equal
deleted
inserted
replaced
63 |
63 |
64 (** Theorems of the form X ~: parts (spies evs) imply that NOBODY |
64 (** Theorems of the form X ~: parts (spies evs) imply that NOBODY |
65 sends messages containing X! **) |
65 sends messages containing X! **) |
66 |
66 |
67 (*Spy never sees another agent's private key! (unless it's bad at start)*) |
67 (*Spy never sees another agent's private key! (unless it's bad at start)*) |
68 Goal "Invariant Nprg {s. (Key (priK A) : parts (spies s)) = (A : bad)}"; |
68 (* |
69 by (rtac InvariantI 1); |
69 Goal "Invariant Nprg {s. (Key (priK A) : parts (spies s)) = (A : bad)}"; |
70 by (Force_tac 1); |
70 by (rtac InvariantI 1); |
71 by (constrains_tac 1); |
71 by (Force_tac 1); |
72 by Auto_tac; |
72 by (constrains_tac 1); |
73 qed "Spy_see_priK"; |
73 by Auto_tac; |
74 |
74 qed "Spy_see_priK"; |
75 (** HOW TO USE?? |
|
76 Addsimps [Spy_see_priK]; |
|
77 *) |
75 *) |
78 |
76 |
79 Goal "s : reachable Nprg ==> (Key (priK A) : parts (spies s)) = (A : bad)"; |
77 Goal "s : reachable Nprg ==> (Key (priK A) : parts (spies s)) = (A : bad)"; |
80 be reachable.induct 1; |
78 be reachable.induct 1; |
81 by Auto_tac; |
79 by Auto_tac; |