74 |
74 |
75 |
75 |
76 subsection\<open>Function "knows"\<close> |
76 subsection\<open>Function "knows"\<close> |
77 |
77 |
78 (*Spy sees shared keys of agents!*) |
78 (*Spy sees shared keys of agents!*) |
79 lemma Spy_knows_Spy_bad [intro!]: "A: bad ==> Key (shrK A) \<in> knows Spy evs" |
79 lemma Spy_knows_Spy_bad [intro!]: "A \<in> bad \<Longrightarrow> Key (shrK A) \<in> knows Spy evs" |
80 apply (induct_tac "evs") |
80 apply (induct_tac "evs") |
81 apply (simp_all (no_asm_simp) add: imageI knows_Cons split: event.split) |
81 apply (simp_all (no_asm_simp) add: imageI knows_Cons split: event.split) |
82 done |
82 done |
83 |
83 |
84 (*For case analysis on whether or not an agent is compromised*) |
84 (*For case analysis on whether or not an agent is compromised*) |
85 lemma Crypt_Spy_analz_bad: "[| Crypt (shrK A) X \<in> analz (knows Spy evs); A: bad |] |
85 lemma Crypt_Spy_analz_bad: "[| Crypt (shrK A) X \<in> analz (knows Spy evs); A \<in> bad |] |
86 ==> X \<in> analz (knows Spy evs)" |
86 ==> X \<in> analz (knows Spy evs)" |
87 by (metis Spy_knows_Spy_bad analz.Inj analz_Decrypt') |
87 by (metis Spy_knows_Spy_bad analz.Inj analz_Decrypt') |
88 |
88 |
89 |
89 |
90 (** Fresh keys never clash with long-term shared keys **) |
90 (** Fresh keys never clash with long-term shared keys **) |
118 |
118 |
119 |
119 |
120 subsection\<open>Supply fresh nonces for possibility theorems.\<close> |
120 subsection\<open>Supply fresh nonces for possibility theorems.\<close> |
121 |
121 |
122 (*In any trace, there is an upper bound N on the greatest nonce in use.*) |
122 (*In any trace, there is an upper bound N on the greatest nonce in use.*) |
123 lemma Nonce_supply_lemma: "\<exists>N. ALL n. N<=n --> Nonce n \<notin> used evs" |
123 lemma Nonce_supply_lemma: "\<exists>N. \<forall>n. N \<le> n \<longrightarrow> Nonce n \<notin> used evs" |
124 apply (induct_tac "evs") |
124 apply (induct_tac "evs") |
125 apply (rule_tac x = 0 in exI) |
125 apply (rule_tac x = 0 in exI) |
126 apply (simp_all (no_asm_simp) add: used_Cons split: event.split) |
126 apply (simp_all (no_asm_simp) add: used_Cons split: event.split) |
127 apply (metis le_sup_iff msg_Nonce_supply) |
127 apply (metis le_sup_iff msg_Nonce_supply) |
128 done |
128 done |
129 |
129 |
130 lemma Nonce_supply1: "\<exists>N. Nonce N \<notin> used evs" |
130 lemma Nonce_supply1: "\<exists>N. Nonce N \<notin> used evs" |
131 by (metis Nonce_supply_lemma order_eq_iff) |
131 by (metis Nonce_supply_lemma order_eq_iff) |
132 |
132 |
133 lemma Nonce_supply2: "\<exists>N N'. Nonce N \<notin> used evs & Nonce N' \<notin> used evs' & N \<noteq> N'" |
133 lemma Nonce_supply2: "\<exists>N N'. Nonce N \<notin> used evs \<and> Nonce N' \<notin> used evs' \<and> N \<noteq> N'" |
134 apply (cut_tac evs = evs in Nonce_supply_lemma) |
134 apply (cut_tac evs = evs in Nonce_supply_lemma) |
135 apply (cut_tac evs = "evs'" in Nonce_supply_lemma, clarify) |
135 apply (cut_tac evs = "evs'" in Nonce_supply_lemma, clarify) |
136 apply (metis Suc_n_not_le_n nat_le_linear) |
136 apply (metis Suc_n_not_le_n nat_le_linear) |
137 done |
137 done |
138 |
138 |
139 lemma Nonce_supply3: "\<exists>N N' N''. Nonce N \<notin> used evs & Nonce N' \<notin> used evs' & |
139 lemma Nonce_supply3: "\<exists>N N' N''. Nonce N \<notin> used evs \<and> Nonce N' \<notin> used evs' \<and> |
140 Nonce N'' \<notin> used evs'' & N \<noteq> N' & N' \<noteq> N'' & N \<noteq> N''" |
140 Nonce N'' \<notin> used evs'' \<and> N \<noteq> N' \<and> N' \<noteq> N'' \<and> N \<noteq> N''" |
141 apply (cut_tac evs = evs in Nonce_supply_lemma) |
141 apply (cut_tac evs = evs in Nonce_supply_lemma) |
142 apply (cut_tac evs = "evs'" in Nonce_supply_lemma) |
142 apply (cut_tac evs = "evs'" in Nonce_supply_lemma) |
143 apply (cut_tac evs = "evs''" in Nonce_supply_lemma, clarify) |
143 apply (cut_tac evs = "evs''" in Nonce_supply_lemma, clarify) |
144 apply (rule_tac x = N in exI) |
144 apply (rule_tac x = N in exI) |
145 apply (rule_tac x = "Suc (N+Na)" in exI) |
145 apply (rule_tac x = "Suc (N+Na)" in exI) |
146 apply (rule_tac x = "Suc (Suc (N+Na+Nb))" in exI) |
146 apply (rule_tac x = "Suc (Suc (N+Na+Nb))" in exI) |
147 apply (simp (no_asm_simp) add: less_not_refl3 le_add1 le_add2 less_Suc_eq_le) |
147 apply (simp (no_asm_simp) add: less_not_refl3 le_add1 le_add2 less_Suc_eq_le) |
148 done |
148 done |
149 |
149 |
150 lemma Nonce_supply: "Nonce (@ N. Nonce N \<notin> used evs) \<notin> used evs" |
150 lemma Nonce_supply: "Nonce (SOME N. Nonce N \<notin> used evs) \<notin> used evs" |
151 apply (rule Nonce_supply_lemma [THEN exE]) |
151 apply (rule Nonce_supply_lemma [THEN exE]) |
152 apply (rule someI, blast) |
152 apply (rule someI, blast) |
153 done |
153 done |
154 |
154 |
155 text\<open>Unlike the corresponding property of nonces, we cannot prove |
155 text\<open>Unlike the corresponding property of nonces, we cannot prove |
156 @{term "finite KK ==> \<exists>K. K \<notin> KK & Key K \<notin> used evs"}. |
156 @{term "finite KK ==> \<exists>K. K \<notin> KK \<and> Key K \<notin> used evs"}. |
157 We have infinitely many agents and there is nothing to stop their |
157 We have infinitely many agents and there is nothing to stop their |
158 long-term keys from exhausting all the natural numbers. Instead, |
158 long-term keys from exhausting all the natural numbers. Instead, |
159 possibility theorems must assume the existence of a few keys.\<close> |
159 possibility theorems must assume the existence of a few keys.\<close> |
160 |
160 |
161 |
161 |
162 subsection\<open>Specialized Rewriting for Theorems About @{term analz} and Image\<close> |
162 subsection\<open>Specialized Rewriting for Theorems About @{term analz} and Image\<close> |
163 |
163 |
164 lemma subset_Compl_range: "A <= - (range shrK) ==> shrK x \<notin> A" |
164 lemma subset_Compl_range: "A \<subseteq> - (range shrK) \<Longrightarrow> shrK x \<notin> A" |
165 by blast |
165 by blast |
166 |
166 |
167 lemma insert_Key_singleton: "insert (Key K) H = Key ` {K} \<union> H" |
167 lemma insert_Key_singleton: "insert (Key K) H = Key ` {K} \<union> H" |
168 by blast |
168 by blast |
169 |
169 |
182 insert_Key_singleton subset_Compl_range |
182 insert_Key_singleton subset_Compl_range |
183 Key_not_used insert_Key_image Un_assoc [THEN sym] |
183 Key_not_used insert_Key_image Un_assoc [THEN sym] |
184 |
184 |
185 (*Lemma for the trivial direction of the if-and-only-if*) |
185 (*Lemma for the trivial direction of the if-and-only-if*) |
186 lemma analz_image_freshK_lemma: |
186 lemma analz_image_freshK_lemma: |
187 "(Key K \<in> analz (Key`nE \<union> H)) --> (K \<in> nE | Key K \<in> analz H) ==> |
187 "(Key K \<in> analz (Key`nE \<union> H)) \<longrightarrow> (K \<in> nE | Key K \<in> analz H) ==> |
188 (Key K \<in> analz (Key`nE \<union> H)) = (K \<in> nE | Key K \<in> analz H)" |
188 (Key K \<in> analz (Key`nE \<union> H)) = (K \<in> nE | Key K \<in> analz H)" |
189 by (blast intro: analz_mono [THEN [2] rev_subsetD]) |
189 by (blast intro: analz_mono [THEN [2] rev_subsetD]) |
190 |
190 |
191 |
191 |
192 subsection\<open>Tactics for possibility theorems\<close> |
192 subsection\<open>Tactics for possibility theorems\<close> |