Mercurial Mercurial > repos > isabelle / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/HOL/Auth/Recur.thy
changeset 14200 d8598e24f8fa
parent 13956 8fe7e12290e1
child 14207 f20fbb141673
equal deleted inserted replaced
14199:d3b8d972a488 14200:d8598e24f8fa 
   115         By induction on a list of agents (no repetitions)
 
   115         By induction on a list of agents (no repetitions)
 
   116 **)
 
   116 **)
 
   117 
   117 
   118 
   118 
   119 text{*Simplest case: Alice goes directly to the server*}
 
   119 text{*Simplest case: Alice goes directly to the server*}
 
   120 lemma "\<exists>K NA. \<exists>evs \<in> recur.
 
   120 lemma "Key K \<notin> used [] 
   121    Says Server A {|Crypt (shrK A) {|Key K, Agent Server, Nonce NA|},
 
   121        ==> \<exists>NA. \<exists>evs \<in> recur.
 
   122                    END|}  \<in> set evs"
 
   122               Says Server A {|Crypt (shrK A) {|Key K, Agent Server, Nonce NA|},
 
       
   123                     END|}  \<in> set evs"
 
   123 apply (intro exI bexI)
 
   124 apply (intro exI bexI)
 
   124 apply (rule_tac [2] recur.Nil [THEN recur.RA1, 
   125 apply (rule_tac [2] recur.Nil [THEN recur.RA1, 
   125                              THEN recur.RA3 [OF _ _ respond.One]], possibility)
 
   126                              THEN recur.RA3 [OF _ _ respond.One]])
 
       
   127 apply (possibility, simp add: used_Cons) 
   126 done
 
   128 done
 
   127 
   129 
   128 
   130 
   129 text{*Case two: Alice, Bob and the server*}
 
   131 text{*Case two: Alice, Bob and the server*}
 
   130 lemma "\<exists>K. \<exists>NA. \<exists>evs \<in> recur.
 
   132 lemma "[| Key K \<notin> used []; Key K' \<notin> used []; K \<noteq> K' |]
 
       
   133        ==> \<exists>K. \<exists>NA. \<exists>evs \<in> recur.
 
   131         Says B A {|Crypt (shrK A) {|Key K, Agent B, Nonce NA|},
 
   134         Says B A {|Crypt (shrK A) {|Key K, Agent B, Nonce NA|},
 
   132                    END|}  \<in> set evs"
 
   135                    END|}  \<in> set evs"
 
   133 apply (cut_tac Nonce_supply2 Key_supply2, clarify)
 
   136 apply (cut_tac Nonce_supply2, clarify)
 
   134 apply (intro exI bexI)
 
   137 apply (intro exI bexI)
 
   135 apply (rule_tac [2] 
   138 apply (rule_tac [2] 
   136           recur.Nil [THEN recur.RA1, 
   139           recur.Nil [THEN recur.RA1, 
   137                      THEN recur.RA2,
 
   140                      THEN recur.RA2,
 
   138                      THEN recur.RA3 [OF _ _ respond.One [THEN respond.Cons]],
 
   141                      THEN recur.RA3 [OF _ _ respond.One [THEN respond.Cons]],
 
   139                      THEN recur.RA4])
 
   142                      THEN recur.RA4])
 
   140 apply (tactic "basic_possibility_tac")
 
   143 apply possibility
 
   141 apply (tactic
 
   144 apply (auto simp add: used_Cons)
 
   142       "DEPTH_SOLVE (eresolve_tac [asm_rl, less_not_refl2, less_not_refl3] 1)")
 
   145 done
 
   143 done
 
   146 
   144 
   147 (*Case three: Alice, Bob, Charlie and the server Rather slow (5 seconds)*)
 
   145 (*Case three: Alice, Bob, Charlie and the server
 
   148 lemma "[| Key K \<notin> used []; Key K' \<notin> used [];  
   146   Rather slow (16 seconds) to run every time...
 
   149                        Key K'' \<notin> used []; K \<noteq> K'; K' \<noteq> K''; K \<noteq> K'' |]
 
   147 lemma "\<exists>K. \<exists>NA. \<exists>evs \<in> recur.
 
   150        ==> \<exists>K. \<exists>NA. \<exists>evs \<in> recur.
 
   148         Says B A {|Crypt (shrK A) {|Key K, Agent B, Nonce NA|},
 
   151              Says B A {|Crypt (shrK A) {|Key K, Agent B, Nonce NA|},
 
   149                    END|}  \<in> set evs"
 
   152                         END|}  \<in> set evs"
 
   150 apply (tactic "cut_facts_tac [Nonce_supply3, Key_supply3] 1", clarify)
 
   153 apply (cut_tac Nonce_supply3, clarify)
 
   151 apply (intro exI bexI)
 
   154 apply (intro exI bexI)
 
   152 apply (rule_tac [2] 
   155 apply (rule_tac [2] 
   153           recur.Nil [THEN recur.RA1, 
   156           recur.Nil [THEN recur.RA1, 
   154                      THEN recur.RA2, THEN recur.RA2,
 
   157                      THEN recur.RA2, THEN recur.RA2,
 
   155                      THEN recur.RA3 
   158                      THEN recur.RA3 
   156                           [OF _ _ respond.One 
   159                           [OF _ _ respond.One 
   157                                   [THEN respond.Cons, THEN respond.Cons]],
 
   160                                   [THEN respond.Cons, THEN respond.Cons]],
 
   158                      THEN recur.RA4, THEN recur.RA4])
 
   161                      THEN recur.RA4, THEN recur.RA4])
 
   159 apply (tactic "basic_possibility_tac")
 
   162 apply (tactic "basic_possibility_tac")
 
   160 apply (tactic
 
   163 apply (tactic "DEPTH_SOLVE (swap_res_tac [refl, conjI, disjCI] 1)")
 
   161       "DEPTH_SOLVE (swap_res_tac [refl, conjI, disjCI] 1 ORELSE \
 
   164 done
 
   162 \                   eresolve_tac [asm_rl, less_not_refl2, less_not_refl3] 1)")
 
       
   163 done
 
       
   164 *)
 
       
   165 
   165 
   166 (**** Inductive proofs about recur ****)
 
   166 (**** Inductive proofs about recur ****)
 
   167 
   167 
   168 lemma respond_imp_not_used: "(PA,RB,KAB) \<in> respond evs ==> Key KAB \<notin> used evs"
 
   168 lemma respond_imp_not_used: "(PA,RB,KAB) \<in> respond evs ==> Key KAB \<notin> used evs"
 
   169 by (erule respond.induct, simp_all)
 
   169 by (erule respond.induct, simp_all)
isabelle