isabelle: comparison src/HOL/Auth/Event.thy

equal deleted inserted replaced

-:cc9f1ba8f29a
+:8b24773de6db
 inj_newK   "inj(newK)"
 fresh_newK "Key (newK evs) ~: parts (initState B)"
 isSym_newK "isSymKey (newK evs)"
-(*NS3 DOESN'T ALLOW INTERLEAVING -- that is, it only responds to the
-MOST RECENT message.*)
 (*Needham-Schroeder Shared-Key protocol (from BAN paper, page 247)*)
 consts  traces   :: "event list set"
 inductive traces
 intrs
 (*Initial trace is empty*)
 |] ==> (Says A Server {|Agent A, Agent B, Nonce (newN evs)|})
 # evs : traces"
 (*Server's response to Alice's message.
 !! It may respond more than once to A's request !!
-	   We can't trust the sender field, hence the A' in it.*)
+	   Server doesn't know who the true sender is, hence the A' in
+the sender field.*)
 NS2  "[| evs: traces;  A ~= B;  A ~= Server;
 (Says A' Server {|Agent A, Agent B, Nonce NA|}) : set_of_list evs
 |] ==> (Says Server A
 (Crypt {|Nonce NA, Agent B, Key (newK evs),
 (Crypt {|Key (newK evs), Agent A|} (serverKey B))|}
 : set_of_list evs;
 A = Friend i;
 (Says A Server {|Agent A, Agent B, Nonce NA|}) : set_of_list evs
 |] ==> (Says A B X) # evs : traces"
+(*Bob's nonce exchange.  He does not know who the message came
+from, but responds to A because she is mentioned inside.*)
 NS4  "[| evs: traces;  A ~= B;
 (Says A' B (Crypt {|Key K, Agent A|} (serverKey B)))
 : set_of_list evs
 |] ==> (Says B A (Crypt (Nonce (newN evs)) K)) # evs : traces"
+(*Alice responds with (Suc N), if she has seen the key before.*)
+NS5  "[| evs: traces;  A ~= B;
+(Says B' A (Crypt (Nonce N) K)) : set_of_list evs;
+(Says S  A (Crypt {|Nonce NA, Agent B, Key K, X|} (serverKey A)))
+: set_of_list evs
+|] ==> (Says A B (Crypt (Nonce (Suc N)) K)) # evs : traces"
 end

changeset 1933	8b24773de6db
parent 1930	cdf9bcd53749
child 1942	6c9c1a42a869