# HG changeset patch # User paulson # Date 1666190081 -3600 # Node ID fdb91b733b6574c4b2bb2f6d04b2ce59aa90d8c6 # Parent 9e1fef7b4f29ae3f6c7f86c72acb1e5ac1b08dc0 Tidying of old and ugly proofs diff -r 9e1fef7b4f29 -r fdb91b733b65 src/HOL/Auth/Message.thy --- a/src/HOL/Auth/Message.thy Wed Oct 19 13:41:42 2022 +0100 +++ b/src/HOL/Auth/Message.thy Wed Oct 19 15:34:41 2022 +0100 @@ -180,16 +180,13 @@ subsubsection\Unions\ -lemma parts_Un_subset1: "parts(G) \ parts(H) \ parts(G \ H)" - by (intro Un_least parts_mono Un_upper1 Un_upper2) - -lemma parts_Un_subset2: "parts(G \ H) \ parts(G) \ parts(H)" - apply (rule subsetI) - apply (erule parts.induct, blast+) - done - lemma parts_Un [simp]: "parts(G \ H) = parts(G) \ parts(H)" - by (intro equalityI parts_Un_subset1 parts_Un_subset2) +proof - + have "X \ parts (G \ H) \ X \ parts G \ parts H" for X + by (induction rule: parts.induct) auto + then show ?thesis + by (simp add: order_antisym parts_mono subsetI) +qed lemma parts_insert: "parts (insert X H) = parts {X} \ parts H" by (metis insert_is_Un parts_Un) @@ -200,18 +197,6 @@ "parts (insert X (insert Y H)) = parts {X} \ parts {Y} \ parts H" by (metis Un_commute Un_empty_right Un_insert_right insert_is_Un parts_Un) -lemma parts_UN_subset1: "(\x \A. parts(H x)) \ parts(\x \A. H x)" - by (intro UN_least parts_mono UN_upper) - -lemma parts_UN_subset2: "parts(\x \A. H x) \ (\x \A. parts(H x))" - apply (rule subsetI) - apply (erule parts.induct, blast+) - done - -lemma parts_UN [simp]: - "parts (\x \A. H x) = (\x \A. parts (H x))" - by (intro equalityI parts_UN_subset1 parts_UN_subset2) - lemma parts_image [simp]: "parts (f ` A) = (\x \A. parts {f x})" apply auto @@ -219,9 +204,7 @@ apply (metis empty_subsetI image_eqI insert_absorb insert_subset parts_mono) done -text\Added to simplify arguments to parts, analz and synth. - NOTE: the UN versions are no longer used!\ - +text\Added to simplify arguments to parts, analz and synth.\ text\This allows \blast\ to simplify occurrences of \<^term>\parts(G\H)\ in the assumption.\ @@ -292,20 +275,21 @@ lemma parts_insert_Crypt [simp]: "parts (insert (Crypt K X) H) = insert (Crypt K X) (parts (insert X H))" - apply (rule equalityI) - apply (rule subsetI) - apply (erule parts.induct, auto) - apply (blast intro: parts.Body) - done +proof - + have "Y \ parts (insert (Crypt K X) H) \ Y \ insert (Crypt K X) (parts (insert X H))" for Y + by (induction rule: parts.induct) auto + then show ?thesis + by (smt (verit) insertI1 insert_commute parts.simps parts_cut_eq parts_insert_eq_I) +qed lemma parts_insert_MPair [simp]: - "parts (insert \X,Y\ H) = - insert \X,Y\ (parts (insert X (insert Y H)))" - apply (rule equalityI) - apply (rule subsetI) - apply (erule parts.induct, auto) - apply (blast intro: parts.Fst parts.Snd)+ - done + "parts (insert \X,Y\ H) = insert \X,Y\ (parts (insert X (insert Y H)))" +proof - + have "Z \ parts (insert \X, Y\ H) \ Z \ insert \X, Y\ (parts (insert X (insert Y H)))" for Z + by (induction rule: parts.induct) auto + then show ?thesis + by (smt (verit) insertI1 insert_commute parts.simps parts_cut_eq parts_insert_eq_I) +qed lemma parts_image_Key [simp]: "parts (Key`N) = Key`N" by auto @@ -423,44 +407,40 @@ done lemma analz_insert_MPair [simp]: - "analz (insert \X,Y\ H) = - insert \X,Y\ (analz (insert X (insert Y H)))" - apply (rule equalityI) - apply (rule subsetI) - apply (erule analz.induct, auto) - apply (erule analz.induct) - apply (blast intro: analz.Fst analz.Snd)+ - done + "analz (insert \X,Y\ H) = insert \X,Y\ (analz (insert X (insert Y H)))" +proof - + have "Z \ analz (insert \X, Y\ H) \ Z \ insert \X, Y\ (analz (insert X (insert Y H)))" for Z + by (induction rule: analz.induct) auto + moreover have "Z \ analz (insert X (insert Y H)) \ Z \ analz (insert \X, Y\ H)" for Z + by (induction rule: analz.induct) (use analz.Inj in blast)+ + ultimately show ?thesis + by auto +qed -text\Can pull out enCrypted message if the Key is not known\ +text\Can pull out encrypted message if the Key is not known\ lemma analz_insert_Crypt: "Key (invKey K) \ analz H \ analz (insert (Crypt K X) H) = insert (Crypt K X) (analz H)" apply (rule analz_insert_eq_I) apply (erule analz.induct, auto) - - done - -lemma lemma1: "Key (invKey K) \ analz H \ - analz (insert (Crypt K X) H) \ - insert (Crypt K X) (analz (insert X H))" - apply (rule subsetI) - apply (erule_tac x = x in analz.induct, auto) - done - -lemma lemma2: "Key (invKey K) \ analz H \ - insert (Crypt K X) (analz (insert X H)) \ - analz (insert (Crypt K X) H)" - apply auto - apply (erule_tac x = x in analz.induct, auto) - apply (blast intro: analz_insertI analz.Decrypt) done lemma analz_insert_Decrypt: - "Key (invKey K) \ analz H \ - analz (insert (Crypt K X) H) = - insert (Crypt K X) (analz (insert X H))" - by (intro equalityI lemma1 lemma2) + assumes "Key (invKey K) \ analz H" + shows "analz (insert (Crypt K X) H) = insert (Crypt K X) (analz (insert X H))" +proof - + have "Y \ analz (insert (Crypt K X) H) \ Y \ insert (Crypt K X) (analz (insert X H))" for Y + by (induction rule: analz.induct) auto + moreover + have "Y \ analz (insert X H) \ Y \ analz (insert (Crypt K X) H)" for Y + proof (induction rule: analz.induct) + case (Inj X) + then show ?case + by (metis analz.Decrypt analz.Inj analz_insertI assms insert_iff) + qed auto + ultimately show ?thesis + by auto +qed text\Case analysis: either the message is secure, or it is not! Effective, but can cause subgoals to blow up! Use with \if_split\; apparently diff -r 9e1fef7b4f29 -r fdb91b733b65 src/HOL/Metis_Examples/Message.thy --- a/src/HOL/Metis_Examples/Message.thy Wed Oct 19 13:41:42 2022 +0100 +++ b/src/HOL/Metis_Examples/Message.thy Wed Oct 19 15:34:41 2022 +0100 @@ -209,12 +209,6 @@ apply (erule parts.induct, blast+) done -lemma parts_UN [simp]: "parts(\x\A. H x) = (\x\A. parts(H x))" -by (intro equalityI parts_UN_subset1 parts_UN_subset2) - -text\Added to simplify arguments to parts, analz and synth. - NOTE: the UN versions are no longer used!\ - text\This allows \blast\ to simplify occurrences of \<^term>\parts(G\H)\ in the assumption.\ diff -r 9e1fef7b4f29 -r fdb91b733b65 src/HOL/SET_Protocol/Message_SET.thy --- a/src/HOL/SET_Protocol/Message_SET.thy Wed Oct 19 13:41:42 2022 +0100 +++ b/src/HOL/SET_Protocol/Message_SET.thy Wed Oct 19 15:34:41 2022 +0100 @@ -247,19 +247,7 @@ apply (simp add: parts_insert [symmetric]) done -lemma parts_UN_subset1: "(\x\A. parts(H x)) \ parts(\x\A. H x)" -by (intro UN_least parts_mono UN_upper) - -lemma parts_UN_subset2: "parts(\x\A. H x) \ (\x\A. parts(H x))" -apply (rule subsetI) -apply (erule parts.induct, blast+) -done - -lemma parts_UN [simp]: "parts(\x\A. H x) = (\x\A. parts(H x))" -by (intro equalityI parts_UN_subset1 parts_UN_subset2) - -(*Added to simplify arguments to parts, analz and synth. - NOTE: the UN versions are no longer used!*) +(*Added to simplify arguments to parts, analz and synth.*) text\This allows \blast\ to simplify occurrences of