equal
deleted
inserted
replaced
16 open Message; |
16 open Message; |
17 |
17 |
18 AddIffs atomic.inject; |
18 AddIffs atomic.inject; |
19 AddIffs msg.inject; |
19 AddIffs msg.inject; |
20 |
20 |
21 (*Holds because Friend is injective: thus cannot prove for all f*) |
21 (*Equations hold because constructors are injective; cannot prove for all f*) |
22 goal thy "(Friend x : Friend``A) = (x:A)"; |
22 goal thy "(Friend x : Friend``A) = (x:A)"; |
23 by (Auto_tac()); |
23 by (Auto_tac()); |
24 qed "Friend_image_eq"; |
24 qed "Friend_image_eq"; |
25 Addsimps [Friend_image_eq]; |
25 |
|
26 goal thy "(Key x : Key``A) = (x:A)"; |
|
27 by (Auto_tac()); |
|
28 qed "Key_image_eq"; |
|
29 |
|
30 goal thy "(Nonce x ~: Key``A)"; |
|
31 by (Auto_tac()); |
|
32 qed "Nonce_Key_image_eq"; |
|
33 Addsimps [Friend_image_eq, Key_image_eq, Nonce_Key_image_eq]; |
26 |
34 |
27 |
35 |
28 (** Inverse of keys **) |
36 (** Inverse of keys **) |
29 |
37 |
30 goal thy "!!K K'. (invKey K = invKey K') = (K=K')"; |
38 goal thy "!!K K'. (invKey K = invKey K') = (K=K')"; |