isabelle: src/HOL/SET-Protocol/Merchant_Registration.thy@007a339b9e7d (annotated)

14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	1	(* Title: HOL/Auth/SET/Merchant_Registration
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	2	ID: $Id$
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	3	Authors: Giampaolo Bella, Fabio Massacci, Lawrence C Paulson
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	4	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	5
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	6	header{The SET Merchant Registration Protocol}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	7
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 14218 diff changeset	8	theory Merchant_Registration imports PublicSET begin
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	9
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	10	text{*Copmpared with Cardholder Reigstration, @{text KeyCryptKey} is not
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	11	needed: no session key encrypts another. Instead we
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	12	prove the "key compromise" theorems for sets KK that contain no private
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	13	encryption keys (@{term "priEK C"}). *}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	14
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	15
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	16	inductive_set
1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	17	set_mr :: "event list set"
1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	18	where
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	19
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	20	Nil: --{Initial trace is empty}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	21	"[] \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	22
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	23
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	24	\| Fake: --{The spy MAY say anything he CAN say.}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	25	"[\| evsf \<in> set_mr; X \<in> synth (analz (knows Spy evsf)) \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	26	==> Says Spy B X # evsf \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	27
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	28
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	29	\| Reception: --{If A sends a message X to B, then B might receive it}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	30	"[\| evsr \<in> set_mr; Says A B X \<in> set evsr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	31	==> Gets B X # evsr \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	32
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	33
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	34	\| SET_MR1: --{RegFormReq: M requires a registration form to a CA}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	35	"[\| evs1 \<in> set_mr; M = Merchant k; Nonce NM1 \<notin> used evs1 \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	36	==> Says M (CA i) {\|Agent M, Nonce NM1\|} # evs1 \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	37
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	38
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	39	\| SET_MR2: --{*RegFormRes: CA replies with the registration form and the
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	40	certificates for her keys*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	41	"[\| evs2 \<in> set_mr; Nonce NCA \<notin> used evs2;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	42	Gets (CA i) {\|Agent M, Nonce NM1\|} \<in> set evs2 \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	43	==> Says (CA i) M {\|sign (priSK (CA i)) {\|Agent M, Nonce NM1, Nonce NCA\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	44	cert (CA i) (pubEK (CA i)) onlyEnc (priSK RCA),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	45	cert (CA i) (pubSK (CA i)) onlySig (priSK RCA) \|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	46	# evs2 \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	47
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	48	\| SET_MR3:
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	49	--{*CertReq: M submits the key pair to be certified. The Notes
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	50	event allows KM1 to be lost if M is compromised. Piero remarks
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	51	that the agent mentioned inside the signature is not verified to
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	52	correspond to M. As in CR, each Merchant has fixed key pairs. M
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	53	is only optionally required to send NCA back, so M doesn't do so
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	54	in the model*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	55	"[\| evs3 \<in> set_mr; M = Merchant k; Nonce NM2 \<notin> used evs3;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	56	Key KM1 \<notin> used evs3; KM1 \<in> symKeys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	57	Gets M {\|sign (invKey SKi) {\|Agent X, Nonce NM1, Nonce NCA\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	58	cert (CA i) EKi onlyEnc (priSK RCA),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	59	cert (CA i) SKi onlySig (priSK RCA) \|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	60	\<in> set evs3;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	61	Says M (CA i) {\|Agent M, Nonce NM1\|} \<in> set evs3 \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	62	==> Says M (CA i)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	63	{\|Crypt KM1 (sign (priSK M) {\|Agent M, Nonce NM2,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	64	Key (pubSK M), Key (pubEK M)\|}),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	65	Crypt EKi (Key KM1)\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	66	# Notes M {\|Key KM1, Agent (CA i)\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	67	# evs3 \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	68
23755 1c4672d130b1 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	69	\| SET_MR4:
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	70	--{*CertRes: CA issues the certificates for merSK and merEK,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	71	while checking never to have certified the m even
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	72	separately. NOTE: In Cardholder Registration the
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	73	corresponding rule (6) doesn't use the "sign" primitive. "The
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	74	CertRes shall be signed but not encrypted if the EE is a Merchant
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	75	or Payment Gateway."-- Programmer's Guide, page 191.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	76	"[\| evs4 \<in> set_mr; M = Merchant k;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	77	merSK \<notin> symKeys; merEK \<notin> symKeys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	78	Notes (CA i) (Key merSK) \<notin> set evs4;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	79	Notes (CA i) (Key merEK) \<notin> set evs4;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	80	Gets (CA i) {\|Crypt KM1 (sign (invKey merSK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	81	{\|Agent M, Nonce NM2, Key merSK, Key merEK\|}),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	82	Crypt (pubEK (CA i)) (Key KM1) \|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	83	\<in> set evs4 \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	84	==> Says (CA i) M {\|sign (priSK(CA i)) {\|Agent M, Nonce NM2, Agent(CA i)\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	85	cert M merSK onlySig (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	86	cert M merEK onlyEnc (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	87	cert (CA i) (pubSK (CA i)) onlySig (priSK RCA)\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	88	# Notes (CA i) (Key merSK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	89	# Notes (CA i) (Key merEK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	90	# evs4 \<in> set_mr"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	91
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	92
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	93	text{Note possibility proofs are missing.}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	94
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	95	declare Says_imp_knows_Spy [THEN parts.Inj, dest]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	96	declare parts.Body [dest]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	97	declare analz_into_parts [dest]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	98	declare Fake_parts_insert_in_Un [dest]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	99
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	100	text{General facts about message reception}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	101	lemma Gets_imp_Says:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	102	"[\| Gets B X \<in> set evs; evs \<in> set_mr \|] ==> \<exists>A. Says A B X \<in> set evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	103	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	104	apply (erule set_mr.induct, auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	105	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	106
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	107	lemma Gets_imp_knows_Spy:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	108	"[\| Gets B X \<in> set evs; evs \<in> set_mr \|] ==> X \<in> knows Spy evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	109	by (blast dest!: Gets_imp_Says Says_imp_knows_Spy)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	110
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	111
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	112	declare Gets_imp_knows_Spy [THEN parts.Inj, dest]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	113
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	114	subsubsection{Proofs on keys }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	115
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	116	text{Spy never sees an agent's private keys! (unless it's bad at start)}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	117	lemma Spy_see_private_Key [simp]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	118	"evs \<in> set_mr
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	119	==> (Key(invKey (publicKey b A)) \<in> parts(knows Spy evs)) = (A \<in> bad)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	120	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	121	apply (auto dest!: Gets_imp_knows_Spy [THEN parts.Inj])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	122	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	123
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	124	lemma Spy_analz_private_Key [simp]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	125	"evs \<in> set_mr ==>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	126	(Key(invKey (publicKey b A)) \<in> analz(knows Spy evs)) = (A \<in> bad)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	127	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	128
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	129	declare Spy_see_private_Key [THEN [2] rev_iffD1, dest!]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	130	declare Spy_analz_private_Key [THEN [2] rev_iffD1, dest!]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	131
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	132	(*This is to state that the signed keys received in step 4
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	133	are into parts - rather than installing sign_def each time.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	134	Needed in Spy_see_priSK_RCA, Spy_see_priEK and in Spy_see_priSK
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	135	Goal "[\|Gets C \<lbrace>Crypt KM1
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	136	(sign K \<lbrace>Agent M, Nonce NM2, Key merSK, Key merEK\<rbrace>), X\<rbrace>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	137	\<in> set evs; evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	138	==> Key merSK \<in> parts (knows Spy evs) \<and>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	139	Key merEK \<in> parts (knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	140	by (fast_tac (claset() addss (simpset())) 1);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	141	qed "signed_keys_in_parts";
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	142	???*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	143
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	144	text{*Proofs on certificates -
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	145	they hold, as in CR, because RCA's keys are secure*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	146
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	147	lemma Crypt_valid_pubEK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	148	"[\| Crypt (priSK RCA) {\|Agent (CA i), Key EKi, onlyEnc\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	149	\<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	150	evs \<in> set_mr \|] ==> EKi = pubEK (CA i)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	151	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	152	apply (erule set_mr.induct, auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	153	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	154
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	155	lemma certificate_valid_pubEK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	156	"[\| cert (CA i) EKi onlyEnc (priSK RCA) \<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	157	evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	158	==> EKi = pubEK (CA i)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	159	apply (unfold cert_def signCert_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	160	apply (blast dest!: Crypt_valid_pubEK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	161	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	162
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	163	lemma Crypt_valid_pubSK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	164	"[\| Crypt (priSK RCA) {\|Agent (CA i), Key SKi, onlySig\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	165	\<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	166	evs \<in> set_mr \|] ==> SKi = pubSK (CA i)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	167	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	168	apply (erule set_mr.induct, auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	169	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	170
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	171	lemma certificate_valid_pubSK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	172	"[\| cert (CA i) SKi onlySig (priSK RCA) \<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	173	evs \<in> set_mr \|] ==> SKi = pubSK (CA i)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	174	apply (unfold cert_def signCert_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	175	apply (blast dest!: Crypt_valid_pubSK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	176	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	177
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	178	lemma Gets_certificate_valid:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	179	"[\| Gets A {\| X, cert (CA i) EKi onlyEnc (priSK RCA),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	180	cert (CA i) SKi onlySig (priSK RCA)\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	181	evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	182	==> EKi = pubEK (CA i) & SKi = pubSK (CA i)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	183	by (blast dest: certificate_valid_pubEK certificate_valid_pubSK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	184
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	185
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	186	text{Nobody can have used non-existent keys!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	187	lemma new_keys_not_used [rule_format,simp]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	188	"evs \<in> set_mr
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	189	==> Key K \<notin> used evs --> K \<in> symKeys -->
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	190	K \<notin> keysFor (parts (knows Spy evs))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	191	apply (erule set_mr.induct, simp_all)
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	192	apply (force dest!: usedI keysFor_parts_insert) --{Fake}
db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	193	apply force --{Message 2}
db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	194	apply (blast dest: Gets_certificate_valid) --{Message 3}
db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	195	apply force --{Message 4}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	196	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	197
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	198
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	199	subsubsection{New Versions: As Above, but Generalized with the Kk Argument}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	200
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	201	lemma gen_new_keys_not_used [rule_format]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	202	"evs \<in> set_mr
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	203	==> Key K \<notin> used evs --> K \<in> symKeys -->
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	204	K \<notin> keysFor (parts (Key`KK Un knows Spy evs))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	205	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	206
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	207	lemma gen_new_keys_not_analzd:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	208	"[\|Key K \<notin> used evs; K \<in> symKeys; evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	209	==> K \<notin> keysFor (analz (Key`KK Un knows Spy evs))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	210	by (blast intro: keysFor_mono [THEN [2] rev_subsetD]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	211	dest: gen_new_keys_not_used)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	212
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	213	lemma analz_Key_image_insert_eq:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	214	"[\|Key K \<notin> used evs; K \<in> symKeys; evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	215	==> analz (Key ` (insert K KK) \<union> knows Spy evs) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	216	insert (Key K) (analz (Key ` KK \<union> knows Spy evs))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	217	by (simp add: gen_new_keys_not_analzd)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	218
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	219
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	220	lemma Crypt_parts_imp_used:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	221	"[\|Crypt K X \<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	222	K \<in> symKeys; evs \<in> set_mr \|] ==> Key K \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	223	apply (rule ccontr)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	224	apply (force dest: new_keys_not_used Crypt_imp_invKey_keysFor)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	225	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	226
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	227	lemma Crypt_analz_imp_used:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	228	"[\|Crypt K X \<in> analz (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	229	K \<in> symKeys; evs \<in> set_mr \|] ==> Key K \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	230	by (blast intro: Crypt_parts_imp_used)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	231
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	232	text{*Rewriting rule for private encryption keys. Analogous rewriting rules
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	233	for other keys aren't needed.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	234
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	235	lemma parts_image_priEK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	236	"[\|Key (priEK (CA i)) \<in> parts (Key`KK Un (knows Spy evs));
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	237	evs \<in> set_mr\|] ==> priEK (CA i) \<in> KK \| CA i \<in> bad"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	238	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	239
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	240	text{trivial proof because (priEK (CA i)) never appears even in (parts evs)}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	241	lemma analz_image_priEK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	242	"evs \<in> set_mr ==>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	243	(Key (priEK (CA i)) \<in> analz (Key`KK Un (knows Spy evs))) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	244	(priEK (CA i) \<in> KK \| CA i \<in> bad)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	245	by (blast dest!: parts_image_priEK intro: analz_mono [THEN [2] rev_subsetD])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	246
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	247
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	248	subsection{Secrecy of Session Keys}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	249
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	250	text{*This holds because if (priEK (CA i)) appears in any traffic then it must
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	251	be known to the Spy, by @{text Spy_see_private_Key}*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	252	lemma merK_neq_priEK:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	253	"[\|Key merK \<notin> analz (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	254	Key merK \<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	255	evs \<in> set_mr\|] ==> merK \<noteq> priEK C"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	256	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	257
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	258	text{*Lemma for message 4: either merK is compromised (when we don't care)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	259	or else merK hasn't been used to encrypt K.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	260	lemma msg4_priEK_disj:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	261	"[\|Gets B {\|Crypt KM1
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	262	(sign K {\|Agent M, Nonce NM2, Key merSK, Key merEK\|}),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	263	Y\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	264	evs \<in> set_mr\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	265	==> (Key merSK \<in> analz (knows Spy evs) \| merSK \<notin> range(\<lambda>C. priEK C))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	266	& (Key merEK \<in> analz (knows Spy evs) \| merEK \<notin> range(\<lambda>C. priEK C))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	267	apply (unfold sign_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	268	apply (blast dest: merK_neq_priEK)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	269	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	270
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	271
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	272	lemma Key_analz_image_Key_lemma:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	273	"P --> (Key K \<in> analz (Key`KK Un H)) --> (K\<in>KK \| Key K \<in> analz H)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	274	==>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	275	P --> (Key K \<in> analz (Key`KK Un H)) = (K\<in>KK \| Key K \<in> analz H)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	276	by (blast intro: analz_mono [THEN [2] rev_subsetD])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	277
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	278	lemma symKey_compromise:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	279	"evs \<in> set_mr ==>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	280	(\<forall>SK KK. SK \<in> symKeys \<longrightarrow> (\<forall>K \<in> KK. K \<notin> range(\<lambda>C. priEK C)) -->
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	281	(Key SK \<in> analz (Key`KK Un (knows Spy evs))) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	282	(SK \<in> KK \| Key SK \<in> analz (knows Spy evs)))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	283	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	284	apply (safe del: impI intro!: Key_analz_image_Key_lemma [THEN impI])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	285	apply (drule_tac [7] msg4_priEK_disj)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	286	apply (frule_tac [6] Gets_certificate_valid)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	287	apply (safe del: impI)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	288	apply (simp_all del: image_insert image_Un imp_disjL
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	289	add: analz_image_keys_simps abbrev_simps analz_knows_absorb
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	290	analz_knows_absorb2 analz_Key_image_insert_eq notin_image_iff
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	291	Spy_analz_private_Key analz_image_priEK)
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 23755 diff changeset	292	--{5 seconds on a 1.6GHz machine}
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	293	apply spy_analz --{Fake}
db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	294	apply auto --{Message 3}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	295	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	296
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	297	lemma symKey_secrecy [rule_format]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	298	"[\|CA i \<notin> bad; K \<in> symKeys; evs \<in> set_mr\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	299	==> \<forall>X m. Says (Merchant m) (CA i) X \<in> set evs -->
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	300	Key K \<in> parts{X} -->
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	301	Merchant m \<notin> bad -->
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	302	Key K \<notin> analz (knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	303	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	304	apply (drule_tac [7] msg4_priEK_disj)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	305	apply (frule_tac [6] Gets_certificate_valid)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	306	apply (safe del: impI)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	307	apply (simp_all del: image_insert image_Un imp_disjL
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	308	add: analz_image_keys_simps abbrev_simps analz_knows_absorb
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	309	analz_knows_absorb2 analz_Key_image_insert_eq
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	310	symKey_compromise notin_image_iff Spy_analz_private_Key
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	311	analz_image_priEK)
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	312	apply spy_analz --{Fake}
db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	313	apply force --{Message 1}
db95d1c2f51b removal of junk and improvement of the document paulson parents: 14199 diff changeset	314	apply (auto intro: analz_into_parts [THEN usedI] in_parts_Says_imp_used) --{Message 3}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	315	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	316
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	317	subsection{Unicity }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	318
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	319	lemma msg4_Says_imp_Notes:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	320	"[\|Says (CA i) M {\|sign (priSK (CA i)) {\|Agent M, Nonce NM2, Agent (CA i)\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	321	cert M merSK onlySig (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	322	cert M merEK onlyEnc (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	323	cert (CA i) (pubSK (CA i)) onlySig (priSK RCA)\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	324	evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	325	==> Notes (CA i) (Key merSK) \<in> set evs
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	326	& Notes (CA i) (Key merEK) \<in> set evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	327	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	328	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	329	apply (simp_all (no_asm_simp))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	330	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	331
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	332	text{*Unicity of merSK wrt a given CA:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	333	merSK uniquely identifies the other components, including merEK*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	334	lemma merSK_unicity:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	335	"[\|Says (CA i) M {\|sign (priSK(CA i)) {\|Agent M, Nonce NM2, Agent (CA i)\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	336	cert M merSK onlySig (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	337	cert M merEK onlyEnc (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	338	cert (CA i) (pubSK (CA i)) onlySig (priSK RCA)\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	339	Says (CA i) M' {\|sign (priSK(CA i)) {\|Agent M', Nonce NM2', Agent (CA i)\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	340	cert M' merSK onlySig (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	341	cert M' merEK' onlyEnc (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	342	cert (CA i) (pubSK(CA i)) onlySig (priSK RCA)\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	343	evs \<in> set_mr \|] ==> M=M' & NM2=NM2' & merEK=merEK'"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	344	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	345	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	346	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	347	apply (simp_all (no_asm_simp))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	348	apply (blast dest!: msg4_Says_imp_Notes)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	349	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	350
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	351	text{*Unicity of merEK wrt a given CA:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	352	merEK uniquely identifies the other components, including merSK*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	353	lemma merEK_unicity:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	354	"[\|Says (CA i) M {\|sign (priSK(CA i)) {\|Agent M, Nonce NM2, Agent (CA i)\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	355	cert M merSK onlySig (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	356	cert M merEK onlyEnc (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	357	cert (CA i) (pubSK (CA i)) onlySig (priSK RCA)\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	358	Says (CA i) M' {\|sign (priSK(CA i)) {\|Agent M', Nonce NM2', Agent (CA i)\|},
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	359	cert M' merSK' onlySig (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	360	cert M' merEK onlyEnc (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	361	cert (CA i) (pubSK(CA i)) onlySig (priSK RCA)\|} \<in> set evs;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	362	evs \<in> set_mr \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	363	==> M=M' & NM2=NM2' & merSK=merSK'"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	364	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	365	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	366	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	367	apply (simp_all (no_asm_simp))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	368	apply (blast dest!: msg4_Says_imp_Notes)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	369	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	370
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	371
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	372	text{* -No interest on secrecy of nonces: they appear to be used
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	373	only for freshness.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	374	-No interest on secrecy of merSK or merEK, as in CR.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	375	-There's no equivalent of the PAN*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	376
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	377
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	378	subsection{Primary Goals of Merchant Registration }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	379
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	380	subsubsection{*The merchant's certificates really were created by the CA,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	381	provided the CA is uncompromised *}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	382
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	383	text{*The assumption @{term "CA i \<noteq> RCA"} is required: step 2 uses
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	384	certificates of the same form.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	385	lemma certificate_merSK_valid_lemma [intro]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	386	"[\|Crypt (priSK (CA i)) {\|Agent M, Key merSK, onlySig\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	387	\<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	388	CA i \<notin> bad; CA i \<noteq> RCA; evs \<in> set_mr\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	389	==> \<exists>X Y Z. Says (CA i) M
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	390	{\|X, cert M merSK onlySig (priSK (CA i)), Y, Z\|} \<in> set evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	391	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	392	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	393	apply (simp_all (no_asm_simp))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	394	apply auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	395	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	396
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	397	lemma certificate_merSK_valid:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	398	"[\| cert M merSK onlySig (priSK (CA i)) \<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	399	CA i \<notin> bad; CA i \<noteq> RCA; evs \<in> set_mr\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	400	==> \<exists>X Y Z. Says (CA i) M
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	401	{\|X, cert M merSK onlySig (priSK (CA i)), Y, Z\|} \<in> set evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	402	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	403
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	404	lemma certificate_merEK_valid_lemma [intro]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	405	"[\|Crypt (priSK (CA i)) {\|Agent M, Key merEK, onlyEnc\|}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	406	\<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	407	CA i \<notin> bad; CA i \<noteq> RCA; evs \<in> set_mr\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	408	==> \<exists>X Y Z. Says (CA i) M
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	409	{\|X, Y, cert M merEK onlyEnc (priSK (CA i)), Z\|} \<in> set evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	410	apply (erule rev_mp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	411	apply (erule set_mr.induct)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	412	apply (simp_all (no_asm_simp))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	413	apply auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	414	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	415
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	416	lemma certificate_merEK_valid:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	417	"[\| cert M merEK onlyEnc (priSK (CA i)) \<in> parts (knows Spy evs);
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	418	CA i \<notin> bad; CA i \<noteq> RCA; evs \<in> set_mr\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	419	==> \<exists>X Y Z. Says (CA i) M
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	420	{\|X, Y, cert M merEK onlyEnc (priSK (CA i)), Z\|} \<in> set evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	421	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	422
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	423	text{*The two certificates - for merSK and for merEK - cannot be proved to
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	424	have originated together*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	425
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	426	end

author	nipkow
	Wed, 30 Jul 2008 16:07:00 +0200
changeset 27712	007a339b9e7d
parent 24123	a0fc58900606
child 32960	69916a850301
permissions	-rw-r--r--