Key K, Nonce NA, Nonce NB|} (shrK A),
    1.62                          X|}
    1.63                 : set_of_list evs;
    1.64               Says A B {|Agent A, Nonce NA|} : set_of_list evs |]
    1.65 -          ==> Says A B {|X, Crypt (Nonce NB) K|} # evs : yahalom"
    1.66 +          ==> Says A B {|X, Crypt (Nonce NB) K|} # evs : yahalom lost"
    1.67  
    1.68  end