src/HOL/Induct/QuoDataType.thy
author wenzelm
Sun Nov 02 18:21:45 2014 +0100 (2014-11-02)
changeset 58889 5b7a9633cfa8
parent 58310 91ea607a34d8
child 59478 1755b24e8b44
permissions -rw-r--r--
modernized header uniformly as section;
wenzelm@41959
     1
(*  Title:      HOL/Induct/QuoDataType.thy
paulson@14527
     2
    Author:     Lawrence C Paulson, Cambridge University Computer Laboratory
paulson@14527
     3
    Copyright   2004  University of Cambridge
paulson@14527
     4
*)
paulson@14527
     5
wenzelm@58889
     6
section{*Defining an Initial Algebra by Quotienting a Free Algebra*}
paulson@14527
     7
haftmann@16417
     8
theory QuoDataType imports Main begin
paulson@14527
     9
paulson@14527
    10
subsection{*Defining the Free Algebra*}
paulson@14527
    11
paulson@14527
    12
text{*Messages with encryption and decryption as free constructors.*}
blanchet@58310
    13
datatype
paulson@14527
    14
     freemsg = NONCE  nat
wenzelm@32960
    15
             | MPAIR  freemsg freemsg
wenzelm@32960
    16
             | CRYPT  nat freemsg  
wenzelm@32960
    17
             | DECRYPT  nat freemsg
paulson@14527
    18
paulson@14527
    19
text{*The equivalence relation, which makes encryption and decryption inverses
berghofe@23746
    20
provided the keys are the same.
wenzelm@19736
    21
berghofe@23746
    22
The first two rules are the desired equations. The next four rules
paulson@14527
    23
make the equations applicable to subterms. The last two rules are symmetry
paulson@14527
    24
and transitivity.*}
berghofe@23746
    25
berghofe@23746
    26
inductive_set
berghofe@23746
    27
  msgrel :: "(freemsg * freemsg) set"
berghofe@23746
    28
  and msg_rel :: "[freemsg, freemsg] => bool"  (infixl "\<sim>" 50)
berghofe@23746
    29
  where
berghofe@23746
    30
    "X \<sim> Y == (X,Y) \<in> msgrel"
berghofe@23746
    31
  | CD:    "CRYPT K (DECRYPT K X) \<sim> X"
berghofe@23746
    32
  | DC:    "DECRYPT K (CRYPT K X) \<sim> X"
berghofe@23746
    33
  | NONCE: "NONCE N \<sim> NONCE N"
berghofe@23746
    34
  | MPAIR: "\<lbrakk>X \<sim> X'; Y \<sim> Y'\<rbrakk> \<Longrightarrow> MPAIR X Y \<sim> MPAIR X' Y'"
berghofe@23746
    35
  | CRYPT: "X \<sim> X' \<Longrightarrow> CRYPT K X \<sim> CRYPT K X'"
berghofe@23746
    36
  | DECRYPT: "X \<sim> X' \<Longrightarrow> DECRYPT K X \<sim> DECRYPT K X'"
berghofe@23746
    37
  | SYM:   "X \<sim> Y \<Longrightarrow> Y \<sim> X"
berghofe@23746
    38
  | TRANS: "\<lbrakk>X \<sim> Y; Y \<sim> Z\<rbrakk> \<Longrightarrow> X \<sim> Z"
paulson@14527
    39
paulson@14527
    40
paulson@14527
    41
text{*Proving that it is an equivalence relation*}
paulson@14527
    42
paulson@14527
    43
lemma msgrel_refl: "X \<sim> X"
wenzelm@18460
    44
  by (induct X) (blast intro: msgrel.intros)+
paulson@14527
    45
paulson@14527
    46
theorem equiv_msgrel: "equiv UNIV msgrel"
wenzelm@18460
    47
proof -
nipkow@30198
    48
  have "refl msgrel" by (simp add: refl_on_def msgrel_refl)
wenzelm@18460
    49
  moreover have "sym msgrel" by (simp add: sym_def, blast intro: msgrel.SYM)
wenzelm@18460
    50
  moreover have "trans msgrel" by (simp add: trans_def, blast intro: msgrel.TRANS)
wenzelm@18460
    51
  ultimately show ?thesis by (simp add: equiv_def)
paulson@14527
    52
qed
paulson@14527
    53
paulson@14527
    54
paulson@14527
    55
subsection{*Some Functions on the Free Algebra*}
paulson@14527
    56
paulson@14527
    57
subsubsection{*The Set of Nonces*}
paulson@14527
    58
paulson@14527
    59
text{*A function to return the set of nonces present in a message.  It will
paulson@14527
    60
be lifted to the initial algrebra, to serve as an example of that process.*}
haftmann@39246
    61
primrec freenonces :: "freemsg \<Rightarrow> nat set" where
haftmann@39246
    62
  "freenonces (NONCE N) = {N}"
haftmann@39246
    63
| "freenonces (MPAIR X Y) = freenonces X \<union> freenonces Y"
haftmann@39246
    64
| "freenonces (CRYPT K X) = freenonces X"
haftmann@39246
    65
| "freenonces (DECRYPT K X) = freenonces X"
paulson@14527
    66
paulson@14527
    67
text{*This theorem lets us prove that the nonces function respects the
paulson@14527
    68
equivalence relation.  It also helps us prove that Nonce
paulson@14527
    69
  (the abstract constructor) is injective*}
paulson@14527
    70
theorem msgrel_imp_eq_freenonces: "U \<sim> V \<Longrightarrow> freenonces U = freenonces V"
wenzelm@18460
    71
  by (induct set: msgrel) auto
paulson@14527
    72
paulson@14527
    73
paulson@14527
    74
subsubsection{*The Left Projection*}
paulson@14527
    75
paulson@14527
    76
text{*A function to return the left part of the top pair in a message.  It will
paulson@14527
    77
be lifted to the initial algrebra, to serve as an example of that process.*}
haftmann@39246
    78
primrec freeleft :: "freemsg \<Rightarrow> freemsg" where
haftmann@39246
    79
  "freeleft (NONCE N) = NONCE N"
haftmann@39246
    80
| "freeleft (MPAIR X Y) = X"
haftmann@39246
    81
| "freeleft (CRYPT K X) = freeleft X"
haftmann@39246
    82
| "freeleft (DECRYPT K X) = freeleft X"
paulson@14527
    83
paulson@14527
    84
text{*This theorem lets us prove that the left function respects the
paulson@14527
    85
equivalence relation.  It also helps us prove that MPair
paulson@14527
    86
  (the abstract constructor) is injective*}
paulson@14658
    87
theorem msgrel_imp_eqv_freeleft:
paulson@14658
    88
     "U \<sim> V \<Longrightarrow> freeleft U \<sim> freeleft V"
wenzelm@18460
    89
  by (induct set: msgrel) (auto intro: msgrel.intros)
paulson@14527
    90
paulson@14527
    91
paulson@14527
    92
subsubsection{*The Right Projection*}
paulson@14527
    93
paulson@14527
    94
text{*A function to return the right part of the top pair in a message.*}
haftmann@39246
    95
primrec freeright :: "freemsg \<Rightarrow> freemsg" where
haftmann@39246
    96
  "freeright (NONCE N) = NONCE N"
haftmann@39246
    97
| "freeright (MPAIR X Y) = Y"
haftmann@39246
    98
| "freeright (CRYPT K X) = freeright X"
haftmann@39246
    99
| "freeright (DECRYPT K X) = freeright X"
paulson@14527
   100
paulson@14527
   101
text{*This theorem lets us prove that the right function respects the
paulson@14527
   102
equivalence relation.  It also helps us prove that MPair
paulson@14527
   103
  (the abstract constructor) is injective*}
paulson@14658
   104
theorem msgrel_imp_eqv_freeright:
paulson@14658
   105
     "U \<sim> V \<Longrightarrow> freeright U \<sim> freeright V"
wenzelm@18460
   106
  by (induct set: msgrel) (auto intro: msgrel.intros)
paulson@14527
   107
paulson@14527
   108
paulson@15152
   109
subsubsection{*The Discriminator for Constructors*}
paulson@14527
   110
paulson@15152
   111
text{*A function to distinguish nonces, mpairs and encryptions*}
haftmann@39246
   112
primrec freediscrim :: "freemsg \<Rightarrow> int" where
haftmann@39246
   113
  "freediscrim (NONCE N) = 0"
haftmann@39246
   114
| "freediscrim (MPAIR X Y) = 1"
haftmann@39246
   115
| "freediscrim (CRYPT K X) = freediscrim X + 2"
haftmann@39246
   116
| "freediscrim (DECRYPT K X) = freediscrim X - 2"
paulson@14527
   117
paulson@14527
   118
text{*This theorem helps us prove @{term "Nonce N \<noteq> MPair X Y"}*}
paulson@15152
   119
theorem msgrel_imp_eq_freediscrim:
paulson@15152
   120
     "U \<sim> V \<Longrightarrow> freediscrim U = freediscrim V"
wenzelm@18460
   121
  by (induct set: msgrel) auto
paulson@14527
   122
paulson@14527
   123
paulson@14527
   124
subsection{*The Initial Algebra: A Quotiented Message Type*}
paulson@14527
   125
wenzelm@45694
   126
definition "Msg = UNIV//msgrel"
wenzelm@45694
   127
wenzelm@49834
   128
typedef msg = Msg
wenzelm@45694
   129
  morphisms Rep_Msg Abs_Msg
wenzelm@45694
   130
  unfolding Msg_def by (auto simp add: quotient_def)
paulson@14527
   131
paulson@14527
   132
paulson@14527
   133
text{*The abstract message constructors*}
wenzelm@19736
   134
definition
wenzelm@21404
   135
  Nonce :: "nat \<Rightarrow> msg" where
wenzelm@19736
   136
  "Nonce N = Abs_Msg(msgrel``{NONCE N})"
paulson@14527
   137
wenzelm@21404
   138
definition
wenzelm@21404
   139
  MPair :: "[msg,msg] \<Rightarrow> msg" where
wenzelm@19736
   140
   "MPair X Y =
nipkow@15120
   141
       Abs_Msg (\<Union>U \<in> Rep_Msg X. \<Union>V \<in> Rep_Msg Y. msgrel``{MPAIR U V})"
paulson@14527
   142
wenzelm@21404
   143
definition
wenzelm@21404
   144
  Crypt :: "[nat,msg] \<Rightarrow> msg" where
wenzelm@19736
   145
   "Crypt K X =
nipkow@15120
   146
       Abs_Msg (\<Union>U \<in> Rep_Msg X. msgrel``{CRYPT K U})"
paulson@14527
   147
wenzelm@21404
   148
definition
wenzelm@21404
   149
  Decrypt :: "[nat,msg] \<Rightarrow> msg" where
wenzelm@19736
   150
   "Decrypt K X =
nipkow@15120
   151
       Abs_Msg (\<Union>U \<in> Rep_Msg X. msgrel``{DECRYPT K U})"
paulson@14527
   152
paulson@14527
   153
paulson@14527
   154
text{*Reduces equality of equivalence classes to the @{term msgrel} relation:
paulson@14527
   155
  @{term "(msgrel `` {x} = msgrel `` {y}) = ((x,y) \<in> msgrel)"} *}
paulson@14527
   156
lemmas equiv_msgrel_iff = eq_equiv_class_iff [OF equiv_msgrel UNIV_I UNIV_I]
paulson@14527
   157
paulson@14527
   158
declare equiv_msgrel_iff [simp]
paulson@14527
   159
paulson@14527
   160
paulson@14527
   161
text{*All equivalence classes belong to set of representatives*}
paulson@15169
   162
lemma [simp]: "msgrel``{U} \<in> Msg"
paulson@14527
   163
by (auto simp add: Msg_def quotient_def intro: msgrel_refl)
paulson@14527
   164
paulson@14527
   165
lemma inj_on_Abs_Msg: "inj_on Abs_Msg Msg"
paulson@14527
   166
apply (rule inj_on_inverseI)
paulson@14527
   167
apply (erule Abs_Msg_inverse)
paulson@14527
   168
done
paulson@14527
   169
paulson@14527
   170
text{*Reduces equality on abstractions to equality on representatives*}
paulson@14527
   171
declare inj_on_Abs_Msg [THEN inj_on_iff, simp]
paulson@14527
   172
paulson@14527
   173
declare Abs_Msg_inverse [simp]
paulson@14527
   174
paulson@14527
   175
paulson@14527
   176
subsubsection{*Characteristic Equations for the Abstract Constructors*}
paulson@14527
   177
paulson@14527
   178
lemma MPair: "MPair (Abs_Msg(msgrel``{U})) (Abs_Msg(msgrel``{V})) = 
paulson@14527
   179
              Abs_Msg (msgrel``{MPAIR U V})"
paulson@14527
   180
proof -
paulson@15169
   181
  have "(\<lambda>U V. msgrel `` {MPAIR U V}) respects2 msgrel"
haftmann@40825
   182
    by (auto simp add: congruent2_def msgrel.MPAIR)
paulson@14527
   183
  thus ?thesis
paulson@14658
   184
    by (simp add: MPair_def UN_equiv_class2 [OF equiv_msgrel equiv_msgrel])
paulson@14527
   185
qed
paulson@14527
   186
paulson@14527
   187
lemma Crypt: "Crypt K (Abs_Msg(msgrel``{U})) = Abs_Msg (msgrel``{CRYPT K U})"
paulson@14527
   188
proof -
paulson@15169
   189
  have "(\<lambda>U. msgrel `` {CRYPT K U}) respects msgrel"
haftmann@40825
   190
    by (auto simp add: congruent_def msgrel.CRYPT)
paulson@14527
   191
  thus ?thesis
paulson@14527
   192
    by (simp add: Crypt_def UN_equiv_class [OF equiv_msgrel])
paulson@14527
   193
qed
paulson@14527
   194
paulson@14527
   195
lemma Decrypt:
paulson@14527
   196
     "Decrypt K (Abs_Msg(msgrel``{U})) = Abs_Msg (msgrel``{DECRYPT K U})"
paulson@14527
   197
proof -
paulson@15169
   198
  have "(\<lambda>U. msgrel `` {DECRYPT K U}) respects msgrel"
haftmann@40825
   199
    by (auto simp add: congruent_def msgrel.DECRYPT)
paulson@14527
   200
  thus ?thesis
paulson@14527
   201
    by (simp add: Decrypt_def UN_equiv_class [OF equiv_msgrel])
paulson@14527
   202
qed
paulson@14527
   203
paulson@14527
   204
text{*Case analysis on the representation of a msg as an equivalence class.*}
paulson@14527
   205
lemma eq_Abs_Msg [case_names Abs_Msg, cases type: msg]:
paulson@14527
   206
     "(!!U. z = Abs_Msg(msgrel``{U}) ==> P) ==> P"
paulson@14527
   207
apply (rule Rep_Msg [of z, unfolded Msg_def, THEN quotientE])
paulson@14527
   208
apply (drule arg_cong [where f=Abs_Msg])
paulson@14527
   209
apply (auto simp add: Rep_Msg_inverse intro: msgrel_refl)
paulson@14527
   210
done
paulson@14527
   211
paulson@14527
   212
text{*Establishing these two equations is the point of the whole exercise*}
paulson@14533
   213
theorem CD_eq [simp]: "Crypt K (Decrypt K X) = X"
paulson@14527
   214
by (cases X, simp add: Crypt Decrypt CD)
paulson@14527
   215
paulson@14533
   216
theorem DC_eq [simp]: "Decrypt K (Crypt K X) = X"
paulson@14527
   217
by (cases X, simp add: Crypt Decrypt DC)
paulson@14527
   218
paulson@14527
   219
paulson@14527
   220
subsection{*The Abstract Function to Return the Set of Nonces*}
paulson@14527
   221
wenzelm@19736
   222
definition
wenzelm@21404
   223
  nonces :: "msg \<Rightarrow> nat set" where
wenzelm@19736
   224
   "nonces X = (\<Union>U \<in> Rep_Msg X. freenonces U)"
paulson@14527
   225
paulson@15169
   226
lemma nonces_congruent: "freenonces respects msgrel"
haftmann@40825
   227
by (auto simp add: congruent_def msgrel_imp_eq_freenonces) 
paulson@14527
   228
paulson@14527
   229
paulson@14527
   230
text{*Now prove the four equations for @{term nonces}*}
paulson@14527
   231
paulson@14527
   232
lemma nonces_Nonce [simp]: "nonces (Nonce N) = {N}"
paulson@14527
   233
by (simp add: nonces_def Nonce_def 
paulson@14527
   234
              UN_equiv_class [OF equiv_msgrel nonces_congruent]) 
paulson@14527
   235
 
paulson@14527
   236
lemma nonces_MPair [simp]: "nonces (MPair X Y) = nonces X \<union> nonces Y"
paulson@14527
   237
apply (cases X, cases Y) 
paulson@14527
   238
apply (simp add: nonces_def MPair 
paulson@14527
   239
                 UN_equiv_class [OF equiv_msgrel nonces_congruent]) 
paulson@14527
   240
done
paulson@14527
   241
paulson@14527
   242
lemma nonces_Crypt [simp]: "nonces (Crypt K X) = nonces X"
paulson@14527
   243
apply (cases X) 
paulson@14527
   244
apply (simp add: nonces_def Crypt
paulson@14527
   245
                 UN_equiv_class [OF equiv_msgrel nonces_congruent]) 
paulson@14527
   246
done
paulson@14527
   247
paulson@14527
   248
lemma nonces_Decrypt [simp]: "nonces (Decrypt K X) = nonces X"
paulson@14527
   249
apply (cases X) 
paulson@14527
   250
apply (simp add: nonces_def Decrypt
paulson@14527
   251
                 UN_equiv_class [OF equiv_msgrel nonces_congruent]) 
paulson@14527
   252
done
paulson@14527
   253
paulson@14527
   254
paulson@14527
   255
subsection{*The Abstract Function to Return the Left Part*}
paulson@14527
   256
wenzelm@19736
   257
definition
wenzelm@21404
   258
  left :: "msg \<Rightarrow> msg" where
wenzelm@19736
   259
   "left X = Abs_Msg (\<Union>U \<in> Rep_Msg X. msgrel``{freeleft U})"
paulson@14527
   260
paulson@15169
   261
lemma left_congruent: "(\<lambda>U. msgrel `` {freeleft U}) respects msgrel"
haftmann@40825
   262
by (auto simp add: congruent_def msgrel_imp_eqv_freeleft) 
paulson@14527
   263
paulson@14527
   264
text{*Now prove the four equations for @{term left}*}
paulson@14527
   265
paulson@14527
   266
lemma left_Nonce [simp]: "left (Nonce N) = Nonce N"
paulson@14527
   267
by (simp add: left_def Nonce_def 
paulson@14527
   268
              UN_equiv_class [OF equiv_msgrel left_congruent]) 
paulson@14527
   269
paulson@14527
   270
lemma left_MPair [simp]: "left (MPair X Y) = X"
paulson@14527
   271
apply (cases X, cases Y) 
paulson@14527
   272
apply (simp add: left_def MPair 
paulson@14527
   273
                 UN_equiv_class [OF equiv_msgrel left_congruent]) 
paulson@14527
   274
done
paulson@14527
   275
paulson@14527
   276
lemma left_Crypt [simp]: "left (Crypt K X) = left X"
paulson@14527
   277
apply (cases X) 
paulson@14527
   278
apply (simp add: left_def Crypt
paulson@14527
   279
                 UN_equiv_class [OF equiv_msgrel left_congruent]) 
paulson@14527
   280
done
paulson@14527
   281
paulson@14527
   282
lemma left_Decrypt [simp]: "left (Decrypt K X) = left X"
paulson@14527
   283
apply (cases X) 
paulson@14527
   284
apply (simp add: left_def Decrypt
paulson@14527
   285
                 UN_equiv_class [OF equiv_msgrel left_congruent]) 
paulson@14527
   286
done
paulson@14527
   287
paulson@14527
   288
paulson@14527
   289
subsection{*The Abstract Function to Return the Right Part*}
paulson@14527
   290
wenzelm@19736
   291
definition
wenzelm@21404
   292
  right :: "msg \<Rightarrow> msg" where
wenzelm@19736
   293
   "right X = Abs_Msg (\<Union>U \<in> Rep_Msg X. msgrel``{freeright U})"
paulson@14527
   294
paulson@15169
   295
lemma right_congruent: "(\<lambda>U. msgrel `` {freeright U}) respects msgrel"
haftmann@40825
   296
by (auto simp add: congruent_def msgrel_imp_eqv_freeright) 
paulson@14527
   297
paulson@14527
   298
text{*Now prove the four equations for @{term right}*}
paulson@14527
   299
paulson@14527
   300
lemma right_Nonce [simp]: "right (Nonce N) = Nonce N"
paulson@14527
   301
by (simp add: right_def Nonce_def 
paulson@14527
   302
              UN_equiv_class [OF equiv_msgrel right_congruent]) 
paulson@14527
   303
paulson@14527
   304
lemma right_MPair [simp]: "right (MPair X Y) = Y"
paulson@14527
   305
apply (cases X, cases Y) 
paulson@14527
   306
apply (simp add: right_def MPair 
paulson@14527
   307
                 UN_equiv_class [OF equiv_msgrel right_congruent]) 
paulson@14527
   308
done
paulson@14527
   309
paulson@14527
   310
lemma right_Crypt [simp]: "right (Crypt K X) = right X"
paulson@14527
   311
apply (cases X) 
paulson@14527
   312
apply (simp add: right_def Crypt
paulson@14527
   313
                 UN_equiv_class [OF equiv_msgrel right_congruent]) 
paulson@14527
   314
done
paulson@14527
   315
paulson@14527
   316
lemma right_Decrypt [simp]: "right (Decrypt K X) = right X"
paulson@14527
   317
apply (cases X) 
paulson@14527
   318
apply (simp add: right_def Decrypt
paulson@14527
   319
                 UN_equiv_class [OF equiv_msgrel right_congruent]) 
paulson@14527
   320
done
paulson@14527
   321
paulson@14527
   322
paulson@14527
   323
subsection{*Injectivity Properties of Some Constructors*}
paulson@14527
   324
paulson@14527
   325
lemma NONCE_imp_eq: "NONCE m \<sim> NONCE n \<Longrightarrow> m = n"
paulson@14527
   326
by (drule msgrel_imp_eq_freenonces, simp)
paulson@14527
   327
paulson@14527
   328
text{*Can also be proved using the function @{term nonces}*}
paulson@14527
   329
lemma Nonce_Nonce_eq [iff]: "(Nonce m = Nonce n) = (m = n)"
paulson@14527
   330
by (auto simp add: Nonce_def msgrel_refl dest: NONCE_imp_eq)
paulson@14527
   331
paulson@14527
   332
lemma MPAIR_imp_eqv_left: "MPAIR X Y \<sim> MPAIR X' Y' \<Longrightarrow> X \<sim> X'"
paulson@14658
   333
by (drule msgrel_imp_eqv_freeleft, simp)
paulson@14527
   334
paulson@14527
   335
lemma MPair_imp_eq_left: 
paulson@14527
   336
  assumes eq: "MPair X Y = MPair X' Y'" shows "X = X'"
paulson@14527
   337
proof -
paulson@14527
   338
  from eq
paulson@14527
   339
  have "left (MPair X Y) = left (MPair X' Y')" by simp
paulson@14527
   340
  thus ?thesis by simp
paulson@14527
   341
qed
paulson@14527
   342
paulson@14527
   343
lemma MPAIR_imp_eqv_right: "MPAIR X Y \<sim> MPAIR X' Y' \<Longrightarrow> Y \<sim> Y'"
paulson@14658
   344
by (drule msgrel_imp_eqv_freeright, simp)
paulson@14527
   345
paulson@14527
   346
lemma MPair_imp_eq_right: "MPair X Y = MPair X' Y' \<Longrightarrow> Y = Y'" 
paulson@14527
   347
apply (cases X, cases X', cases Y, cases Y') 
paulson@14527
   348
apply (simp add: MPair)
paulson@14527
   349
apply (erule MPAIR_imp_eqv_right)  
paulson@14527
   350
done
paulson@14527
   351
paulson@14527
   352
theorem MPair_MPair_eq [iff]: "(MPair X Y = MPair X' Y') = (X=X' & Y=Y')" 
paulson@14533
   353
by (blast dest: MPair_imp_eq_left MPair_imp_eq_right)
paulson@14527
   354
paulson@14527
   355
lemma NONCE_neqv_MPAIR: "NONCE m \<sim> MPAIR X Y \<Longrightarrow> False"
paulson@15152
   356
by (drule msgrel_imp_eq_freediscrim, simp)
paulson@14527
   357
paulson@14527
   358
theorem Nonce_neq_MPair [iff]: "Nonce N \<noteq> MPair X Y"
paulson@14527
   359
apply (cases X, cases Y) 
paulson@14527
   360
apply (simp add: Nonce_def MPair) 
paulson@14527
   361
apply (blast dest: NONCE_neqv_MPAIR) 
paulson@14527
   362
done
paulson@14527
   363
paulson@15152
   364
text{*Example suggested by a referee*}
paulson@15152
   365
theorem Crypt_Nonce_neq_Nonce: "Crypt K (Nonce M) \<noteq> Nonce N" 
paulson@15152
   366
by (auto simp add: Nonce_def Crypt dest: msgrel_imp_eq_freediscrim)  
paulson@15152
   367
paulson@15152
   368
text{*...and many similar results*}
paulson@15172
   369
theorem Crypt2_Nonce_neq_Nonce: "Crypt K (Crypt K' (Nonce M)) \<noteq> Nonce N" 
paulson@15152
   370
by (auto simp add: Nonce_def Crypt dest: msgrel_imp_eq_freediscrim)  
paulson@15152
   371
paulson@14533
   372
theorem Crypt_Crypt_eq [iff]: "(Crypt K X = Crypt K X') = (X=X')" 
paulson@14533
   373
proof
paulson@14533
   374
  assume "Crypt K X = Crypt K X'"
paulson@14533
   375
  hence "Decrypt K (Crypt K X) = Decrypt K (Crypt K X')" by simp
paulson@14533
   376
  thus "X = X'" by simp
paulson@14533
   377
next
paulson@14533
   378
  assume "X = X'"
paulson@14533
   379
  thus "Crypt K X = Crypt K X'" by simp
paulson@14533
   380
qed
paulson@14533
   381
paulson@14533
   382
theorem Decrypt_Decrypt_eq [iff]: "(Decrypt K X = Decrypt K X') = (X=X')" 
paulson@14533
   383
proof
paulson@14533
   384
  assume "Decrypt K X = Decrypt K X'"
paulson@14533
   385
  hence "Crypt K (Decrypt K X) = Crypt K (Decrypt K X')" by simp
paulson@14533
   386
  thus "X = X'" by simp
paulson@14533
   387
next
paulson@14533
   388
  assume "X = X'"
paulson@14533
   389
  thus "Decrypt K X = Decrypt K X'" by simp
paulson@14533
   390
qed
paulson@14533
   391
paulson@14533
   392
lemma msg_induct [case_names Nonce MPair Crypt Decrypt, cases type: msg]:
paulson@14533
   393
  assumes N: "\<And>N. P (Nonce N)"
paulson@14533
   394
      and M: "\<And>X Y. \<lbrakk>P X; P Y\<rbrakk> \<Longrightarrow> P (MPair X Y)"
paulson@14533
   395
      and C: "\<And>K X. P X \<Longrightarrow> P (Crypt K X)"
paulson@14533
   396
      and D: "\<And>K X. P X \<Longrightarrow> P (Decrypt K X)"
paulson@14533
   397
  shows "P msg"
wenzelm@18460
   398
proof (cases msg)
wenzelm@18460
   399
  case (Abs_Msg U)
wenzelm@18460
   400
  have "P (Abs_Msg (msgrel `` {U}))"
paulson@14533
   401
  proof (induct U)
paulson@14533
   402
    case (NONCE N) 
paulson@14533
   403
    with N show ?case by (simp add: Nonce_def) 
paulson@14533
   404
  next
paulson@14533
   405
    case (MPAIR X Y)
paulson@14533
   406
    with M [of "Abs_Msg (msgrel `` {X})" "Abs_Msg (msgrel `` {Y})"]
paulson@14533
   407
    show ?case by (simp add: MPair) 
paulson@14533
   408
  next
paulson@14533
   409
    case (CRYPT K X)
paulson@14533
   410
    with C [of "Abs_Msg (msgrel `` {X})"]
paulson@14533
   411
    show ?case by (simp add: Crypt) 
paulson@14533
   412
  next
paulson@14533
   413
    case (DECRYPT K X)
paulson@14533
   414
    with D [of "Abs_Msg (msgrel `` {X})"]
paulson@14533
   415
    show ?case by (simp add: Decrypt)
paulson@14533
   416
  qed
wenzelm@18460
   417
  with Abs_Msg show ?thesis by (simp only:)
paulson@14533
   418
qed
paulson@14533
   419
paulson@15152
   420
paulson@15152
   421
subsection{*The Abstract Discriminator*}
paulson@15152
   422
paulson@15152
   423
text{*However, as @{text Crypt_Nonce_neq_Nonce} above illustrates, we don't
paulson@15152
   424
need this function in order to prove discrimination theorems.*}
paulson@15152
   425
wenzelm@19736
   426
definition
wenzelm@21404
   427
  discrim :: "msg \<Rightarrow> int" where
haftmann@39910
   428
   "discrim X = the_elem (\<Union>U \<in> Rep_Msg X. {freediscrim U})"
paulson@15152
   429
paulson@15169
   430
lemma discrim_congruent: "(\<lambda>U. {freediscrim U}) respects msgrel"
haftmann@40825
   431
by (auto simp add: congruent_def msgrel_imp_eq_freediscrim) 
paulson@15152
   432
paulson@15152
   433
text{*Now prove the four equations for @{term discrim}*}
paulson@15152
   434
paulson@15152
   435
lemma discrim_Nonce [simp]: "discrim (Nonce N) = 0"
paulson@15152
   436
by (simp add: discrim_def Nonce_def 
paulson@15152
   437
              UN_equiv_class [OF equiv_msgrel discrim_congruent]) 
paulson@15152
   438
paulson@15152
   439
lemma discrim_MPair [simp]: "discrim (MPair X Y) = 1"
paulson@15152
   440
apply (cases X, cases Y) 
paulson@15152
   441
apply (simp add: discrim_def MPair 
paulson@15152
   442
                 UN_equiv_class [OF equiv_msgrel discrim_congruent]) 
paulson@15152
   443
done
paulson@15152
   444
paulson@15152
   445
lemma discrim_Crypt [simp]: "discrim (Crypt K X) = discrim X + 2"
paulson@15152
   446
apply (cases X) 
paulson@15152
   447
apply (simp add: discrim_def Crypt
paulson@15152
   448
                 UN_equiv_class [OF equiv_msgrel discrim_congruent]) 
paulson@15152
   449
done
paulson@15152
   450
paulson@15152
   451
lemma discrim_Decrypt [simp]: "discrim (Decrypt K X) = discrim X - 2"
paulson@15152
   452
apply (cases X) 
paulson@15152
   453
apply (simp add: discrim_def Decrypt
paulson@15152
   454
                 UN_equiv_class [OF equiv_msgrel discrim_congruent]) 
paulson@15152
   455
done
paulson@15152
   456
paulson@15152
   457
paulson@14527
   458
end
paulson@14527
   459