--- a/src/HOL/Auth/NS_Public.ML Wed Sep 17 16:40:52 1997 +0200
+++ b/src/HOL/Auth/NS_Public.ML Thu Sep 18 13:24:04 1997 +0200
@@ -12,7 +12,7 @@
proof_timing:=true;
HOL_quantifiers := false;
-AddIffs [Spy_in_lost];
+AddIffs [Spy_in_bad];
(*A "possibility property": there are traces that reach the end*)
goal thy
@@ -36,8 +36,8 @@
(*Induction for regularity theorems. If induction formula has the form
- X ~: analz (sees Spy evs) --> ... then it shortens the proof by discarding
- needless information about analz (insert X (sees Spy evs)) *)
+ X ~: analz (spies evs) --> ... then it shortens the proof by discarding
+ needless information about analz (insert X (spies evs)) *)
fun parts_induct_tac i =
etac ns_public.induct i
THEN
@@ -46,25 +46,25 @@
prove_simple_subgoals_tac i;
-(** Theorems of the form X ~: parts (sees Spy evs) imply that NOBODY
+(** Theorems of the form X ~: parts (spies evs) imply that NOBODY
sends messages containing X! **)
-(*Spy never sees another agent's private key! (unless it's lost at start)*)
+(*Spy never sees another agent's private key! (unless it's bad at start)*)
goal thy
- "!!A. evs: ns_public ==> (Key (priK A) : parts (sees Spy evs)) = (A : lost)";
+ "!!A. evs: ns_public ==> (Key (priK A) : parts (spies evs)) = (A : bad)";
by (parts_induct_tac 1);
by (Fake_parts_insert_tac 1);
qed "Spy_see_priK";
Addsimps [Spy_see_priK];
goal thy
- "!!A. evs: ns_public ==> (Key (priK A) : analz (sees Spy evs)) = (A : lost)";
+ "!!A. evs: ns_public ==> (Key (priK A) : analz (spies evs)) = (A : bad)";
by (auto_tac(!claset addDs [impOfSubs analz_subset_parts], !simpset));
qed "Spy_analz_priK";
Addsimps [Spy_analz_priK];
-goal thy "!!A. [| Key (priK A) : parts (sees Spy evs); \
-\ evs : ns_public |] ==> A:lost";
+goal thy "!!A. [| Key (priK A) : parts (spies evs); \
+\ evs : ns_public |] ==> A:bad";
by (blast_tac (!claset addDs [Spy_see_priK]) 1);
qed "Spy_see_priK_D";
@@ -77,10 +77,10 @@
(*It is impossible to re-use a nonce in both NS1 and NS2, provided the nonce
is secret. (Honest users generate fresh nonces.)*)
goal thy
- "!!evs. [| Crypt (pubK B) {|Nonce NA, Agent A|} : parts (sees Spy evs); \
-\ Nonce NA ~: analz (sees Spy evs); \
+ "!!evs. [| Crypt (pubK B) {|Nonce NA, Agent A|} : parts (spies evs); \
+\ Nonce NA ~: analz (spies evs); \
\ evs : ns_public |] \
-\ ==> Crypt (pubK C) {|NA', Nonce NA, Agent D|} ~: parts (sees Spy evs)";
+\ ==> Crypt (pubK C) {|NA', Nonce NA, Agent D|} ~: parts (spies evs)";
by (etac rev_mp 1);
by (etac rev_mp 1);
by (parts_induct_tac 1);
@@ -94,14 +94,14 @@
(*Unicity for NS1: nonce NA identifies agents A and B*)
goal thy
- "!!evs. [| Nonce NA ~: analz (sees Spy evs); evs : ns_public |] \
+ "!!evs. [| Nonce NA ~: analz (spies evs); evs : ns_public |] \
\ ==> EX A' B'. ALL A B. \
-\ Crypt (pubK B) {|Nonce NA, Agent A|} : parts (sees Spy evs) --> \
+\ Crypt (pubK B) {|Nonce NA, Agent A|} : parts (spies evs) --> \
\ A=A' & B=B'";
by (etac rev_mp 1);
by (parts_induct_tac 1);
by (ALLGOALS
- (asm_simp_tac (!simpset addsimps [all_conj_distrib, parts_insert_sees])));
+ (asm_simp_tac (!simpset addsimps [all_conj_distrib, parts_insert_spies])));
(*NS1*)
by (expand_case_tac "NA = ?y" 2 THEN blast_tac (!claset addSEs partsEs) 2);
(*Fake*)
@@ -111,10 +111,10 @@
val lemma = result();
goal thy
- "!!evs. [| Crypt(pubK B) {|Nonce NA, Agent A|} : parts(sees Spy evs); \
-\ Crypt(pubK B') {|Nonce NA, Agent A'|} : parts(sees Spy evs); \
-\ Nonce NA ~: analz (sees Spy evs); \
-\ evs : ns_public |] \
+ "!!evs. [| Crypt(pubK B) {|Nonce NA, Agent A|} : parts(spies evs); \
+\ Crypt(pubK B') {|Nonce NA, Agent A'|} : parts(spies evs); \
+\ Nonce NA ~: analz (spies evs); \
+\ evs : ns_public |] \
\ ==> A=A' & B=B'";
by (prove_unique_tac lemma 1);
qed "unique_NA";
@@ -130,19 +130,19 @@
(*Secrecy: Spy does not see the nonce sent in msg NS1 if A and B are secure*)
goal thy
"!!evs. [| Says A B (Crypt(pubK B) {|Nonce NA, Agent A|}) : set evs; \
-\ A ~: lost; B ~: lost; evs : ns_public |] \
-\ ==> Nonce NA ~: analz (sees Spy evs)";
+\ A ~: bad; B ~: bad; evs : ns_public |] \
+\ ==> Nonce NA ~: analz (spies evs)";
by (etac rev_mp 1);
by (analz_induct_tac 1);
(*NS3*)
-by (blast_tac (!claset addDs [Says_imp_sees_Spy RS parts.Inj]
+by (blast_tac (!claset addDs [Says_imp_spies RS parts.Inj]
addEs [no_nonce_NS1_NS2 RSN (2, rev_notE)]) 4);
(*NS2*)
by (blast_tac (!claset addSEs [MPair_parts]
- addDs [Says_imp_sees_Spy RS parts.Inj,
+ addDs [Says_imp_spies RS parts.Inj,
parts.Body, unique_NA]) 3);
(*NS1*)
-by (blast_tac (!claset addSEs sees_Spy_partsEs
+by (blast_tac (!claset addSEs spies_partsEs
addIs [impOfSubs analz_subset_parts]) 2);
(*Fake*)
by (spy_analz_tac 1);
@@ -155,16 +155,16 @@
"!!evs. [| Says A B (Crypt (pubK B) {|Nonce NA, Agent A|}) : set evs; \
\ Says B' A (Crypt(pubK A) {|Nonce NA, Nonce NB, Agent B|}) \
\ : set evs; \
-\ A ~: lost; B ~: lost; evs : ns_public |] \
+\ A ~: bad; B ~: bad; evs : ns_public |] \
\ ==> Says B A (Crypt(pubK A) {|Nonce NA, Nonce NB, Agent B|}) \
\ : set evs";
by (etac rev_mp 1);
(*prepare induction over Crypt (pubK A) {|NA,NB,B|} : parts H*)
-by (etac (Says_imp_sees_Spy RS parts.Inj RS rev_mp) 1);
+by (etac (Says_imp_spies RS parts.Inj RS rev_mp) 1);
by (etac ns_public.induct 1);
by (ALLGOALS Asm_simp_tac);
(*NS1*)
-by (blast_tac (!claset addSEs sees_Spy_partsEs) 2);
+by (blast_tac (!claset addSEs spies_partsEs) 2);
(*Fake*)
by (blast_tac (!claset addSDs [impOfSubs Fake_parts_insert]
addDs [Spy_not_see_NA,
@@ -173,9 +173,9 @@
(*If the encrypted message appears then it originated with Alice in NS1*)
goal thy
- "!!evs. [| Crypt (pubK B) {|Nonce NA, Agent A|} : parts (sees Spy evs); \
-\ Nonce NA ~: analz (sees Spy evs); \
-\ evs : ns_public |] \
+ "!!evs. [| Crypt (pubK B) {|Nonce NA, Agent A|} : parts (spies evs); \
+\ Nonce NA ~: analz (spies evs); \
+\ evs : ns_public |] \
\ ==> Says A B (Crypt (pubK B) {|Nonce NA, Agent A|}) : set evs";
by (etac rev_mp 1);
by (etac rev_mp 1);
@@ -191,14 +191,14 @@
[unicity of B makes Lowe's fix work]
[proof closely follows that for unique_NA] *)
goal thy
- "!!evs. [| Nonce NB ~: analz (sees Spy evs); evs : ns_public |] \
+ "!!evs. [| Nonce NB ~: analz (spies evs); evs : ns_public |] \
\ ==> EX A' NA' B'. ALL A NA B. \
-\ Crypt (pubK A) {|Nonce NA, Nonce NB, Agent B|} \
-\ : parts (sees Spy evs) --> A=A' & NA=NA' & B=B'";
+\ Crypt (pubK A) {|Nonce NA, Nonce NB, Agent B|} : parts (spies evs) \
+\ --> A=A' & NA=NA' & B=B'";
by (etac rev_mp 1);
by (parts_induct_tac 1);
by (ALLGOALS
- (asm_simp_tac (!simpset addsimps [all_conj_distrib, parts_insert_sees])));
+ (asm_simp_tac (!simpset addsimps [all_conj_distrib, parts_insert_spies])));
(*NS2*)
by (expand_case_tac "NB = ?y" 2 THEN blast_tac (!claset addSEs partsEs) 2);
(*Fake*)
@@ -209,10 +209,10 @@
goal thy
"!!evs. [| Crypt(pubK A) {|Nonce NA, Nonce NB, Agent B|} \
-\ : parts(sees Spy evs); \
+\ : parts(spies evs); \
\ Crypt(pubK A') {|Nonce NA', Nonce NB, Agent B'|} \
-\ : parts(sees Spy evs); \
-\ Nonce NB ~: analz (sees Spy evs); \
+\ : parts(spies evs); \
+\ Nonce NB ~: analz (spies evs); \
\ evs : ns_public |] \
\ ==> A=A' & NA=NA' & B=B'";
by (prove_unique_tac lemma 1);
@@ -223,20 +223,20 @@
goal thy
"!!evs. [| Says B A (Crypt (pubK A) {|Nonce NA, Nonce NB, Agent B|}) \
\ : set evs; \
-\ A ~: lost; B ~: lost; evs : ns_public |] \
-\ ==> Nonce NB ~: analz (sees Spy evs)";
+\ A ~: bad; B ~: bad; evs : ns_public |] \
+\ ==> Nonce NB ~: analz (spies evs)";
by (etac rev_mp 1);
by (analz_induct_tac 1);
(*NS3*)
-by (blast_tac (!claset addDs [Says_imp_sees_Spy RS parts.Inj, unique_NB]) 4);
+by (blast_tac (!claset addDs [Says_imp_spies RS parts.Inj, unique_NB]) 4);
(*NS1*)
-by (blast_tac (!claset addSEs sees_Spy_partsEs) 2);
+by (blast_tac (!claset addSEs spies_partsEs) 2);
(*Fake*)
by (spy_analz_tac 1);
(*NS2*)
by (Step_tac 1);
-by (blast_tac (!claset addSEs sees_Spy_partsEs) 3);
-by (blast_tac (!claset addSDs [Says_imp_sees_Spy RS parts.Inj]
+by (blast_tac (!claset addSEs spies_partsEs) 3);
+by (blast_tac (!claset addSDs [Says_imp_spies RS parts.Inj]
addEs [no_nonce_NS1_NS2 RSN (2, rev_notE)]) 2);
by (blast_tac (!claset addSIs [impOfSubs analz_subset_parts]) 1);
qed "Spy_not_see_NB";
@@ -248,21 +248,21 @@
"!!evs. [| Says B A (Crypt (pubK A) {|Nonce NA, Nonce NB, Agent B|}) \
\ : set evs; \
\ Says A' B (Crypt (pubK B) (Nonce NB)): set evs; \
-\ A ~: lost; B ~: lost; evs : ns_public |] \
+\ A ~: bad; B ~: bad; evs : ns_public |] \
\ ==> Says A B (Crypt (pubK B) (Nonce NB)) : set evs";
by (etac rev_mp 1);
(*prepare induction over Crypt (pubK B) NB : parts H*)
-by (etac (Says_imp_sees_Spy RS parts.Inj RS rev_mp) 1);
+by (etac (Says_imp_spies RS parts.Inj RS rev_mp) 1);
by (parts_induct_tac 1);
(*NS1*)
-by (blast_tac (!claset addSEs sees_Spy_partsEs) 2);
+by (blast_tac (!claset addSEs spies_partsEs) 2);
(*Fake*)
by (blast_tac (!claset addSDs [impOfSubs Fake_parts_insert]
addDs [Spy_not_see_NB,
impOfSubs analz_subset_parts]) 1);
(*NS3; not clear why blast_tac needs to be preceeded by Step_tac*)
by (Step_tac 1);
-by (blast_tac (!claset addDs [Says_imp_sees_Spy RS parts.Inj,
+by (blast_tac (!claset addDs [Says_imp_spies RS parts.Inj,
Spy_not_see_NB, unique_NB]) 1);
qed "B_trusts_NS3";
@@ -270,8 +270,8 @@
(**** Overall guarantee for B*)
(*Matches only NS2, not NS1 (or NS3)*)
-val Says_imp_sees_Spy' =
- read_instantiate [("X","Crypt ?K {|?XX,?YY,?ZZ|}")] Says_imp_sees_Spy;
+val Says_imp_spies' =
+ read_instantiate [("X","Crypt ?K {|?XX,?YY,?ZZ|}")] Says_imp_spies;
(*If B receives NS3 and the nonce NB agrees with the nonce he joined with
@@ -280,16 +280,16 @@
"!!evs. [| Says B A (Crypt (pubK A) {|Nonce NA, Nonce NB, Agent B|}) \
\ : set evs; \
\ Says A' B (Crypt (pubK B) (Nonce NB)): set evs; \
-\ A ~: lost; B ~: lost; evs : ns_public |] \
+\ A ~: bad; B ~: bad; evs : ns_public |] \
\ ==> Says A B (Crypt (pubK B) {|Nonce NA, Agent A|}) : set evs";
by (etac rev_mp 1);
(*prepare induction over Crypt (pubK B) {|NB|} : parts H*)
-by (etac (Says_imp_sees_Spy RS parts.Inj RS rev_mp) 1);
+by (etac (Says_imp_spies RS parts.Inj RS rev_mp) 1);
by (etac ns_public.induct 1);
by (ALLGOALS Asm_simp_tac);
(*Fake, NS2, NS3*)
(*NS1*)
-by (blast_tac (!claset addSEs sees_Spy_partsEs) 2);
+by (blast_tac (!claset addSEs spies_partsEs) 2);
(*Fake*)
by (REPEAT_FIRST (resolve_tac [impI, conjI]));
by (Blast_tac 1);
@@ -300,7 +300,7 @@
(*NS3*)
by (Step_tac 1);
by (forward_tac [Spy_not_see_NB] 1 THEN REPEAT (assume_tac 1));
-by (blast_tac (!claset addSDs [Says_imp_sees_Spy' RS parts.Inj]
+by (blast_tac (!claset addSDs [Says_imp_spies' RS parts.Inj]
addDs [unique_NB]) 1);
qed "B_trusts_protocol";