isabelle: src/HOL/SET-Protocol/PublicSET.thy@133d1cfd6ae7 (annotated)

14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	1	(* Title: HOL/Auth/SET/PublicSET
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	2	Authors: Giampaolo Bella, Fabio Massacci, Lawrence C Paulson
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	3	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	4
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	5	header{The Public-Key Theory, Modified for SET}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	6
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 15032 diff changeset	7	theory PublicSET imports EventSET begin
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	8
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	9	subsection{Symmetric and Asymmetric Keys}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	10
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	11	text{*definitions influenced by the wish to assign asymmetric keys
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	12	- since the beginning - only to RCA and CAs, namely we need a partial
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	13	function on type Agent*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	14
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	15
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	16	text{The SET specs mention two signature keys for CAs - we only have one}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	17
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	18	consts
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	19	publicKey :: "[bool, agent] => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	20	--{the boolean is TRUE if a signing key}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	21
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	22	syntax
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	23	pubEK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	24	pubSK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	25	priEK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	26	priSK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	27
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	28	translations
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	29	"pubEK" == "publicKey False"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	30	"pubSK" == "publicKey True"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	31
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	32	(BEWARE!! priEK, priSK DON'T WORK with inj, range, image, etc.)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	33	"priEK A" == "invKey (pubEK A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	34	"priSK A" == "invKey (pubSK A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	35
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	36	text{*By freeness of agents, no two agents have the same key. Since
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	37	@{term "True\<noteq>False"}, no agent has the same signing and encryption keys.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	38
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	39	specification (publicKey)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	40	injective_publicKey:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	41	"publicKey b A = publicKey c A' ==> b=c & A=A'"
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	42	(<)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	43	apply (rule exI [of _ "%b A. 2 * nat_of_agent A + (if b then 1 else 0)"])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	44	apply (auto simp add: inj_on_def inj_nat_of_agent [THEN inj_eq] split: agent.split)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	45	apply (drule_tac f="%x. x mod 2" in arg_cong, simp add: mod_Suc)+
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	46	(*or this, but presburger won't abstract out the function applications
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	47	apply presburger+
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	48	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	49	done
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	50	(>)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	51
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	52	axioms
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	53	(*No private key equals any public key (essential to ensure that private
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	54	keys are private!) *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	55	privateKey_neq_publicKey [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	56	"invKey (publicKey b A) \<noteq> publicKey b' A'"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	57
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	58	declare privateKey_neq_publicKey [THEN not_sym, iff]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	59
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	60
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	61	subsection{Initial Knowledge}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	62
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	63	text{*This information is not necessary. Each protocol distributes any needed
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	64	certificates, and anyway our proofs require a formalization of the Spy's
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	65	knowledge only. However, the initial knowledge is as follows:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	66	All agents know RCA's public keys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	67	RCA and CAs know their own respective keys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	68	RCA (has already certified and therefore) knows all CAs public keys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	69	Spy knows all keys of all bad agents.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	70	primrec
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	71	(<)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	72	initState_CA:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	73	"initState (CA i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	74	(if i=0 then Key ` ({priEK RCA, priSK RCA} Un
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	75	pubEK ` (range CA) Un pubSK ` (range CA))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	76	else {Key (priEK (CA i)), Key (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	77	Key (pubEK (CA i)), Key (pubSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	78	Key (pubEK RCA), Key (pubSK RCA)})"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	79
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	80	initState_Cardholder:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	81	"initState (Cardholder i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	82	{Key (priEK (Cardholder i)), Key (priSK (Cardholder i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	83	Key (pubEK (Cardholder i)), Key (pubSK (Cardholder i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	84	Key (pubEK RCA), Key (pubSK RCA)}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	85
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	86	initState_Merchant:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	87	"initState (Merchant i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	88	{Key (priEK (Merchant i)), Key (priSK (Merchant i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	89	Key (pubEK (Merchant i)), Key (pubSK (Merchant i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	90	Key (pubEK RCA), Key (pubSK RCA)}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	91
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	92	initState_PG:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	93	"initState (PG i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	94	{Key (priEK (PG i)), Key (priSK (PG i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	95	Key (pubEK (PG i)), Key (pubSK (PG i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	96	Key (pubEK RCA), Key (pubSK RCA)}"
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	97	(>)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	98	initState_Spy:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	99	"initState Spy = Key ` (invKey ` pubEK ` bad Un
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	100	invKey ` pubSK ` bad Un
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	101	range pubEK Un range pubSK)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	102
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	103
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	104	text{Injective mapping from agents to PANs: an agent can have only one card}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	105
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	106	consts pan :: "agent => nat"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	107
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	108	specification (pan)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	109	inj_pan: "inj pan"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	110	--{No two agents have the same PAN}
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	111	(<)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	112	apply (rule exI [of _ "nat_of_agent"])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	113	apply (simp add: inj_on_def inj_nat_of_agent [THEN inj_eq])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	114	done
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	115	(>)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	116
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	117	declare inj_pan [THEN inj_eq, iff]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	118
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	119	consts
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	120	XOR :: "natnat => nat" --{no properties are assumed of exclusive-or*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	121
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	122
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	123	subsection{Signature Primitives}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	124
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	125	constdefs
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	126
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	127	(* Signature = Message + signed Digest *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	128	sign :: "[key, msg]=>msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	129	"sign K X == {\|X, Crypt K (Hash X) \|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	130
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	131	(* Signature Only = signed Digest Only *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	132	signOnly :: "[key, msg]=>msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	133	"signOnly K X == Crypt K (Hash X)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	134
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	135	(* Signature for Certificates = Message + signed Message *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	136	signCert :: "[key, msg]=>msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	137	"signCert K X == {\|X, Crypt K X \|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	138
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	139	(* Certification Authority's Certificate.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	140	Contains agent name, a key, a number specifying the key's target use,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	141	a key to sign the entire certificate.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	142
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	143	Should prove if signK=priSK RCA and C=CA i,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	144	then Ka=pubEK i or pubSK i depending on T ??
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	145	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	146	cert :: "[agent, key, msg, key] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	147	"cert A Ka T signK == signCert signK {\|Agent A, Key Ka, T\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	148
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	149
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	150	(* Cardholder's Certificate.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	151	Contains a PAN, the certified key Ka, the PANSecret PS,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	152	a number specifying the target use for Ka, the signing key signK.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	153	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	154	certC :: "[nat, key, nat, msg, key] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	155	"certC PAN Ka PS T signK ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	156	signCert signK {\|Hash {\|Nonce PS, Pan PAN\|}, Key Ka, T\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	157
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	158	(*cert and certA have no repeated elements, so they could be translations,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	159	but that's tricky and makes proofs slower*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	160
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	161	syntax
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	162	"onlyEnc" :: msg
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	163	"onlySig" :: msg
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	164	"authCode" :: msg
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	165
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	166	translations
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	167	"onlyEnc" == "Number 0"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	168	"onlySig" == "Number (Suc 0)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	169	"authCode" == "Number (Suc (Suc 0))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	170
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	171	subsection{Encryption Primitives}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	172
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	173	constdefs
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	174
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	175	EXcrypt :: "[key,key,msg,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	176	--{Extra Encryption}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	177	(K: the symmetric key EK: the public encryption key)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	178	"EXcrypt K EK M m ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	179	{\|Crypt K {\|M, Hash m\|}, Crypt EK {\|Key K, m\|}\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	180
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	181	EXHcrypt :: "[key,key,msg,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	182	--{Extra Encryption with Hashing}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	183	(K: the symmetric key EK: the public encryption key)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	184	"EXHcrypt K EK M m ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	185	{\|Crypt K {\|M, Hash m\|}, Crypt EK {\|Key K, m, Hash M\|}\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	186
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	187	Enc :: "[key,key,key,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	188	--{Simple Encapsulation with SIGNATURE}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	189	(*SK: the sender's signing key
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	190	K: the symmetric key
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	191	EK: the public encryption key*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	192	"Enc SK K EK M ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	193	{\|Crypt K (sign SK M), Crypt EK (Key K)\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	194
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	195	EncB :: "[key,key,key,msg,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	196	--{Encapsulation with Baggage. Keys as above, and baggage b.}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	197	"EncB SK K EK M b ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	198	{\|Enc SK K EK {\|M, Hash b\|}, b\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	199
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	200
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	201	subsection{Basic Properties of pubEK, pubSK, priEK and priSK }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	202
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	203	lemma publicKey_eq_iff [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	204	"(publicKey b A = publicKey b' A') = (b=b' & A=A')"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	205	by (blast dest: injective_publicKey)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	206
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	207	lemma privateKey_eq_iff [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	208	"(invKey (publicKey b A) = invKey (publicKey b' A')) = (b=b' & A=A')"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	209	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	210
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	211	lemma not_symKeys_publicKey [iff]: "publicKey b A \<notin> symKeys"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	212	by (simp add: symKeys_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	213
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	214	lemma not_symKeys_privateKey [iff]: "invKey (publicKey b A) \<notin> symKeys"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	215	by (simp add: symKeys_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	216
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	217	lemma symKeys_invKey_eq [simp]: "K \<in> symKeys ==> invKey K = K"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	218	by (simp add: symKeys_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	219
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	220	lemma symKeys_invKey_iff [simp]: "(invKey K \<in> symKeys) = (K \<in> symKeys)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	221	by (unfold symKeys_def, auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	222
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	223	text{Can be slow (or even loop) as a simprule}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	224	lemma symKeys_neq_imp_neq: "(K \<in> symKeys) \<noteq> (K' \<in> symKeys) ==> K \<noteq> K'"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	225	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	226
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	227	text{*These alternatives to @{text symKeys_neq_imp_neq} don't seem any better
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	228	in practice.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	229	lemma publicKey_neq_symKey: "K \<in> symKeys ==> publicKey b A \<noteq> K"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	230	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	231
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	232	lemma symKey_neq_publicKey: "K \<in> symKeys ==> K \<noteq> publicKey b A"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	233	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	234
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	235	lemma privateKey_neq_symKey: "K \<in> symKeys ==> invKey (publicKey b A) \<noteq> K"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	236	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	237
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	238	lemma symKey_neq_privateKey: "K \<in> symKeys ==> K \<noteq> invKey (publicKey b A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	239	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	240
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	241	lemma analz_symKeys_Decrypt:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	242	"[\| Crypt K X \<in> analz H; K \<in> symKeys; Key K \<in> analz H \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	243	==> X \<in> analz H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	244	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	245
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	246
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	247	subsection{"Image" Equations That Hold for Injective Functions }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	248
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	249	lemma invKey_image_eq [iff]: "(invKey x \<in> invKey`A) = (x\<in>A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	250	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	251
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	252	text{holds because invKey is injective}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	253	lemma publicKey_image_eq [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	254	"(publicKey b A \<in> publicKey c ` AS) = (b=c & A\<in>AS)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	255	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	256
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	257	lemma privateKey_image_eq [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	258	"(invKey (publicKey b A) \<in> invKey ` publicKey c ` AS) = (b=c & A\<in>AS)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	259	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	260
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	261	lemma privateKey_notin_image_publicKey [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	262	"invKey (publicKey b A) \<notin> publicKey c ` AS"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	263	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	264
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	265	lemma publicKey_notin_image_privateKey [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	266	"publicKey b A \<notin> invKey ` publicKey c ` AS"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	267	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	268
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	269	lemma keysFor_parts_initState [simp]: "keysFor (parts (initState C)) = {}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	270	apply (simp add: keysFor_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	271	apply (induct_tac "C")
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	272	apply (auto intro: range_eqI)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	273	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	274
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	275	text{for proving @{text new_keys_not_used}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	276	lemma keysFor_parts_insert:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	277	"[\| K \<in> keysFor (parts (insert X H)); X \<in> synth (analz H) \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	278	==> K \<in> keysFor (parts H) \| Key (invKey K) \<in> parts H"
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	279	by (force dest!:
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	280	parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	281	analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	282	intro: analz_into_parts)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	283
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	284	lemma Crypt_imp_keysFor [intro]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	285	"[\|K \<in> symKeys; Crypt K X \<in> H\|] ==> K \<in> keysFor H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	286	by (drule Crypt_imp_invKey_keysFor, simp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	287
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	288	text{Agents see their own private keys!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	289	lemma privateKey_in_initStateCA [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	290	"Key (invKey (publicKey b A)) \<in> initState A"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	291	by (case_tac "A", auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	292
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	293	text{Agents see their own public keys!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	294	lemma publicKey_in_initStateCA [iff]: "Key (publicKey b A) \<in> initState A"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	295	by (case_tac "A", auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	296
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	297	text{RCA sees CAs' public keys! }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	298	lemma pubK_CA_in_initState_RCA [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	299	"Key (publicKey b (CA i)) \<in> initState RCA"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	300	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	301
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	302
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	303	text{Spy knows all public keys}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	304	lemma knows_Spy_pubEK_i [iff]: "Key (publicKey b A) \<in> knows Spy evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	305	apply (induct_tac "evs")
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	306	apply (simp_all add: imageI knows_Cons split add: event.split)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	307	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	308
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	309	declare knows_Spy_pubEK_i [THEN analz.Inj, iff]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	310	(needed????)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	311
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	312	text{Spy sees private keys of bad agents! [and obviously public keys too]}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	313	lemma knows_Spy_bad_privateKey [intro!]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	314	"A \<in> bad ==> Key (invKey (publicKey b A)) \<in> knows Spy evs"
14206 77bf175f5145 Tidying of SET's "possibility theorems" (removal of Key_supply_ax) paulson parents: 14199 diff changeset	315	by (rule initState_subset_knows [THEN subsetD], simp)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	316
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	317
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	318	subsection{Fresh Nonces for Possibility Theorems}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	319
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	320	lemma Nonce_notin_initState [iff]: "Nonce N \<notin> parts (initState B)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	321	by (induct_tac "B", auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	322
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	323	lemma Nonce_notin_used_empty [simp]: "Nonce N \<notin> used []"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	324	by (simp add: used_Nil)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	325
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	326	text{In any trace, there is an upper bound N on the greatest nonce in use.}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	327	lemma Nonce_supply_lemma: "\<exists>N. \<forall>n. N<=n --> Nonce n \<notin> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	328	apply (induct_tac "evs")
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	329	apply (rule_tac x = 0 in exI)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	330	apply (simp_all add: used_Cons split add: event.split, safe)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	331	apply (rule msg_Nonce_supply [THEN exE], blast elim!: add_leE)+
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	332	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	333
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	334	lemma Nonce_supply1: "\<exists>N. Nonce N \<notin> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	335	by (rule Nonce_supply_lemma [THEN exE], blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	336
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	337	lemma Nonce_supply: "Nonce (@ N. Nonce N \<notin> used evs) \<notin> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	338	apply (rule Nonce_supply_lemma [THEN exE])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	339	apply (rule someI, fast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	340	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	341
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	342
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	343	subsection{Specialized Methods for Possibility Theorems}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	344
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	345	ML
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	346	{*
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	347	structure PublicSET =
a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	348	struct
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	349
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	350	(Tactic for possibility theorems)
c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	351	fun possibility_tac ctxt =
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	352	REPEAT (omit used_Says so that Nonces start from different traces!)
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	353	(ALLGOALS (simp_tac (local_simpset_of ctxt delsimps [@{thm used_Says}, @{thm used_Notes}]))
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	354	THEN
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	355	REPEAT_FIRST (eq_assume_tac ORELSE'
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	356	resolve_tac [refl, conjI, @{thm Nonce_supply}]))
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	357
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	358	(*For harder protocols (such as SET_CR!), where we have to set up some
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	359	nonces and keys initially*)
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	360	fun basic_possibility_tac ctxt =
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	361	REPEAT
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	362	(ALLGOALS (asm_simp_tac (local_simpset_of ctxt setSolver safe_solver))
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	363	THEN
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	364	REPEAT_FIRST (resolve_tac [refl, conjI]))
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	365
a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	366	end
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	367	*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	368
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	369	method_setup possibility = {*
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	370	Scan.succeed (SIMPLE_METHOD o PublicSET.possibility_tac) *}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	371	"for proving possibility theorems"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	372
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	373	method_setup basic_possibility = {*
c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	374	Scan.succeed (SIMPLE_METHOD o PublicSET.basic_possibility_tac) *}
c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30549 diff changeset	375	"for proving possibility theorems"
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	376
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	377
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	378	subsection{Specialized Rewriting for Theorems About @{term analz} and Image}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	379
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	380	lemma insert_Key_singleton: "insert (Key K) H = Key ` {K} Un H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	381	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	382
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	383	lemma insert_Key_image:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	384	"insert (Key K) (Key`KK Un C) = Key ` (insert K KK) Un C"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	385	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	386
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	387	text{Needed for @{text DK_fresh_not_KeyCryptKey}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	388	lemma publicKey_in_used [iff]: "Key (publicKey b A) \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	389	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	390
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	391	lemma privateKey_in_used [iff]: "Key (invKey (publicKey b A)) \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	392	by (blast intro!: initState_into_used)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	393
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	394	text{*Reverse the normal simplification of "image" to build up (not break down)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	395	the set of keys. Based on @{text analz_image_freshK_ss}, but simpler.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	396	lemmas analz_image_keys_simps =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	397	simp_thms mem_simps --{these two allow its use with @{text "only:"}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	398	image_insert [THEN sym] image_Un [THEN sym]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	399	rangeI symKeys_neq_imp_neq
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	400	insert_Key_singleton insert_Key_image Un_assoc [THEN sym]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	401
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	402
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	403	(General lemmas proved by Larry)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	404
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	405	subsection{Controlled Unfolding of Abbreviations}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	406
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	407	text{A set is expanded only if a relation is applied to it}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	408	lemma def_abbrev_simp_relation:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	409	"A == B ==> (A \<in> X) = (B \<in> X) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	410	(u = A) = (u = B) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	411	(A = u) = (B = u)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	412	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	413
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	414	text{A set is expanded only if one of the given functions is applied to it}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	415	lemma def_abbrev_simp_function:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	416	"A == B
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	417	==> parts (insert A X) = parts (insert B X) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	418	analz (insert A X) = analz (insert B X) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	419	keysFor (insert A X) = keysFor (insert B X)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	420	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	421
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	422	subsubsection{Special Simplification Rules for @{term signCert}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	423
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	424	text{Avoids duplicating X and its components!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	425	lemma parts_insert_signCert:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	426	"parts (insert (signCert K X) H) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	427	insert {\|X, Crypt K X\|} (parts (insert (Crypt K X) H))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	428	by (simp add: signCert_def insert_commute [of X])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	429
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	430	text{Avoids a case split! [X is always available]}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	431	lemma analz_insert_signCert:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	432	"analz (insert (signCert K X) H) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	433	insert {\|X, Crypt K X\|} (insert (Crypt K X) (analz (insert X H)))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	434	by (simp add: signCert_def insert_commute [of X])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	435
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	436	lemma keysFor_insert_signCert: "keysFor (insert (signCert K X) H) = keysFor H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	437	by (simp add: signCert_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	438
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	439	text{*Controlled rewrite rules for @{term signCert}, just the definitions
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	440	of the others. Encryption primitives are just expanded, despite their huge
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	441	redundancy!*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	442	lemmas abbrev_simps [simp] =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	443	parts_insert_signCert analz_insert_signCert keysFor_insert_signCert
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	444	sign_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	445	sign_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	446	signCert_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	447	signCert_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	448	certC_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	449	certC_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	450	cert_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	451	cert_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	452	EXcrypt_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	453	EXcrypt_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	454	EXHcrypt_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	455	EXHcrypt_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	456	Enc_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	457	Enc_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	458	EncB_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	459	EncB_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	460
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	461
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	462	subsubsection{Elimination Rules for Controlled Rewriting }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	463
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	464	lemma Enc_partsE:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	465	"!!R. [\|Enc SK K EK M \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	466	[\|Crypt K (sign SK M) \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	467	Crypt EK (Key K) \<in> parts H\|] ==> R\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	468	==> R"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	469
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	470	by (unfold Enc_def, blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	471
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	472	lemma EncB_partsE:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	473	"!!R. [\|EncB SK K EK M b \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	474	[\|Crypt K (sign SK {\|M, Hash b\|}) \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	475	Crypt EK (Key K) \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	476	b \<in> parts H\|] ==> R\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	477	==> R"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	478	by (unfold EncB_def Enc_def, blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	479
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	480	lemma EXcrypt_partsE:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	481	"!!R. [\|EXcrypt K EK M m \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	482	[\|Crypt K {\|M, Hash m\|} \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	483	Crypt EK {\|Key K, m\|} \<in> parts H\|] ==> R\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	484	==> R"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	485	by (unfold EXcrypt_def, blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	486
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	487
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	488	subsection{Lemmas to Simplify Expressions Involving @{term analz} }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	489
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	490	lemma analz_knows_absorb:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	491	"Key K \<in> analz (knows Spy evs)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	492	==> analz (Key ` (insert K H) \<union> knows Spy evs) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	493	analz (Key ` H \<union> knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	494	by (simp add: analz_insert_eq Un_upper2 [THEN analz_mono, THEN subsetD])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	495
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	496	lemma analz_knows_absorb2:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	497	"Key K \<in> analz (knows Spy evs)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	498	==> analz (Key ` (insert X (insert K H)) \<union> knows Spy evs) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	499	analz (Key ` (insert X H) \<union> knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	500	apply (subst insert_commute)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	501	apply (erule analz_knows_absorb)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	502	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	503
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	504	lemma analz_insert_subset_eq:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	505	"[\|X \<in> analz (knows Spy evs); knows Spy evs \<subseteq> H\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	506	==> analz (insert X H) = analz H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	507	apply (rule analz_insert_eq)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	508	apply (blast intro: analz_mono [THEN [2] rev_subsetD])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	509	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	510
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	511	lemmas analz_insert_simps =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	512	analz_insert_subset_eq Un_upper2
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	513	subset_insertI [THEN [2] subset_trans]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	514
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	515
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	516	subsection{Freshness Lemmas}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	517
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	518	lemma in_parts_Says_imp_used:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	519	"[\|Key K \<in> parts {X}; Says A B X \<in> set evs\|] ==> Key K \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	520	by (blast intro: parts_trans dest!: Says_imp_knows_Spy [THEN parts.Inj])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	521
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	522	text{A useful rewrite rule with @{term analz_image_keys_simps}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	523	lemma Crypt_notin_image_Key: "Crypt K X \<notin> Key ` KK"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	524	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	525
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	526	lemma fresh_notin_analz_knows_Spy:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	527	"Key K \<notin> used evs ==> Key K \<notin> analz (knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	528	by (auto dest: analz_into_parts)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	529
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	530	end

author	wenzelm
	Sun, 31 May 2009 16:29:39 +0200
changeset 31318	133d1cfd6ae7
parent 30607	c3d1590debd8
child 32149	ef59550a55d3
permissions	-rw-r--r--