isabelle: src/HOL/Auth/Smartcard/EventSC.thy@9ffbc25e1606 (annotated)

18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	1	header{Theory of Events for Security Protocols that use smartcards}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	2
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	3	theory EventSC imports "../Message" begin
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	4
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	5	consts (Initial states of agents -- parameter of the construction)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	6	initState :: "agent => msg set"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	7
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	8	datatype card = Card agent
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	9
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	10	text{Four new events express the traffic between an agent and his card}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	11	datatype
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	12	event = Says agent agent msg
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	13	\| Notes agent msg
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	14	\| Gets agent msg
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	15	\| Inputs agent card msg (Agent sends to card and\<dots>)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	16	\| C_Gets card msg (\<dots> card receives it)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	17	\| Outpts card agent msg (Card sends to agent and\<dots>)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	18	\| A_Gets agent msg (agent receives it)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	19
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	20	consts
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	21	bad :: "agent set" (compromised agents)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	22	stolen :: "card set" (* stolen smart cards *)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	23	cloned :: "card set" (* cloned smart cards*)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	24	secureM :: "bool"(assumption of secure means between agents and their cards)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	25
20768 1d478c2d621f replaced syntax/translations by abbreviation; wenzelm parents: 18886 diff changeset	26	abbreviation
21404 eb85850d3eb7 more robust syntax for definition/abbreviation/notation; wenzelm parents: 20768 diff changeset	27	insecureM :: bool where (certain protocols make no assumption of secure means)
20768 1d478c2d621f replaced syntax/translations by abbreviation; wenzelm parents: 18886 diff changeset	28	"insecureM == \<not>secureM"
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	29
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	30
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	31	text{Spy has access to his own key for spoof messages, but Server is secure}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	32	specification (bad)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	33	Spy_in_bad [iff]: "Spy \<in> bad"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	34	Server_not_bad [iff]: "Server \<notin> bad"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	35	apply (rule exI [of _ "{Spy}"], simp) done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	36
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	37	specification (stolen)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	38	(The server's card is secure by assumption\<dots>)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	39	Card_Server_not_stolen [iff]: "Card Server \<notin> stolen"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	40	Card_Spy_not_stolen [iff]: "Card Spy \<notin> stolen"
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	41	apply blast done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	42
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	43	specification (cloned)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	44	(\<dots> the spy's card is secure because she already can use it freely)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	45	Card_Server_not_cloned [iff]: "Card Server \<notin> cloned"
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	46	Card_Spy_not_cloned [iff]: "Card Spy \<notin> cloned"
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	47	apply blast done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	48
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	49
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	50	primrec (*This definition is extended over the new events, subject to the
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	51	assumption of secure means*)
39246 9e58f0499f57 modernized primrec haftmann parents: 32960 diff changeset	52	knows :: "agent => event list => msg set" (agents' knowledge) where
9e58f0499f57 modernized primrec haftmann parents: 32960 diff changeset	53	knows_Nil: "knows A [] = initState A" \|
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	54	knows_Cons: "knows A (ev # evs) =
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	55	(case ev of
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	56	Says A' B X =>
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	57	if (A=A' \| A=Spy) then insert X (knows A evs) else knows A evs
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	58	\| Notes A' X =>
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	59	if (A=A' \| (A=Spy & A'\<in>bad)) then insert X (knows A evs)
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	60	else knows A evs
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	61	\| Gets A' X =>
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	62	if (A=A' & A \<noteq> Spy) then insert X (knows A evs)
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	63	else knows A evs
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	64	\| Inputs A' C X =>
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	65	if secureM then
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	66	if A=A' then insert X (knows A evs) else knows A evs
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	67	else
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	68	if (A=A' \| A=Spy) then insert X (knows A evs) else knows A evs
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	69	\| C_Gets C X => knows A evs
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	70	\| Outpts C A' X =>
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	71	if secureM then
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	72	if A=A' then insert X (knows A evs) else knows A evs
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	73	else
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	74	if A=Spy then insert X (knows A evs) else knows A evs
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	75	\| A_Gets A' X =>
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	76	if (A=A' & A \<noteq> Spy) then insert X (knows A evs)
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	77	else knows A evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	78
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	79
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	80
39246 9e58f0499f57 modernized primrec haftmann parents: 32960 diff changeset	81	primrec
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	82	(*The set of items that might be visible to someone is easily extended
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	83	over the new events*)
39246 9e58f0499f57 modernized primrec haftmann parents: 32960 diff changeset	84	used :: "event list => msg set" where
9e58f0499f57 modernized primrec haftmann parents: 32960 diff changeset	85	used_Nil: "used [] = (UN B. parts (initState B))" \|
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	86	used_Cons: "used (ev # evs) =
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	87	(case ev of
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	88	Says A B X => parts {X} \<union> (used evs)
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	89	\| Notes A X => parts {X} \<union> (used evs)
69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	90	\| Gets A X => used evs
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	91	\| Inputs A C X => parts{X} \<union> (used evs)
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	92	\| C_Gets C X => used evs
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	93	\| Outpts C A X => parts{X} \<union> (used evs)
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 26302 diff changeset	94	\| A_Gets A X => used evs)"
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	95	--{*@{term Gets} always follows @{term Says} in real protocols.
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	96	Likewise, @{term C_Gets} will always have to follow @{term Inputs}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	97	and @{term A_Gets} will always have to follow @{term Outpts}*}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	98
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	99	lemma Notes_imp_used [rule_format]: "Notes A X \<in> set evs \<longrightarrow> X \<in> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	100	apply (induct_tac evs)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	101	apply (auto split: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	102	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	103
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	104	lemma Says_imp_used [rule_format]: "Says A B X \<in> set evs \<longrightarrow> X \<in> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	105	apply (induct_tac evs)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	106	apply (auto split: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	107	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	108
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	109	lemma MPair_used [rule_format]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	110	"MPair X Y \<in> used evs \<longrightarrow> X \<in> used evs & Y \<in> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	111	apply (induct_tac evs)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	112	apply (auto split: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	113	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	114
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	115
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	116	subsection{Function @{term knows}}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	117
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	118	(*Simplifying
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	119	parts(insert X (knows Spy evs)) = parts{X} \<union> parts(knows Spy evs).
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	120	This version won't loop with the simplifier.*)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	121	lemmas parts_insert_knows_A = parts_insert [of _ "knows A evs", standard]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	122
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	123	lemma knows_Spy_Says [simp]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	124	"knows Spy (Says A B X # evs) = insert X (knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	125	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	126
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	127	text{*Letting the Spy see "bad" agents' notes avoids redundant case-splits
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	128	on whether @{term "A=Spy"} and whether @{term "A\<in>bad"}*}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	129	lemma knows_Spy_Notes [simp]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	130	"knows Spy (Notes A X # evs) =
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	131	(if A\<in>bad then insert X (knows Spy evs) else knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	132	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	133
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	134	lemma knows_Spy_Gets [simp]: "knows Spy (Gets A X # evs) = knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	135	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	136
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	137	lemma knows_Spy_Inputs_secureM [simp]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	138	"secureM \<Longrightarrow> knows Spy (Inputs A C X # evs) =
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	139	(if A=Spy then insert X (knows Spy evs) else knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	140	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	141
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	142	lemma knows_Spy_Inputs_insecureM [simp]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	143	"insecureM \<Longrightarrow> knows Spy (Inputs A C X # evs) = insert X (knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	144	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	145
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	146	lemma knows_Spy_C_Gets [simp]: "knows Spy (C_Gets C X # evs) = knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	147	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	148
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	149	lemma knows_Spy_Outpts_secureM [simp]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	150	"secureM \<Longrightarrow> knows Spy (Outpts C A X # evs) =
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	151	(if A=Spy then insert X (knows Spy evs) else knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	152	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	153
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	154	lemma knows_Spy_Outpts_insecureM [simp]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	155	"insecureM \<Longrightarrow> knows Spy (Outpts C A X # evs) = insert X (knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	156	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	157
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	158	lemma knows_Spy_A_Gets [simp]: "knows Spy (A_Gets A X # evs) = knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	159	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	160
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	161
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	162
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	163
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	164	lemma knows_Spy_subset_knows_Spy_Says:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	165	"knows Spy evs \<subseteq> knows Spy (Says A B X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	166	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	167
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	168	lemma knows_Spy_subset_knows_Spy_Notes:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	169	"knows Spy evs \<subseteq> knows Spy (Notes A X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	170	by force
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	171
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	172	lemma knows_Spy_subset_knows_Spy_Gets:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	173	"knows Spy evs \<subseteq> knows Spy (Gets A X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	174	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	175
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	176	lemma knows_Spy_subset_knows_Spy_Inputs:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	177	"knows Spy evs \<subseteq> knows Spy (Inputs A C X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	178	by auto
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	179
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	180	lemma knows_Spy_equals_knows_Spy_Gets:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	181	"knows Spy evs = knows Spy (C_Gets C X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	182	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	183
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	184	lemma knows_Spy_subset_knows_Spy_Outpts: "knows Spy evs \<subseteq> knows Spy (Outpts C A X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	185	by auto
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	186
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	187	lemma knows_Spy_subset_knows_Spy_A_Gets: "knows Spy evs \<subseteq> knows Spy (A_Gets A X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	188	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	189
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	190
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	191
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	192	text{Spy sees what is sent on the traffic}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	193	lemma Says_imp_knows_Spy [rule_format]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	194	"Says A B X \<in> set evs \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	195	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	196	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	197	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	198
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	199	lemma Notes_imp_knows_Spy [rule_format]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	200	"Notes A X \<in> set evs \<longrightarrow> A\<in> bad \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	201	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	202	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	203	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	204
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	205	(Nothing can be stated on a Gets event)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	206
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	207	lemma Inputs_imp_knows_Spy_secureM [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	208	"Inputs Spy C X \<in> set evs \<longrightarrow> secureM \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	209	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	210	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	211	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	212
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	213	lemma Inputs_imp_knows_Spy_insecureM [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	214	"Inputs A C X \<in> set evs \<longrightarrow> insecureM \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	215	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	216	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	217	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	218
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	219	(Nothing can be stated on a C_Gets event)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	220
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	221	lemma Outpts_imp_knows_Spy_secureM [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	222	"Outpts C Spy X \<in> set evs \<longrightarrow> secureM \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	223	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	224	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	225	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	226
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	227	lemma Outpts_imp_knows_Spy_insecureM [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	228	"Outpts C A X \<in> set evs \<longrightarrow> insecureM \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	229	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	230	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	231	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	232
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	233	(Nothing can be stated on an A_Gets event)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	234
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	235
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	236
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	237	text{*Elimination rules: derive contradictions from old Says events containing
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	238	items known to be fresh*}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	239	lemmas knows_Spy_partsEs =
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	240	Says_imp_knows_Spy [THEN parts.Inj, THEN revcut_rl, standard]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	241	parts.Body [THEN revcut_rl, standard]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	242
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	243
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	244
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	245	subsection{Knowledge of Agents}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	246
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	247	lemma knows_Says: "knows A (Says A B X # evs) = insert X (knows A evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	248	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	249
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	250	lemma knows_Notes: "knows A (Notes A X # evs) = insert X (knows A evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	251	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	252
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	253	lemma knows_Gets:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	254	"A \<noteq> Spy \<longrightarrow> knows A (Gets A X # evs) = insert X (knows A evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	255	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	256
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	257	lemma knows_Inputs: "knows A (Inputs A C X # evs) = insert X (knows A evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	258	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	259
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	260	lemma knows_C_Gets: "knows A (C_Gets C X # evs) = knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	261	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	262
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	263	lemma knows_Outpts_secureM:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	264	"secureM \<longrightarrow> knows A (Outpts C A X # evs) = insert X (knows A evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	265	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	266
26302 68b073052e8c proper naming of knows_Outpts_insecureM, knows_subset_knows_A_Gets; wenzelm parents: 21404 diff changeset	267	lemma knows_Outpts_insecureM:
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	268	"insecureM \<longrightarrow> knows Spy (Outpts C A X # evs) = insert X (knows Spy evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	269	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	270	(somewhat equivalent to knows_Spy_Outpts_insecureM)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	271
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	272
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	273
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	274
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	275	lemma knows_subset_knows_Says: "knows A evs \<subseteq> knows A (Says A' B X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	276	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	277
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	278	lemma knows_subset_knows_Notes: "knows A evs \<subseteq> knows A (Notes A' X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	279	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	280
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	281	lemma knows_subset_knows_Gets: "knows A evs \<subseteq> knows A (Gets A' X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	282	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	283
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	284	lemma knows_subset_knows_Inputs: "knows A evs \<subseteq> knows A (Inputs A' C X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	285	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	286
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	287	lemma knows_subset_knows_C_Gets: "knows A evs \<subseteq> knows A (C_Gets C X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	288	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	289
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	290	lemma knows_subset_knows_Outpts: "knows A evs \<subseteq> knows A (Outpts C A' X # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	291	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	292
26302 68b073052e8c proper naming of knows_Outpts_insecureM, knows_subset_knows_A_Gets; wenzelm parents: 21404 diff changeset	293	lemma knows_subset_knows_A_Gets: "knows A evs \<subseteq> knows A (A_Gets A' X # evs)"
18886 9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	294	by (simp add: subset_insertI)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	295
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	296
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	297	text{Agents know what they say}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	298	lemma Says_imp_knows [rule_format]: "Says A B X \<in> set evs \<longrightarrow> X \<in> knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	299	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	300	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	301	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	302	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	303
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	304	text{Agents know what they note}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	305	lemma Notes_imp_knows [rule_format]: "Notes A X \<in> set evs \<longrightarrow> X \<in> knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	306	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	307	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	308	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	309	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	310
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	311	text{Agents know what they receive}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	312	lemma Gets_imp_knows_agents [rule_format]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	313	"A \<noteq> Spy \<longrightarrow> Gets A X \<in> set evs \<longrightarrow> X \<in> knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	314	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	315	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	316	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	317
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	318	(Agents know what they input to their smart card)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	319	lemma Inputs_imp_knows_agents [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	320	"Inputs A (Card A) X \<in> set evs \<longrightarrow> X \<in> knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	321	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	322	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	323	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	324	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	325
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	326	(Nothing to prove about C_Gets)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	327
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	328	(*Agents know what they obtain as output of their smart card,
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	329	if the means is secure...*)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	330	lemma Outpts_imp_knows_agents_secureM [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	331	"secureM \<longrightarrow> Outpts (Card A) A X \<in> set evs \<longrightarrow> X \<in> knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	332	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	333	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	334	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	335
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	336	(otherwise only the spy knows the outputs)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	337	lemma Outpts_imp_knows_agents_insecureM [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	338	"insecureM \<longrightarrow> Outpts (Card A) A X \<in> set evs \<longrightarrow> X \<in> knows Spy evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	339	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	340	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	341	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	342
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	343	(end lemmas about agents' knowledge)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	344
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	345
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	346
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	347	lemma parts_knows_Spy_subset_used: "parts (knows Spy evs) \<subseteq> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	348	apply (induct_tac "evs", force)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	349	apply (simp add: parts_insert_knows_A knows_Cons add: event.split, blast)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	350	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	351
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	352	lemmas usedI = parts_knows_Spy_subset_used [THEN subsetD, intro]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	353
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	354	lemma initState_into_used: "X \<in> parts (initState B) \<Longrightarrow> X \<in> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	355	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	356	apply (simp_all add: parts_insert_knows_A split add: event.split, blast)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	357	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	358
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	359	lemma used_Says [simp]: "used (Says A B X # evs) = parts{X} \<union> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	360	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	361
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	362	lemma used_Notes [simp]: "used (Notes A X # evs) = parts{X} \<union> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	363	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	364
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	365	lemma used_Gets [simp]: "used (Gets A X # evs) = used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	366	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	367
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	368	lemma used_Inputs [simp]: "used (Inputs A C X # evs) = parts{X} \<union> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	369	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	370
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	371	lemma used_C_Gets [simp]: "used (C_Gets C X # evs) = used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	372	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	373
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	374	lemma used_Outpts [simp]: "used (Outpts C A X # evs) = parts{X} \<union> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	375	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	376
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	377	lemma used_A_Gets [simp]: "used (A_Gets A X # evs) = used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	378	by simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	379
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	380	lemma used_nil_subset: "used [] \<subseteq> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	381	apply simp
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	382	apply (blast intro: initState_into_used)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	383	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	384
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	385
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	386
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	387	(Novel lemmas)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	388	lemma Says_parts_used [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	389	"Says A B X \<in> set evs \<longrightarrow> (parts {X}) \<subseteq> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	390	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	391	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	392	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	393	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	394
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	395	lemma Notes_parts_used [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	396	"Notes A X \<in> set evs \<longrightarrow> (parts {X}) \<subseteq> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	397	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	398	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	399	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	400	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	401
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	402	lemma Outpts_parts_used [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	403	"Outpts C A X \<in> set evs \<longrightarrow> (parts {X}) \<subseteq> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	404	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	405	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	406	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	407	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	408
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	409	lemma Inputs_parts_used [rule_format (no_asm)]:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	410	"Inputs A C X \<in> set evs \<longrightarrow> (parts {X}) \<subseteq> used evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	411	apply (induct_tac "evs")
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	412	apply (simp_all (no_asm_simp) split add: event.split)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	413	apply blast
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	414	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	415
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	416
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	417
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	418
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	419	text{NOTE REMOVAL--laws above are cleaner, as they don't involve "case"}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	420	declare knows_Cons [simp del]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	421	used_Nil [simp del] used_Cons [simp del]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	422
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	423
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	424	lemma knows_subset_knows_Cons: "knows A evs \<subseteq> knows A (e # evs)"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	425	by (induct e, auto simp: knows_Cons)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	426
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	427	lemma initState_subset_knows: "initState A \<subseteq> knows A evs"
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	428	apply (induct_tac evs, simp)
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	429	apply (blast intro: knows_subset_knows_Cons [THEN subsetD])
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	430	done
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	431
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	432
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	433	text{For proving @{text new_keys_not_used}}
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	434	lemma keysFor_parts_insert:
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	435	"\<lbrakk> K \<in> keysFor (parts (insert X G)); X \<in> synth (analz H) \<rbrakk>
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	436	\<Longrightarrow> K \<in> keysFor (parts (G \<union> H)) \<or> Key (invKey K) \<in> parts H";
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	437	by (force
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	438	dest!: parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	439	analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD]
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	440	intro: analz_subset_parts [THEN subsetD] parts_mono [THEN [2] rev_subsetD])
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	441
9f27383426db new and updated protocol proofs by Giamp Bella paulson parents: diff changeset	442	end

author	wenzelm
	Fri, 29 Oct 2010 11:49:56 +0200
changeset 40255	9ffbc25e1606
parent 39246	9e58f0499f57
child 45605	a89b4bc311a5
permissions	-rw-r--r--