diff -r f9f89b7cfdc7 -r 3f8ad7418e55 doc-src/TutorialI/Protocol/NS_Public.thy --- a/doc-src/TutorialI/Protocol/NS_Public.thy Wed Jul 11 10:52:20 2007 +0200 +++ b/doc-src/TutorialI/Protocol/NS_Public.thy Wed Jul 11 10:53:39 2007 +0200 @@ -9,32 +9,31 @@ theory NS_Public imports Public begin -consts ns_public :: "event list set" - -inductive ns_public - intros +inductive_set + ns_public :: "event list set" + where (*Initial trace is empty*) Nil: "[] \ ns_public" (*The spy MAY say anything he CAN say. We do not expect him to invent new nonces here, but he can also use NS1. Common to all similar protocols.*) - Fake: "\evs \ ns_public; X \ synth (analz (knows Spy evs))\ + | Fake: "\evs \ ns_public; X \ synth (analz (knows Spy evs))\ \ Says Spy B X # evs \ ns_public" (*Alice initiates a protocol run, sending a nonce to Bob*) - NS1: "\evs1 \ ns_public; Nonce NA \ used evs1\ + | NS1: "\evs1 \ ns_public; Nonce NA \ used evs1\ \ Says A B (Crypt (pubK B) \Nonce NA, Agent A\) # evs1 \ ns_public" (*Bob responds to Alice's message with a further nonce*) - NS2: "\evs2 \ ns_public; Nonce NB \ used evs2; + | NS2: "\evs2 \ ns_public; Nonce NB \ used evs2; Says A' B (Crypt (pubK B) \Nonce NA, Agent A\) \ set evs2\ \ Says B A (Crypt (pubK A) \Nonce NA, Nonce NB, Agent B\) # evs2 \ ns_public" (*Alice proves her existence by sending NB back to Bob.*) - NS3: "\evs3 \ ns_public; + | NS3: "\evs3 \ ns_public; Says A B (Crypt (pubK B) \Nonce NA, Agent A\) \ set evs3; Says B' A (Crypt (pubK A) \Nonce NA, Nonce NB, Agent B\) \ set evs3\