76 | Fst: "{|X,Y|} \<in> parts H ==> X \<in> parts H" |
76 | Fst: "{|X,Y|} \<in> parts H ==> X \<in> parts H" |
77 | Snd: "{|X,Y|} \<in> parts H ==> Y \<in> parts H" |
77 | Snd: "{|X,Y|} \<in> parts H ==> Y \<in> parts H" |
78 | Body: "Crypt K X \<in> parts H ==> X \<in> parts H" |
78 | Body: "Crypt K X \<in> parts H ==> X \<in> parts H" |
79 |
79 |
80 |
80 |
81 ML{*AtpThread.problem_name := "Message__parts_mono"*} |
81 ML{*AtpWrapper.problem_name := "Message__parts_mono"*} |
82 lemma parts_mono: "G \<subseteq> H ==> parts(G) \<subseteq> parts(H)" |
82 lemma parts_mono: "G \<subseteq> H ==> parts(G) \<subseteq> parts(H)" |
83 apply auto |
83 apply auto |
84 apply (erule parts.induct) |
84 apply (erule parts.induct) |
85 apply (metis Inj set_mp) |
85 apply (metis Inj set_mp) |
86 apply (metis Fst) |
86 apply (metis Fst) |
201 lemma parts_insert: "parts (insert X H) = parts {X} \<union> parts H" |
201 lemma parts_insert: "parts (insert X H) = parts {X} \<union> parts H" |
202 apply (subst insert_is_Un [of _ H]) |
202 apply (subst insert_is_Un [of _ H]) |
203 apply (simp only: parts_Un) |
203 apply (simp only: parts_Un) |
204 done |
204 done |
205 |
205 |
206 ML{*AtpThread.problem_name := "Message__parts_insert_two"*} |
206 ML{*AtpWrapper.problem_name := "Message__parts_insert_two"*} |
207 lemma parts_insert2: |
207 lemma parts_insert2: |
208 "parts (insert X (insert Y H)) = parts {X} \<union> parts {Y} \<union> parts H" |
208 "parts (insert X (insert Y H)) = parts {X} \<union> parts {Y} \<union> parts H" |
209 by (metis Un_commute Un_empty_left Un_empty_right Un_insert_left Un_insert_right parts_Un) |
209 by (metis Un_commute Un_empty_left Un_empty_right Un_insert_left Un_insert_right parts_Un) |
210 |
210 |
211 |
211 |
238 by (erule parts.induct, blast+) |
238 by (erule parts.induct, blast+) |
239 |
239 |
240 lemma parts_idem [simp]: "parts (parts H) = parts H" |
240 lemma parts_idem [simp]: "parts (parts H) = parts H" |
241 by blast |
241 by blast |
242 |
242 |
243 ML{*AtpThread.problem_name := "Message__parts_subset_iff"*} |
243 ML{*AtpWrapper.problem_name := "Message__parts_subset_iff"*} |
244 lemma parts_subset_iff [simp]: "(parts G \<subseteq> parts H) = (G \<subseteq> parts H)" |
244 lemma parts_subset_iff [simp]: "(parts G \<subseteq> parts H) = (G \<subseteq> parts H)" |
245 apply (rule iffI) |
245 apply (rule iffI) |
246 apply (metis Un_absorb1 Un_subset_iff parts_Un parts_increasing) |
246 apply (metis Un_absorb1 Un_subset_iff parts_Un parts_increasing) |
247 apply (metis parts_idem parts_mono) |
247 apply (metis parts_idem parts_mono) |
248 done |
248 done |
249 |
249 |
250 lemma parts_trans: "[| X\<in> parts G; G \<subseteq> parts H |] ==> X\<in> parts H" |
250 lemma parts_trans: "[| X\<in> parts G; G \<subseteq> parts H |] ==> X\<in> parts H" |
251 by (blast dest: parts_mono); |
251 by (blast dest: parts_mono); |
252 |
252 |
253 |
253 |
254 ML{*AtpThread.problem_name := "Message__parts_cut"*} |
254 ML{*AtpWrapper.problem_name := "Message__parts_cut"*} |
255 lemma parts_cut: "[|Y\<in> parts(insert X G); X\<in> parts H|] ==> Y\<in> parts(G \<union> H)" |
255 lemma parts_cut: "[|Y\<in> parts(insert X G); X\<in> parts H|] ==> Y\<in> parts(G \<union> H)" |
256 by (metis Un_subset_iff insert_subset parts_increasing parts_trans) |
256 by (metis Un_subset_iff insert_subset parts_increasing parts_trans) |
257 |
257 |
258 |
258 |
259 |
259 |
314 apply auto |
314 apply auto |
315 apply (erule parts.induct, auto) |
315 apply (erule parts.induct, auto) |
316 done |
316 done |
317 |
317 |
318 |
318 |
319 ML{*AtpThread.problem_name := "Message__msg_Nonce_supply"*} |
319 ML{*AtpWrapper.problem_name := "Message__msg_Nonce_supply"*} |
320 lemma msg_Nonce_supply: "\<exists>N. \<forall>n. N\<le>n --> Nonce n \<notin> parts {msg}" |
320 lemma msg_Nonce_supply: "\<exists>N. \<forall>n. N\<le>n --> Nonce n \<notin> parts {msg}" |
321 apply (induct_tac "msg") |
321 apply (induct_tac "msg") |
322 apply (simp_all add: parts_insert2) |
322 apply (simp_all add: parts_insert2) |
323 apply (metis Suc_n_not_le_n) |
323 apply (metis Suc_n_not_le_n) |
324 apply (metis le_trans linorder_linear) |
324 apply (metis le_trans linorder_linear) |
366 lemmas analz_into_parts = analz_subset_parts [THEN subsetD, standard] |
366 lemmas analz_into_parts = analz_subset_parts [THEN subsetD, standard] |
367 |
367 |
368 lemmas not_parts_not_analz = analz_subset_parts [THEN contra_subsetD, standard] |
368 lemmas not_parts_not_analz = analz_subset_parts [THEN contra_subsetD, standard] |
369 |
369 |
370 |
370 |
371 ML{*AtpThread.problem_name := "Message__parts_analz"*} |
371 ML{*AtpWrapper.problem_name := "Message__parts_analz"*} |
372 lemma parts_analz [simp]: "parts (analz H) = parts H" |
372 lemma parts_analz [simp]: "parts (analz H) = parts H" |
373 apply (rule equalityI) |
373 apply (rule equalityI) |
374 apply (metis analz_subset_parts parts_subset_iff) |
374 apply (metis analz_subset_parts parts_subset_iff) |
375 apply (metis analz_increasing parts_mono) |
375 apply (metis analz_increasing parts_mono) |
376 done |
376 done |
518 |
518 |
519 lemma analz_trans: "[| X\<in> analz G; G \<subseteq> analz H |] ==> X\<in> analz H" |
519 lemma analz_trans: "[| X\<in> analz G; G \<subseteq> analz H |] ==> X\<in> analz H" |
520 by (drule analz_mono, blast) |
520 by (drule analz_mono, blast) |
521 |
521 |
522 |
522 |
523 ML{*AtpThread.problem_name := "Message__analz_cut"*} |
523 ML{*AtpWrapper.problem_name := "Message__analz_cut"*} |
524 declare analz_trans[intro] |
524 declare analz_trans[intro] |
525 lemma analz_cut: "[| Y\<in> analz (insert X H); X\<in> analz H |] ==> Y\<in> analz H" |
525 lemma analz_cut: "[| Y\<in> analz (insert X H); X\<in> analz H |] ==> Y\<in> analz H" |
526 (*TOO SLOW |
526 (*TOO SLOW |
527 by (metis analz_idem analz_increasing analz_mono insert_absorb insert_mono insert_subset) --{*317s*} |
527 by (metis analz_idem analz_increasing analz_mono insert_absorb insert_mono insert_subset) --{*317s*} |
528 ??*) |
528 ??*) |
536 by (blast intro: analz_cut analz_insertI) |
536 by (blast intro: analz_cut analz_insertI) |
537 |
537 |
538 |
538 |
539 text{*A congruence rule for "analz" *} |
539 text{*A congruence rule for "analz" *} |
540 |
540 |
541 ML{*AtpThread.problem_name := "Message__analz_subset_cong"*} |
541 ML{*AtpWrapper.problem_name := "Message__analz_subset_cong"*} |
542 lemma analz_subset_cong: |
542 lemma analz_subset_cong: |
543 "[| analz G \<subseteq> analz G'; analz H \<subseteq> analz H' |] |
543 "[| analz G \<subseteq> analz G'; analz H \<subseteq> analz H' |] |
544 ==> analz (G \<union> H) \<subseteq> analz (G' \<union> H')" |
544 ==> analz (G \<union> H) \<subseteq> analz (G' \<union> H')" |
545 apply simp |
545 apply simp |
546 apply (metis Un_absorb2 Un_commute Un_subset_iff Un_upper1 Un_upper2 analz_mono) |
546 apply (metis Un_absorb2 Un_commute Un_subset_iff Un_upper1 Un_upper2 analz_mono) |
614 separate parts, building a compound message using elements of each.*} |
614 separate parts, building a compound message using elements of each.*} |
615 lemma synth_Un: "synth(G) \<union> synth(H) \<subseteq> synth(G \<union> H)" |
615 lemma synth_Un: "synth(G) \<union> synth(H) \<subseteq> synth(G \<union> H)" |
616 by (intro Un_least synth_mono Un_upper1 Un_upper2) |
616 by (intro Un_least synth_mono Un_upper1 Un_upper2) |
617 |
617 |
618 |
618 |
619 ML{*AtpThread.problem_name := "Message__synth_insert"*} |
619 ML{*AtpWrapper.problem_name := "Message__synth_insert"*} |
620 |
620 |
621 lemma synth_insert: "insert X (synth H) \<subseteq> synth(insert X H)" |
621 lemma synth_insert: "insert X (synth H) \<subseteq> synth(insert X H)" |
622 by (metis insert_iff insert_subset subset_insertI synth.Inj synth_mono) |
622 by (metis insert_iff insert_subset subset_insertI synth.Inj synth_mono) |
623 |
623 |
624 subsubsection{*Idempotence and transitivity *} |
624 subsubsection{*Idempotence and transitivity *} |
636 done |
636 done |
637 |
637 |
638 lemma synth_trans: "[| X\<in> synth G; G \<subseteq> synth H |] ==> X\<in> synth H" |
638 lemma synth_trans: "[| X\<in> synth G; G \<subseteq> synth H |] ==> X\<in> synth H" |
639 by (drule synth_mono, blast) |
639 by (drule synth_mono, blast) |
640 |
640 |
641 ML{*AtpThread.problem_name := "Message__synth_cut"*} |
641 ML{*AtpWrapper.problem_name := "Message__synth_cut"*} |
642 lemma synth_cut: "[| Y\<in> synth (insert X H); X\<in> synth H |] ==> Y\<in> synth H" |
642 lemma synth_cut: "[| Y\<in> synth (insert X H); X\<in> synth H |] ==> Y\<in> synth H" |
643 (*TOO SLOW |
643 (*TOO SLOW |
644 by (metis insert_absorb insert_mono insert_subset synth_idem synth_increasing synth_mono) |
644 by (metis insert_absorb insert_mono insert_subset synth_idem synth_increasing synth_mono) |
645 *) |
645 *) |
646 by (erule synth_trans, blast) |
646 by (erule synth_trans, blast) |
668 by (unfold keysFor_def, blast) |
668 by (unfold keysFor_def, blast) |
669 |
669 |
670 |
670 |
671 subsubsection{*Combinations of parts, analz and synth *} |
671 subsubsection{*Combinations of parts, analz and synth *} |
672 |
672 |
673 ML{*AtpThread.problem_name := "Message__parts_synth"*} |
673 ML{*AtpWrapper.problem_name := "Message__parts_synth"*} |
674 lemma parts_synth [simp]: "parts (synth H) = parts H \<union> synth H" |
674 lemma parts_synth [simp]: "parts (synth H) = parts H \<union> synth H" |
675 apply (rule equalityI) |
675 apply (rule equalityI) |
676 apply (rule subsetI) |
676 apply (rule subsetI) |
677 apply (erule parts.induct) |
677 apply (erule parts.induct) |
678 apply (metis UnCI) |
678 apply (metis UnCI) |
683 done |
683 done |
684 |
684 |
685 |
685 |
686 |
686 |
687 |
687 |
688 ML{*AtpThread.problem_name := "Message__analz_analz_Un"*} |
688 ML{*AtpWrapper.problem_name := "Message__analz_analz_Un"*} |
689 lemma analz_analz_Un [simp]: "analz (analz G \<union> H) = analz (G \<union> H)" |
689 lemma analz_analz_Un [simp]: "analz (analz G \<union> H) = analz (G \<union> H)" |
690 apply (rule equalityI); |
690 apply (rule equalityI); |
691 apply (metis analz_idem analz_subset_cong order_eq_refl) |
691 apply (metis analz_idem analz_subset_cong order_eq_refl) |
692 apply (metis analz_increasing analz_subset_cong order_eq_refl) |
692 apply (metis analz_increasing analz_subset_cong order_eq_refl) |
693 done |
693 done |
694 |
694 |
695 ML{*AtpThread.problem_name := "Message__analz_synth_Un"*} |
695 ML{*AtpWrapper.problem_name := "Message__analz_synth_Un"*} |
696 declare analz_mono [intro] analz.Fst [intro] analz.Snd [intro] Un_least [intro] |
696 declare analz_mono [intro] analz.Fst [intro] analz.Snd [intro] Un_least [intro] |
697 lemma analz_synth_Un [simp]: "analz (synth G \<union> H) = analz (G \<union> H) \<union> synth G" |
697 lemma analz_synth_Un [simp]: "analz (synth G \<union> H) = analz (G \<union> H) \<union> synth G" |
698 apply (rule equalityI) |
698 apply (rule equalityI) |
699 apply (rule subsetI) |
699 apply (rule subsetI) |
700 apply (erule analz.induct) |
700 apply (erule analz.induct) |
704 apply (blast intro: analz.Decrypt) |
704 apply (blast intro: analz.Decrypt) |
705 apply blast |
705 apply blast |
706 done |
706 done |
707 |
707 |
708 |
708 |
709 ML{*AtpThread.problem_name := "Message__analz_synth"*} |
709 ML{*AtpWrapper.problem_name := "Message__analz_synth"*} |
710 lemma analz_synth [simp]: "analz (synth H) = analz H \<union> synth H" |
710 lemma analz_synth [simp]: "analz (synth H) = analz H \<union> synth H" |
711 proof (neg_clausify) |
711 proof (neg_clausify) |
712 assume 0: "analz (synth H) \<noteq> analz H \<union> synth H" |
712 assume 0: "analz (synth H) \<noteq> analz H \<union> synth H" |
713 have 1: "\<And>X1 X3. sup (analz (sup X3 X1)) (synth X3) = analz (sup (synth X3) X1)" |
713 have 1: "\<And>X1 X3. sup (analz (sup X3 X1)) (synth X3) = analz (sup (synth X3) X1)" |
714 by (metis analz_synth_Un sup_set_eq sup_set_eq sup_set_eq) |
714 by (metis analz_synth_Un sup_set_eq sup_set_eq sup_set_eq) |
727 qed |
727 qed |
728 |
728 |
729 |
729 |
730 subsubsection{*For reasoning about the Fake rule in traces *} |
730 subsubsection{*For reasoning about the Fake rule in traces *} |
731 |
731 |
732 ML{*AtpThread.problem_name := "Message__parts_insert_subset_Un"*} |
732 ML{*AtpWrapper.problem_name := "Message__parts_insert_subset_Un"*} |
733 lemma parts_insert_subset_Un: "X\<in> G ==> parts(insert X H) \<subseteq> parts G \<union> parts H" |
733 lemma parts_insert_subset_Un: "X\<in> G ==> parts(insert X H) \<subseteq> parts G \<union> parts H" |
734 proof (neg_clausify) |
734 proof (neg_clausify) |
735 assume 0: "X \<in> G" |
735 assume 0: "X \<in> G" |
736 assume 1: "\<not> parts (insert X H) \<subseteq> parts G \<union> parts H" |
736 assume 1: "\<not> parts (insert X H) \<subseteq> parts G \<union> parts H" |
737 have 2: "\<not> parts (insert X H) \<subseteq> parts (G \<union> H)" |
737 have 2: "\<not> parts (insert X H) \<subseteq> parts (G \<union> H)" |
746 by (metis 5 UnCI) |
746 by (metis 5 UnCI) |
747 show "False" |
747 show "False" |
748 by (metis 6 0) |
748 by (metis 6 0) |
749 qed |
749 qed |
750 |
750 |
751 ML{*AtpThread.problem_name := "Message__Fake_parts_insert"*} |
751 ML{*AtpWrapper.problem_name := "Message__Fake_parts_insert"*} |
752 lemma Fake_parts_insert: |
752 lemma Fake_parts_insert: |
753 "X \<in> synth (analz H) ==> |
753 "X \<in> synth (analz H) ==> |
754 parts (insert X H) \<subseteq> synth (analz H) \<union> parts H" |
754 parts (insert X H) \<subseteq> synth (analz H) \<union> parts H" |
755 proof (neg_clausify) |
755 proof (neg_clausify) |
756 assume 0: "X \<in> synth (analz H)" |
756 assume 0: "X \<in> synth (analz H)" |
789 lemma Fake_parts_insert_in_Un: |
789 lemma Fake_parts_insert_in_Un: |
790 "[|Z \<in> parts (insert X H); X: synth (analz H)|] |
790 "[|Z \<in> parts (insert X H); X: synth (analz H)|] |
791 ==> Z \<in> synth (analz H) \<union> parts H"; |
791 ==> Z \<in> synth (analz H) \<union> parts H"; |
792 by (blast dest: Fake_parts_insert [THEN subsetD, dest]) |
792 by (blast dest: Fake_parts_insert [THEN subsetD, dest]) |
793 |
793 |
794 ML{*AtpThread.problem_name := "Message__Fake_analz_insert"*} |
794 ML{*AtpWrapper.problem_name := "Message__Fake_analz_insert"*} |
795 declare analz_mono [intro] synth_mono [intro] |
795 declare analz_mono [intro] synth_mono [intro] |
796 lemma Fake_analz_insert: |
796 lemma Fake_analz_insert: |
797 "X\<in> synth (analz G) ==> |
797 "X\<in> synth (analz G) ==> |
798 analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)" |
798 analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)" |
799 by (metis Un_commute Un_insert_left Un_insert_right Un_upper1 analz_analz_Un analz_mono analz_synth_Un equalityE insert_absorb order_le_less xt1(12)) |
799 by (metis Un_commute Un_insert_left Un_insert_right Un_upper1 analz_analz_Un analz_mono analz_synth_Un equalityE insert_absorb order_le_less xt1(12)) |
800 |
800 |
801 ML{*AtpThread.problem_name := "Message__Fake_analz_insert_simpler"*} |
801 ML{*AtpWrapper.problem_name := "Message__Fake_analz_insert_simpler"*} |
802 (*simpler problems? BUT METIS CAN'T PROVE |
802 (*simpler problems? BUT METIS CAN'T PROVE |
803 lemma Fake_analz_insert_simpler: |
803 lemma Fake_analz_insert_simpler: |
804 "X\<in> synth (analz G) ==> |
804 "X\<in> synth (analz G) ==> |
805 analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)" |
805 analz (insert X H) \<subseteq> synth (analz G) \<union> analz (G \<union> H)" |
806 apply (rule subsetI) |
806 apply (rule subsetI) |