isabelle: doc-src/TutorialI/Protocol/Message.thy@b316dde851f5 (annotated)

11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	1	(* Title: HOL/Auth/Message
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	2	ID: $Id$
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	3	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	4	Copyright 1996 University of Cambridge
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	5
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	6	Datatypes of agents and messages;
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	7	Inductive relations "parts", "analz" and "synth"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	8	)(<*)
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	9
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	10	header{Theory of Agents and Messages for Security Protocols}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	11
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	12	theory Message imports Main uses "../../antiquote_setup.ML" begin
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	13
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	14	(Needed occasionally with spy_analz_tac, e.g. in analz_insert_Key_newK)
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	15	lemma [simp] : "A \<union> (B \<union> A) = B \<union> A"
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	16	by blast
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	17	(>)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	18
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	19	section{* Agents and Messages *}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	20
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	21	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	22	All protocol specifications refer to a syntactic theory of messages.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	23	Datatype
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	24	@{text agent} introduces the constant @{text Server} (a trusted central
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	25	machine, needed for some protocols), an infinite population of
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	26	friendly agents, and the~@{text Spy}:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	27	*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	28
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	29	datatype agent = Server \| Friend nat \| Spy
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	30
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	31	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	32	Keys are just natural numbers. Function @{text invKey} maps a public key to
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	33	the matching private key, and vice versa:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	34	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	35
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	36	types key = nat
25341 ca3761e38a87 fix nipkow parents: 23929 diff changeset	37	consts invKey :: "key \<Rightarrow> key"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	38	(<)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	39	consts all_symmetric :: bool --{true if all keys are symmetric}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	40
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	41	specification (invKey)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	42	invKey [simp]: "invKey (invKey K) = K"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	43	invKey_symmetric: "all_symmetric --> invKey = id"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	44	by (rule exI [of _ id], auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	45
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	46
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	47	text{*The inverse of a symmetric key is itself; that of a public key
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	48	is the private key and vice versa*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	49
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	50	constdefs
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	51	symKeys :: "key set"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	52	"symKeys == {K. invKey K = K}"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	53	(>)
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	54
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	55	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	56	Datatype
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	57	@{text msg} introduces the message forms, which include agent names, nonces,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	58	keys, compound messages, and encryptions.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	59	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	60
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	61	datatype
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	62	msg = Agent agent
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	63	\| Nonce nat
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	64	\| Key key
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	65	\| MPair msg msg
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	66	\| Crypt key msg
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	67
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	68	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	69	\noindent
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	70	The notation $\comp{X\sb 1,\ldots X\sb{n-1},X\sb n}$
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	71	abbreviates
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	72	$\isa{MPair}\,X\sb 1\,\ldots\allowbreak(\isa{MPair}\,X\sb{n-1}\,X\sb n)$.
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	73
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	74	Since datatype constructors are injective, we have the theorem
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	75	@{thm [display,indent=0] msg.inject(5) [THEN iffD1, of K X K' X']}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	76	A ciphertext can be decrypted using only one key and
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	77	can yield only one plaintext. In the real world, decryption with the
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	78	wrong key succeeds but yields garbage. Our model of encryption is
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	79	realistic if encryption adds some redundancy to the plaintext, such as a
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	80	checksum, so that garbage can be detected.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	81	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	82
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	83	(<)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	84	text{Concrete syntax: messages appear as {\|A,B,NA\|}, etc...}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	85	syntax
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	86	"@MTuple" :: "['a, args] => 'a * 'b" ("(2{\|_,/ _\|})")
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	87
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	88	syntax (xsymbols)
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	89	"@MTuple" :: "['a, args] => 'a * 'b" ("(2\<lbrace>_,/ _\<rbrace>)")
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	90
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	91	translations
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	92	"{\|x, y, z\|}" == "{\|x, {\|y, z\|}\|}"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	93	"{\|x, y\|}" == "MPair x y"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	94
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	95
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	96	constdefs
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	97	keysFor :: "msg set => key set"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	98	--{Keys useful to decrypt elements of a message set}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	99	"keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	100
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	101
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	102	subsubsection{Inductive Definition of All Parts" of a Message}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	103
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	104	inductive_set
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	105	parts :: "msg set => msg set"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	106	for H :: "msg set"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	107	where
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	108	Inj [intro]: "X \<in> H ==> X \<in> parts H"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	109	\| Fst: "{\|X,Y\|} \<in> parts H ==> X \<in> parts H"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	110	\| Snd: "{\|X,Y\|} \<in> parts H ==> Y \<in> parts H"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	111	\| Body: "Crypt K X \<in> parts H ==> X \<in> parts H"
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	112
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	113
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	114	text{Monotonicity}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	115	lemma parts_mono: "G \<subseteq> H ==> parts(G) \<subseteq> parts(H)"
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	116	apply auto
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	117	apply (erule parts.induct)
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	118	apply (blast dest: parts.Fst parts.Snd parts.Body)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	119	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	120
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	121
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	122	text{Equations hold because constructors are injective.}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	123	lemma Friend_image_eq [simp]: "(Friend x \<in> Friend`A) = (x:A)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	124	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	125
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	126	lemma Key_image_eq [simp]: "(Key x \<in> Key`A) = (x\<in>A)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	127	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	128
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	129	lemma Nonce_Key_image_eq [simp]: "(Nonce x \<notin> Key`A)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	130	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	131
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	132
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	133	subsubsection{Inverse of keys }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	134
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	135	lemma invKey_eq [simp]: "(invKey K = invKey K') = (K=K')"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	136	apply safe
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	137	apply (drule_tac f = invKey in arg_cong, simp)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	138	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	139
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	140
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	141	subsection{keysFor operator}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	142
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	143	lemma keysFor_empty [simp]: "keysFor {} = {}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	144	by (unfold keysFor_def, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	145
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	146	lemma keysFor_Un [simp]: "keysFor (H \<union> H') = keysFor H \<union> keysFor H'"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	147	by (unfold keysFor_def, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	148
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	149	lemma keysFor_UN [simp]: "keysFor (\<Union>i\<in>A. H i) = (\<Union>i\<in>A. keysFor (H i))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	150	by (unfold keysFor_def, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	151
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	152	text{Monotonicity}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	153	lemma keysFor_mono: "G \<subseteq> H ==> keysFor(G) \<subseteq> keysFor(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	154	by (unfold keysFor_def, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	155
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	156	lemma keysFor_insert_Agent [simp]: "keysFor (insert (Agent A) H) = keysFor H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	157	by (unfold keysFor_def, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	158
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	159	lemma keysFor_insert_Nonce [simp]: "keysFor (insert (Nonce N) H) = keysFor H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	160	by (unfold keysFor_def, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	161
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	162	lemma keysFor_insert_Key [simp]: "keysFor (insert (Key K) H) = keysFor H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	163	by (unfold keysFor_def, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	164
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	165	lemma keysFor_insert_MPair [simp]: "keysFor (insert {\|X,Y\|} H) = keysFor H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	166	by (unfold keysFor_def, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	167
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	168	lemma keysFor_insert_Crypt [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	169	"keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	170	by (unfold keysFor_def, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	171
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	172	lemma keysFor_image_Key [simp]: "keysFor (Key`E) = {}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	173	by (unfold keysFor_def, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	174
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	175	lemma Crypt_imp_invKey_keysFor: "Crypt K X \<in> H ==> invKey K \<in> keysFor H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	176	by (unfold keysFor_def, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	177
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	178
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	179	subsection{Inductive relation "parts"}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	180
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	181	lemma MPair_parts:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	182	"[\| {\|X,Y\|} \<in> parts H;
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	183	[\| X \<in> parts H; Y \<in> parts H \|] ==> P \|] ==> P"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	184	by (blast dest: parts.Fst parts.Snd)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	185
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	186	declare MPair_parts [elim!] parts.Body [dest!]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	187	text{*NB These two rules are UNSAFE in the formal sense, as they discard the
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	188	compound message. They work well on THIS FILE.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	189	@{text MPair_parts} is left as SAFE because it speeds up proofs.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	190	The Crypt rule is normally kept UNSAFE to avoid breaking up certificates.*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	191
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	192	lemma parts_increasing: "H \<subseteq> parts(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	193	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	194
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	195	lemmas parts_insertI = subset_insertI [THEN parts_mono, THEN subsetD, standard]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	196
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	197	lemma parts_empty [simp]: "parts{} = {}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	198	apply safe
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	199	apply (erule parts.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	200	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	201
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	202	lemma parts_emptyE [elim!]: "X\<in> parts{} ==> P"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	203	by simp
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	204
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	205	text{WARNING: loops if H = {Y}, therefore must not be repeated!}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	206	lemma parts_singleton: "X\<in> parts H ==> \<exists>Y\<in>H. X\<in> parts {Y}"
26807 4cd176ea28dc Replaced blast by fast in proof of parts_singleton, since blast looped berghofe parents: 25341 diff changeset	207	by (erule parts.induct, fast+)
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	208
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	209
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	210	subsubsection{Unions }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	211
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	212	lemma parts_Un_subset1: "parts(G) \<union> parts(H) \<subseteq> parts(G \<union> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	213	by (intro Un_least parts_mono Un_upper1 Un_upper2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	214
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	215	lemma parts_Un_subset2: "parts(G \<union> H) \<subseteq> parts(G) \<union> parts(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	216	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	217	apply (erule parts.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	218	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	219
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	220	lemma parts_Un [simp]: "parts(G \<union> H) = parts(G) \<union> parts(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	221	by (intro equalityI parts_Un_subset1 parts_Un_subset2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	222
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	223	lemma parts_insert: "parts (insert X H) = parts {X} \<union> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	224	apply (subst insert_is_Un [of _ H])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	225	apply (simp only: parts_Un)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	226	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	227
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	228	text{*TWO inserts to avoid looping. This rewrite is better than nothing.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	229	Not suitable for Addsimps: its behaviour can be strange.*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	230	lemma parts_insert2:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	231	"parts (insert X (insert Y H)) = parts {X} \<union> parts {Y} \<union> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	232	apply (simp add: Un_assoc)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	233	apply (simp add: parts_insert [symmetric])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	234	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	235
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	236	lemma parts_UN_subset1: "(\<Union>x\<in>A. parts(H x)) \<subseteq> parts(\<Union>x\<in>A. H x)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	237	by (intro UN_least parts_mono UN_upper)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	238
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	239	lemma parts_UN_subset2: "parts(\<Union>x\<in>A. H x) \<subseteq> (\<Union>x\<in>A. parts(H x))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	240	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	241	apply (erule parts.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	242	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	243
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	244	lemma parts_UN [simp]: "parts(\<Union>x\<in>A. H x) = (\<Union>x\<in>A. parts(H x))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	245	by (intro equalityI parts_UN_subset1 parts_UN_subset2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	246
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	247	text{*Added to simplify arguments to parts, analz and synth.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	248	NOTE: the UN versions are no longer used!*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	249
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	250
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	251	text{*This allows @{text blast} to simplify occurrences of
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	252	@{term "parts(G\<union>H)"} in the assumption.*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	253	lemmas in_parts_UnE = parts_Un [THEN equalityD1, THEN subsetD, THEN UnE]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	254	declare in_parts_UnE [elim!]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	255
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	256
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	257	lemma parts_insert_subset: "insert X (parts H) \<subseteq> parts(insert X H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	258	by (blast intro: parts_mono [THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	259
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	260	subsubsection{Idempotence and transitivity }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	261
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	262	lemma parts_partsD [dest!]: "X\<in> parts (parts H) ==> X\<in> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	263	by (erule parts.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	264
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	265	lemma parts_idem [simp]: "parts (parts H) = parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	266	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	267
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	268	lemma parts_subset_iff [simp]: "(parts G \<subseteq> parts H) = (G \<subseteq> parts H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	269	apply (rule iffI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	270	apply (iprover intro: subset_trans parts_increasing)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	271	apply (frule parts_mono, simp)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	272	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	273
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	274	lemma parts_trans: "[\| X\<in> parts G; G \<subseteq> parts H \|] ==> X\<in> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	275	by (drule parts_mono, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	276
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	277	text{Cut}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	278	lemma parts_cut:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	279	"[\| Y\<in> parts (insert X G); X\<in> parts H \|] ==> Y\<in> parts (G \<union> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	280	by (blast intro: parts_trans)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	281
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	282
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	283	lemma parts_cut_eq [simp]: "X\<in> parts H ==> parts (insert X H) = parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	284	by (force dest!: parts_cut intro: parts_insertI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	285
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	286
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	287	subsubsection{Rewrite rules for pulling out atomic messages }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	288
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	289	lemmas parts_insert_eq_I = equalityI [OF subsetI parts_insert_subset]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	290
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	291
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	292	lemma parts_insert_Agent [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	293	"parts (insert (Agent agt) H) = insert (Agent agt) (parts H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	294	apply (rule parts_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	295	apply (erule parts.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	296	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	297
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	298	lemma parts_insert_Nonce [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	299	"parts (insert (Nonce N) H) = insert (Nonce N) (parts H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	300	apply (rule parts_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	301	apply (erule parts.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	302	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	303
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	304	lemma parts_insert_Key [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	305	"parts (insert (Key K) H) = insert (Key K) (parts H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	306	apply (rule parts_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	307	apply (erule parts.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	308	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	309
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	310	lemma parts_insert_Crypt [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	311	"parts (insert (Crypt K X) H) = insert (Crypt K X) (parts (insert X H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	312	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	313	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	314	apply (erule parts.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	315	apply (blast intro: parts.Body)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	316	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	317
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	318	lemma parts_insert_MPair [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	319	"parts (insert {\|X,Y\|} H) =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	320	insert {\|X,Y\|} (parts (insert X (insert Y H)))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	321	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	322	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	323	apply (erule parts.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	324	apply (blast intro: parts.Fst parts.Snd)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	325	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	326
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	327	lemma parts_image_Key [simp]: "parts (Key`N) = Key`N"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	328	apply auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	329	apply (erule parts.induct, auto)
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	330	done
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	331
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	332
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	333	text{In any message, there is an upper bound N on its greatest nonce.}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	334	lemma msg_Nonce_supply: "\<exists>N. \<forall>n. N\<le>n --> Nonce n \<notin> parts {msg}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	335	apply (induct_tac "msg")
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	336	apply (simp_all (no_asm_simp) add: exI parts_insert2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	337	txt{MPair case: blast works out the necessary sum itself!}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	338	prefer 2 apply auto apply (blast elim!: add_leE)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	339	txt{Nonce case}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	340	apply (rule_tac x = "N + Suc nat" in exI, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	341	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	342	(>)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	343
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	344	section{* Modelling the Adversary *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	345
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	346	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	347	The spy is part of the system and must be built into the model. He is
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	348	a malicious user who does not have to follow the protocol. He
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	349	watches the network and uses any keys he knows to decrypt messages.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	350	Thus he accumulates additional keys and nonces. These he can use to
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	351	compose new messages, which he may send to anybody.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	352
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	353	Two functions enable us to formalize this behaviour: @{text analz} and
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	354	@{text synth}. Each function maps a sets of messages to another set of
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	355	messages. The set @{text "analz H"} formalizes what the adversary can learn
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	356	from the set of messages~$H$. The closure properties of this set are
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	357	defined inductively.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	358	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	359
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	360	inductive_set
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	361	analz :: "msg set \<Rightarrow> msg set"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	362	for H :: "msg set"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	363	where
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	364	Inj [intro,simp] : "X \<in> H \<Longrightarrow> X \<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	365	\| Fst: "\<lbrace>X,Y\<rbrace> \<in> analz H \<Longrightarrow> X \<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	366	\| Snd: "\<lbrace>X,Y\<rbrace> \<in> analz H \<Longrightarrow> Y \<in> analz H"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	367	\| Decrypt [dest]:
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	368	"\<lbrakk>Crypt K X \<in> analz H; Key(invKey K) \<in> analz H\<rbrakk>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	369	\<Longrightarrow> X \<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	370	(<)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	371	text{Monotonicity; Lemma 1 of Lowe's paper}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	372	lemma analz_mono: "G\<subseteq>H ==> analz(G) \<subseteq> analz(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	373	apply auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	374	apply (erule analz.induct)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	375	apply (auto dest: analz.Fst analz.Snd)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	376	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	377
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	378	text{Making it safe speeds up proofs}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	379	lemma MPair_analz [elim!]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	380	"[\| {\|X,Y\|} \<in> analz H;
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	381	[\| X \<in> analz H; Y \<in> analz H \|] ==> P
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	382	\|] ==> P"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	383	by (blast dest: analz.Fst analz.Snd)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	384
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	385	lemma analz_increasing: "H \<subseteq> analz(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	386	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	387
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	388	lemma analz_subset_parts: "analz H \<subseteq> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	389	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	390	apply (erule analz.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	391	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	392
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	393	lemmas analz_into_parts = analz_subset_parts [THEN subsetD, standard]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	394
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	395	lemmas not_parts_not_analz = analz_subset_parts [THEN contra_subsetD, standard]
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	396
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	397
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	398	lemma parts_analz [simp]: "parts (analz H) = parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	399	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	400	apply (rule analz_subset_parts [THEN parts_mono, THEN subset_trans], simp)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	401	apply (blast intro: analz_increasing [THEN parts_mono, THEN subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	402	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	403
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	404	lemma analz_parts [simp]: "analz (parts H) = parts H"
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	405	apply auto
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	406	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	407	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	408
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	409	lemmas analz_insertI = subset_insertI [THEN analz_mono, THEN [2] rev_subsetD, standard]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	410
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	411	subsubsection{General equational properties }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	412
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	413	lemma analz_empty [simp]: "analz{} = {}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	414	apply safe
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	415	apply (erule analz.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	416	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	417
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	418	text{*Converse fails: we can analz more from the union than from the
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	419	separate parts, as a key in one might decrypt a message in the other*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	420	lemma analz_Un: "analz(G) \<union> analz(H) \<subseteq> analz(G \<union> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	421	by (intro Un_least analz_mono Un_upper1 Un_upper2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	422
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	423	lemma analz_insert: "insert X (analz H) \<subseteq> analz(insert X H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	424	by (blast intro: analz_mono [THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	425
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	426	subsubsection{Rewrite rules for pulling out atomic messages }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	427
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	428	lemmas analz_insert_eq_I = equalityI [OF subsetI analz_insert]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	429
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	430	lemma analz_insert_Agent [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	431	"analz (insert (Agent agt) H) = insert (Agent agt) (analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	432	apply (rule analz_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	433	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	434	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	435
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	436	lemma analz_insert_Nonce [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	437	"analz (insert (Nonce N) H) = insert (Nonce N) (analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	438	apply (rule analz_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	439	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	440	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	441
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	442	text{Can only pull out Keys if they are not needed to decrypt the rest}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	443	lemma analz_insert_Key [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	444	"K \<notin> keysFor (analz H) ==>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	445	analz (insert (Key K) H) = insert (Key K) (analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	446	apply (unfold keysFor_def)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	447	apply (rule analz_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	448	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	449	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	450
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	451	lemma analz_insert_MPair [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	452	"analz (insert {\|X,Y\|} H) =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	453	insert {\|X,Y\|} (analz (insert X (insert Y H)))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	454	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	455	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	456	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	457	apply (erule analz.induct)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	458	apply (blast intro: analz.Fst analz.Snd)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	459	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	460
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	461	text{Can pull out enCrypted message if the Key is not known}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	462	lemma analz_insert_Crypt:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	463	"Key (invKey K) \<notin> analz H
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	464	==> analz (insert (Crypt K X) H) = insert (Crypt K X) (analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	465	apply (rule analz_insert_eq_I)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	466	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	467
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	468	done
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	469
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	470	lemma lemma1: "Key (invKey K) \<in> analz H ==>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	471	analz (insert (Crypt K X) H) \<subseteq>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	472	insert (Crypt K X) (analz (insert X H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	473	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	474	apply (erule_tac x = x in analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	475	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	476
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	477	lemma lemma2: "Key (invKey K) \<in> analz H ==>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	478	insert (Crypt K X) (analz (insert X H)) \<subseteq>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	479	analz (insert (Crypt K X) H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	480	apply auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	481	apply (erule_tac x = x in analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	482	apply (blast intro: analz_insertI analz.Decrypt)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	483	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	484
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	485	lemma analz_insert_Decrypt:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	486	"Key (invKey K) \<in> analz H ==>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	487	analz (insert (Crypt K X) H) =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	488	insert (Crypt K X) (analz (insert X H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	489	by (intro equalityI lemma1 lemma2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	490
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	491	text{*Case analysis: either the message is secure, or it is not! Effective,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	492	but can cause subgoals to blow up! Use with @{text "split_if"}; apparently
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	493	@{text "split_tac"} does not cope with patterns such as @{term"analz (insert
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	494	(Crypt K X) H)"} *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	495	lemma analz_Crypt_if [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	496	"analz (insert (Crypt K X) H) =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	497	(if (Key (invKey K) \<in> analz H)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	498	then insert (Crypt K X) (analz (insert X H))
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	499	else insert (Crypt K X) (analz H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	500	by (simp add: analz_insert_Crypt analz_insert_Decrypt)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	501
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	502
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	503	text{This rule supposes "for the sake of argument" that we have the key.}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	504	lemma analz_insert_Crypt_subset:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	505	"analz (insert (Crypt K X) H) \<subseteq>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	506	insert (Crypt K X) (analz (insert X H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	507	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	508	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	509	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	510
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	511
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	512	lemma analz_image_Key [simp]: "analz (Key`N) = Key`N"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	513	apply auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	514	apply (erule analz.induct, auto)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	515	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	516
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	517
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	518	subsubsection{Idempotence and transitivity }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	519
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	520	lemma analz_analzD [dest!]: "X\<in> analz (analz H) ==> X\<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	521	by (erule analz.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	522
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	523	lemma analz_idem [simp]: "analz (analz H) = analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	524	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	525
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	526	lemma analz_subset_iff [simp]: "(analz G \<subseteq> analz H) = (G \<subseteq> analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	527	apply (rule iffI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	528	apply (iprover intro: subset_trans analz_increasing)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	529	apply (frule analz_mono, simp)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	530	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	531
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	532	lemma analz_trans: "[\| X\<in> analz G; G \<subseteq> analz H \|] ==> X\<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	533	by (drule analz_mono, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	534
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	535	text{Cut; Lemma 2 of Lowe}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	536	lemma analz_cut: "[\| Y\<in> analz (insert X H); X\<in> analz H \|] ==> Y\<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	537	by (erule analz_trans, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	538
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	539	(*Cut can be proved easily by induction on
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	540	"Y: analz (insert X H) ==> X: analz H --> Y: analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	541	*)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	542
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	543	text{*This rewrite rule helps in the simplification of messages that involve
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	544	the forwarding of unknown components (X). Without it, removing occurrences
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	545	of X can be very complicated. *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	546	lemma analz_insert_eq: "X\<in> analz H ==> analz (insert X H) = analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	547	by (blast intro: analz_cut analz_insertI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	548
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	549
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	550	text{A congruence rule for "analz" }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	551
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	552	lemma analz_subset_cong:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	553	"[\| analz G \<subseteq> analz G'; analz H \<subseteq> analz H' \|]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	554	==> analz (G \<union> H) \<subseteq> analz (G' \<union> H')"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	555	apply simp
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	556	apply (iprover intro: conjI subset_trans analz_mono Un_upper1 Un_upper2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	557	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	558
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	559	lemma analz_cong:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	560	"[\| analz G = analz G'; analz H = analz H' \|]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	561	==> analz (G \<union> H) = analz (G' \<union> H')"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	562	by (intro equalityI analz_subset_cong, simp_all)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	563
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	564	lemma analz_insert_cong:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	565	"analz H = analz H' ==> analz(insert X H) = analz(insert X H')"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	566	by (force simp only: insert_def intro!: analz_cong)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	567
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	568	text{If there are no pairs or encryptions then analz does nothing}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	569	lemma analz_trivial:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	570	"[\| \<forall>X Y. {\|X,Y\|} \<notin> H; \<forall>X K. Crypt K X \<notin> H \|] ==> analz H = H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	571	apply safe
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	572	apply (erule analz.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	573	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	574
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	575	text{These two are obsolete (with a single Spy) but cost little to prove...}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	576	lemma analz_UN_analz_lemma:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	577	"X\<in> analz (\<Union>i\<in>A. analz (H i)) ==> X\<in> analz (\<Union>i\<in>A. H i)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	578	apply (erule analz.induct)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	579	apply (blast intro: analz_mono [THEN [2] rev_subsetD])+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	580	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	581
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	582	lemma analz_UN_analz [simp]: "analz (\<Union>i\<in>A. analz (H i)) = analz (\<Union>i\<in>A. H i)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	583	by (blast intro: analz_UN_analz_lemma analz_mono [THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	584	(>)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	585	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	586	Note the @{text Decrypt} rule: the spy can decrypt a
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	587	message encrypted with key~$K$ if he has the matching key,~$K^{-1}$.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	588	Properties proved by rule induction include the following:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	589	@{named_thms [display,indent=0] analz_mono [no_vars] (analz_mono) analz_idem [no_vars] (analz_idem)}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	590
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	591	The set of fake messages that an intruder could invent
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	592	starting from~@{text H} is @{text "synth(analz H)"}, where @{text "synth H"}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	593	formalizes what the adversary can build from the set of messages~$H$.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	594	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	595
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	596	inductive_set
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	597	synth :: "msg set \<Rightarrow> msg set"
23733 3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	598	for H :: "msg set"
3f8ad7418e55 Adapted to new inductive definition package. berghofe parents: 16417 diff changeset	599	where
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	600	Inj [intro]: "X \<in> H \<Longrightarrow> X \<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	601	\| Agent [intro]: "Agent agt \<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	602	\| MPair [intro]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	603	"\<lbrakk>X \<in> synth H; Y \<in> synth H\<rbrakk> \<Longrightarrow> \<lbrace>X,Y\<rbrace> \<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	604	\| Crypt [intro]:
23929 6a98d0826daf Tuned. berghofe parents: 23925 diff changeset	605	"\<lbrakk>X \<in> synth H; Key K \<in> H\<rbrakk> \<Longrightarrow> Crypt K X \<in> synth H"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	606	(<)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	607	lemma synth_mono: "G\<subseteq>H ==> synth(G) \<subseteq> synth(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	608	by (auto, erule synth.induct, auto)
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	609
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	610	inductive_cases Key_synth [elim!]: "Key K \<in> synth H"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	611	inductive_cases MPair_synth [elim!]: "{\|X,Y\|} \<in> synth H"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	612	inductive_cases Crypt_synth [elim!]: "Crypt K X \<in> synth H"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	613
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	614	lemma analz_synth_Un [simp]: "analz (synth G \<union> H) = analz (G \<union> H) \<union> synth G"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	615	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	616	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	617	apply (erule analz.induct)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	618	prefer 5 apply (blast intro: analz_mono [THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	619	apply (blast intro: analz.Fst analz.Snd analz.Decrypt)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	620	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	621
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	622	lemma analz_synth [simp]: "analz (synth H) = analz H \<union> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	623	apply (cut_tac H = "{}" in analz_synth_Un)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	624	apply (simp (no_asm_use))
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	625	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	626	(>)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	627	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	628	The set includes all agent names. Nonces and keys are assumed to be
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	629	unguessable, so none are included beyond those already in~$H$. Two
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	630	elements of @{term "synth H"} can be combined, and an element can be encrypted
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	631	using a key present in~$H$.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	632
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	633	Like @{text analz}, this set operator is monotone and idempotent. It also
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	634	satisfies an interesting equation involving @{text analz}:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	635	@{named_thms [display,indent=0] analz_synth [no_vars] (analz_synth)}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	636	Rule inversion plays a major role in reasoning about @{text synth}, through
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	637	declarations such as this one:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	638	*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	639
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	640	inductive_cases Nonce_synth [elim!]: "Nonce n \<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	641
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	642	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	643	\noindent
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	644	The resulting elimination rule replaces every assumption of the form
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	645	@{term "Nonce n \<in> synth H"} by @{term "Nonce n \<in> H"},
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	646	expressing that a nonce cannot be guessed.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	647
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	648	A third operator, @{text parts}, is useful for stating correctness
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	649	properties. The set
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	650	@{term "parts H"} consists of the components of elements of~$H$. This set
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	651	includes~@{text H} and is closed under the projections from a compound
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	652	message to its immediate parts.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	653	Its definition resembles that of @{text analz} except in the rule
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	654	corresponding to the constructor @{text Crypt}:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	655	@{thm [display,indent=5] parts.Body [no_vars]}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	656	The body of an encrypted message is always regarded as part of it. We can
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	657	use @{text parts} to express general well-formedness properties of a protocol,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	658	for example, that an uncompromised agent's private key will never be
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	659	included as a component of any message.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	660	*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	661	(<)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	662	lemma synth_increasing: "H \<subseteq> synth(H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	663	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	664
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	665	subsubsection{Unions }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	666
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	667	text{*Converse fails: we can synth more from the union than from the
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	668	separate parts, building a compound message using elements of each.*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	669	lemma synth_Un: "synth(G) \<union> synth(H) \<subseteq> synth(G \<union> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	670	by (intro Un_least synth_mono Un_upper1 Un_upper2)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	671
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	672	lemma synth_insert: "insert X (synth H) \<subseteq> synth(insert X H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	673	by (blast intro: synth_mono [THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	674
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	675	subsubsection{Idempotence and transitivity }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	676
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	677	lemma synth_synthD [dest!]: "X\<in> synth (synth H) ==> X\<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	678	by (erule synth.induct, blast+)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	679
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	680	lemma synth_idem: "synth (synth H) = synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	681	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	682
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	683	lemma synth_subset_iff [simp]: "(synth G \<subseteq> synth H) = (G \<subseteq> synth H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	684	apply (rule iffI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	685	apply (iprover intro: subset_trans synth_increasing)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	686	apply (frule synth_mono, simp add: synth_idem)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	687	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	688
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	689	lemma synth_trans: "[\| X\<in> synth G; G \<subseteq> synth H \|] ==> X\<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	690	by (drule synth_mono, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	691
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	692	text{Cut; Lemma 2 of Lowe}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	693	lemma synth_cut: "[\| Y\<in> synth (insert X H); X\<in> synth H \|] ==> Y\<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	694	by (erule synth_trans, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	695
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	696	lemma Agent_synth [simp]: "Agent A \<in> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	697	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	698
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	699	lemma Nonce_synth_eq [simp]: "(Nonce N \<in> synth H) = (Nonce N \<in> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	700	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	701
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	702	lemma Key_synth_eq [simp]: "(Key K \<in> synth H) = (Key K \<in> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	703	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	704
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	705	lemma Crypt_synth_eq [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	706	"Key K \<notin> H ==> (Crypt K X \<in> synth H) = (Crypt K X \<in> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	707	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	708
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	709
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	710	lemma keysFor_synth [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	711	"keysFor (synth H) = keysFor H \<union> invKey`{K. Key K \<in> H}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	712	by (unfold keysFor_def, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	713
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	714
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	715	subsubsection{Combinations of parts, analz and synth }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	716
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	717	lemma parts_synth [simp]: "parts (synth H) = parts H \<union> synth H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	718	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	719	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	720	apply (erule parts.induct)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	721	apply (blast intro: synth_increasing [THEN parts_mono, THEN subsetD]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	722	parts.Fst parts.Snd parts.Body)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	723	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	724
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	725	lemma analz_analz_Un [simp]: "analz (analz G \<union> H) = analz (G \<union> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	726	apply (intro equalityI analz_subset_cong)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	727	apply simp_all
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	728	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	729
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	730
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	731	subsubsection{For reasoning about the Fake rule in traces }
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	732
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	733	lemma parts_insert_subset_Un: "X\<in> G ==> parts(insert X H) \<subseteq> parts G \<union> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	734	by (rule subset_trans [OF parts_mono parts_Un_subset2], blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	735
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	736	text{*More specifically for Fake. Very occasionally we could do with a version
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	737	of the form @{term"parts{X} \<subseteq> synth (analz H) \<union> parts H"} *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	738	lemma Fake_parts_insert:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	739	"X \<in> synth (analz H) ==>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	740	parts (insert X H) \<subseteq> synth (analz H) \<union> parts H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	741	apply (drule parts_insert_subset_Un)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	742	apply (simp (no_asm_use))
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	743	apply blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	744	done
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	745
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	746	lemma Fake_parts_insert_in_Un:
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	747	"[\|Z \<in> parts (insert X H); X: synth (analz H)\|]
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	748	==> Z \<in> synth (analz H) \<union> parts H";
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	749	by (blast dest: Fake_parts_insert [THEN subsetD, dest])
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	750
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	751	text{*@{term H} is sometimes @{term"Key ` KK \<union> spies evs"}, so can't put
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	752	@{term "G=H"}.*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	753	lemma Fake_analz_insert:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	754	"X\<in> synth (analz G) ==>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	755	analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	756	apply (rule subsetI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	757	apply (subgoal_tac "x \<in> analz (synth (analz G) \<union> H) ")
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	758	prefer 2 apply (blast intro: analz_mono [THEN [2] rev_subsetD] analz_mono [THEN synth_mono, THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	759	apply (simp (no_asm_use))
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	760	apply blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	761	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	762
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	763	lemma analz_conj_parts [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	764	"(X \<in> analz H & X \<in> parts H) = (X \<in> analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	765	by (blast intro: analz_subset_parts [THEN subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	766
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	767	lemma analz_disj_parts [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	768	"(X \<in> analz H \| X \<in> parts H) = (X \<in> parts H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	769	by (blast intro: analz_subset_parts [THEN subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	770
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	771	text{*Without this equation, other rules for synth and analz would yield
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	772	redundant cases*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	773	lemma MPair_synth_analz [iff]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	774	"({\|X,Y\|} \<in> synth (analz H)) =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	775	(X \<in> synth (analz H) & Y \<in> synth (analz H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	776	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	777
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	778	lemma Crypt_synth_analz:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	779	"[\| Key K \<in> analz H; Key (invKey K) \<in> analz H \|]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	780	==> (Crypt K X \<in> synth (analz H)) = (X \<in> synth (analz H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	781	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	782
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	783
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	784	text{We do NOT want Crypt... messages broken up in protocols!!}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	785	declare parts.Body [rule del]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	786
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	787
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	788	text{*Rewrites to push in Key and Crypt messages, so that other messages can
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	789	be pulled out using the @{text analz_insert} rules*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	790
27225 b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	791	lemmas pushKeys [standard] =
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	792	insert_commute [of "Key K" "Agent C"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	793	insert_commute [of "Key K" "Nonce N"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	794	insert_commute [of "Key K" "Number N"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	795	insert_commute [of "Key K" "Hash X"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	796	insert_commute [of "Key K" "MPair X Y"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	797	insert_commute [of "Key K" "Crypt X K'"]
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	798
27225 b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	799	lemmas pushCrypts [standard] =
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	800	insert_commute [of "Crypt X K" "Agent C"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	801	insert_commute [of "Crypt X K" "Agent C"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	802	insert_commute [of "Crypt X K" "Nonce N"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	803	insert_commute [of "Crypt X K" "Number N"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	804	insert_commute [of "Crypt X K" "Hash X'"]
b316dde851f5 eliminated OldGoals.inst; wenzelm parents: 27154 diff changeset	805	insert_commute [of "Crypt X K" "MPair X' Y"]
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	806
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	807	text{*Cannot be added with @{text "[simp]"} -- messages should not always be
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	808	re-ordered. *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	809	lemmas pushes = pushKeys pushCrypts
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	810
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	811
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	812	subsection{Tactics useful for many protocol proofs}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	813	ML
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	814	{*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	815	val invKey = thm "invKey"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	816	val keysFor_def = thm "keysFor_def"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	817	val symKeys_def = thm "symKeys_def"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	818	val parts_mono = thm "parts_mono";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	819	val analz_mono = thm "analz_mono";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	820	val synth_mono = thm "synth_mono";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	821	val analz_increasing = thm "analz_increasing";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	822
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	823	val analz_insertI = thm "analz_insertI";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	824	val analz_subset_parts = thm "analz_subset_parts";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	825	val Fake_parts_insert = thm "Fake_parts_insert";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	826	val Fake_analz_insert = thm "Fake_analz_insert";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	827	val pushes = thms "pushes";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	828
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	829
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	830	(*Prove base case (subgoal i) and simplify others. A typical base case
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	831	concerns Crypt K X \<notin> Key`shrK`bad and cannot be proved by rewriting
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	832	alone.*)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	833	fun prove_simple_subgoals_tac i =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	834	force_tac (claset(), simpset() addsimps [@{thm image_eq_UN}]) i THEN
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	835	ALLGOALS Asm_simp_tac
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	836
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	837	(*Analysis of Fake cases. Also works for messages that forward unknown parts,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	838	but this application is no longer necessary if analz_insert_eq is used.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	839	Abstraction over i is ESSENTIAL: it delays the dereferencing of claset
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	840	DEPENDS UPON "X" REFERRING TO THE FRADULENT MESSAGE *)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	841
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	842	(*Apply rules to break down assumptions of the form
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	843	Y \<in> parts(insert X H) and Y \<in> analz(insert X H)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	844	*)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	845	val Fake_insert_tac =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	846	dresolve_tac [impOfSubs Fake_analz_insert,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	847	impOfSubs Fake_parts_insert] THEN'
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	848	eresolve_tac [asm_rl, thm"synth.Inj"];
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	849
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	850	fun Fake_insert_simp_tac ss i =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	851	REPEAT (Fake_insert_tac i) THEN asm_full_simp_tac ss i;
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	852
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	853	fun atomic_spy_analz_tac (cs,ss) = SELECT_GOAL
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	854	(Fake_insert_simp_tac ss 1
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	855	THEN
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	856	IF_UNSOLVED (Blast.depth_tac
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	857	(cs addIs [analz_insertI,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	858	impOfSubs analz_subset_parts]) 4 1))
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	859
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	860	(The explicit claset and simpset arguments help it work with Isar)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	861	fun gen_spy_analz_tac (cs,ss) i =
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	862	DETERM
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	863	(SELECT_GOAL
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	864	(EVERY
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	865	[ (push in occurrences of X...)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	866	(REPEAT o CHANGED)
27147 62ab1968c1f4 RuleInsts.res_inst_tac with proper context; wenzelm parents: 26807 diff changeset	867	(RuleInsts.res_inst_tac (Simplifier.the_context ss)
62ab1968c1f4 RuleInsts.res_inst_tac with proper context; wenzelm parents: 26807 diff changeset	868	[(("x", 1), "X")] (insert_commute RS ssubst) 1),
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	869	(...allowing further simplifications)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	870	simp_tac ss 1,
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	871	REPEAT (FIRSTGOAL (resolve_tac [allI,impI,notI,conjI,iffI])),
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	872	DEPTH_SOLVE (atomic_spy_analz_tac (cs,ss) 1)]) i)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	873
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	874	fun spy_analz_tac i = gen_spy_analz_tac (claset(), simpset()) i
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	875	*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	876
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	877	text{*By default only @{text o_apply} is built-in. But in the presence of
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	878	eta-expansion this means that some terms displayed as @{term "f o g"} will be
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	879	rewritten, and others will not!*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	880	declare o_def [simp]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	881
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	882
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	883	lemma Crypt_notin_image_Key [simp]: "Crypt K X \<notin> Key ` A"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	884	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	885
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	886	lemma synth_analz_mono: "G\<subseteq>H ==> synth (analz(G)) \<subseteq> synth (analz(H))"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	887	by (iprover intro: synth_mono analz_mono)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	888
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	889	lemma Fake_analz_eq [simp]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	890	"X \<in> synth(analz H) ==> synth (analz (insert X H)) = synth (analz H)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	891	apply (drule Fake_analz_insert[of _ _ "H"])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	892	apply (simp add: synth_increasing[THEN Un_absorb2])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	893	apply (drule synth_mono)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	894	apply (simp add: synth_idem)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	895	apply (rule equalityI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	896	apply (simp add: );
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	897	apply (rule synth_analz_mono, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	898	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	899
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	900	text{Two generalizations of @{text analz_insert_eq}}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	901	lemma gen_analz_insert_eq [rule_format]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	902	"X \<in> analz H ==> ALL G. H \<subseteq> G --> analz (insert X G) = analz G";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	903	by (blast intro: analz_cut analz_insertI analz_mono [THEN [2] rev_subsetD])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	904
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	905	lemma synth_analz_insert_eq [rule_format]:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	906	"X \<in> synth (analz H)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	907	==> ALL G. H \<subseteq> G --> (Key K \<in> analz (insert X G)) = (Key K \<in> analz G)";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	908	apply (erule synth.induct)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	909	apply (simp_all add: gen_analz_insert_eq subset_trans [OF _ subset_insertI])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	910	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	911
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	912	lemma Fake_parts_sing:
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	913	"X \<in> synth (analz H) ==> parts{X} \<subseteq> synth (analz H) \<union> parts H";
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	914	apply (rule subset_trans)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	915	apply (erule_tac [2] Fake_parts_insert)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	916	apply (rule parts_mono, blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	917	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	918
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	919	lemmas Fake_parts_sing_imp_Un = Fake_parts_sing [THEN [2] rev_subsetD]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	920
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	921	method_setup spy_analz = {*
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	922	Method.ctxt_args (fn ctxt =>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	923	Method.SIMPLE_METHOD (gen_spy_analz_tac (local_clasimpset_of ctxt) 1)) *}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	924	"for proving the Fake case when analz is involved"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	925
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	926	method_setup atomic_spy_analz = {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	927	Method.ctxt_args (fn ctxt =>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	928	Method.SIMPLE_METHOD (atomic_spy_analz_tac (local_clasimpset_of ctxt) 1)) *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	929	"for debugging spy_analz"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	930
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	931	method_setup Fake_insert_simp = {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	932	Method.ctxt_args (fn ctxt =>
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	933	Method.SIMPLE_METHOD (Fake_insert_simp_tac (local_simpset_of ctxt) 1)) *}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	934	"for debugging spy_analz"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	935
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	936
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	937	end
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 23733 diff changeset	938	(>)

author	wenzelm
	Mon, 16 Jun 2008 17:54:35 +0200
changeset 27225	b316dde851f5
parent 27154	026f3db3f5c6
child 27239	f2f42f9fa09d
permissions	-rw-r--r--