--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/src/HOL/Auth/Public.thy Thu Dec 05 18:07:27 1996 +0100
@@ -0,0 +1,66 @@
+(* Title: HOL/Auth/Public
+ ID: $Id$
+ Author: Lawrence C Paulson, Cambridge University Computer Laboratory
+ Copyright 1996 University of Cambridge
+
+Theory of Public Keys (common to all symmetric-key protocols)
+
+Server keys; initial states of agents; new nonces and keys; function "sees"
+*)
+
+Public = Message + List +
+
+consts
+ pubK :: agent => key
+
+syntax
+ priK :: agent => key
+
+translations
+ "priK x" == "invKey(pubK x)"
+
+consts (*Initial states of agents -- parameter of the construction*)
+ initState :: [agent set, agent] => msg set
+
+primrec initState agent
+ (*Agents know their private key and all public keys*)
+ initState_Server "initState lost Server =
+ insert (Key (priK Server)) (Key `` range pubK)"
+ initState_Friend "initState lost (Friend i) =
+ insert (Key (priK (Friend i))) (Key `` range pubK)"
+ initState_Spy "initState lost Spy =
+ (Key``invKey``pubK``lost) Un (Key `` range pubK)"
+
+
+datatype (*Messages, and components of agent stores*)
+ event = Says agent agent msg
+
+consts
+ sees1 :: [agent, event] => msg set
+
+primrec sees1 event
+ (*Spy reads all traffic whether addressed to him or not*)
+ sees1_Says "sees1 A (Says A' B X) = (if A:{B,Spy} then {X} else {})"
+
+consts
+ sees :: [agent set, agent, event list] => msg set
+
+primrec sees list
+ sees_Nil "sees lost A [] = initState lost A"
+ sees_Cons "sees lost A (ev#evs) = sees1 A ev Un sees lost A evs"
+
+
+(*Agents generate "random" nonces. These are uniquely determined by
+ the length of their argument, a trace.*)
+consts
+ newN :: "event list => nat"
+
+rules
+
+ (*Public keys are disjoint, and never clash with private keys*)
+ inj_pubK "inj pubK"
+ priK_neq_pubK "priK A ~= pubK B"
+
+ newN_length "(newN evs = newN evt) ==> (length evs = length evt)"
+
+end