Mercurial Mercurial > repos > isabelle / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | gz | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Made some proofs more robust
authorpaulson
Tue, 11 Nov 1997 11:15:51 +0100
changeset 4197 1547bc6daa5a
parent 4196 9953c0995b79
child 4198 c63639beeff1
Made some proofs more robust
src/HOL/Auth/NS_Public.ML file | annotate | diff | comparison | revisions
src/HOL/Auth/NS_Public_Bad.ML file | annotate | diff | comparison | revisions 
--- a/src/HOL/Auth/NS_Public.ML	Tue Nov 11 11:12:37 1997 +0100
+++ b/src/HOL/Auth/NS_Public.ML	Tue Nov 11 11:15:51 1997 +0100
@@ -247,22 +247,22 @@
  "!!evs. [| Says B A  (Crypt (pubK A) {|Nonce NA, Nonce NB, Agent B|}) \
 \             : set evs;                                               \
 \           Says A' B (Crypt (pubK B) (Nonce NB)): set evs;            \
-\           A ~: bad;  B ~: bad;  evs : ns_public |]                 \
+\           A ~: bad;  B ~: bad;  evs : ns_public |]                   \
 \        ==> Says A B (Crypt (pubK B) (Nonce NB)) : set evs";
 by (etac rev_mp 1);
 (*prepare induction over Crypt (pubK B) NB : parts H*)
 by (etac (Says_imp_spies RS parts.Inj RS rev_mp) 1);
 by (parts_induct_tac 1);
 by (ALLGOALS Clarify_tac);
-(*NS3: because NB determines A*)
-by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, 
-			      Spy_not_see_NB, unique_NB]) 3);
+(*NS3: because NB determines A (this use of unique_NB is more robust) *)
+by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, Spy_not_see_NB]
+			addIs [unique_NB RS conjunct1]) 3);
 (*NS1: by freshness*)
 by (blast_tac (claset() addSEs spies_partsEs) 2);
 (*Fake*)
 by (blast_tac (claset() addSDs [impOfSubs Fake_parts_insert]
-                       addDs  [Spy_not_see_NB, 
-			       impOfSubs analz_subset_parts]) 1);
+                        addDs  [Spy_not_see_NB, 
+			        impOfSubs analz_subset_parts]) 1);
 qed "B_trusts_NS3";
 
 
@@ -287,14 +287,14 @@
 by (etac ns_public.induct 1);
 by (ALLGOALS Asm_simp_tac);
 by (ALLGOALS Clarify_tac);
-(*NS3: because NB determines A*)
+(*NS3: because NB determines A and NA*)
 by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, 
-			      Spy_not_see_NB, unique_NB]) 3);
+                               Spy_not_see_NB, unique_NB]) 3);
 (*NS1*)
 by (blast_tac (claset() addSEs spies_partsEs) 2);
 (*Fake*)
 by (blast_tac (claset() addSDs [impOfSubs Fake_parts_insert]
-                       addDs  [Spy_not_see_NB, 
-			       impOfSubs analz_subset_parts]) 1);
+                        addDs  [Spy_not_see_NB, 
+			        impOfSubs analz_subset_parts]) 1);
 qed "B_trusts_protocol";
 
--- a/src/HOL/Auth/NS_Public_Bad.ML	Tue Nov 11 11:12:37 1997 +0100
+++ b/src/HOL/Auth/NS_Public_Bad.ML	Tue Nov 11 11:15:51 1997 +0100
@@ -259,9 +259,9 @@
 by (parts_induct_tac 1);
 by (ALLGOALS (asm_simp_tac (simpset() addsimps [ex_disj_distrib])));
 by (ALLGOALS Clarify_tac);
-(*NS3: because NB determines A*)
-by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, 
-			      Spy_not_see_NB, unique_NB]) 3);
+(*NS3: because NB determines A (this use of unique_NB is more robust) *)
+by (blast_tac (claset() addDs [Says_imp_spies RS parts.Inj, Spy_not_see_NB]
+			addIs [unique_NB RS conjunct1]) 3);
 (*NS1: by freshness*)
 by (blast_tac (claset() addSEs spies_partsEs) 2);
 (*Fake*)
isabelle