src/HOL/Auth/Recur.ML

 qed "respond_imp_responses";
 
 
 (** For reasoning about the encrypted portion of messages **)
 
-val RA2_analz_sees_Spy = Says_imp_sees_Spy RS analz.Inj |> standard;
+val RA2_analz_spies = Says_imp_spies RS analz.Inj |> standard;
 
 goal thy "!!evs. Says C' B {|Crypt K X, X', RA|} : set evs \
-\                ==> RA : analz (sees Spy evs)";
-by (blast_tac (!claset addSDs [Says_imp_sees_Spy RS analz.Inj]) 1);
-qed "RA4_analz_sees_Spy";
+\                ==> RA : analz (spies evs)";
+by (blast_tac (!claset addSDs [Says_imp_spies RS analz.Inj]) 1);
+qed "RA4_analz_spies";
 
 (*RA2_analz... and RA4_analz... let us treat those cases using the same 
   argument as for the Fake case.  This is possible for most, but not all,
   proofs: Fake does not invent new nonces (as in RA2), and of course Fake
   messages originate from the Spy. *)
 
-bind_thm ("RA2_parts_sees_Spy",
-          RA2_analz_sees_Spy RS (impOfSubs analz_subset_parts));
-bind_thm ("RA4_parts_sees_Spy",
-          RA4_analz_sees_Spy RS (impOfSubs analz_subset_parts));
-
-(*For proving the easier theorems about X ~: parts (sees Spy evs).*)
+bind_thm ("RA2_parts_spies",
+          RA2_analz_spies RS (impOfSubs analz_subset_parts));
+bind_thm ("RA4_parts_spies",
+          RA4_analz_spies RS (impOfSubs analz_subset_parts));
+
+(*For proving the easier theorems about X ~: parts (spies evs).*)
 fun parts_induct_tac i = 
     etac recur.induct i				THEN
-    forward_tac [RA2_parts_sees_Spy] (i+3)	THEN
+    forward_tac [RA2_parts_spies] (i+3)	THEN
     etac subst (i+3) (*RA2: DELETE needless definition of PA!*)  THEN
     forward_tac [respond_imp_responses] (i+4)	THEN
-    forward_tac [RA4_parts_sees_Spy] (i+5)	THEN
+    forward_tac [RA4_parts_spies] (i+5)	THEN
     prove_simple_subgoals_tac i;
 
 
-(** Theorems of the form X ~: parts (sees Spy evs) imply that NOBODY
+(** Theorems of the form X ~: parts (spies evs) imply that NOBODY
     sends messages containing X! **)
 
 
-(** Spy never sees another agent's shared key! (unless it's lost at start) **)
-
-goal thy 
- "!!evs. evs : recur ==> (Key (shrK A) : parts (sees Spy evs)) = (A : lost)";
+(** Spy never sees another agent's shared key! (unless it's bad at start) **)
+
+goal thy 
+ "!!evs. evs : recur ==> (Key (shrK A) : parts (spies evs)) = (A : bad)";
 by (parts_induct_tac 1);
 by (Fake_parts_insert_tac 1);
 by (ALLGOALS 
-    (asm_simp_tac (!simpset addsimps [parts_insert2, parts_insert_sees])));
+    (asm_simp_tac (!simpset addsimps [parts_insert2, parts_insert_spies])));
 (*RA3*)
 by (blast_tac (!claset addDs [Key_in_parts_respond]) 2);
 (*RA2*)
 by (blast_tac (!claset addSEs partsEs  addDs [parts_cut]) 1);
 qed "Spy_see_shrK";
 Addsimps [Spy_see_shrK];
 
 goal thy 
- "!!evs. evs : recur ==> (Key (shrK A) : analz (sees Spy evs)) = (A : lost)";
+ "!!evs. evs : recur ==> (Key (shrK A) : analz (spies evs)) = (A : bad)";
 by (auto_tac(!claset addDs [impOfSubs analz_subset_parts], !simpset));
 qed "Spy_analz_shrK";
 Addsimps [Spy_analz_shrK];
 
-goal thy  "!!A. [| Key (shrK A) : parts (sees Spy evs);       \
-\                  evs : recur |] ==> A:lost";
+goal thy  "!!A. [| Key (shrK A) : parts (spies evs); evs : recur |] ==> A:bad";
 by (blast_tac (!claset addDs [Spy_see_shrK]) 1);
 qed "Spy_see_shrK_D";
 
 bind_thm ("Spy_analz_shrK_D", analz_subset_parts RS subsetD RS Spy_see_shrK_D);
 AddSDs [Spy_see_shrK_D, Spy_analz_shrK_D];

 by (Auto_tac());
 qed_spec_mp "Key_in_keysFor_parts";
 
 
 goal thy "!!evs. evs : recur ==>          \
-\                Key K ~: used evs --> K ~: keysFor (parts (sees Spy evs))";
+\                Key K ~: used evs --> K ~: keysFor (parts (spies evs))";
 by (parts_induct_tac 1);
 (*RA3*)
 by (best_tac (!claset addDs  [Key_in_keysFor_parts]
-	      addss  (!simpset addsimps [parts_insert_sees])) 2);
+	      addss  (!simpset addsimps [parts_insert_spies])) 2);
 (*Fake*)
 by (best_tac
       (!claset addIs [impOfSubs analz_subset_parts]
                addDs [impOfSubs (analz_subset_parts RS keysFor_mono),
                       impOfSubs (parts_insert_subset_Un RS keysFor_mono)]

 
 
 (*** Proofs involving analz ***)
 
 (*For proofs involving analz.*)
-val analz_sees_tac = 
+val analz_spies_tac = 
     etac subst 4 (*RA2: DELETE needless definition of PA!*)  THEN
-    dtac RA2_analz_sees_Spy 4 THEN 
+    dtac RA2_analz_spies 4 THEN 
     forward_tac [respond_imp_responses] 5                THEN
-    dtac RA4_analz_sees_Spy 6;
+    dtac RA4_analz_spies 6;
 
 
 (** Session keys are not used to encrypt other session keys **)
 
 (*Version for "responses" relation.  Handles case RA3 in the theorem below.  
-  Note that it holds for *any* set H (not just "sees Spy evs")
+  Note that it holds for *any* set H (not just "spies evs")
   satisfying the inductive hypothesis.*)
 goal thy  
  "!!evs. [| RB : responses evs;                             \
 \           ALL K KK. KK <= Compl (range shrK) -->          \
 \                     (Key K : analz (Key``KK Un H)) =      \

 
 (*Version for the protocol.  Proof is almost trivial, thanks to the lemma.*)
 goal thy  
  "!!evs. evs : recur ==>                                    \
 \  ALL K KK. KK <= Compl (range shrK) -->                   \
-\            (Key K : analz (Key``KK Un (sees Spy evs))) =  \
-\            (K : KK | Key K : analz (sees Spy evs))";
+\            (Key K : analz (Key``KK Un (spies evs))) =  \
+\            (K : KK | Key K : analz (spies evs))";
 by (etac recur.induct 1);
-by analz_sees_tac;
+by analz_spies_tac;
 by (REPEAT_FIRST (resolve_tac [allI, impI]));
 by (REPEAT_FIRST (rtac analz_image_freshK_lemma ));
 by (ALLGOALS 
     (asm_simp_tac
      (analz_image_freshK_ss addsimps [resp_analz_image_freshK_lemma])));

 by (spy_analz_tac 1);
 val raw_analz_image_freshK = result();
 qed_spec_mp "analz_image_freshK";
 
 
-(*Instance of the lemma with H replaced by (sees Spy evs):
+(*Instance of the lemma with H replaced by (spies evs):
    [| RB : responses evs;  evs : recur; |]
    ==> KK <= Compl (range shrK) --> 
-       Key K : analz (insert RB (Key``KK Un sees Spy evs)) =
-       (K : KK | Key K : analz (insert RB (sees Spy evs))) 
+       Key K : analz (insert RB (Key``KK Un spies evs)) =
+       (K : KK | Key K : analz (insert RB (spies evs))) 
 *)
 bind_thm ("resp_analz_image_freshK",
           raw_analz_image_freshK RSN
             (2, resp_analz_image_freshK_lemma) RS spec RS spec);
 
 goal thy
  "!!evs. [| evs : recur;  KAB ~: range shrK |] ==>              \
-\        Key K : analz (insert (Key KAB) (sees Spy evs)) =      \
-\        (K = KAB | Key K : analz (sees Spy evs))";
+\        Key K : analz (insert (Key KAB) (spies evs)) =      \
+\        (K = KAB | Key K : analz (spies evs))";
 by (asm_simp_tac (analz_image_freshK_ss addsimps [analz_image_freshK]) 1);
 qed "analz_insert_freshK";
 
 
 (*Everything that's hashed is already in past traffic. *)
-goal thy "!!evs. [| Hash {|Key(shrK A), X|} : parts (sees Spy evs);  \
-\                   evs : recur;  A ~: lost |]                       \
-\                ==> X : parts (sees Spy evs)";
+goal thy "!!evs. [| Hash {|Key(shrK A), X|} : parts (spies evs);  \
+\                   evs : recur;  A ~: bad |]                       \
+\                ==> X : parts (spies evs)";
 by (etac rev_mp 1);
 by (parts_induct_tac 1);
 (*RA3 requires a further induction*)
 by (etac responses.induct 2);
 by (ALLGOALS Asm_simp_tac);
 (*Fake*)
-by (simp_tac (!simpset addsimps [parts_insert_sees]) 1);
+by (simp_tac (!simpset addsimps [parts_insert_spies]) 1);
 by (Fake_parts_insert_tac 1);
 qed "Hash_imp_body";
 
 
 (** The Nonce NA uniquely identifies A's message. 

 
   Unicity is not used in other proofs but is desirable in its own right.
 **)
 
 goal thy 
- "!!evs. [| evs : recur; A ~: lost |]                   \
+ "!!evs. [| evs : recur; A ~: bad |]                   \
 \ ==> EX B' P'. ALL B P.                                     \
-\        Hash {|Key(shrK A), Agent A, B, NA, P|} : parts (sees Spy evs) \
+\        Hash {|Key(shrK A), Agent A, B, NA, P|} : parts (spies evs) \
 \          -->  B=B' & P=P'";
 by (parts_induct_tac 1);
 by (Fake_parts_insert_tac 1);
 by (etac responses.induct 3);
 by (ALLGOALS (simp_tac (!simpset addsimps [all_conj_distrib]))); 
 by (step_tac (!claset addSEs partsEs) 1);
 (*RA1,2: creation of new Nonce.  Move assertion into global context*)
 by (ALLGOALS (expand_case_tac "NA = ?y"));
 by (REPEAT_FIRST (ares_tac [exI]));
 by (REPEAT (blast_tac (!claset addSDs [Hash_imp_body]
-                               addSEs sees_Spy_partsEs) 1));
+                               addSEs spies_partsEs) 1));
 val lemma = result();
 
 goalw thy [HPair_def]
- "!!A.[| Hash[Key(shrK A)] {|Agent A, B,NA,P|}   : parts(sees Spy evs); \
-\        Hash[Key(shrK A)] {|Agent A, B',NA,P'|} : parts(sees Spy evs); \
-\        evs : recur;  A ~: lost |]                                     \
+ "!!A.[| Hash[Key(shrK A)] {|Agent A, B,NA,P|}   : parts(spies evs); \
+\        Hash[Key(shrK A)] {|Agent A, B',NA,P'|} : parts(spies evs); \
+\        evs : recur;  A ~: bad |]                                     \
 \      ==> B=B' & P=P'";
 by (REPEAT (eresolve_tac partsEs 1));
 by (prove_unique_tac lemma 1);
 qed "unique_NA";
 

       (relations "respond" and "responses") 
 ***)
 
 goal thy
  "!!evs. [| RB : responses evs;  evs : recur |] \
-\ ==> (Key (shrK B) : analz (insert RB (sees Spy evs))) = (B:lost)";
+\ ==> (Key (shrK B) : analz (insert RB (spies evs))) = (B:bad)";
 by (etac responses.induct 1);
 by (ALLGOALS
     (asm_simp_tac 
      (analz_image_freshK_ss addsimps [Spy_analz_shrK,
                                       resp_analz_image_freshK])));

     Does not in itself guarantee security: an attack could violate 
     the premises, e.g. by having A=Spy **)
 
 goal thy 
  "!!evs. [| (PB,RB,KAB) : respond evs;  evs : recur |]              \
-\        ==> ALL A A' N. A ~: lost & A' ~: lost -->                 \
+\        ==> ALL A A' N. A ~: bad & A' ~: bad -->                 \
 \            Crypt (shrK A) {|Key K, Agent A', N|} : parts{RB} -->  \
-\            Key K ~: analz (insert RB (sees Spy evs))";
+\            Key K ~: analz (insert RB (spies evs))";
 by (etac respond.induct 1);
 by (forward_tac [respond_imp_responses] 2);
 by (forward_tac [respond_imp_not_used] 2);
 by (ALLGOALS (*12 seconds*)
     (asm_simp_tac 

 		               addDs [resp_analz_insert]
 			       addIs  [impOfSubs analz_subset_parts]) 4));
 by (Blast_tac 3);
 by (blast_tac (!claset addSEs partsEs
                        addDs [Key_in_parts_respond]) 2);
-(*by unicity, either B=Aa or B=A', a contradiction since B: lost*)
+(*by unicity, either B=Aa or B=A', a contradiction since B: bad*)
 by (dtac unique_session_keys 1);
 by (etac respond_certificate 1);
 by (assume_tac 1);
 by (Blast_tac 1);
 qed_spec_mp "respond_Spy_not_see_session_key";
 
 
 goal thy
- "!!evs. [| Crypt (shrK A) {|Key K, Agent A', N|}     \
-\              : parts (sees Spy evs);                \
-\           A ~: lost;  A' ~: lost;  evs : recur |]   \
-\        ==> Key K ~: analz (sees Spy evs)";
+ "!!evs. [| Crypt (shrK A) {|Key K, Agent A', N|} : parts (spies evs); \
+\           A ~: bad;  A' ~: bad;  evs : recur |]   \
+\        ==> Key K ~: analz (spies evs)";
 by (etac rev_mp 1);
 by (etac recur.induct 1);
-by analz_sees_tac;
+by analz_spies_tac;
 by (ALLGOALS
     (asm_simp_tac
-     (!simpset addsimps [parts_insert_sees, analz_insert_freshK] 
+     (!simpset addsimps [parts_insert_spies, analz_insert_freshK] 
                setloop split_tac [expand_if])));
 (*RA4*)
 by (spy_analz_tac 5);
 (*RA2*)
 by (spy_analz_tac 3);

 (*Only RA1 or RA2 can have caused such a part of a message to appear.
   This result is of no use to B, who cannot verify the Hash.  Moreover,
   it can say nothing about how recent A's message is.  It might later be
   used to prove B's presence to A at the run's conclusion.*)
 goalw thy [HPair_def]
- "!!evs. [| Hash {|Key(shrK A), Agent A, Agent B, NA, P|}         \
-\             : parts (sees Spy evs);                        \
-\            A ~: lost;  evs : recur |]                      \
+ "!!evs. [| Hash {|Key(shrK A), Agent A, Agent B, NA, P|} : parts(spies evs); \
+\           A ~: bad;  evs : recur |]                      \
 \     ==> Says A B (Hash[Key(shrK A)] {|Agent A, Agent B, NA, P|}) : set evs";
 by (etac rev_mp 1);
 by (parts_induct_tac 1);
 by (Fake_parts_insert_tac 1);
 (*RA3*)

 **)
 
 
 (*Certificates can only originate with the Server.*)
 goal thy 
- "!!evs. [| Crypt (shrK A) Y : parts (sees Spy evs);    \
-\           A ~: lost;  A ~= Spy;  evs : recur |]       \
+ "!!evs. [| Crypt (shrK A) Y : parts (spies evs);    \
+\           A ~: bad;  A ~= Spy;  evs : recur |]       \
 \        ==> EX C RC. Says Server C RC : set evs  &     \
 \                     Crypt (shrK A) Y : parts {RC}";
 by (etac rev_mp 1);
 by (parts_induct_tac 1);
 by (Fake_parts_insert_tac 1);
 (*RA4*)
 by (Blast_tac 4);
 (*RA3*)
-by (full_simp_tac (!simpset addsimps [parts_insert_sees]) 3
+by (full_simp_tac (!simpset addsimps [parts_insert_spies]) 3
     THEN Blast_tac 3);
 (*RA1*)
 by (Blast_tac 1);
 (*RA2: it cannot be a new Nonce, contradiction.*)
 by (Blast_tac 1);