isabelle: src/HOL/Quotient_Examples/Quotient_Message.thy@8e27e0177518 (annotated)

36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	1	(* Title: HOL/Quotient_Examples/Quotient_Message.thy
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	2	Author: Christian Urban
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	3
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	4	Message datatype, based on an older version by Larry Paulson.
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	5	*)
41467 8fc17c5e11c0 tuned headers; wenzelm parents: 40823 diff changeset	6
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	7	theory Quotient_Message
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	8	imports Main Quotient_Syntax
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	9	begin
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	10
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	11	subsection{Defining the Free Algebra}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	12
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	13	datatype
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	14	freemsg = NONCE nat
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	15	\| MPAIR freemsg freemsg
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	16	\| CRYPT nat freemsg
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	17	\| DECRYPT nat freemsg
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	18
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	19	inductive
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	20	msgrel::"freemsg \<Rightarrow> freemsg \<Rightarrow> bool" (infixl "\<sim>" 50)
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	21	where
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	22	CD: "CRYPT K (DECRYPT K X) \<sim> X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	23	\| DC: "DECRYPT K (CRYPT K X) \<sim> X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	24	\| NONCE: "NONCE N \<sim> NONCE N"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	25	\| MPAIR: "\<lbrakk>X \<sim> X'; Y \<sim> Y'\<rbrakk> \<Longrightarrow> MPAIR X Y \<sim> MPAIR X' Y'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	26	\| CRYPT: "X \<sim> X' \<Longrightarrow> CRYPT K X \<sim> CRYPT K X'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	27	\| DECRYPT: "X \<sim> X' \<Longrightarrow> DECRYPT K X \<sim> DECRYPT K X'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	28	\| SYM: "X \<sim> Y \<Longrightarrow> Y \<sim> X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	29	\| TRANS: "\<lbrakk>X \<sim> Y; Y \<sim> Z\<rbrakk> \<Longrightarrow> X \<sim> Z"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	30
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	31	lemmas msgrel.intros[intro]
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	32
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	33	text{Proving that it is an equivalence relation}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	34
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	35	lemma msgrel_refl: "X \<sim> X"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	36	by (induct X) (auto intro: msgrel.intros)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	37
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	38	theorem equiv_msgrel: "equivp msgrel"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	39	proof (rule equivpI)
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	40	show "reflp msgrel" by (rule reflpI) (simp add: msgrel_refl)
37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	41	show "symp msgrel" by (rule sympI) (blast intro: msgrel.SYM)
37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	42	show "transp msgrel" by (rule transpI) (blast intro: msgrel.TRANS)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	43	qed
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	44
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	45	subsection{Some Functions on the Free Algebra}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	46
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	47	subsubsection{The Set of Nonces}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	48
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	49	primrec
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	50	freenonces :: "freemsg \<Rightarrow> nat set"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	51	where
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	52	"freenonces (NONCE N) = {N}"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	53	\| "freenonces (MPAIR X Y) = freenonces X \<union> freenonces Y"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	54	\| "freenonces (CRYPT K X) = freenonces X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	55	\| "freenonces (DECRYPT K X) = freenonces X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	56
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	57	theorem msgrel_imp_eq_freenonces:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	58	assumes a: "U \<sim> V"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	59	shows "freenonces U = freenonces V"
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	60	using a by (induct) (auto)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	61
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	62	subsubsection{The Left Projection}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	63
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	64	text{*A function to return the left part of the top pair in a message. It will
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	65	be lifted to the initial algrebra, to serve as an example of that process.*}
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	66	primrec
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	67	freeleft :: "freemsg \<Rightarrow> freemsg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	68	where
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	69	"freeleft (NONCE N) = NONCE N"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	70	\| "freeleft (MPAIR X Y) = X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	71	\| "freeleft (CRYPT K X) = freeleft X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	72	\| "freeleft (DECRYPT K X) = freeleft X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	73
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	74	text{*This theorem lets us prove that the left function respects the
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	75	equivalence relation. It also helps us prove that MPair
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	76	(the abstract constructor) is injective*}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	77	lemma msgrel_imp_eqv_freeleft_aux:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	78	shows "freeleft U \<sim> freeleft U"
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	79	by (fact msgrel_refl)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	80
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	81	theorem msgrel_imp_eqv_freeleft:
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	82	assumes a: "U \<sim> V"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	83	shows "freeleft U \<sim> freeleft V"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	84	using a
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	85	by (induct) (auto intro: msgrel_imp_eqv_freeleft_aux)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	86
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	87	subsubsection{The Right Projection}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	88
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	89	text{A function to return the right part of the top pair in a message.}
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	90	primrec
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	91	freeright :: "freemsg \<Rightarrow> freemsg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	92	where
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	93	"freeright (NONCE N) = NONCE N"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	94	\| "freeright (MPAIR X Y) = Y"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	95	\| "freeright (CRYPT K X) = freeright X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	96	\| "freeright (DECRYPT K X) = freeright X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	97
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	98	text{*This theorem lets us prove that the right function respects the
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	99	equivalence relation. It also helps us prove that MPair
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	100	(the abstract constructor) is injective*}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	101	lemma msgrel_imp_eqv_freeright_aux:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	102	shows "freeright U \<sim> freeright U"
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	103	by (fact msgrel_refl)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	104
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	105	theorem msgrel_imp_eqv_freeright:
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	106	assumes a: "U \<sim> V"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	107	shows "freeright U \<sim> freeright V"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	108	using a
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	109	by (induct) (auto intro: msgrel_imp_eqv_freeright_aux)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	110
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	111	subsubsection{The Discriminator for Constructors}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	112
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	113	text{A function to distinguish nonces, mpairs and encryptions}
40823 37b25a87d7ef adaptions to changes in Equiv_Relation.thy; prefer primrec if possible haftmann parents: 40468 diff changeset	114	primrec
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	115	freediscrim :: "freemsg \<Rightarrow> int"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	116	where
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	117	"freediscrim (NONCE N) = 0"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	118	\| "freediscrim (MPAIR X Y) = 1"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	119	\| "freediscrim (CRYPT K X) = freediscrim X + 2"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	120	\| "freediscrim (DECRYPT K X) = freediscrim X - 2"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	121
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	122	text{This theorem helps us prove @{term "Nonce N \<noteq> MPair X Y"}}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	123	theorem msgrel_imp_eq_freediscrim:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	124	assumes a: "U \<sim> V"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	125	shows "freediscrim U = freediscrim V"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	126	using a by (induct) (auto)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	127
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	128	subsection{The Initial Algebra: A Quotiented Message Type}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	129
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	130	quotient_type msg = freemsg / msgrel
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	131	by (rule equiv_msgrel)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	132
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	133	text{The abstract message constructors}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	134
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	135	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	136	"Nonce :: nat \<Rightarrow> msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	137	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	138	"NONCE"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	139
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	140	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	141	"MPair :: msg \<Rightarrow> msg \<Rightarrow> msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	142	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	143	"MPAIR"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	144
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	145	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	146	"Crypt :: nat \<Rightarrow> msg \<Rightarrow> msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	147	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	148	"CRYPT"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	149
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	150	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	151	"Decrypt :: nat \<Rightarrow> msg \<Rightarrow> msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	152	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	153	"DECRYPT"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	154
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	155	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	156	shows "(op = ===> op \<sim> ===> op \<sim>) CRYPT CRYPT"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	157	by (auto intro: CRYPT)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	158
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	159	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	160	shows "(op = ===> op \<sim> ===> op \<sim>) DECRYPT DECRYPT"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	161	by (auto intro: DECRYPT)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	162
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	163	text{Establishing these two equations is the point of the whole exercise}
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	164	theorem CD_eq [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	165	shows "Crypt K (Decrypt K X) = X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	166	by (lifting CD)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	167
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	168	theorem DC_eq [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	169	shows "Decrypt K (Crypt K X) = X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	170	by (lifting DC)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	171
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	172	subsection{The Abstract Function to Return the Set of Nonces}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	173
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	174	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	175	"nonces:: msg \<Rightarrow> nat set"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	176	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	177	"freenonces"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	178
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	179	text{Now prove the four equations for @{term nonces}}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	180
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	181	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	182	shows "(op \<sim> ===> op =) freenonces freenonces"
40468 d4aac200199e fun_rel_def is no simp rule by default haftmann parents: 37594 diff changeset	183	by (auto simp add: msgrel_imp_eq_freenonces)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	184
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	185	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	186	shows "(op = ===> op \<sim>) NONCE NONCE"
40468 d4aac200199e fun_rel_def is no simp rule by default haftmann parents: 37594 diff changeset	187	by (auto simp add: NONCE)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	188
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	189	lemma nonces_Nonce [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	190	shows "nonces (Nonce N) = {N}"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	191	by (lifting freenonces.simps(1))
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	192
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	193	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	194	shows " (op \<sim> ===> op \<sim> ===> op \<sim>) MPAIR MPAIR"
40468 d4aac200199e fun_rel_def is no simp rule by default haftmann parents: 37594 diff changeset	195	by (auto simp add: MPAIR)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	196
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	197	lemma nonces_MPair [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	198	shows "nonces (MPair X Y) = nonces X \<union> nonces Y"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	199	by (lifting freenonces.simps(2))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	200
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	201	lemma nonces_Crypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	202	shows "nonces (Crypt K X) = nonces X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	203	by (lifting freenonces.simps(3))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	204
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	205	lemma nonces_Decrypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	206	shows "nonces (Decrypt K X) = nonces X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	207	by (lifting freenonces.simps(4))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	208
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	209	subsection{The Abstract Function to Return the Left Part}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	210
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	211	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	212	"left:: msg \<Rightarrow> msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	213	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	214	"freeleft"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	215
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	216	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	217	shows "(op \<sim> ===> op \<sim>) freeleft freeleft"
40468 d4aac200199e fun_rel_def is no simp rule by default haftmann parents: 37594 diff changeset	218	by (auto simp add: msgrel_imp_eqv_freeleft)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	219
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	220	lemma left_Nonce [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	221	shows "left (Nonce N) = Nonce N"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	222	by (lifting freeleft.simps(1))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	223
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	224	lemma left_MPair [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	225	shows "left (MPair X Y) = X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	226	by (lifting freeleft.simps(2))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	227
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	228	lemma left_Crypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	229	shows "left (Crypt K X) = left X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	230	by (lifting freeleft.simps(3))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	231
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	232	lemma left_Decrypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	233	shows "left (Decrypt K X) = left X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	234	by (lifting freeleft.simps(4))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	235
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	236	subsection{The Abstract Function to Return the Right Part}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	237
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	238	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	239	"right:: msg \<Rightarrow> msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	240	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	241	"freeright"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	242
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	243	text{Now prove the four equations for @{term right}}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	244
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	245	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	246	shows "(op \<sim> ===> op \<sim>) freeright freeright"
40468 d4aac200199e fun_rel_def is no simp rule by default haftmann parents: 37594 diff changeset	247	by (auto simp add: msgrel_imp_eqv_freeright)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	248
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	249	lemma right_Nonce [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	250	shows "right (Nonce N) = Nonce N"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	251	by (lifting freeright.simps(1))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	252
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	253	lemma right_MPair [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	254	shows "right (MPair X Y) = Y"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	255	by (lifting freeright.simps(2))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	256
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	257	lemma right_Crypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	258	shows "right (Crypt K X) = right X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	259	by (lifting freeright.simps(3))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	260
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	261	lemma right_Decrypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	262	shows "right (Decrypt K X) = right X"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	263	by (lifting freeright.simps(4))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	264
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	265	subsection{Injectivity Properties of Some Constructors}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	266
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	267	text{Can also be proved using the function @{term nonces}}
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	268	lemma Nonce_Nonce_eq [iff]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	269	shows "(Nonce m = Nonce n) = (m = n)"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	270	proof
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	271	assume "Nonce m = Nonce n"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	272	then show "m = n"
32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	273	by (descending) (drule msgrel_imp_eq_freenonces, simp)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	274	next
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	275	assume "m = n"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	276	then show "Nonce m = Nonce n" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	277	qed
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	278
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	279	lemma MPair_imp_eq_left:
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	280	assumes eq: "MPair X Y = MPair X' Y'"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	281	shows "X = X'"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	282	using eq
32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	283	by (descending) (drule msgrel_imp_eqv_freeleft, simp)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	284
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	285	lemma MPair_imp_eq_right:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	286	shows "MPair X Y = MPair X' Y' \<Longrightarrow> Y = Y'"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	287	by (descending) (drule msgrel_imp_eqv_freeright, simp)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	288
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	289	theorem MPair_MPair_eq [iff]:
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	290	shows "(MPair X Y = MPair X' Y') = (X=X' & Y=Y')"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	291	by (blast dest: MPair_imp_eq_left MPair_imp_eq_right)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	292
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	293	theorem Nonce_neq_MPair [iff]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	294	shows "Nonce N \<noteq> MPair X Y"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	295	by (descending) (auto dest: msgrel_imp_eq_freediscrim)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	296
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	297	text{Example suggested by a referee}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	298
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	299	theorem Crypt_Nonce_neq_Nonce:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	300	shows "Crypt K (Nonce M) \<noteq> Nonce N"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	301	by (descending) (auto dest: msgrel_imp_eq_freediscrim)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	302
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	303	text{...and many similar results}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	304
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	305	theorem Crypt2_Nonce_neq_Nonce:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	306	shows "Crypt K (Crypt K' (Nonce M)) \<noteq> Nonce N"
37594 32ad67684ee7 cosmetics: avoided statement of raw theorems, used the method descending instead Christian Urban <urbanc@in.tum.de> parents: 36524 diff changeset	307	by (descending) (auto dest: msgrel_imp_eq_freediscrim)
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	308
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	309	theorem Crypt_Crypt_eq [iff]:
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	310	shows "(Crypt K X = Crypt K X') = (X=X')"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	311	proof
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	312	assume "Crypt K X = Crypt K X'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	313	hence "Decrypt K (Crypt K X) = Decrypt K (Crypt K X')" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	314	thus "X = X'" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	315	next
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	316	assume "X = X'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	317	thus "Crypt K X = Crypt K X'" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	318	qed
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	319
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	320	theorem Decrypt_Decrypt_eq [iff]:
3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	321	shows "(Decrypt K X = Decrypt K X') = (X=X')"
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	322	proof
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	323	assume "Decrypt K X = Decrypt K X'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	324	hence "Crypt K (Decrypt K X) = Crypt K (Decrypt K X')" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	325	thus "X = X'" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	326	next
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	327	assume "X = X'"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	328	thus "Decrypt K X = Decrypt K X'" by simp
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	329	qed
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	330
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	331	lemma msg_induct_aux:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	332	shows "\<lbrakk>\<And>N. P (Nonce N);
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	333	\<And>X Y. \<lbrakk>P X; P Y\<rbrakk> \<Longrightarrow> P (MPair X Y);
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	334	\<And>K X. P X \<Longrightarrow> P (Crypt K X);
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	335	\<And>K X. P X \<Longrightarrow> P (Decrypt K X)\<rbrakk> \<Longrightarrow> P msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	336	by (lifting freemsg.induct)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	337
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	338	lemma msg_induct [case_names Nonce MPair Crypt Decrypt, cases type: msg]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	339	assumes N: "\<And>N. P (Nonce N)"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	340	and M: "\<And>X Y. \<lbrakk>P X; P Y\<rbrakk> \<Longrightarrow> P (MPair X Y)"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	341	and C: "\<And>K X. P X \<Longrightarrow> P (Crypt K X)"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	342	and D: "\<And>K X. P X \<Longrightarrow> P (Decrypt K X)"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	343	shows "P msg"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	344	using N M C D by (rule msg_induct_aux)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	345
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	346	subsection{The Abstract Discriminator}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	347
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	348	text{*However, as @{text Crypt_Nonce_neq_Nonce} above illustrates, we don't
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	349	need this function in order to prove discrimination theorems.*}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	350
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	351	quotient_definition
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	352	"discrim:: msg \<Rightarrow> int"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	353	is
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	354	"freediscrim"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	355
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	356	text{Now prove the four equations for @{term discrim}}
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	357
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	358	lemma [quot_respect]:
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	359	shows "(op \<sim> ===> op =) freediscrim freediscrim"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	360	by (auto simp add: msgrel_imp_eq_freediscrim)
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	361
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	362	lemma discrim_Nonce [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	363	shows "discrim (Nonce N) = 0"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	364	by (lifting freediscrim.simps(1))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	365
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	366	lemma discrim_MPair [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	367	shows "discrim (MPair X Y) = 1"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	368	by (lifting freediscrim.simps(2))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	369
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	370	lemma discrim_Crypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	371	shows "discrim (Crypt K X) = discrim X + 2"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	372	by (lifting freediscrim.simps(3))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	373
36524 3909002beca5 Tuning the quotient examples Cezary Kaliszyk <kaliszyk@in.tum.de> parents: 35222 diff changeset	374	lemma discrim_Decrypt [simp]:
35222 4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	375	shows "discrim (Decrypt K X) = discrim X - 2"
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	376	by (lifting freediscrim.simps(4))
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	377
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	378	end
4f1fba00f66d Initial version of HOL quotient package. Cezary Kaliszyk <kaliszyk@in.tum.de> parents: diff changeset	379

author	huffman
	Wed, 10 Aug 2011 18:02:16 -0700
changeset 44142	8e27e0177518
parent 41467	8fc17c5e11c0
child 45535	fbad87611fae
permissions	-rw-r--r--