| author | nipkow |
| Tue, 23 Feb 2016 17:47:23 +0100 | |
| changeset 62392 | 747d36865c2c |
| parent 61992 | 6d02bb8b5fe1 |
| child 67406 | 23307fd33906 |
| permissions | -rw-r--r-- |
| 49322 | 1 |
(* Author: Lawrence C Paulson, Cambridge University Computer Laboratory |
| 11250 | 2 |
Copyright 1996 University of Cambridge |
3 |
||
4 |
Datatypes of agents and messages; |
|
5 |
Inductive relations "parts", "analz" and "synth" |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
6 |
*)(*<*) |
| 11250 | 7 |
|
| 58889 | 8 |
section{*Theory of Agents and Messages for Security Protocols*}
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
9 |
|
| 48895 | 10 |
theory Message imports Main begin |
11 |
ML_file "../../antiquote_setup.ML" |
|
| 11250 | 12 |
|
13 |
(*Needed occasionally with spy_analz_tac, e.g. in analz_insert_Key_newK*) |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
14 |
lemma [simp] : "A \<union> (B \<union> A) = B \<union> A" |
| 11250 | 15 |
by blast |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
16 |
(*>*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
17 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
18 |
section{* Agents and Messages *}
|
| 11250 | 19 |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
20 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
21 |
All protocol specifications refer to a syntactic theory of messages. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
22 |
Datatype |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
23 |
@{text agent} introduces the constant @{text Server} (a trusted central
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
24 |
machine, needed for some protocols), an infinite population of |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
25 |
friendly agents, and the~@{text Spy}:
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
26 |
*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
27 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
28 |
datatype agent = Server | Friend nat | Spy |
| 11250 | 29 |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
30 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
31 |
Keys are just natural numbers. Function @{text invKey} maps a public key to
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
32 |
the matching private key, and vice versa: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
33 |
*} |
| 11250 | 34 |
|
| 42765 | 35 |
type_synonym key = nat |
| 25341 | 36 |
consts invKey :: "key \<Rightarrow> key" |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
37 |
(*<*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
38 |
consts all_symmetric :: bool --{*true if all keys are symmetric*}
|
| 11250 | 39 |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
40 |
specification (invKey) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
41 |
invKey [simp]: "invKey (invKey K) = K" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
42 |
invKey_symmetric: "all_symmetric --> invKey = id" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
43 |
by (rule exI [of _ id], auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
44 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
45 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
46 |
text{*The inverse of a symmetric key is itself; that of a public key
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
47 |
is the private key and vice versa*} |
| 11250 | 48 |
|
|
35416
d8d7d1b785af
replaced a couple of constsdefs by definitions (also some old primrecs by modern ones)
haftmann
parents:
35109
diff
changeset
|
49 |
definition symKeys :: "key set" where |
| 11250 | 50 |
"symKeys == {K. invKey K = K}"
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
51 |
(*>*) |
| 11250 | 52 |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
53 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
54 |
Datatype |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
55 |
@{text msg} introduces the message forms, which include agent names, nonces,
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
56 |
keys, compound messages, and encryptions. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
57 |
*} |
| 11250 | 58 |
|
59 |
datatype |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
60 |
msg = Agent agent |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
61 |
| Nonce nat |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
62 |
| Key key |
|
32960
69916a850301
eliminated hard tabulators, guessing at each author's individual tab-width;
wenzelm
parents:
32265
diff
changeset
|
63 |
| MPair msg msg |
|
69916a850301
eliminated hard tabulators, guessing at each author's individual tab-width;
wenzelm
parents:
32265
diff
changeset
|
64 |
| Crypt key msg |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
65 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
66 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
67 |
\noindent |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
68 |
The notation $\comp{X\sb 1,\ldots X\sb{n-1},X\sb n}$
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
69 |
abbreviates |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
70 |
$\isa{MPair}\,X\sb 1\,\ldots\allowbreak(\isa{MPair}\,X\sb{n-1}\,X\sb n)$.
|
| 11250 | 71 |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
72 |
Since datatype constructors are injective, we have the theorem |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
73 |
@{thm [display,indent=0] msg.inject(5) [THEN iffD1, of K X K' X']}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
74 |
A ciphertext can be decrypted using only one key and |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
75 |
can yield only one plaintext. In the real world, decryption with the |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
76 |
wrong key succeeds but yields garbage. Our model of encryption is |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
77 |
realistic if encryption adds some redundancy to the plaintext, such as a |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
78 |
checksum, so that garbage can be detected. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
79 |
*} |
| 11250 | 80 |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
81 |
(*<*) |
| 61992 | 82 |
text{*Concrete syntax: messages appear as \<open>\<lbrace>A,B,NA\<rbrace>\<close>, etc...*}
|
| 11250 | 83 |
syntax |
| 35109 | 84 |
"_MTuple" :: "['a, args] => 'a * 'b" ("(2\<lbrace>_,/ _\<rbrace>)")
|
| 11250 | 85 |
translations |
| 61992 | 86 |
"\<lbrace>x, y, z\<rbrace>" == "\<lbrace>x, \<lbrace>y, z\<rbrace>\<rbrace>" |
87 |
"\<lbrace>x, y\<rbrace>" == "CONST MPair x y" |
|
| 11250 | 88 |
|
89 |
||
|
35416
d8d7d1b785af
replaced a couple of constsdefs by definitions (also some old primrecs by modern ones)
haftmann
parents:
35109
diff
changeset
|
90 |
definition keysFor :: "msg set => key set" where |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
91 |
--{*Keys useful to decrypt elements of a message set*}
|
| 11250 | 92 |
"keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
|
93 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
94 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
95 |
subsubsection{*Inductive Definition of All Parts" of a Message*}
|
| 11250 | 96 |
|
| 23733 | 97 |
inductive_set |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
98 |
parts :: "msg set => msg set" |
| 23733 | 99 |
for H :: "msg set" |
100 |
where |
|
| 11250 | 101 |
Inj [intro]: "X \<in> H ==> X \<in> parts H" |
| 61992 | 102 |
| Fst: "\<lbrace>X,Y\<rbrace> \<in> parts H ==> X \<in> parts H" |
103 |
| Snd: "\<lbrace>X,Y\<rbrace> \<in> parts H ==> Y \<in> parts H" |
|
| 23733 | 104 |
| Body: "Crypt K X \<in> parts H ==> X \<in> parts H" |
| 11250 | 105 |
|
106 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
107 |
text{*Monotonicity*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
108 |
lemma parts_mono: "G \<subseteq> H ==> parts(G) \<subseteq> parts(H)" |
| 11250 | 109 |
apply auto |
110 |
apply (erule parts.induct) |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
111 |
apply (blast dest: parts.Fst parts.Snd parts.Body)+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
112 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
113 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
114 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
115 |
text{*Equations hold because constructors are injective.*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
116 |
lemma Friend_image_eq [simp]: "(Friend x \<in> Friend`A) = (x:A)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
117 |
by auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
118 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
119 |
lemma Key_image_eq [simp]: "(Key x \<in> Key`A) = (x\<in>A)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
120 |
by auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
121 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
122 |
lemma Nonce_Key_image_eq [simp]: "(Nonce x \<notin> Key`A)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
123 |
by auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
124 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
125 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
126 |
subsubsection{*Inverse of keys *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
127 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
128 |
lemma invKey_eq [simp]: "(invKey K = invKey K') = (K=K')" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
129 |
apply safe |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
130 |
apply (drule_tac f = invKey in arg_cong, simp) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
131 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
132 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
133 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
134 |
subsection{*keysFor operator*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
135 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
136 |
lemma keysFor_empty [simp]: "keysFor {} = {}"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
137 |
by (unfold keysFor_def, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
138 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
139 |
lemma keysFor_Un [simp]: "keysFor (H \<union> H') = keysFor H \<union> keysFor H'" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
140 |
by (unfold keysFor_def, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
141 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
142 |
lemma keysFor_UN [simp]: "keysFor (\<Union>i\<in>A. H i) = (\<Union>i\<in>A. keysFor (H i))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
143 |
by (unfold keysFor_def, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
144 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
145 |
text{*Monotonicity*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
146 |
lemma keysFor_mono: "G \<subseteq> H ==> keysFor(G) \<subseteq> keysFor(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
147 |
by (unfold keysFor_def, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
148 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
149 |
lemma keysFor_insert_Agent [simp]: "keysFor (insert (Agent A) H) = keysFor H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
150 |
by (unfold keysFor_def, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
151 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
152 |
lemma keysFor_insert_Nonce [simp]: "keysFor (insert (Nonce N) H) = keysFor H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
153 |
by (unfold keysFor_def, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
154 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
155 |
lemma keysFor_insert_Key [simp]: "keysFor (insert (Key K) H) = keysFor H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
156 |
by (unfold keysFor_def, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
157 |
|
| 61992 | 158 |
lemma keysFor_insert_MPair [simp]: "keysFor (insert \<lbrace>X,Y\<rbrace> H) = keysFor H" |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
159 |
by (unfold keysFor_def, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
160 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
161 |
lemma keysFor_insert_Crypt [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
162 |
"keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
163 |
by (unfold keysFor_def, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
164 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
165 |
lemma keysFor_image_Key [simp]: "keysFor (Key`E) = {}"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
166 |
by (unfold keysFor_def, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
167 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
168 |
lemma Crypt_imp_invKey_keysFor: "Crypt K X \<in> H ==> invKey K \<in> keysFor H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
169 |
by (unfold keysFor_def, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
170 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
171 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
172 |
subsection{*Inductive relation "parts"*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
173 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
174 |
lemma MPair_parts: |
| 61992 | 175 |
"[| \<lbrace>X,Y\<rbrace> \<in> parts H; |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
176 |
[| X \<in> parts H; Y \<in> parts H |] ==> P |] ==> P" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
177 |
by (blast dest: parts.Fst parts.Snd) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
178 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
179 |
declare MPair_parts [elim!] parts.Body [dest!] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
180 |
text{*NB These two rules are UNSAFE in the formal sense, as they discard the
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
181 |
compound message. They work well on THIS FILE. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
182 |
@{text MPair_parts} is left as SAFE because it speeds up proofs.
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
183 |
The Crypt rule is normally kept UNSAFE to avoid breaking up certificates.*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
184 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
185 |
lemma parts_increasing: "H \<subseteq> parts(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
186 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
187 |
|
| 55142 | 188 |
lemmas parts_insertI = subset_insertI [THEN parts_mono, THEN subsetD] |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
189 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
190 |
lemma parts_empty [simp]: "parts{} = {}"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
191 |
apply safe |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
192 |
apply (erule parts.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
193 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
194 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
195 |
lemma parts_emptyE [elim!]: "X\<in> parts{} ==> P"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
196 |
by simp |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
197 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
198 |
text{*WARNING: loops if H = {Y}, therefore must not be repeated!*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
199 |
lemma parts_singleton: "X\<in> parts H ==> \<exists>Y\<in>H. X\<in> parts {Y}"
|
|
26807
4cd176ea28dc
Replaced blast by fast in proof of parts_singleton, since blast looped
berghofe
parents:
25341
diff
changeset
|
200 |
by (erule parts.induct, fast+) |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
201 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
202 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
203 |
subsubsection{*Unions *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
204 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
205 |
lemma parts_Un_subset1: "parts(G) \<union> parts(H) \<subseteq> parts(G \<union> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
206 |
by (intro Un_least parts_mono Un_upper1 Un_upper2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
207 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
208 |
lemma parts_Un_subset2: "parts(G \<union> H) \<subseteq> parts(G) \<union> parts(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
209 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
210 |
apply (erule parts.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
211 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
212 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
213 |
lemma parts_Un [simp]: "parts(G \<union> H) = parts(G) \<union> parts(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
214 |
by (intro equalityI parts_Un_subset1 parts_Un_subset2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
215 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
216 |
lemma parts_insert: "parts (insert X H) = parts {X} \<union> parts H"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
217 |
apply (subst insert_is_Un [of _ H]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
218 |
apply (simp only: parts_Un) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
219 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
220 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
221 |
text{*TWO inserts to avoid looping. This rewrite is better than nothing.
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
222 |
Not suitable for Addsimps: its behaviour can be strange.*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
223 |
lemma parts_insert2: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
224 |
"parts (insert X (insert Y H)) = parts {X} \<union> parts {Y} \<union> parts H"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
225 |
apply (simp add: Un_assoc) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
226 |
apply (simp add: parts_insert [symmetric]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
227 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
228 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
229 |
lemma parts_UN_subset1: "(\<Union>x\<in>A. parts(H x)) \<subseteq> parts(\<Union>x\<in>A. H x)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
230 |
by (intro UN_least parts_mono UN_upper) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
231 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
232 |
lemma parts_UN_subset2: "parts(\<Union>x\<in>A. H x) \<subseteq> (\<Union>x\<in>A. parts(H x))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
233 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
234 |
apply (erule parts.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
235 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
236 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
237 |
lemma parts_UN [simp]: "parts(\<Union>x\<in>A. H x) = (\<Union>x\<in>A. parts(H x))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
238 |
by (intro equalityI parts_UN_subset1 parts_UN_subset2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
239 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
240 |
text{*Added to simplify arguments to parts, analz and synth.
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
241 |
NOTE: the UN versions are no longer used!*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
242 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
243 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
244 |
text{*This allows @{text blast} to simplify occurrences of
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
245 |
@{term "parts(G\<union>H)"} in the assumption.*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
246 |
lemmas in_parts_UnE = parts_Un [THEN equalityD1, THEN subsetD, THEN UnE] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
247 |
declare in_parts_UnE [elim!] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
248 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
249 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
250 |
lemma parts_insert_subset: "insert X (parts H) \<subseteq> parts(insert X H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
251 |
by (blast intro: parts_mono [THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
252 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
253 |
subsubsection{*Idempotence and transitivity *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
254 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
255 |
lemma parts_partsD [dest!]: "X\<in> parts (parts H) ==> X\<in> parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
256 |
by (erule parts.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
257 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
258 |
lemma parts_idem [simp]: "parts (parts H) = parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
259 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
260 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
261 |
lemma parts_subset_iff [simp]: "(parts G \<subseteq> parts H) = (G \<subseteq> parts H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
262 |
apply (rule iffI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
263 |
apply (iprover intro: subset_trans parts_increasing) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
264 |
apply (frule parts_mono, simp) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
265 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
266 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
267 |
lemma parts_trans: "[| X\<in> parts G; G \<subseteq> parts H |] ==> X\<in> parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
268 |
by (drule parts_mono, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
269 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
270 |
text{*Cut*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
271 |
lemma parts_cut: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
272 |
"[| Y\<in> parts (insert X G); X\<in> parts H |] ==> Y\<in> parts (G \<union> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
273 |
by (blast intro: parts_trans) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
274 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
275 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
276 |
lemma parts_cut_eq [simp]: "X\<in> parts H ==> parts (insert X H) = parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
277 |
by (force dest!: parts_cut intro: parts_insertI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
278 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
279 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
280 |
subsubsection{*Rewrite rules for pulling out atomic messages *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
281 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
282 |
lemmas parts_insert_eq_I = equalityI [OF subsetI parts_insert_subset] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
283 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
284 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
285 |
lemma parts_insert_Agent [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
286 |
"parts (insert (Agent agt) H) = insert (Agent agt) (parts H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
287 |
apply (rule parts_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
288 |
apply (erule parts.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
289 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
290 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
291 |
lemma parts_insert_Nonce [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
292 |
"parts (insert (Nonce N) H) = insert (Nonce N) (parts H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
293 |
apply (rule parts_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
294 |
apply (erule parts.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
295 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
296 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
297 |
lemma parts_insert_Key [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
298 |
"parts (insert (Key K) H) = insert (Key K) (parts H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
299 |
apply (rule parts_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
300 |
apply (erule parts.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
301 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
302 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
303 |
lemma parts_insert_Crypt [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
304 |
"parts (insert (Crypt K X) H) = insert (Crypt K X) (parts (insert X H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
305 |
apply (rule equalityI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
306 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
307 |
apply (erule parts.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
308 |
apply (blast intro: parts.Body) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
309 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
310 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
311 |
lemma parts_insert_MPair [simp]: |
| 61992 | 312 |
"parts (insert \<lbrace>X,Y\<rbrace> H) = |
313 |
insert \<lbrace>X,Y\<rbrace> (parts (insert X (insert Y H)))" |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
314 |
apply (rule equalityI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
315 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
316 |
apply (erule parts.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
317 |
apply (blast intro: parts.Fst parts.Snd)+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
318 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
319 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
320 |
lemma parts_image_Key [simp]: "parts (Key`N) = Key`N" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
321 |
apply auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
322 |
apply (erule parts.induct, auto) |
| 11250 | 323 |
done |
324 |
||
325 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
326 |
text{*In any message, there is an upper bound N on its greatest nonce.*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
327 |
lemma msg_Nonce_supply: "\<exists>N. \<forall>n. N\<le>n --> Nonce n \<notin> parts {msg}"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
328 |
apply (induct_tac "msg") |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
329 |
apply (simp_all (no_asm_simp) add: exI parts_insert2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
330 |
txt{*MPair case: blast works out the necessary sum itself!*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
331 |
prefer 2 apply auto apply (blast elim!: add_leE) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
332 |
txt{*Nonce case*}
|
|
58305
57752a91eec4
renamed 'datatype' to 'old_datatype'; 'datatype' is now alias for 'datatype_new'
blanchet
parents:
56059
diff
changeset
|
333 |
apply (rename_tac nat) |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
334 |
apply (rule_tac x = "N + Suc nat" in exI, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
335 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
336 |
(*>*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
337 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
338 |
section{* Modelling the Adversary *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
339 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
340 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
341 |
The spy is part of the system and must be built into the model. He is |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
342 |
a malicious user who does not have to follow the protocol. He |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
343 |
watches the network and uses any keys he knows to decrypt messages. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
344 |
Thus he accumulates additional keys and nonces. These he can use to |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
345 |
compose new messages, which he may send to anybody. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
346 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
347 |
Two functions enable us to formalize this behaviour: @{text analz} and
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
348 |
@{text synth}. Each function maps a sets of messages to another set of
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
349 |
messages. The set @{text "analz H"} formalizes what the adversary can learn
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
350 |
from the set of messages~$H$. The closure properties of this set are |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
351 |
defined inductively. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
352 |
*} |
| 11250 | 353 |
|
| 23733 | 354 |
inductive_set |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
355 |
analz :: "msg set \<Rightarrow> msg set" |
| 23733 | 356 |
for H :: "msg set" |
357 |
where |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
358 |
Inj [intro,simp] : "X \<in> H \<Longrightarrow> X \<in> analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
359 |
| Fst: "\<lbrace>X,Y\<rbrace> \<in> analz H \<Longrightarrow> X \<in> analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
360 |
| Snd: "\<lbrace>X,Y\<rbrace> \<in> analz H \<Longrightarrow> Y \<in> analz H" |
| 23733 | 361 |
| Decrypt [dest]: |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
362 |
"\<lbrakk>Crypt K X \<in> analz H; Key(invKey K) \<in> analz H\<rbrakk> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
363 |
\<Longrightarrow> X \<in> analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
364 |
(*<*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
365 |
text{*Monotonicity; Lemma 1 of Lowe's paper*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
366 |
lemma analz_mono: "G\<subseteq>H ==> analz(G) \<subseteq> analz(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
367 |
apply auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
368 |
apply (erule analz.induct) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
369 |
apply (auto dest: analz.Fst analz.Snd) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
370 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
371 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
372 |
text{*Making it safe speeds up proofs*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
373 |
lemma MPair_analz [elim!]: |
| 61992 | 374 |
"[| \<lbrace>X,Y\<rbrace> \<in> analz H; |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
375 |
[| X \<in> analz H; Y \<in> analz H |] ==> P |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
376 |
|] ==> P" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
377 |
by (blast dest: analz.Fst analz.Snd) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
378 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
379 |
lemma analz_increasing: "H \<subseteq> analz(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
380 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
381 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
382 |
lemma analz_subset_parts: "analz H \<subseteq> parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
383 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
384 |
apply (erule analz.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
385 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
386 |
|
| 55142 | 387 |
lemmas analz_into_parts = analz_subset_parts [THEN subsetD] |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
388 |
|
| 55142 | 389 |
lemmas not_parts_not_analz = analz_subset_parts [THEN contra_subsetD] |
| 11250 | 390 |
|
391 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
392 |
lemma parts_analz [simp]: "parts (analz H) = parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
393 |
apply (rule equalityI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
394 |
apply (rule analz_subset_parts [THEN parts_mono, THEN subset_trans], simp) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
395 |
apply (blast intro: analz_increasing [THEN parts_mono, THEN subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
396 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
397 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
398 |
lemma analz_parts [simp]: "analz (parts H) = parts H" |
| 11250 | 399 |
apply auto |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
400 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
401 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
402 |
|
| 55142 | 403 |
lemmas analz_insertI = subset_insertI [THEN analz_mono, THEN [2] rev_subsetD] |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
404 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
405 |
subsubsection{*General equational properties *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
406 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
407 |
lemma analz_empty [simp]: "analz{} = {}"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
408 |
apply safe |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
409 |
apply (erule analz.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
410 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
411 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
412 |
text{*Converse fails: we can analz more from the union than from the
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
413 |
separate parts, as a key in one might decrypt a message in the other*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
414 |
lemma analz_Un: "analz(G) \<union> analz(H) \<subseteq> analz(G \<union> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
415 |
by (intro Un_least analz_mono Un_upper1 Un_upper2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
416 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
417 |
lemma analz_insert: "insert X (analz H) \<subseteq> analz(insert X H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
418 |
by (blast intro: analz_mono [THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
419 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
420 |
subsubsection{*Rewrite rules for pulling out atomic messages *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
421 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
422 |
lemmas analz_insert_eq_I = equalityI [OF subsetI analz_insert] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
423 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
424 |
lemma analz_insert_Agent [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
425 |
"analz (insert (Agent agt) H) = insert (Agent agt) (analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
426 |
apply (rule analz_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
427 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
428 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
429 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
430 |
lemma analz_insert_Nonce [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
431 |
"analz (insert (Nonce N) H) = insert (Nonce N) (analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
432 |
apply (rule analz_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
433 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
434 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
435 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
436 |
text{*Can only pull out Keys if they are not needed to decrypt the rest*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
437 |
lemma analz_insert_Key [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
438 |
"K \<notin> keysFor (analz H) ==> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
439 |
analz (insert (Key K) H) = insert (Key K) (analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
440 |
apply (unfold keysFor_def) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
441 |
apply (rule analz_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
442 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
443 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
444 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
445 |
lemma analz_insert_MPair [simp]: |
| 61992 | 446 |
"analz (insert \<lbrace>X,Y\<rbrace> H) = |
447 |
insert \<lbrace>X,Y\<rbrace> (analz (insert X (insert Y H)))" |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
448 |
apply (rule equalityI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
449 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
450 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
451 |
apply (erule analz.induct) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
452 |
apply (blast intro: analz.Fst analz.Snd)+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
453 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
454 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
455 |
text{*Can pull out enCrypted message if the Key is not known*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
456 |
lemma analz_insert_Crypt: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
457 |
"Key (invKey K) \<notin> analz H |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
458 |
==> analz (insert (Crypt K X) H) = insert (Crypt K X) (analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
459 |
apply (rule analz_insert_eq_I) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
460 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
461 |
|
| 11250 | 462 |
done |
463 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
464 |
lemma lemma1: "Key (invKey K) \<in> analz H ==> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
465 |
analz (insert (Crypt K X) H) \<subseteq> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
466 |
insert (Crypt K X) (analz (insert X H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
467 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
468 |
apply (erule_tac x = x in analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
469 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
470 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
471 |
lemma lemma2: "Key (invKey K) \<in> analz H ==> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
472 |
insert (Crypt K X) (analz (insert X H)) \<subseteq> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
473 |
analz (insert (Crypt K X) H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
474 |
apply auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
475 |
apply (erule_tac x = x in analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
476 |
apply (blast intro: analz_insertI analz.Decrypt) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
477 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
478 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
479 |
lemma analz_insert_Decrypt: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
480 |
"Key (invKey K) \<in> analz H ==> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
481 |
analz (insert (Crypt K X) H) = |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
482 |
insert (Crypt K X) (analz (insert X H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
483 |
by (intro equalityI lemma1 lemma2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
484 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
485 |
text{*Case analysis: either the message is secure, or it is not! Effective,
|
| 62392 | 486 |
but can cause subgoals to blow up! Use with @{text "if_split"}; apparently
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
487 |
@{text "split_tac"} does not cope with patterns such as @{term"analz (insert
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
488 |
(Crypt K X) H)"} *} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
489 |
lemma analz_Crypt_if [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
490 |
"analz (insert (Crypt K X) H) = |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
491 |
(if (Key (invKey K) \<in> analz H) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
492 |
then insert (Crypt K X) (analz (insert X H)) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
493 |
else insert (Crypt K X) (analz H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
494 |
by (simp add: analz_insert_Crypt analz_insert_Decrypt) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
495 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
496 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
497 |
text{*This rule supposes "for the sake of argument" that we have the key.*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
498 |
lemma analz_insert_Crypt_subset: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
499 |
"analz (insert (Crypt K X) H) \<subseteq> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
500 |
insert (Crypt K X) (analz (insert X H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
501 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
502 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
503 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
504 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
505 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
506 |
lemma analz_image_Key [simp]: "analz (Key`N) = Key`N" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
507 |
apply auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
508 |
apply (erule analz.induct, auto) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
509 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
510 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
511 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
512 |
subsubsection{*Idempotence and transitivity *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
513 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
514 |
lemma analz_analzD [dest!]: "X\<in> analz (analz H) ==> X\<in> analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
515 |
by (erule analz.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
516 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
517 |
lemma analz_idem [simp]: "analz (analz H) = analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
518 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
519 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
520 |
lemma analz_subset_iff [simp]: "(analz G \<subseteq> analz H) = (G \<subseteq> analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
521 |
apply (rule iffI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
522 |
apply (iprover intro: subset_trans analz_increasing) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
523 |
apply (frule analz_mono, simp) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
524 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
525 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
526 |
lemma analz_trans: "[| X\<in> analz G; G \<subseteq> analz H |] ==> X\<in> analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
527 |
by (drule analz_mono, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
528 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
529 |
text{*Cut; Lemma 2 of Lowe*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
530 |
lemma analz_cut: "[| Y\<in> analz (insert X H); X\<in> analz H |] ==> Y\<in> analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
531 |
by (erule analz_trans, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
532 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
533 |
(*Cut can be proved easily by induction on |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
534 |
"Y: analz (insert X H) ==> X: analz H --> Y: analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
535 |
*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
536 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
537 |
text{*This rewrite rule helps in the simplification of messages that involve
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
538 |
the forwarding of unknown components (X). Without it, removing occurrences |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
539 |
of X can be very complicated. *} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
540 |
lemma analz_insert_eq: "X\<in> analz H ==> analz (insert X H) = analz H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
541 |
by (blast intro: analz_cut analz_insertI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
542 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
543 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
544 |
text{*A congruence rule for "analz" *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
545 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
546 |
lemma analz_subset_cong: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
547 |
"[| analz G \<subseteq> analz G'; analz H \<subseteq> analz H' |] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
548 |
==> analz (G \<union> H) \<subseteq> analz (G' \<union> H')" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
549 |
apply simp |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
550 |
apply (iprover intro: conjI subset_trans analz_mono Un_upper1 Un_upper2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
551 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
552 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
553 |
lemma analz_cong: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
554 |
"[| analz G = analz G'; analz H = analz H' |] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
555 |
==> analz (G \<union> H) = analz (G' \<union> H')" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
556 |
by (intro equalityI analz_subset_cong, simp_all) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
557 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
558 |
lemma analz_insert_cong: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
559 |
"analz H = analz H' ==> analz(insert X H) = analz(insert X H')" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
560 |
by (force simp only: insert_def intro!: analz_cong) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
561 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
562 |
text{*If there are no pairs or encryptions then analz does nothing*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
563 |
lemma analz_trivial: |
| 61992 | 564 |
"[| \<forall>X Y. \<lbrace>X,Y\<rbrace> \<notin> H; \<forall>X K. Crypt K X \<notin> H |] ==> analz H = H" |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
565 |
apply safe |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
566 |
apply (erule analz.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
567 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
568 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
569 |
text{*These two are obsolete (with a single Spy) but cost little to prove...*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
570 |
lemma analz_UN_analz_lemma: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
571 |
"X\<in> analz (\<Union>i\<in>A. analz (H i)) ==> X\<in> analz (\<Union>i\<in>A. H i)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
572 |
apply (erule analz.induct) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
573 |
apply (blast intro: analz_mono [THEN [2] rev_subsetD])+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
574 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
575 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
576 |
lemma analz_UN_analz [simp]: "analz (\<Union>i\<in>A. analz (H i)) = analz (\<Union>i\<in>A. H i)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
577 |
by (blast intro: analz_UN_analz_lemma analz_mono [THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
578 |
(*>*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
579 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
580 |
Note the @{text Decrypt} rule: the spy can decrypt a
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
581 |
message encrypted with key~$K$ if he has the matching key,~$K^{-1}$.
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
582 |
Properties proved by rule induction include the following: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
583 |
@{named_thms [display,indent=0] analz_mono [no_vars] (analz_mono) analz_idem [no_vars] (analz_idem)}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
584 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
585 |
The set of fake messages that an intruder could invent |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
586 |
starting from~@{text H} is @{text "synth(analz H)"}, where @{text "synth H"}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
587 |
formalizes what the adversary can build from the set of messages~$H$. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
588 |
*} |
| 11250 | 589 |
|
| 23733 | 590 |
inductive_set |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
591 |
synth :: "msg set \<Rightarrow> msg set" |
| 23733 | 592 |
for H :: "msg set" |
593 |
where |
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
594 |
Inj [intro]: "X \<in> H \<Longrightarrow> X \<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
595 |
| Agent [intro]: "Agent agt \<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
596 |
| MPair [intro]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
597 |
"\<lbrakk>X \<in> synth H; Y \<in> synth H\<rbrakk> \<Longrightarrow> \<lbrace>X,Y\<rbrace> \<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
598 |
| Crypt [intro]: |
| 23929 | 599 |
"\<lbrakk>X \<in> synth H; Key K \<in> H\<rbrakk> \<Longrightarrow> Crypt K X \<in> synth H" |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
600 |
(*<*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
601 |
lemma synth_mono: "G\<subseteq>H ==> synth(G) \<subseteq> synth(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
602 |
by (auto, erule synth.induct, auto) |
| 11250 | 603 |
|
604 |
inductive_cases Key_synth [elim!]: "Key K \<in> synth H" |
|
| 61992 | 605 |
inductive_cases MPair_synth [elim!]: "\<lbrace>X,Y\<rbrace> \<in> synth H" |
| 11250 | 606 |
inductive_cases Crypt_synth [elim!]: "Crypt K X \<in> synth H" |
607 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
608 |
lemma analz_synth_Un [simp]: "analz (synth G \<union> H) = analz (G \<union> H) \<union> synth G" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
609 |
apply (rule equalityI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
610 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
611 |
apply (erule analz.induct) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
612 |
prefer 5 apply (blast intro: analz_mono [THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
613 |
apply (blast intro: analz.Fst analz.Snd analz.Decrypt)+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
614 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
615 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
616 |
lemma analz_synth [simp]: "analz (synth H) = analz H \<union> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
617 |
apply (cut_tac H = "{}" in analz_synth_Un)
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
618 |
apply (simp (no_asm_use)) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
619 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
620 |
(*>*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
621 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
622 |
The set includes all agent names. Nonces and keys are assumed to be |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
623 |
unguessable, so none are included beyond those already in~$H$. Two |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
624 |
elements of @{term "synth H"} can be combined, and an element can be encrypted
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
625 |
using a key present in~$H$. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
626 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
627 |
Like @{text analz}, this set operator is monotone and idempotent. It also
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
628 |
satisfies an interesting equation involving @{text analz}:
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
629 |
@{named_thms [display,indent=0] analz_synth [no_vars] (analz_synth)}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
630 |
Rule inversion plays a major role in reasoning about @{text synth}, through
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
631 |
declarations such as this one: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
632 |
*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
633 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
634 |
inductive_cases Nonce_synth [elim!]: "Nonce n \<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
635 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
636 |
text {*
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
637 |
\noindent |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
638 |
The resulting elimination rule replaces every assumption of the form |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
639 |
@{term "Nonce n \<in> synth H"} by @{term "Nonce n \<in> H"},
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
640 |
expressing that a nonce cannot be guessed. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
641 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
642 |
A third operator, @{text parts}, is useful for stating correctness
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
643 |
properties. The set |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
644 |
@{term "parts H"} consists of the components of elements of~$H$. This set
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
645 |
includes~@{text H} and is closed under the projections from a compound
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
646 |
message to its immediate parts. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
647 |
Its definition resembles that of @{text analz} except in the rule
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
648 |
corresponding to the constructor @{text Crypt}:
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
649 |
@{thm [display,indent=5] parts.Body [no_vars]}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
650 |
The body of an encrypted message is always regarded as part of it. We can |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
651 |
use @{text parts} to express general well-formedness properties of a protocol,
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
652 |
for example, that an uncompromised agent's private key will never be |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
653 |
included as a component of any message. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
654 |
*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
655 |
(*<*) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
656 |
lemma synth_increasing: "H \<subseteq> synth(H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
657 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
658 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
659 |
subsubsection{*Unions *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
660 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
661 |
text{*Converse fails: we can synth more from the union than from the
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
662 |
separate parts, building a compound message using elements of each.*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
663 |
lemma synth_Un: "synth(G) \<union> synth(H) \<subseteq> synth(G \<union> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
664 |
by (intro Un_least synth_mono Un_upper1 Un_upper2) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
665 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
666 |
lemma synth_insert: "insert X (synth H) \<subseteq> synth(insert X H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
667 |
by (blast intro: synth_mono [THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
668 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
669 |
subsubsection{*Idempotence and transitivity *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
670 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
671 |
lemma synth_synthD [dest!]: "X\<in> synth (synth H) ==> X\<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
672 |
by (erule synth.induct, blast+) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
673 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
674 |
lemma synth_idem: "synth (synth H) = synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
675 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
676 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
677 |
lemma synth_subset_iff [simp]: "(synth G \<subseteq> synth H) = (G \<subseteq> synth H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
678 |
apply (rule iffI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
679 |
apply (iprover intro: subset_trans synth_increasing) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
680 |
apply (frule synth_mono, simp add: synth_idem) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
681 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
682 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
683 |
lemma synth_trans: "[| X\<in> synth G; G \<subseteq> synth H |] ==> X\<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
684 |
by (drule synth_mono, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
685 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
686 |
text{*Cut; Lemma 2 of Lowe*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
687 |
lemma synth_cut: "[| Y\<in> synth (insert X H); X\<in> synth H |] ==> Y\<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
688 |
by (erule synth_trans, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
689 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
690 |
lemma Agent_synth [simp]: "Agent A \<in> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
691 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
692 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
693 |
lemma Nonce_synth_eq [simp]: "(Nonce N \<in> synth H) = (Nonce N \<in> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
694 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
695 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
696 |
lemma Key_synth_eq [simp]: "(Key K \<in> synth H) = (Key K \<in> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
697 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
698 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
699 |
lemma Crypt_synth_eq [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
700 |
"Key K \<notin> H ==> (Crypt K X \<in> synth H) = (Crypt K X \<in> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
701 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
702 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
703 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
704 |
lemma keysFor_synth [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
705 |
"keysFor (synth H) = keysFor H \<union> invKey`{K. Key K \<in> H}"
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
706 |
by (unfold keysFor_def, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
707 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
708 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
709 |
subsubsection{*Combinations of parts, analz and synth *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
710 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
711 |
lemma parts_synth [simp]: "parts (synth H) = parts H \<union> synth H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
712 |
apply (rule equalityI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
713 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
714 |
apply (erule parts.induct) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
715 |
apply (blast intro: synth_increasing [THEN parts_mono, THEN subsetD] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
716 |
parts.Fst parts.Snd parts.Body)+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
717 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
718 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
719 |
lemma analz_analz_Un [simp]: "analz (analz G \<union> H) = analz (G \<union> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
720 |
apply (intro equalityI analz_subset_cong)+ |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
721 |
apply simp_all |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
722 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
723 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
724 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
725 |
subsubsection{*For reasoning about the Fake rule in traces *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
726 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
727 |
lemma parts_insert_subset_Un: "X\<in> G ==> parts(insert X H) \<subseteq> parts G \<union> parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
728 |
by (rule subset_trans [OF parts_mono parts_Un_subset2], blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
729 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
730 |
text{*More specifically for Fake. Very occasionally we could do with a version
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
731 |
of the form @{term"parts{X} \<subseteq> synth (analz H) \<union> parts H"} *}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
732 |
lemma Fake_parts_insert: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
733 |
"X \<in> synth (analz H) ==> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
734 |
parts (insert X H) \<subseteq> synth (analz H) \<union> parts H" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
735 |
apply (drule parts_insert_subset_Un) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
736 |
apply (simp (no_asm_use)) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
737 |
apply blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
738 |
done |
| 11250 | 739 |
|
740 |
lemma Fake_parts_insert_in_Un: |
|
741 |
"[|Z \<in> parts (insert X H); X: synth (analz H)|] |
|
| 58860 | 742 |
==> Z \<in> synth (analz H) \<union> parts H" |
| 11250 | 743 |
by (blast dest: Fake_parts_insert [THEN subsetD, dest]) |
744 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
745 |
text{*@{term H} is sometimes @{term"Key ` KK \<union> spies evs"}, so can't put
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
746 |
@{term "G=H"}.*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
747 |
lemma Fake_analz_insert: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
748 |
"X\<in> synth (analz G) ==> |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
749 |
analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
750 |
apply (rule subsetI) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
751 |
apply (subgoal_tac "x \<in> analz (synth (analz G) \<union> H) ") |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
752 |
prefer 2 apply (blast intro: analz_mono [THEN [2] rev_subsetD] analz_mono [THEN synth_mono, THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
753 |
apply (simp (no_asm_use)) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
754 |
apply blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
755 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
756 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
757 |
lemma analz_conj_parts [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
758 |
"(X \<in> analz H & X \<in> parts H) = (X \<in> analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
759 |
by (blast intro: analz_subset_parts [THEN subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
760 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
761 |
lemma analz_disj_parts [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
762 |
"(X \<in> analz H | X \<in> parts H) = (X \<in> parts H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
763 |
by (blast intro: analz_subset_parts [THEN subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
764 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
765 |
text{*Without this equation, other rules for synth and analz would yield
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
766 |
redundant cases*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
767 |
lemma MPair_synth_analz [iff]: |
| 61992 | 768 |
"(\<lbrace>X,Y\<rbrace> \<in> synth (analz H)) = |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
769 |
(X \<in> synth (analz H) & Y \<in> synth (analz H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
770 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
771 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
772 |
lemma Crypt_synth_analz: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
773 |
"[| Key K \<in> analz H; Key (invKey K) \<in> analz H |] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
774 |
==> (Crypt K X \<in> synth (analz H)) = (X \<in> synth (analz H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
775 |
by blast |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
776 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
777 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
778 |
text{*We do NOT want Crypt... messages broken up in protocols!!*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
779 |
declare parts.Body [rule del] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
780 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
781 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
782 |
text{*Rewrites to push in Key and Crypt messages, so that other messages can
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
783 |
be pulled out using the @{text analz_insert} rules*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
784 |
|
| 55142 | 785 |
lemmas pushKeys = |
| 27225 | 786 |
insert_commute [of "Key K" "Agent C"] |
787 |
insert_commute [of "Key K" "Nonce N"] |
|
788 |
insert_commute [of "Key K" "Number N"] |
|
789 |
insert_commute [of "Key K" "Hash X"] |
|
790 |
insert_commute [of "Key K" "MPair X Y"] |
|
791 |
insert_commute [of "Key K" "Crypt X K'"] |
|
| 55142 | 792 |
for K C N X Y K' |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
793 |
|
| 55142 | 794 |
lemmas pushCrypts = |
| 27225 | 795 |
insert_commute [of "Crypt X K" "Agent C"] |
796 |
insert_commute [of "Crypt X K" "Agent C"] |
|
797 |
insert_commute [of "Crypt X K" "Nonce N"] |
|
798 |
insert_commute [of "Crypt X K" "Number N"] |
|
799 |
insert_commute [of "Crypt X K" "Hash X'"] |
|
800 |
insert_commute [of "Crypt X K" "MPair X' Y"] |
|
| 55142 | 801 |
for X K C N X' Y |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
802 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
803 |
text{*Cannot be added with @{text "[simp]"} -- messages should not always be
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
804 |
re-ordered. *} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
805 |
lemmas pushes = pushKeys pushCrypts |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
806 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
807 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
808 |
subsection{*Tactics useful for many protocol proofs*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
809 |
ML |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
810 |
{*
|
| 39282 | 811 |
val invKey = @{thm invKey};
|
812 |
val keysFor_def = @{thm keysFor_def};
|
|
813 |
val symKeys_def = @{thm symKeys_def};
|
|
814 |
val parts_mono = @{thm parts_mono};
|
|
815 |
val analz_mono = @{thm analz_mono};
|
|
816 |
val synth_mono = @{thm synth_mono};
|
|
817 |
val analz_increasing = @{thm analz_increasing};
|
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
818 |
|
| 39282 | 819 |
val analz_insertI = @{thm analz_insertI};
|
820 |
val analz_subset_parts = @{thm analz_subset_parts};
|
|
821 |
val Fake_parts_insert = @{thm Fake_parts_insert};
|
|
822 |
val Fake_analz_insert = @{thm Fake_analz_insert};
|
|
823 |
val pushes = @{thms pushes};
|
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
824 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
825 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
826 |
(*Analysis of Fake cases. Also works for messages that forward unknown parts, |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
827 |
but this application is no longer necessary if analz_insert_eq is used. |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
828 |
Abstraction over i is ESSENTIAL: it delays the dereferencing of claset |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
829 |
DEPENDS UPON "X" REFERRING TO THE FRADULENT MESSAGE *) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
830 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
831 |
(*Apply rules to break down assumptions of the form |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
832 |
Y \<in> parts(insert X H) and Y \<in> analz(insert X H) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
833 |
*) |
| 32265 | 834 |
fun impOfSubs th = th RSN (2, @{thm rev_subsetD})
|
835 |
||
|
59498
50b60f501b05
proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.;
wenzelm
parents:
58889
diff
changeset
|
836 |
fun Fake_insert_tac ctxt = |
|
50b60f501b05
proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.;
wenzelm
parents:
58889
diff
changeset
|
837 |
dresolve_tac ctxt [impOfSubs Fake_analz_insert, |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
838 |
impOfSubs Fake_parts_insert] THEN' |
|
59498
50b60f501b05
proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.;
wenzelm
parents:
58889
diff
changeset
|
839 |
eresolve_tac ctxt [asm_rl, @{thm synth.Inj}];
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
840 |
|
|
51717
9e7d1c139569
simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents:
49322
diff
changeset
|
841 |
fun Fake_insert_simp_tac ctxt i = |
|
59498
50b60f501b05
proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.;
wenzelm
parents:
58889
diff
changeset
|
842 |
REPEAT (Fake_insert_tac ctxt i) THEN asm_full_simp_tac ctxt i; |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
843 |
|
| 42475 | 844 |
fun atomic_spy_analz_tac ctxt = |
| 42793 | 845 |
SELECT_GOAL |
|
51717
9e7d1c139569
simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents:
49322
diff
changeset
|
846 |
(Fake_insert_simp_tac ctxt 1 THEN |
| 42793 | 847 |
IF_UNSOLVED (Blast.depth_tac (ctxt addIs [analz_insertI, impOfSubs analz_subset_parts]) 4 1)); |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
848 |
|
| 42475 | 849 |
fun spy_analz_tac ctxt i = |
| 42793 | 850 |
DETERM |
851 |
(SELECT_GOAL |
|
852 |
(EVERY |
|
853 |
[ (*push in occurrences of X...*) |
|
854 |
(REPEAT o CHANGED) |
|
| 59780 | 855 |
(Rule_Insts.res_inst_tac ctxt [((("x", 1), Position.none), "X")] []
|
856 |
(insert_commute RS ssubst) 1), |
|
| 42793 | 857 |
(*...allowing further simplifications*) |
|
51717
9e7d1c139569
simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents:
49322
diff
changeset
|
858 |
simp_tac ctxt 1, |
|
59498
50b60f501b05
proper context for resolve_tac, eresolve_tac, dresolve_tac, forward_tac etc.;
wenzelm
parents:
58889
diff
changeset
|
859 |
REPEAT (FIRSTGOAL (resolve_tac ctxt [allI,impI,notI,conjI,iffI])), |
| 42793 | 860 |
DEPTH_SOLVE (atomic_spy_analz_tac ctxt 1)]) i); |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
861 |
*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
862 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
863 |
text{*By default only @{text o_apply} is built-in. But in the presence of
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
864 |
eta-expansion this means that some terms displayed as @{term "f o g"} will be
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
865 |
rewritten, and others will not!*} |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
866 |
declare o_def [simp] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
867 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
868 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
869 |
lemma Crypt_notin_image_Key [simp]: "Crypt K X \<notin> Key ` A" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
870 |
by auto |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
871 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
872 |
lemma synth_analz_mono: "G\<subseteq>H ==> synth (analz(G)) \<subseteq> synth (analz(H))" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
873 |
by (iprover intro: synth_mono analz_mono) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
874 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
875 |
lemma Fake_analz_eq [simp]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
876 |
"X \<in> synth(analz H) ==> synth (analz (insert X H)) = synth (analz H)" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
877 |
apply (drule Fake_analz_insert[of _ _ "H"]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
878 |
apply (simp add: synth_increasing[THEN Un_absorb2]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
879 |
apply (drule synth_mono) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
880 |
apply (simp add: synth_idem) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
881 |
apply (rule equalityI) |
| 58860 | 882 |
apply (simp add: ) |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
883 |
apply (rule synth_analz_mono, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
884 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
885 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
886 |
text{*Two generalizations of @{text analz_insert_eq}*}
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
887 |
lemma gen_analz_insert_eq [rule_format]: |
| 58860 | 888 |
"X \<in> analz H ==> ALL G. H \<subseteq> G --> analz (insert X G) = analz G" |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
889 |
by (blast intro: analz_cut analz_insertI analz_mono [THEN [2] rev_subsetD]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
890 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
891 |
lemma synth_analz_insert_eq [rule_format]: |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
892 |
"X \<in> synth (analz H) |
| 58860 | 893 |
==> ALL G. H \<subseteq> G --> (Key K \<in> analz (insert X G)) = (Key K \<in> analz G)" |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
894 |
apply (erule synth.induct) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
895 |
apply (simp_all add: gen_analz_insert_eq subset_trans [OF _ subset_insertI]) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
896 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
897 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
898 |
lemma Fake_parts_sing: |
| 58860 | 899 |
"X \<in> synth (analz H) ==> parts{X} \<subseteq> synth (analz H) \<union> parts H"
|
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
900 |
apply (rule subset_trans) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
901 |
apply (erule_tac [2] Fake_parts_insert) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
902 |
apply (rule parts_mono, blast) |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
903 |
done |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
904 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
905 |
lemmas Fake_parts_sing_imp_Un = Fake_parts_sing [THEN [2] rev_subsetD] |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
906 |
|
| 11250 | 907 |
method_setup spy_analz = {*
|
| 42475 | 908 |
Scan.succeed (SIMPLE_METHOD' o spy_analz_tac) *} |
| 11250 | 909 |
"for proving the Fake case when analz is involved" |
910 |
||
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
911 |
method_setup atomic_spy_analz = {*
|
| 42475 | 912 |
Scan.succeed (SIMPLE_METHOD' o atomic_spy_analz_tac) *} |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
913 |
"for debugging spy_analz" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
914 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
915 |
method_setup Fake_insert_simp = {*
|
|
51717
9e7d1c139569
simplifier uses proper Proof.context instead of historic type simpset;
wenzelm
parents:
49322
diff
changeset
|
916 |
Scan.succeed (SIMPLE_METHOD' o Fake_insert_simp_tac) *} |
|
23925
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
917 |
"for debugging spy_analz" |
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
918 |
|
|
ee98c2528a8f
LaTeX code is now generated directly from theory files.
berghofe
parents:
23733
diff
changeset
|
919 |
|
| 11250 | 920 |
end |
| 62392 | 921 |
(*>*) |