isabelle: src/HOL/Auth/Guard/Guard_Shared.thy@64035d9161d3 (annotated)

41775 6214816d79d3 standardized headers; wenzelm parents: 41413 diff changeset	1	(* Title: HOL/Auth/Guard/Guard_Shared.thy
6214816d79d3 standardized headers; wenzelm parents: 41413 diff changeset	2	Author: Frederic Blanqui, University of Cambridge Computer Laboratory
6214816d79d3 standardized headers; wenzelm parents: 41413 diff changeset	3	Copyright 2002 University of Cambridge
6214816d79d3 standardized headers; wenzelm parents: 41413 diff changeset	4	*)
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	5
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	6	section\<open>lemmas on guarded messages for protocols with symmetric keys\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	7
41413 64cd30d6b0b8 explicit file specifications -- avoid secondary load path; wenzelm parents: 35416 diff changeset	8	theory Guard_Shared imports Guard GuardK "../Shared" begin
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	9
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	10	subsection\<open>Extensions to Theory \<open>Shared\<close>\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	11
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	12	declare initState.simps [simp del]
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	13
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	14	subsubsection\<open>a little abbreviation\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	15
19363 667b5ea637dd refined 'abbreviation'; wenzelm parents: 16417 diff changeset	16	abbreviation
21404 eb85850d3eb7 more robust syntax for definition/abbreviation/notation; wenzelm parents: 19363 diff changeset	17	Ciph :: "agent => msg => msg" where
19363 667b5ea637dd refined 'abbreviation'; wenzelm parents: 16417 diff changeset	18	"Ciph A X == Crypt (shrK A) X"
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	19
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	20	subsubsection\<open>agent associated to a key\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	21
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 21404 diff changeset	22	definition agt :: "key => agent" where
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	23	"agt K == @A. K = shrK A"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	24
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	25	lemma agt_shrK [simp]: "agt (shrK A) = A"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	26	by (simp add: agt_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	27
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	28	subsubsection\<open>basic facts about @{term initState}\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	29
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	30	lemma no_Crypt_in_parts_init [simp]: "Crypt K X ~:parts (initState A)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	31	by (cases A, auto simp: initState.simps)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	32
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	33	lemma no_Crypt_in_analz_init [simp]: "Crypt K X ~:analz (initState A)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	34	by auto
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	35
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	36	lemma no_shrK_in_analz_init [simp]: "A ~:bad
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	37	==> Key (shrK A) ~:analz (initState Spy)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	38	by (auto simp: initState.simps)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	39
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	40	lemma shrK_notin_initState_Friend [simp]: "A ~= Friend C
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	41	==> Key (shrK A) ~: parts (initState (Friend C))"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	42	by (auto simp: initState.simps)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	43
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	44	lemma keyset_init [iff]: "keyset (initState A)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	45	by (cases A, auto simp: keyset_def initState.simps)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	46
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	47	subsubsection\<open>sets of symmetric keys\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	48
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 21404 diff changeset	49	definition shrK_set :: "key set => bool" where
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	50	"shrK_set Ks == ALL K. K:Ks --> (EX A. K = shrK A)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	51
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	52	lemma in_shrK_set: "[\| shrK_set Ks; K:Ks \|] ==> EX A. K = shrK A"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	53	by (simp add: shrK_set_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	54
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	55	lemma shrK_set1 [iff]: "shrK_set {shrK A}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	56	by (simp add: shrK_set_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	57
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	58	lemma shrK_set2 [iff]: "shrK_set {shrK A, shrK B}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	59	by (simp add: shrK_set_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	60
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	61	subsubsection\<open>sets of good keys\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	62
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 21404 diff changeset	63	definition good :: "key set => bool" where
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	64	"good Ks == ALL K. K:Ks --> agt K ~:bad"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	65
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	66	lemma in_good: "[\| good Ks; K:Ks \|] ==> agt K ~:bad"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	67	by (simp add: good_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	68
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	69	lemma good1 [simp]: "A ~:bad ==> good {shrK A}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	70	by (simp add: good_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	71
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	72	lemma good2 [simp]: "[\| A ~:bad; B ~:bad \|] ==> good {shrK A, shrK B}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	73	by (simp add: good_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	74
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	75
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	76	subsection\<open>Proofs About Guarded Messages\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	77
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	78	subsubsection\<open>small hack\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	79
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	80	lemma shrK_is_invKey_shrK: "shrK A = invKey (shrK A)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	81	by simp
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	82
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	83	lemmas shrK_is_invKey_shrK_substI = shrK_is_invKey_shrK [THEN ssubst]
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	84
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	85	lemmas invKey_invKey_substI = invKey [THEN ssubst]
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	86
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	87	lemma "Nonce n:parts {X} ==> Crypt (shrK A) X:guard n {shrK A}"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	88	apply (rule shrK_is_invKey_shrK_substI, rule invKey_invKey_substI)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	89	by (rule Guard_Nonce, simp+)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	90
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	91	subsubsection\<open>guardedness results on nonces\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	92
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	93	lemma guard_ciph [simp]: "shrK A:Ks ==> Ciph A X:guard n Ks"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	94	by (rule Guard_Nonce, simp)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	95
13523 079af5c90d1c avoid duplicate fact bindings; wenzelm parents: 13508 diff changeset	96	lemma guardK_ciph [simp]: "shrK A:Ks ==> Ciph A X:guardK n Ks"
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	97	by (rule Guard_Key, simp)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	98
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	99	lemma Guard_init [iff]: "Guard n Ks (initState B)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	100	by (induct B, auto simp: Guard_def initState.simps)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	101
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	102	lemma Guard_knows_max': "Guard n Ks (knows_max' C evs)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	103	==> Guard n Ks (knows_max C evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	104	by (simp add: knows_max_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	105
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	106	lemma Nonce_not_used_Guard_spies [dest]: "Nonce n ~:used evs
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	107	==> Guard n Ks (spies evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	108	by (auto simp: Guard_def dest: not_used_not_known parts_sub)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	109
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	110	lemma Nonce_not_used_Guard [dest]: "[\| evs:p; Nonce n ~:used evs;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	111	Gets_correct p; one_step p \|] ==> Guard n Ks (knows (Friend C) evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	112	by (auto simp: Guard_def dest: known_used parts_trans)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	113
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	114	lemma Nonce_not_used_Guard_max [dest]: "[\| evs:p; Nonce n ~:used evs;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	115	Gets_correct p; one_step p \|] ==> Guard n Ks (knows_max (Friend C) evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	116	by (auto simp: Guard_def dest: known_max_used parts_trans)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	117
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	118	lemma Nonce_not_used_Guard_max' [dest]: "[\| evs:p; Nonce n ~:used evs;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	119	Gets_correct p; one_step p \|] ==> Guard n Ks (knows_max' (Friend C) evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	120	apply (rule_tac H="knows_max (Friend C) evs" in Guard_mono)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	121	by (auto simp: knows_max_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	122
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	123	subsubsection\<open>guardedness results on keys\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	124
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	125	lemma GuardK_init [simp]: "n ~:range shrK ==> GuardK n Ks (initState B)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	126	by (induct B, auto simp: GuardK_def initState.simps)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	127
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	128	lemma GuardK_knows_max': "[\| GuardK n A (knows_max' C evs); n ~:range shrK \|]
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	129	==> GuardK n A (knows_max C evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	130	by (simp add: knows_max_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	131
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	132	lemma Key_not_used_GuardK_spies [dest]: "Key n ~:used evs
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	133	==> GuardK n A (spies evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	134	by (auto simp: GuardK_def dest: not_used_not_known parts_sub)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	135
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	136	lemma Key_not_used_GuardK [dest]: "[\| evs:p; Key n ~:used evs;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	137	Gets_correct p; one_step p \|] ==> GuardK n A (knows (Friend C) evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	138	by (auto simp: GuardK_def dest: known_used parts_trans)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	139
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	140	lemma Key_not_used_GuardK_max [dest]: "[\| evs:p; Key n ~:used evs;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	141	Gets_correct p; one_step p \|] ==> GuardK n A (knows_max (Friend C) evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	142	by (auto simp: GuardK_def dest: known_max_used parts_trans)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	143
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	144	lemma Key_not_used_GuardK_max' [dest]: "[\| evs:p; Key n ~:used evs;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	145	Gets_correct p; one_step p \|] ==> GuardK n A (knows_max' (Friend C) evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	146	apply (rule_tac H="knows_max (Friend C) evs" in GuardK_mono)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	147	by (auto simp: knows_max_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	148
61830 4f5ab843cf5b isabelle update_cartouches -c -t; wenzelm parents: 58889 diff changeset	149	subsubsection\<open>regular protocols\<close>
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	150
35416 d8d7d1b785af replaced a couple of constsdefs by definitions (also some old primrecs by modern ones) haftmann parents: 21404 diff changeset	151	definition regular :: "event list set => bool" where
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	152	"regular p == ALL evs A. evs:p --> (Key (shrK A):parts (spies evs)) = (A:bad)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	153
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	154	lemma shrK_parts_iff_bad [simp]: "[\| evs:p; regular p \|] ==>
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	155	(Key (shrK A):parts (spies evs)) = (A:bad)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	156	by (auto simp: regular_def)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	157
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	158	lemma shrK_analz_iff_bad [simp]: "[\| evs:p; regular p \|] ==>
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	159	(Key (shrK A):analz (spies evs)) = (A:bad)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	160	by auto
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	161
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	162	lemma Guard_Nonce_analz: "[\| Guard n Ks (spies evs); evs:p;
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	163	shrK_set Ks; good Ks; regular p \|] ==> Nonce n ~:analz (spies evs)"
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	164	apply (clarify, simp only: knows_decomp)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	165	apply (drule Guard_invKey_keyset, simp+, safe)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	166	apply (drule in_good, simp)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	167	apply (drule in_shrK_set, simp+, clarify)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	168	apply (frule_tac A=A in shrK_analz_iff_bad)
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	169	by (simp add: knows_decomp)+
890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	170
61928 8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	171	lemma GuardK_Key_analz:
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	172	assumes "GuardK n Ks (spies evs)" "evs \<in> p" "shrK_set Ks"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	173	"good Ks" "regular p" "n \<notin> range shrK"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	174	shows "Key n \<notin> analz (spies evs)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	175	proof (rule ccontr)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	176	assume "\<not> Key n \<notin> analz (knows Spy evs)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	177	then have *: "Key n \<in> analz (spies' evs \<union> initState Spy)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	178	by (simp add: knows_decomp)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	179	from \<open>GuardK n Ks (spies evs)\<close>
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	180	have "GuardK n Ks (spies' evs \<union> initState Spy)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	181	by (simp add: knows_decomp)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	182	then have "GuardK n Ks (spies' evs)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	183	and "finite (spies' evs)" "keyset (initState Spy)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	184	by simp_all
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	185	moreover have "Key n \<notin> initState Spy"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	186	using \<open>n \<notin> range shrK\<close> by (simp add: image_iff initState_Spy)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	187	ultimately obtain K
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	188	where "K \<in> Ks" and **: "Key K \<in> analz (spies' evs \<union> initState Spy)"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	189	using * by (auto dest: GuardK_invKey_keyset)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	190	from \<open>K \<in> Ks\<close> and \<open>good Ks\<close> have "agt K \<notin> bad"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	191	by (auto dest: in_good)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	192	from \<open>K \<in> Ks\<close> \<open>shrK_set Ks\<close> obtain A
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	193	where "K = shrK A"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	194	by (auto dest: in_shrK_set)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	195	then have "agt K \<in> bad"
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	196	using ** \<open>evs \<in> p\<close> \<open>regular p\<close> shrK_analz_iff_bad [of evs p "agt K"]
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	197	by (simp add: knows_decomp)
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	198	with \<open>agt K \<notin> bad\<close> show False by simp
8796d5edd29c tuned proof haftmann parents: 61830 diff changeset	199	qed
13508 890d736b93a5 Frederic Blanqui's new "guard" examples paulson parents: diff changeset	200
62390 842917225d56 more canonical names nipkow parents: 61928 diff changeset	201	end

author	paulson <lp15@cam.ac.uk>
	Mon, 28 Aug 2017 16:30:51 +0100
changeset 66535	64035d9161d3
parent 62390	842917225d56
child 67613	ce654b0e6d69
permissions	-rw-r--r--