equal
deleted
inserted
replaced
148 (*Nobody can have used non-existent keys! Needed to apply analz_insert_Key*) |
148 (*Nobody can have used non-existent keys! Needed to apply analz_insert_Key*) |
149 lemma new_keys_not_used [rule_format, simp]: |
149 lemma new_keys_not_used [rule_format, simp]: |
150 "evs \<in> yahalom ==> Key K \<notin> used evs --> K \<notin> keysFor (parts (knows Spy evs))" |
150 "evs \<in> yahalom ==> Key K \<notin> used evs --> K \<notin> keysFor (parts (knows Spy evs))" |
151 apply (erule yahalom.induct, force, |
151 apply (erule yahalom.induct, force, |
152 frule_tac [6] YM4_parts_knows_Spy, simp_all) |
152 frule_tac [6] YM4_parts_knows_Spy, simp_all) |
153 (*Fake, YM3, YM4*) |
153 txt{*Fake*} |
154 apply (blast dest!: keysFor_parts_insert)+ |
154 apply (force dest!: keysFor_parts_insert) |
|
155 txt{*YM3, YM4*} |
|
156 apply blast+ |
155 done |
157 done |
156 |
158 |
157 |
159 |
158 (*Earlier, all protocol proofs declared this theorem. |
160 (*Earlier, all protocol proofs declared this theorem. |
159 But only a few proofs need it, e.g. Yahalom and Kerberos IV.*) |
161 But only a few proofs need it, e.g. Yahalom and Kerberos IV.*) |