isabelle: src/HOL/SET-Protocol/PublicSET.thy@ddf6bab64b96 (annotated)

14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	1	(* Title: HOL/Auth/SET/PublicSET
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	2	ID: $Id$
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	3	Authors: Giampaolo Bella, Fabio Massacci, Lawrence C Paulson
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	4	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	5
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	6	header{The Public-Key Theory, Modified for SET}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	7
16417 9bc16273c2d4 migrated theory headers to new format haftmann parents: 15032 diff changeset	8	theory PublicSET imports EventSET begin
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	9
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	10	subsection{Symmetric and Asymmetric Keys}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	11
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	12	text{*definitions influenced by the wish to assign asymmetric keys
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	13	- since the beginning - only to RCA and CAs, namely we need a partial
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	14	function on type Agent*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	15
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	16
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	17	text{The SET specs mention two signature keys for CAs - we only have one}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	18
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	19	consts
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	20	publicKey :: "[bool, agent] => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	21	--{the boolean is TRUE if a signing key}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	22
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	23	syntax
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	24	pubEK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	25	pubSK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	26	priEK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	27	priSK :: "agent => key"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	28
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	29	translations
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	30	"pubEK" == "publicKey False"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	31	"pubSK" == "publicKey True"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	32
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	33	(BEWARE!! priEK, priSK DON'T WORK with inj, range, image, etc.)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	34	"priEK A" == "invKey (pubEK A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	35	"priSK A" == "invKey (pubSK A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	36
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	37	text{*By freeness of agents, no two agents have the same key. Since
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	38	@{term "True\<noteq>False"}, no agent has the same signing and encryption keys.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	39
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	40	specification (publicKey)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	41	injective_publicKey:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	42	"publicKey b A = publicKey c A' ==> b=c & A=A'"
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	43	(<)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	44	apply (rule exI [of _ "%b A. 2 * nat_of_agent A + (if b then 1 else 0)"])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	45	apply (auto simp add: inj_on_def inj_nat_of_agent [THEN inj_eq] split: agent.split)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	46	apply (drule_tac f="%x. x mod 2" in arg_cong, simp add: mod_Suc)+
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	47	(*or this, but presburger won't abstract out the function applications
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	48	apply presburger+
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	49	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	50	done
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	51	(>)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	52
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	53	axioms
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	54	(*No private key equals any public key (essential to ensure that private
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	55	keys are private!) *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	56	privateKey_neq_publicKey [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	57	"invKey (publicKey b A) \<noteq> publicKey b' A'"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	58
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	59	declare privateKey_neq_publicKey [THEN not_sym, iff]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	60
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	61
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	62	subsection{Initial Knowledge}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	63
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	64	text{*This information is not necessary. Each protocol distributes any needed
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	65	certificates, and anyway our proofs require a formalization of the Spy's
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	66	knowledge only. However, the initial knowledge is as follows:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	67	All agents know RCA's public keys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	68	RCA and CAs know their own respective keys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	69	RCA (has already certified and therefore) knows all CAs public keys;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	70	Spy knows all keys of all bad agents.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	71	primrec
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	72	(<)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	73	initState_CA:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	74	"initState (CA i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	75	(if i=0 then Key ` ({priEK RCA, priSK RCA} Un
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	76	pubEK ` (range CA) Un pubSK ` (range CA))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	77	else {Key (priEK (CA i)), Key (priSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	78	Key (pubEK (CA i)), Key (pubSK (CA i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	79	Key (pubEK RCA), Key (pubSK RCA)})"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	80
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	81	initState_Cardholder:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	82	"initState (Cardholder i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	83	{Key (priEK (Cardholder i)), Key (priSK (Cardholder i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	84	Key (pubEK (Cardholder i)), Key (pubSK (Cardholder i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	85	Key (pubEK RCA), Key (pubSK RCA)}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	86
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	87	initState_Merchant:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	88	"initState (Merchant i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	89	{Key (priEK (Merchant i)), Key (priSK (Merchant i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	90	Key (pubEK (Merchant i)), Key (pubSK (Merchant i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	91	Key (pubEK RCA), Key (pubSK RCA)}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	92
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	93	initState_PG:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	94	"initState (PG i) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	95	{Key (priEK (PG i)), Key (priSK (PG i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	96	Key (pubEK (PG i)), Key (pubSK (PG i)),
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	97	Key (pubEK RCA), Key (pubSK RCA)}"
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	98	(>)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	99	initState_Spy:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	100	"initState Spy = Key ` (invKey ` pubEK ` bad Un
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	101	invKey ` pubSK ` bad Un
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	102	range pubEK Un range pubSK)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	103
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	104
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	105	text{Injective mapping from agents to PANs: an agent can have only one card}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	106
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	107	consts pan :: "agent => nat"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	108
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	109	specification (pan)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	110	inj_pan: "inj pan"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	111	--{No two agents have the same PAN}
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	112	(<)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	113	apply (rule exI [of _ "nat_of_agent"])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	114	apply (simp add: inj_on_def inj_nat_of_agent [THEN inj_eq])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	115	done
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	116	(>)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	117
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	118	declare inj_pan [THEN inj_eq, iff]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	119
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	120	consts
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	121	XOR :: "natnat => nat" --{no properties are assumed of exclusive-or*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	122
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	123
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	124	subsection{Signature Primitives}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	125
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	126	constdefs
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	127
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	128	(* Signature = Message + signed Digest *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	129	sign :: "[key, msg]=>msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	130	"sign K X == {\|X, Crypt K (Hash X) \|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	131
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	132	(* Signature Only = signed Digest Only *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	133	signOnly :: "[key, msg]=>msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	134	"signOnly K X == Crypt K (Hash X)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	135
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	136	(* Signature for Certificates = Message + signed Message *)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	137	signCert :: "[key, msg]=>msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	138	"signCert K X == {\|X, Crypt K X \|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	139
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	140	(* Certification Authority's Certificate.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	141	Contains agent name, a key, a number specifying the key's target use,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	142	a key to sign the entire certificate.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	143
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	144	Should prove if signK=priSK RCA and C=CA i,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	145	then Ka=pubEK i or pubSK i depending on T ??
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	146	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	147	cert :: "[agent, key, msg, key] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	148	"cert A Ka T signK == signCert signK {\|Agent A, Key Ka, T\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	149
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	150
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	151	(* Cardholder's Certificate.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	152	Contains a PAN, the certified key Ka, the PANSecret PS,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	153	a number specifying the target use for Ka, the signing key signK.
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	154	*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	155	certC :: "[nat, key, nat, msg, key] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	156	"certC PAN Ka PS T signK ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	157	signCert signK {\|Hash {\|Nonce PS, Pan PAN\|}, Key Ka, T\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	158
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	159	(*cert and certA have no repeated elements, so they could be translations,
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	160	but that's tricky and makes proofs slower*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	161
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	162	syntax
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	163	"onlyEnc" :: msg
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	164	"onlySig" :: msg
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	165	"authCode" :: msg
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	166
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	167	translations
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	168	"onlyEnc" == "Number 0"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	169	"onlySig" == "Number (Suc 0)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	170	"authCode" == "Number (Suc (Suc 0))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	171
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	172	subsection{Encryption Primitives}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	173
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	174	constdefs
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	175
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	176	EXcrypt :: "[key,key,msg,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	177	--{Extra Encryption}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	178	(K: the symmetric key EK: the public encryption key)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	179	"EXcrypt K EK M m ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	180	{\|Crypt K {\|M, Hash m\|}, Crypt EK {\|Key K, m\|}\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	181
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	182	EXHcrypt :: "[key,key,msg,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	183	--{Extra Encryption with Hashing}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	184	(K: the symmetric key EK: the public encryption key)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	185	"EXHcrypt K EK M m ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	186	{\|Crypt K {\|M, Hash m\|}, Crypt EK {\|Key K, m, Hash M\|}\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	187
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	188	Enc :: "[key,key,key,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	189	--{Simple Encapsulation with SIGNATURE}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	190	(*SK: the sender's signing key
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	191	K: the symmetric key
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	192	EK: the public encryption key*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	193	"Enc SK K EK M ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	194	{\|Crypt K (sign SK M), Crypt EK (Key K)\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	195
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	196	EncB :: "[key,key,key,msg,msg] => msg"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	197	--{Encapsulation with Baggage. Keys as above, and baggage b.}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	198	"EncB SK K EK M b ==
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	199	{\|Enc SK K EK {\|M, Hash b\|}, b\|}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	200
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	201
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	202	subsection{Basic Properties of pubEK, pubSK, priEK and priSK }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	203
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	204	lemma publicKey_eq_iff [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	205	"(publicKey b A = publicKey b' A') = (b=b' & A=A')"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	206	by (blast dest: injective_publicKey)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	207
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	208	lemma privateKey_eq_iff [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	209	"(invKey (publicKey b A) = invKey (publicKey b' A')) = (b=b' & A=A')"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	210	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	211
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	212	lemma not_symKeys_publicKey [iff]: "publicKey b A \<notin> symKeys"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	213	by (simp add: symKeys_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	214
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	215	lemma not_symKeys_privateKey [iff]: "invKey (publicKey b A) \<notin> symKeys"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	216	by (simp add: symKeys_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	217
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	218	lemma symKeys_invKey_eq [simp]: "K \<in> symKeys ==> invKey K = K"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	219	by (simp add: symKeys_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	220
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	221	lemma symKeys_invKey_iff [simp]: "(invKey K \<in> symKeys) = (K \<in> symKeys)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	222	by (unfold symKeys_def, auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	223
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	224	text{Can be slow (or even loop) as a simprule}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	225	lemma symKeys_neq_imp_neq: "(K \<in> symKeys) \<noteq> (K' \<in> symKeys) ==> K \<noteq> K'"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	226	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	227
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	228	text{*These alternatives to @{text symKeys_neq_imp_neq} don't seem any better
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	229	in practice.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	230	lemma publicKey_neq_symKey: "K \<in> symKeys ==> publicKey b A \<noteq> K"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	231	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	232
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	233	lemma symKey_neq_publicKey: "K \<in> symKeys ==> K \<noteq> publicKey b A"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	234	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	235
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	236	lemma privateKey_neq_symKey: "K \<in> symKeys ==> invKey (publicKey b A) \<noteq> K"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	237	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	238
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	239	lemma symKey_neq_privateKey: "K \<in> symKeys ==> K \<noteq> invKey (publicKey b A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	240	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	241
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	242	lemma analz_symKeys_Decrypt:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	243	"[\| Crypt K X \<in> analz H; K \<in> symKeys; Key K \<in> analz H \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	244	==> X \<in> analz H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	245	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	246
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	247
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	248	subsection{"Image" Equations That Hold for Injective Functions }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	249
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	250	lemma invKey_image_eq [iff]: "(invKey x \<in> invKey`A) = (x\<in>A)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	251	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	252
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	253	text{holds because invKey is injective}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	254	lemma publicKey_image_eq [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	255	"(publicKey b A \<in> publicKey c ` AS) = (b=c & A\<in>AS)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	256	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	257
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	258	lemma privateKey_image_eq [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	259	"(invKey (publicKey b A) \<in> invKey ` publicKey c ` AS) = (b=c & A\<in>AS)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	260	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	261
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	262	lemma privateKey_notin_image_publicKey [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	263	"invKey (publicKey b A) \<notin> publicKey c ` AS"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	264	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	265
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	266	lemma publicKey_notin_image_privateKey [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	267	"publicKey b A \<notin> invKey ` publicKey c ` AS"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	268	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	269
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	270	lemma keysFor_parts_initState [simp]: "keysFor (parts (initState C)) = {}"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	271	apply (simp add: keysFor_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	272	apply (induct_tac "C")
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	273	apply (auto intro: range_eqI)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	274	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	275
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	276	text{for proving @{text new_keys_not_used}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	277	lemma keysFor_parts_insert:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	278	"[\| K \<in> keysFor (parts (insert X H)); X \<in> synth (analz H) \|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	279	==> K \<in> keysFor (parts H) \| Key (invKey K) \<in> parts H"
14218 db95d1c2f51b removal of junk and improvement of the document paulson parents: 14206 diff changeset	280	by (force dest!:
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	281	parts_insert_subset_Un [THEN keysFor_mono, THEN [2] rev_subsetD]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	282	analz_subset_parts [THEN keysFor_mono, THEN [2] rev_subsetD]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	283	intro: analz_into_parts)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	284
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	285	lemma Crypt_imp_keysFor [intro]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	286	"[\|K \<in> symKeys; Crypt K X \<in> H\|] ==> K \<in> keysFor H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	287	by (drule Crypt_imp_invKey_keysFor, simp)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	288
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	289	text{Agents see their own private keys!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	290	lemma privateKey_in_initStateCA [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	291	"Key (invKey (publicKey b A)) \<in> initState A"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	292	by (case_tac "A", auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	293
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	294	text{Agents see their own public keys!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	295	lemma publicKey_in_initStateCA [iff]: "Key (publicKey b A) \<in> initState A"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	296	by (case_tac "A", auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	297
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	298	text{RCA sees CAs' public keys! }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	299	lemma pubK_CA_in_initState_RCA [iff]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	300	"Key (publicKey b (CA i)) \<in> initState RCA"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	301	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	302
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	303
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	304	text{Spy knows all public keys}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	305	lemma knows_Spy_pubEK_i [iff]: "Key (publicKey b A) \<in> knows Spy evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	306	apply (induct_tac "evs")
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	307	apply (simp_all add: imageI knows_Cons split add: event.split)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	308	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	309
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	310	declare knows_Spy_pubEK_i [THEN analz.Inj, iff]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	311	(needed????)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	312
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	313	text{Spy sees private keys of bad agents! [and obviously public keys too]}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	314	lemma knows_Spy_bad_privateKey [intro!]:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	315	"A \<in> bad ==> Key (invKey (publicKey b A)) \<in> knows Spy evs"
14206 77bf175f5145 Tidying of SET's "possibility theorems" (removal of Key_supply_ax) paulson parents: 14199 diff changeset	316	by (rule initState_subset_knows [THEN subsetD], simp)
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	317
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	318
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	319	subsection{Fresh Nonces for Possibility Theorems}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	320
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	321	lemma Nonce_notin_initState [iff]: "Nonce N \<notin> parts (initState B)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	322	by (induct_tac "B", auto)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	323
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	324	lemma Nonce_notin_used_empty [simp]: "Nonce N \<notin> used []"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	325	by (simp add: used_Nil)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	326
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	327	text{In any trace, there is an upper bound N on the greatest nonce in use.}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	328	lemma Nonce_supply_lemma: "\<exists>N. \<forall>n. N<=n --> Nonce n \<notin> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	329	apply (induct_tac "evs")
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	330	apply (rule_tac x = 0 in exI)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	331	apply (simp_all add: used_Cons split add: event.split, safe)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	332	apply (rule msg_Nonce_supply [THEN exE], blast elim!: add_leE)+
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	333	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	334
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	335	lemma Nonce_supply1: "\<exists>N. Nonce N \<notin> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	336	by (rule Nonce_supply_lemma [THEN exE], blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	337
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	338	lemma Nonce_supply: "Nonce (@ N. Nonce N \<notin> used evs) \<notin> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	339	apply (rule Nonce_supply_lemma [THEN exE])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	340	apply (rule someI, fast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	341	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	342
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	343
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	344	subsection{Specialized Methods for Possibility Theorems}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	345
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	346	ML
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	347	{*
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	348	structure PublicSET =
a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	349	struct
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	350
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	351	(Tactic for possibility theorems (Isar interface))
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	352	fun gen_possibility_tac ss state = state \|>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	353	REPEAT (omit used_Says so that Nonces start from different traces!)
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	354	(ALLGOALS (simp_tac (ss delsimps [@{thm used_Says}, @{thm used_Notes}]))
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	355	THEN
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	356	REPEAT_FIRST (eq_assume_tac ORELSE'
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	357	resolve_tac [refl, conjI, @{thm Nonce_supply}]))
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	358
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	359	(Tactic for possibility theorems (ML script version))
20048 a7964311f1fb tactic/method simpset: maintain proper context; wenzelm parents: 16417 diff changeset	360	fun possibility_tac state = gen_possibility_tac (simpset_of (Thm.theory_of_thm state)) state
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	361
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	362	(*For harder protocols (such as SET_CR!), where we have to set up some
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	363	nonces and keys initially*)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	364	fun basic_possibility_tac st = st \|>
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	365	REPEAT
20048 a7964311f1fb tactic/method simpset: maintain proper context; wenzelm parents: 16417 diff changeset	366	(ALLGOALS (asm_simp_tac (simpset_of (Thm.theory_of_thm st) setSolver safe_solver))
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	367	THEN
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	368	REPEAT_FIRST (resolve_tac [refl, conjI]))
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	369
a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	370	end
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	371	*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	372
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	373	method_setup possibility = {*
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	374	Method.ctxt_args (fn ctxt =>
24123 a0fc58900606 tuned ML bindings (for multithreading); wenzelm parents: 21588 diff changeset	375	Method.SIMPLE_METHOD (PublicSET.gen_possibility_tac (local_simpset_of ctxt))) *}
14199 d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	376	"for proving possibility theorems"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	377
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	378
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	379
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	380	subsection{Specialized Rewriting for Theorems About @{term analz} and Image}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	381
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	382	lemma insert_Key_singleton: "insert (Key K) H = Key ` {K} Un H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	383	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	384
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	385	lemma insert_Key_image:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	386	"insert (Key K) (Key`KK Un C) = Key ` (insert K KK) Un C"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	387	by blast
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	388
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	389	text{Needed for @{text DK_fresh_not_KeyCryptKey}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	390	lemma publicKey_in_used [iff]: "Key (publicKey b A) \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	391	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	392
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	393	lemma privateKey_in_used [iff]: "Key (invKey (publicKey b A)) \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	394	by (blast intro!: initState_into_used)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	395
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	396	text{*Reverse the normal simplification of "image" to build up (not break down)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	397	the set of keys. Based on @{text analz_image_freshK_ss}, but simpler.*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	398	lemmas analz_image_keys_simps =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	399	simp_thms mem_simps --{these two allow its use with @{text "only:"}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	400	image_insert [THEN sym] image_Un [THEN sym]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	401	rangeI symKeys_neq_imp_neq
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	402	insert_Key_singleton insert_Key_image Un_assoc [THEN sym]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	403
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	404
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	405	(General lemmas proved by Larry)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	406
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	407	subsection{Controlled Unfolding of Abbreviations}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	408
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	409	text{A set is expanded only if a relation is applied to it}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	410	lemma def_abbrev_simp_relation:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	411	"A == B ==> (A \<in> X) = (B \<in> X) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	412	(u = A) = (u = B) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	413	(A = u) = (B = u)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	414	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	415
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	416	text{A set is expanded only if one of the given functions is applied to it}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	417	lemma def_abbrev_simp_function:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	418	"A == B
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	419	==> parts (insert A X) = parts (insert B X) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	420	analz (insert A X) = analz (insert B X) &
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	421	keysFor (insert A X) = keysFor (insert B X)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	422	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	423
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	424	subsubsection{Special Simplification Rules for @{term signCert}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	425
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	426	text{Avoids duplicating X and its components!}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	427	lemma parts_insert_signCert:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	428	"parts (insert (signCert K X) H) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	429	insert {\|X, Crypt K X\|} (parts (insert (Crypt K X) H))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	430	by (simp add: signCert_def insert_commute [of X])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	431
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	432	text{Avoids a case split! [X is always available]}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	433	lemma analz_insert_signCert:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	434	"analz (insert (signCert K X) H) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	435	insert {\|X, Crypt K X\|} (insert (Crypt K X) (analz (insert X H)))"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	436	by (simp add: signCert_def insert_commute [of X])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	437
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	438	lemma keysFor_insert_signCert: "keysFor (insert (signCert K X) H) = keysFor H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	439	by (simp add: signCert_def)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	440
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	441	text{*Controlled rewrite rules for @{term signCert}, just the definitions
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	442	of the others. Encryption primitives are just expanded, despite their huge
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	443	redundancy!*}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	444	lemmas abbrev_simps [simp] =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	445	parts_insert_signCert analz_insert_signCert keysFor_insert_signCert
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	446	sign_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	447	sign_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	448	signCert_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	449	signCert_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	450	certC_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	451	certC_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	452	cert_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	453	cert_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	454	EXcrypt_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	455	EXcrypt_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	456	EXHcrypt_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	457	EXHcrypt_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	458	Enc_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	459	Enc_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	460	EncB_def [THEN def_abbrev_simp_relation]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	461	EncB_def [THEN def_abbrev_simp_function]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	462
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	463
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	464	subsubsection{Elimination Rules for Controlled Rewriting }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	465
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	466	lemma Enc_partsE:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	467	"!!R. [\|Enc SK K EK M \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	468	[\|Crypt K (sign SK M) \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	469	Crypt EK (Key K) \<in> parts H\|] ==> R\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	470	==> R"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	471
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	472	by (unfold Enc_def, blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	473
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	474	lemma EncB_partsE:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	475	"!!R. [\|EncB SK K EK M b \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	476	[\|Crypt K (sign SK {\|M, Hash b\|}) \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	477	Crypt EK (Key K) \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	478	b \<in> parts H\|] ==> R\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	479	==> R"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	480	by (unfold EncB_def Enc_def, blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	481
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	482	lemma EXcrypt_partsE:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	483	"!!R. [\|EXcrypt K EK M m \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	484	[\|Crypt K {\|M, Hash m\|} \<in> parts H;
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	485	Crypt EK {\|Key K, m\|} \<in> parts H\|] ==> R\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	486	==> R"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	487	by (unfold EXcrypt_def, blast)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	488
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	489
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	490	subsection{Lemmas to Simplify Expressions Involving @{term analz} }
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	491
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	492	lemma analz_knows_absorb:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	493	"Key K \<in> analz (knows Spy evs)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	494	==> analz (Key ` (insert K H) \<union> knows Spy evs) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	495	analz (Key ` H \<union> knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	496	by (simp add: analz_insert_eq Un_upper2 [THEN analz_mono, THEN subsetD])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	497
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	498	lemma analz_knows_absorb2:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	499	"Key K \<in> analz (knows Spy evs)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	500	==> analz (Key ` (insert X (insert K H)) \<union> knows Spy evs) =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	501	analz (Key ` (insert X H) \<union> knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	502	apply (subst insert_commute)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	503	apply (erule analz_knows_absorb)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	504	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	505
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	506	lemma analz_insert_subset_eq:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	507	"[\|X \<in> analz (knows Spy evs); knows Spy evs \<subseteq> H\|]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	508	==> analz (insert X H) = analz H"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	509	apply (rule analz_insert_eq)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	510	apply (blast intro: analz_mono [THEN [2] rev_subsetD])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	511	done
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	512
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	513	lemmas analz_insert_simps =
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	514	analz_insert_subset_eq Un_upper2
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	515	subset_insertI [THEN [2] subset_trans]
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	516
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	517
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	518	subsection{Freshness Lemmas}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	519
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	520	lemma in_parts_Says_imp_used:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	521	"[\|Key K \<in> parts {X}; Says A B X \<in> set evs\|] ==> Key K \<in> used evs"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	522	by (blast intro: parts_trans dest!: Says_imp_knows_Spy [THEN parts.Inj])
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	523
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	524	text{A useful rewrite rule with @{term analz_image_keys_simps}}
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	525	lemma Crypt_notin_image_Key: "Crypt K X \<notin> Key ` KK"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	526	by auto
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	527
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	528	lemma fresh_notin_analz_knows_Spy:
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	529	"Key K \<notin> used evs ==> Key K \<notin> analz (knows Spy evs)"
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	530	by (auto dest: analz_into_parts)
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	531
d3b8d972a488 new session HOL-SET-Protocol paulson parents: diff changeset	532	end

author	wenzelm
	Thu, 17 Apr 2008 16:30:52 +0200
changeset 26707	ddf6bab64b96
parent 24123	a0fc58900606
child 30510	4120fc59dd85
permissions	-rw-r--r--