9 |
9 |
10 theory Message = Main |
10 theory Message = Main |
11 files ("Message_lemmas.ML"): |
11 files ("Message_lemmas.ML"): |
12 |
12 |
13 (*Eliminates a commonly-occurring expression*) |
13 (*Eliminates a commonly-occurring expression*) |
14 lemma [simp] : "~ (ALL x. x~=y)" |
14 lemma [simp] : "~ (\<forall> x. x\<noteq>y)" |
15 by blast |
15 by blast |
16 |
16 |
17 (*Needed occasionally with spy_analz_tac, e.g. in analz_insert_Key_newK*) |
17 (*Needed occasionally with spy_analz_tac, e.g. in analz_insert_Key_newK*) |
18 lemma [simp] : "A Un (B Un A) = B Un A" |
18 lemma [simp] : "A Un (B Un A) = B Un A" |
19 by blast |
19 by blast |
64 HPair :: "[msg,msg] => msg" ("(4Hash[_] /_)" [0, 1000]) |
64 HPair :: "[msg,msg] => msg" ("(4Hash[_] /_)" [0, 1000]) |
65 "Hash[X] Y == {| Hash{|X,Y|}, Y|}" |
65 "Hash[X] Y == {| Hash{|X,Y|}, Y|}" |
66 |
66 |
67 (*Keys useful to decrypt elements of a message set*) |
67 (*Keys useful to decrypt elements of a message set*) |
68 keysFor :: "msg set => key set" |
68 keysFor :: "msg set => key set" |
69 "keysFor H == invKey ` {K. EX X. Crypt K X : H}" |
69 "keysFor H == invKey ` {K. \<exists>X. Crypt K X \<in> H}" |
70 |
70 |
71 (** Inductive definition of all "parts" of a message. **) |
71 (** Inductive definition of all "parts" of a message. **) |
72 |
72 |
73 consts parts :: "msg set => msg set" |
73 consts parts :: "msg set => msg set" |
74 inductive "parts H" |
74 inductive "parts H" |
75 intros |
75 intros |
76 Inj [intro] : "X: H ==> X : parts H" |
76 Inj [intro]: "X \<in> H ==> X \<in> parts H" |
77 Fst: "{|X,Y|} : parts H ==> X : parts H" |
77 Fst: "{|X,Y|} \<in> parts H ==> X \<in> parts H" |
78 Snd: "{|X,Y|} : parts H ==> Y : parts H" |
78 Snd: "{|X,Y|} \<in> parts H ==> Y \<in> parts H" |
79 Body: "Crypt K X : parts H ==> X : parts H" |
79 Body: "Crypt K X \<in> parts H ==> X \<in> parts H" |
80 |
80 |
81 |
81 |
82 (*Monotonicity*) |
82 (*Monotonicity*) |
83 lemma parts_mono: "G<=H ==> parts(G) <= parts(H)" |
83 lemma parts_mono: "G<=H ==> parts(G) <= parts(H)" |
84 apply auto |
84 apply auto |
92 be taken apart; messages decrypted with known keys. **) |
92 be taken apart; messages decrypted with known keys. **) |
93 |
93 |
94 consts analz :: "msg set => msg set" |
94 consts analz :: "msg set => msg set" |
95 inductive "analz H" |
95 inductive "analz H" |
96 intros |
96 intros |
97 Inj [intro,simp] : "X: H ==> X: analz H" |
97 Inj [intro,simp] : "X \<in> H ==> X \<in> analz H" |
98 Fst: "{|X,Y|} : analz H ==> X : analz H" |
98 Fst: "{|X,Y|} \<in> analz H ==> X \<in> analz H" |
99 Snd: "{|X,Y|} : analz H ==> Y : analz H" |
99 Snd: "{|X,Y|} \<in> analz H ==> Y \<in> analz H" |
100 Decrypt [dest]: |
100 Decrypt [dest]: |
101 "[|Crypt K X : analz H; Key(invKey K): analz H|] ==> X : analz H" |
101 "[|Crypt K X \<in> analz H; Key(invKey K): analz H|] ==> X \<in> analz H" |
102 |
102 |
103 |
103 |
104 (*Monotonicity; Lemma 1 of Lowe's paper*) |
104 (*Monotonicity; Lemma 1 of Lowe's paper*) |
105 lemma analz_mono: "G<=H ==> analz(G) <= analz(H)" |
105 lemma analz_mono: "G<=H ==> analz(G) <= analz(H)" |
106 apply auto |
106 apply auto |
114 Numbers can be guessed, but Nonces cannot be. **) |
114 Numbers can be guessed, but Nonces cannot be. **) |
115 |
115 |
116 consts synth :: "msg set => msg set" |
116 consts synth :: "msg set => msg set" |
117 inductive "synth H" |
117 inductive "synth H" |
118 intros |
118 intros |
119 Inj [intro]: "X: H ==> X: synth H" |
119 Inj [intro]: "X \<in> H ==> X \<in> synth H" |
120 Agent [intro]: "Agent agt : synth H" |
120 Agent [intro]: "Agent agt \<in> synth H" |
121 Number [intro]: "Number n : synth H" |
121 Number [intro]: "Number n \<in> synth H" |
122 Hash [intro]: "X: synth H ==> Hash X : synth H" |
122 Hash [intro]: "X \<in> synth H ==> Hash X \<in> synth H" |
123 MPair [intro]: "[|X: synth H; Y: synth H|] ==> {|X,Y|} : synth H" |
123 MPair [intro]: "[|X \<in> synth H; Y \<in> synth H|] ==> {|X,Y|} \<in> synth H" |
124 Crypt [intro]: "[|X: synth H; Key(K) : H|] ==> Crypt K X : synth H" |
124 Crypt [intro]: "[|X \<in> synth H; Key(K) \<in> H|] ==> Crypt K X \<in> synth H" |
125 |
125 |
126 (*Monotonicity*) |
126 (*Monotonicity*) |
127 lemma synth_mono: "G<=H ==> synth(G) <= synth(H)" |
127 lemma synth_mono: "G<=H ==> synth(G) <= synth(H)" |
128 apply auto |
128 apply auto |
129 apply (erule synth.induct) |
129 apply (erule synth.induct) |
130 apply (auto dest: Fst Snd Body) |
130 apply (auto dest: Fst Snd Body) |
131 done |
131 done |
132 |
132 |
133 (*NO Agent_synth, as any Agent name can be synthesized. Ditto for Number*) |
133 (*NO Agent_synth, as any Agent name can be synthesized. Ditto for Number*) |
134 inductive_cases Nonce_synth [elim!]: "Nonce n : synth H" |
134 inductive_cases Nonce_synth [elim!]: "Nonce n \<in> synth H" |
135 inductive_cases Key_synth [elim!]: "Key K : synth H" |
135 inductive_cases Key_synth [elim!]: "Key K \<in> synth H" |
136 inductive_cases Hash_synth [elim!]: "Hash X : synth H" |
136 inductive_cases Hash_synth [elim!]: "Hash X \<in> synth H" |
137 inductive_cases MPair_synth [elim!]: "{|X,Y|} : synth H" |
137 inductive_cases MPair_synth [elim!]: "{|X,Y|} \<in> synth H" |
138 inductive_cases Crypt_synth [elim!]: "Crypt K X : synth H" |
138 inductive_cases Crypt_synth [elim!]: "Crypt K X \<in> synth H" |
139 |
139 |
140 use "Message_lemmas.ML" |
140 use "Message_lemmas.ML" |
141 |
141 |
142 method_setup spy_analz = {* |
142 method_setup spy_analz = {* |
143 Method.no_args (Method.METHOD (fn facts => spy_analz_tac 1)) *} |
143 Method.no_args (Method.METHOD (fn facts => spy_analz_tac 1)) *} |