isabelle: src/HOL/Auth/WooLam.ML@1b1b46adc9b3 (annotated)

2274 1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	1	(* Title: HOL/Auth/WooLam
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	2	ID: $Id$
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	4	Copyright 1996 University of Cambridge
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	5
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	6	Inductive relation "woolam" for the Woo-Lam protocol.
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	7
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	8	Simplified version from page 11 of
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	9	Abadi and Needham. Prudent Engineering Practice for Cryptographic Protocols.
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	10	IEEE Trans. S.E. 22(1), 1996, pages 6-15.
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	11	*)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	12
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	13	open WooLam;
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	14
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	15	proof_timing:=true;
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	16	HOL_quantifiers := false;
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	17	Pretty.setdepth 20;
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	18
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	19
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	20	(Weak liveness: there are traces that reach the end)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	21	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	22	"!!A B. [\| A ~= B; A ~= Server; B ~= Server \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	23	\ ==> EX NB. EX evs: woolam lost. \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	24	\ Says Server B (Crypt {\|Agent A, Nonce NB\|} (shrK B)) \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	25	\ : set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	26	by (REPEAT (resolve_tac [exI,bexI] 1));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	27	by (rtac (woolam.Nil RS woolam.WL1 RS woolam.WL2 RS woolam.WL3 RS
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	28	woolam.WL4 RS woolam.WL5) 2);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	29	by (ALLGOALS (simp_tac (!simpset setsolver safe_solver)));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	30	by (REPEAT_FIRST (resolve_tac [refl, conjI]));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	31	by (REPEAT_FIRST (fast_tac (!claset addss (!simpset setsolver safe_solver))));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	32	result();
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	33
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	34
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	35	(** Inductive proofs about woolam **)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	36
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	37	(Nobody sends themselves messages)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	38	goal thy "!!evs. evs : woolam lost ==> ALL A X. Says A A X ~: set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	39	by (etac woolam.induct 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	40	by (Auto_tac());
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	41	qed_spec_mp "not_Says_to_self";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	42	Addsimps [not_Says_to_self];
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	43	AddSEs [not_Says_to_self RSN (2, rev_notE)];
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	44
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	45
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	46	( For reasoning about the encrypted portion of messages )
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	47
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	48	goal thy "!!evs. Says A' B X : set_of_list evs \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	49	\ ==> X : analz (sees lost Spy evs)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	50	by (etac (Says_imp_sees_Spy RS analz.Inj) 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	51	qed "WL4_analz_sees_Spy";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	52
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	53	bind_thm ("WL4_parts_sees_Spy",
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	54	WL4_analz_sees_Spy RS (impOfSubs analz_subset_parts));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	55
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	56	(*We instantiate the variable to "lost". Leaving it as a Var makes proofs
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	57	harder to complete, since simplification does less for us.*)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	58	val parts_Fake_tac = forw_inst_tac [("lost","lost")] WL4_parts_sees_Spy 6;
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	59
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	60	(For proving the easier theorems about X ~: parts (sees lost Spy evs) )
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	61	fun parts_induct_tac i = SELECT_GOAL
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	62	(DETERM (etac woolam.induct 1 THEN parts_Fake_tac THEN
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	63	(Fake message)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	64	TRY (best_tac (!claset addDs [impOfSubs analz_subset_parts,
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	65	impOfSubs Fake_parts_insert]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	66	addss (!simpset)) 2)) THEN
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	67	(Base case)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	68	fast_tac (!claset addss (!simpset)) 1 THEN
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	69	ALLGOALS Asm_simp_tac) i;
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	70
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	71	(** Theorems of the form X ~: parts (sees lost Spy evs) imply that NOBODY
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	72	sends messages containing X! **)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	73
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	74	(Spy never sees another agent's shared key! (unless it's lost at start))
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	75	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	76	"!!evs. evs : woolam lost \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	77	\ ==> (Key (shrK A) : parts (sees lost Spy evs)) = (A : lost)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	78	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	79	by (Auto_tac());
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	80	qed "Spy_see_shrK";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	81	Addsimps [Spy_see_shrK];
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	82
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	83	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	84	"!!evs. evs : woolam lost \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	85	\ ==> (Key (shrK A) : analz (sees lost Spy evs)) = (A : lost)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	86	by (auto_tac(!claset addDs [impOfSubs analz_subset_parts], !simpset));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	87	qed "Spy_analz_shrK";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	88	Addsimps [Spy_analz_shrK];
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	89
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	90	goal thy "!!A. [\| Key (shrK A) : parts (sees lost Spy evs); \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	91	\ evs : woolam lost \|] ==> A:lost";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	92	by (fast_tac (!claset addDs [Spy_see_shrK]) 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	93	qed "Spy_see_shrK_D";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	94
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	95	bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	96	AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	97
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	98
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	99	(* Future nonces can't be seen or used! *)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	100
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	101	goal thy "!!evs. evs : woolam lost ==> \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	102	\ length evs <= length evt --> \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	103	\ Nonce (newN evt) ~: parts (sees lost Spy evs)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	104	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	105	by (REPEAT_FIRST (fast_tac (!claset
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	106	addSEs partsEs
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	107	addSDs [Says_imp_sees_Spy RS parts.Inj]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	108	addEs [leD RS notE]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	109	addDs [impOfSubs analz_subset_parts,
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	110	impOfSubs parts_insert_subset_Un,
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	111	Suc_leD]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	112	addss (!simpset))));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	113	qed_spec_mp "new_nonces_not_seen";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	114	Addsimps [new_nonces_not_seen];
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	115
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	116
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	117	(** Autheticity properties for Woo-Lam **)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	118
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	119
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	120	(* WL4 *)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	121
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	122	(If the encrypted message appears then it originated with Alice)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	123	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	124	"!!evs. [\| A ~: lost; evs : woolam lost \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	125	\ ==> Crypt (Nonce NB) (shrK A) : parts (sees lost Spy evs) \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	126	\ --> (EX B. Says A B (Crypt (Nonce NB) (shrK A)) : set_of_list evs)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	127	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	128	by (Fast_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	129	qed_spec_mp "NB_Crypt_imp_Alice_msg";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	130
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	131	(*Guarantee for Server: if it gets a message containing a certificate from
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	132	Alice, then she originated that certificate. But we DO NOT know that B
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	133	ever saw it: the Spy may have rerouted the message to the Server.*)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	134	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	135	"!!evs. [\| A ~: lost; evs : woolam lost; \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	136	\ Says B' Server {\|Agent A, Agent B, Crypt (Nonce NB) (shrK A)\|} \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	137	\ : set_of_list evs \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	138	\ ==> EX B. Says A B (Crypt (Nonce NB) (shrK A)) : set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	139	by (fast_tac (!claset addSIs [NB_Crypt_imp_Alice_msg]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	140	addSEs [MPair_parts]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	141	addDs [Says_imp_sees_Spy RS parts.Inj]) 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	142	qed "Server_trust_WL4";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	143
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	144
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	145	(* WL5 *)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	146
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	147	(Server sent WL5 only if it received the right sort of message)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	148	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	149	"!!evs. evs : woolam lost ==> \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	150	\ Says Server B (Crypt {\|Agent A, NB\|} (shrK B)) : set_of_list evs \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	151	\ --> (EX B'. Says B' Server {\|Agent A, Agent B, Crypt NB (shrK A)\|} \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	152	\ : set_of_list evs)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	153	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	154	by (ALLGOALS Fast_tac);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	155	bind_thm ("Server_sent_WL5", result() RSN (2, rev_mp));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	156
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	157
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	158	(If the encrypted message appears then it originated with the Server!)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	159	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	160	"!!evs. [\| B ~: lost; evs : woolam lost \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	161	\ ==> Crypt {\|Agent A, NB\|} (shrK B) : parts (sees lost Spy evs) \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	162	\ --> Says Server B (Crypt {\|Agent A, NB\|} (shrK B)) : set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	163	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	164	qed_spec_mp "NB_Crypt_imp_Server_msg";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	165
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	166	(*Partial guarantee for B: if it gets a message of correct form then the Server
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	167	sent the same message.*)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	168	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	169	"!!evs. [\| Says S B (Crypt {\|Agent A, NB\|} (shrK B)) : set_of_list evs; \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	170	\ B ~: lost; evs : woolam lost \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	171	\ ==> Says Server B (Crypt {\|Agent A, NB\|} (shrK B)) : set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	172	by (fast_tac (!claset addSIs [NB_Crypt_imp_Server_msg]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	173	addDs [Says_imp_sees_Spy RS parts.Inj]) 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	174	qed "B_got_WL5";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	175
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	176	(*Guarantee for B. If B gets the Server's certificate then A has encrypted
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	177	the nonce using her key. This event can be no older than the nonce itself.
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	178	But A may have sent the nonce to some other agent and it could have reached
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	179	the Server via the Spy.*)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	180	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	181	"!!evs. [\| Says S B (Crypt {\|Agent A, Nonce NB\|} (shrK B)): set_of_list evs; \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	182	\ A ~: lost; B ~: lost; evs : woolam lost \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	183	\ ==> EX B. Says A B (Crypt (Nonce NB) (shrK A)) : set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	184	by (fast_tac (!claset addIs [Server_trust_WL4]
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	185	addSDs [B_got_WL5 RS Server_sent_WL5]) 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	186	qed "B_trust_WL5";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	187
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	188
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	189	(B only issues challenges in response to WL1. Useful??)
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	190	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	191	"!!evs. [\| B ~= Spy; evs : woolam lost \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	192	\ ==> Says B A (Nonce NB) : set_of_list evs \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	193	\ --> (EX A'. Says A' B (Agent A) : set_of_list evs)";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	194	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	195	by (ALLGOALS Fast_tac);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	196	bind_thm ("B_said_WL2", result() RSN (2, rev_mp));
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	197
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	198
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	199	(**CANNOT be proved because A doesn't know where challenges come from...
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	200	goal thy
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	201	"!!evs. [\| A ~: lost; B ~= Spy; evs : woolam lost \|] \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	202	\ ==> Crypt (Nonce NB) (shrK A) : parts (sees lost Spy evs) & \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	203	\ Says B A (Nonce NB) : set_of_list evs \
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	204	\ --> Says A B (Crypt (Nonce NB) (shrK A)) : set_of_list evs";
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	205	by (parts_induct_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	206	by (Step_tac 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	207	by (best_tac (!claset addSEs partsEs
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	208	addEs [new_nonces_not_seen RSN(2,rev_notE)]) 1);
1b1b46adc9b3 Addition of Woo-Lam protocol paulson parents: diff changeset	209	**)

author	paulson
	Thu, 28 Nov 1996 15:56:04 +0100
changeset 2274	1b1b46adc9b3
child 2283	68829cf138fc
permissions	-rw-r--r--