equal
deleted
inserted
replaced
31 (**** Inductive proofs about ns_public ****) |
31 (**** Inductive proofs about ns_public ****) |
32 |
32 |
33 (*Nobody sends themselves messages*) |
33 (*Nobody sends themselves messages*) |
34 goal thy "!!evs. evs : ns_public ==> ALL A X. Says A A X ~: set evs"; |
34 goal thy "!!evs. evs : ns_public ==> ALL A X. Says A A X ~: set evs"; |
35 by (etac ns_public.induct 1); |
35 by (etac ns_public.induct 1); |
36 by (Auto_tac()); |
36 by Auto_tac; |
37 qed_spec_mp "not_Says_to_self"; |
37 qed_spec_mp "not_Says_to_self"; |
38 Addsimps [not_Says_to_self]; |
38 Addsimps [not_Says_to_self]; |
39 AddSEs [not_Says_to_self RSN (2, rev_notE)]; |
39 AddSEs [not_Says_to_self RSN (2, rev_notE)]; |
40 |
40 |
41 |
41 |
284 (*Fake*) |
284 (*Fake*) |
285 by (spy_analz_tac 1); |
285 by (spy_analz_tac 1); |
286 (*NS3: unicity of NB identifies A and NA, but not B*) |
286 (*NS3: unicity of NB identifies A and NA, but not B*) |
287 by (forw_inst_tac [("A'","A")] (Says_imp_spies RS parts.Inj RS unique_NB) 1 |
287 by (forw_inst_tac [("A'","A")] (Says_imp_spies RS parts.Inj RS unique_NB) 1 |
288 THEN REPEAT (eresolve_tac [asm_rl, Says_imp_spies RS parts.Inj] 1)); |
288 THEN REPEAT (eresolve_tac [asm_rl, Says_imp_spies RS parts.Inj] 1)); |
289 by (Auto_tac()); |
289 by Auto_tac; |
290 by (rename_tac "C B' evs3" 1); |
290 by (rename_tac "C B' evs3" 1); |
291 |
291 |
292 (* |
292 (* |
293 THIS IS THE ATTACK! |
293 THIS IS THE ATTACK! |
294 Level 8 |
294 Level 8 |