isabelle: src/Doc/Tutorial/Protocol/Public.thy@b3bf6d72fea5 (annotated)

50530 6266e44b3396 updated some headers; wenzelm parents: 48985 diff changeset	1	(* Title: Doc/Tutorial/Protocol/Public.thy
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	2	Author: Lawrence C Paulson, Cambridge University Computer Laboratory
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	3	Copyright 1996 University of Cambridge
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	4
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	5	Theory of Public Keys (common to all public-key protocols)
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	6
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	7	Private and public keys; initial states of agents
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	8	)(<*)
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 11250 diff changeset	9	theory Public imports Event
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	10	begin
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	11	(>)
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	12
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	13	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	14	The function
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	15	@{text pubK} maps agents to their public keys. The function
25341 ca3761e38a87 fix nipkow parents: 23925 diff changeset	16	@{text priK} maps agents to their private keys. It is merely
ca3761e38a87 fix nipkow parents: 23925 diff changeset	17	an abbreviation (cf.\ \S\ref{sec:abbreviations}) defined in terms of
ca3761e38a87 fix nipkow parents: 23925 diff changeset	18	@{text invKey} and @{text pubK}.
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	19	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	20
25341 ca3761e38a87 fix nipkow parents: 23925 diff changeset	21	consts pubK :: "agent \<Rightarrow> key"
ca3761e38a87 fix nipkow parents: 23925 diff changeset	22	abbreviation priK :: "agent \<Rightarrow> key"
ca3761e38a87 fix nipkow parents: 23925 diff changeset	23	where "priK x \<equiv> invKey(pubK x)"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	24	(<)
39795 9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	25	overloading initState \<equiv> initState
9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	26	begin
9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	27
9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	28	primrec initState where
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	29	(Agents know their private key and all public keys)
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	30	initState_Server: "initState Server =
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 32149 diff changeset	31	insert (Key (priK Server)) (Key ` range pubK)"
39795 9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	32	\| initState_Friend: "initState (Friend i) =
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 32149 diff changeset	33	insert (Key (priK (Friend i))) (Key ` range pubK)"
39795 9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	34	\| initState_Spy: "initState Spy =
32960 69916a850301 eliminated hard tabulators, guessing at each author's individual tab-width; wenzelm parents: 32149 diff changeset	35	(Key`invKey`pubK`bad) Un (Key ` range pubK)"
39795 9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	36
9e59b4c11039 updated files to recent changes haftmann parents: 32960 diff changeset	37	end
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	38	(>)
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	39
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	40	text {*
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	41	\noindent
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	42	The set @{text bad} consists of those agents whose private keys are known to
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	43	the spy.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	44
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	45	Two axioms are asserted about the public-key cryptosystem.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	46	No two agents have the same public key, and no private key equals
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	47	any public key.
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	48	*}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	49
51310 d2aeb3dffb8f eliminated legacy 'axioms'; wenzelm parents: 50530 diff changeset	50	axiomatization where
d2aeb3dffb8f eliminated legacy 'axioms'; wenzelm parents: 50530 diff changeset	51	inj_pubK: "inj pubK" and
25341 ca3761e38a87 fix nipkow parents: 23925 diff changeset	52	priK_neq_pubK: "priK A \<noteq> pubK B"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	53	(<)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	54	lemmas [iff] = inj_pubK [THEN inj_eq]
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	55
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	56	lemma priK_inj_eq[iff]: "(priK A = priK B) = (A=B)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	57	apply safe
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	58	apply (drule_tac f=invKey in arg_cong)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	59	apply simp
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	60	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	61
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	62	lemmas [iff] = priK_neq_pubK priK_neq_pubK [THEN not_sym]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	63
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	64	lemma not_symKeys_pubK[iff]: "pubK A \<notin> symKeys"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	65	by (simp add: symKeys_def)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	66
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	67	lemma not_symKeys_priK[iff]: "priK A \<notin> symKeys"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	68	by (simp add: symKeys_def)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	69
25341 ca3761e38a87 fix nipkow parents: 23925 diff changeset	70	lemma symKeys_neq_imp_neq: "(K \<in> symKeys) \<noteq> (K' \<in> symKeys) \<Longrightarrow> K \<noteq> K'"
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	71	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	72
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	73	lemma analz_symKeys_Decrypt: "[\| Crypt K X \<in> analz H; K \<in> symKeys; Key K \<in> analz H \|]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	74	==> X \<in> analz H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	75	by (auto simp add: symKeys_def)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	76
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	77
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	78	( "Image" equations that hold for injective functions )
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	79
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	80	lemma invKey_image_eq[simp]: "(invKey x : invKey`A) = (x:A)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	81	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	82
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	83	(holds because invKey is injective)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	84	lemma pubK_image_eq[simp]: "(pubK x : pubK`A) = (x:A)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	85	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	86
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	87	lemma priK_pubK_image_eq[simp]: "(priK x ~: pubK`A)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	88	by auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	89
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	90
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	91	(** Rewrites should not refer to initState(Friend i)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	92	-- not in normal form! **)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	93
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	94	lemma keysFor_parts_initState[simp]: "keysFor (parts (initState C)) = {}"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	95	apply (unfold keysFor_def)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	96	apply (induct C)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	97	apply (auto intro: range_eqI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	98	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	99
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	100
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	101	(* Function "spies" *)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	102
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	103	(Agents see their own private keys!)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	104	lemma priK_in_initState[iff]: "Key (priK A) : initState A"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	105	by (induct A) auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	106
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	107	(All public keys are visible)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	108	lemma spies_pubK[iff]: "Key (pubK A) : spies evs"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	109	by (induct evs) (simp_all add: imageI knows_Cons split: event.split)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	110
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	111	(Spy sees private keys of bad agents!)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	112	lemma Spy_spies_bad[intro!]: "A: bad ==> Key (priK A) : spies evs"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	113	by (induct evs) (simp_all add: imageI knows_Cons split: event.split)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	114
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	115	lemmas [iff] = spies_pubK [THEN analz.Inj]
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	116
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	117
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	118	(* Fresh nonces *)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	119
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	120	lemma Nonce_notin_initState[iff]: "Nonce N ~: parts (initState B)"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	121	by (induct B) auto
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	122
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	123	lemma Nonce_notin_used_empty[simp]: "Nonce N ~: used []"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	124	by (simp add: used_Nil)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	125
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	126
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	127	(* Supply fresh nonces for possibility theorems. *)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	128
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	129	(In any trace, there is an upper bound N on the greatest nonce in use.)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	130	lemma Nonce_supply_lemma: "EX N. ALL n. N<=n --> Nonce n \<notin> used evs"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	131	apply (induct_tac "evs")
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	132	apply (rule_tac x = 0 in exI)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	133	apply (simp_all (no_asm_simp) add: used_Cons split add: event.split)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	134	apply safe
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	135	apply (rule msg_Nonce_supply [THEN exE], blast elim!: add_leE)+
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	136	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	137
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	138	lemma Nonce_supply1: "EX N. Nonce N \<notin> used evs"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	139	by (rule Nonce_supply_lemma [THEN exE], blast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	140
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	141	lemma Nonce_supply: "Nonce (@ N. Nonce N \<notin> used evs) \<notin> used evs"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	142	apply (rule Nonce_supply_lemma [THEN exE])
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	143	apply (rule someI, fast)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	144	done
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	145
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	146
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	147	(* Specialized rewriting for the analz_image_... theorems *)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	148
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	149	lemma insert_Key_singleton: "insert (Key K) H = Key ` {K} Un H"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	150	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	151
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	152	lemma insert_Key_image: "insert (Key K) (Key`KK Un C) = Key ` (insert K KK) Un C"
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	153	by blast
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	154
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	155
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	156	(Specialized methods)
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	157
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	158	(Tactic for possibility theorems)
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	159	ML {*
30608 d9805c5b5d2e fixed possibility_tac; wenzelm parents: 30607 diff changeset	160	fun possibility_tac ctxt =
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	161	REPEAT (omit used_Says so that Nonces start from different traces!)
51717 9e7d1c139569 simplifier uses proper Proof.context instead of historic type simpset; wenzelm parents: 51310 diff changeset	162	(ALLGOALS (simp_tac (ctxt delsimps [used_Says]))
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	163	THEN
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	164	REPEAT_FIRST (eq_assume_tac ORELSE'
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	165	resolve_tac [refl, conjI, @{thm Nonce_supply}]));
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	166	*}
ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	167
30607 c3d1590debd8 eliminated global SIMPSET, CLASET etc. -- refer to explicit context; wenzelm parents: 30548 diff changeset	168	method_setup possibility = {* Scan.succeed (SIMPLE_METHOD o possibility_tac) *}
11250 c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	169	"for proving possibility theorems"
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	170
c8bbf4c4bc2d symlinks to ../../../HOL/Auth. Fingers crossed... paulson parents: diff changeset	171	end
23925 ee98c2528a8f LaTeX code is now generated directly from theory files. berghofe parents: 16417 diff changeset	172	(>)

author	wenzelm
	Fri, 30 Aug 2013 22:22:07 +0200
changeset 53336	b3bf6d72fea5
parent 51717	9e7d1c139569
child 59498	50b60f501b05
permissions	-rw-r--r--