Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/Auth/ZhouGollmann.thy
changeset 23746 a455e69c31cc
parent 21404 eb85850d3eb7
child 32960 69916a850301
equal deleted inserted replaced
23745:28df61d931e2 23746:a455e69c31cc 
    27         use the protocol*}
 
    27         use the protocol*}
 
    28    "broken == bad - {Spy}"
 
    28    "broken == bad - {Spy}"
 
    29 
    29 
    30 declare broken_def [simp]
 
    30 declare broken_def [simp]
 
    31 
    31 
    32 consts  zg  :: "event list set"
 
    32 inductive_set zg :: "event list set"
 
    33 
    33   where
 
    34 inductive zg
 
       
    35   intros
 
       
    36 
    34 
    37   Nil:  "[] \<in> zg"
 
    35   Nil:  "[] \<in> zg"
 
    38 
    36 
    39   Fake: "[| evsf \<in> zg;  X \<in> synth (analz (spies evsf)) |]
 
    37 | Fake: "[| evsf \<in> zg;  X \<in> synth (analz (spies evsf)) |]
 
    40 	 ==> Says Spy B X  # evsf \<in> zg"
 
    38 	 ==> Says Spy B X  # evsf \<in> zg"
 
    41 
    39 
    42 Reception:  "[| evsr \<in> zg; Says A B X \<in> set evsr |] ==> Gets B X # evsr \<in> zg"
 
    40 | Reception:  "[| evsr \<in> zg; Says A B X \<in> set evsr |] ==> Gets B X # evsr \<in> zg"
 
    43 
    41 
    44   (*L is fresh for honest agents.
 
    42   (*L is fresh for honest agents.
 
    45     We don't require K to be fresh because we don't bother to prove secrecy!
 
    43     We don't require K to be fresh because we don't bother to prove secrecy!
 
    46     We just assume that the protocol's objective is to deliver K fairly,
 
    44     We just assume that the protocol's objective is to deliver K fairly,
 
    47     rather than to keep M secret.*)
 
    45     rather than to keep M secret.*)
 
    48   ZG1: "[| evs1 \<in> zg;  Nonce L \<notin> used evs1; C = Crypt K (Number m);
 
    46 | ZG1: "[| evs1 \<in> zg;  Nonce L \<notin> used evs1; C = Crypt K (Number m);
 
    49 	   K \<in> symKeys;
 
    47 	   K \<in> symKeys;
 
    50 	   NRO = Crypt (priK A) {|Number f_nro, Agent B, Nonce L, C|}|]
 
    48 	   NRO = Crypt (priK A) {|Number f_nro, Agent B, Nonce L, C|}|]
 
    51        ==> Says A B {|Number f_nro, Agent B, Nonce L, C, NRO|} # evs1 \<in> zg"
 
    49        ==> Says A B {|Number f_nro, Agent B, Nonce L, C, NRO|} # evs1 \<in> zg"
 
    52 
    50 
    53   (*B must check that NRO is A's signature to learn the sender's name*)
 
    51   (*B must check that NRO is A's signature to learn the sender's name*)
 
    54   ZG2: "[| evs2 \<in> zg;
 
    52 | ZG2: "[| evs2 \<in> zg;
 
    55 	   Gets B {|Number f_nro, Agent B, Nonce L, C, NRO|} \<in> set evs2;
 
    53 	   Gets B {|Number f_nro, Agent B, Nonce L, C, NRO|} \<in> set evs2;
 
    56 	   NRO = Crypt (priK A) {|Number f_nro, Agent B, Nonce L, C|};
 
    54 	   NRO = Crypt (priK A) {|Number f_nro, Agent B, Nonce L, C|};
 
    57 	   NRR = Crypt (priK B) {|Number f_nrr, Agent A, Nonce L, C|}|]
 
    55 	   NRR = Crypt (priK B) {|Number f_nrr, Agent A, Nonce L, C|}|]
 
    58        ==> Says B A {|Number f_nrr, Agent A, Nonce L, NRR|} # evs2  \<in>  zg"
 
    56        ==> Says B A {|Number f_nrr, Agent A, Nonce L, NRR|} # evs2  \<in>  zg"
 
    59 
    57 
    60   (*A must check that NRR is B's signature to learn the sender's name;
 
    58   (*A must check that NRR is B's signature to learn the sender's name;
 
    61     without spy, the matching label would be enough*)
 
    59     without spy, the matching label would be enough*)
 
    62   ZG3: "[| evs3 \<in> zg; C = Crypt K M; K \<in> symKeys;
 
    60 | ZG3: "[| evs3 \<in> zg; C = Crypt K M; K \<in> symKeys;
 
    63 	   Says A B {|Number f_nro, Agent B, Nonce L, C, NRO|} \<in> set evs3;
 
    61 	   Says A B {|Number f_nro, Agent B, Nonce L, C, NRO|} \<in> set evs3;
 
    64 	   Gets A {|Number f_nrr, Agent A, Nonce L, NRR|} \<in> set evs3;
 
    62 	   Gets A {|Number f_nrr, Agent A, Nonce L, NRR|} \<in> set evs3;
 
    65 	   NRR = Crypt (priK B) {|Number f_nrr, Agent A, Nonce L, C|};
 
    63 	   NRR = Crypt (priK B) {|Number f_nrr, Agent A, Nonce L, C|};
 
    66 	   sub_K = Crypt (priK A) {|Number f_sub, Agent B, Nonce L, Key K|}|]
 
    64 	   sub_K = Crypt (priK A) {|Number f_sub, Agent B, Nonce L, Key K|}|]
 
    67        ==> Says A TTP {|Number f_sub, Agent B, Nonce L, Key K, sub_K|}
 
    65        ==> Says A TTP {|Number f_sub, Agent B, Nonce L, Key K, sub_K|}
 
    71    gives credentials to A and B.  The Notes event models the availability of
 
    69    gives credentials to A and B.  The Notes event models the availability of
 
    72    the credentials, but the act of fetching them is not modelled.  We also
 
    70    the credentials, but the act of fetching them is not modelled.  We also
 
    73    give con_K to the Spy. This makes the threat model more dangerous, while 
    71    give con_K to the Spy. This makes the threat model more dangerous, while 
    74    also allowing lemma @{text Crypt_used_imp_spies} to omit the condition
 
    72    also allowing lemma @{text Crypt_used_imp_spies} to omit the condition
 
    75    @{term "K \<noteq> priK TTP"}. *)
 
    73    @{term "K \<noteq> priK TTP"}. *)
 
    76   ZG4: "[| evs4 \<in> zg; K \<in> symKeys;
 
    74 | ZG4: "[| evs4 \<in> zg; K \<in> symKeys;
 
    77 	   Gets TTP {|Number f_sub, Agent B, Nonce L, Key K, sub_K|}
 
    75 	   Gets TTP {|Number f_sub, Agent B, Nonce L, Key K, sub_K|}
 
    78 	     \<in> set evs4;
 
    76 	     \<in> set evs4;
 
    79 	   sub_K = Crypt (priK A) {|Number f_sub, Agent B, Nonce L, Key K|};
 
    77 	   sub_K = Crypt (priK A) {|Number f_sub, Agent B, Nonce L, Key K|};
 
    80 	   con_K = Crypt (priK TTP) {|Number f_con, Agent A, Agent B,
 
    78 	   con_K = Crypt (priK TTP) {|Number f_con, Agent A, Agent B,
 
    81 				      Nonce L, Key K|}|]
 
    79 				      Nonce L, Key K|}|]
isabelle