| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/HOL/Auth/Guard/ (Beweissystem Isabelle Version 2025-1©) Datei vom 16.11.2025 mit Größe 12 kB |
|
Quelle GuardK.thy Sprache: Isabelle |
|||||||||||||||
|
(* Title: HOL/Auth/Guard/GuardK.thy Author: Frederic Blanqui, University of Cambridge Computer Laboratory Copyright 2002 University of Cambridge Very similar to Guard except: - Guard is replaced by GuardK, guard by guardK, Nonce by Key - some scripts are slightly modified (+ keyset_in, kparts_parts) - the hypothesis Key n ~:G (keyset G) is added *) section‹protocol-independent confidentiality theorem on keys› theory GuardK imports Analz Extensions begin (****************************************************************************** messages where all the occurrences of Key n are in a sub-message of the form Crypt (invKey K) X with K:Ks ******************************************************************************) inductive_set guardK :: "nat => key set => msg set" for n :: nat and Ks :: "key set" where No_Key [intro]: "Key n \ | Guard_Key [intro]: "invKey K \ | Crypt [intro]: "X \ | Pair [intro]: "\ subsection‹basic facts about 🍋‹guardK›› lemma Nonce_is_guardK [iff]: "Nonce p \ by auto lemma Agent_is_guardK [iff]: "Agent A \ by auto lemma Number_is_guardK [iff]: "Number r \ by auto lemma Key_notin_guardK: "X \ by (erule guardK.induct, auto) lemma Key_notin_guardK_iff [iff]: "Key n \ by (auto dest: Key_notin_guardK) lemma guardK_has_Crypt [rule_format]: "X \ ⟶ (∃K Y. Crypt K Y ∈ kparts {X} ∧ Key n ∈ parts {Y})" by (erule guardK.induct, auto) lemma Key_notin_kparts_msg: "X \ by (erule guardK.induct, auto dest: kparts_parts) lemma Key_in_kparts_imp_no_guardK: "Key n \ ==> ∃X. X ∈ H ∧ X ∉ guardK n Ks" apply (drule in_kparts, clarify) apply (rule_tac x=X in exI, clarify) by (auto dest: Key_notin_kparts_msg) lemma guardK_kparts [rule_format]: "X \ Y ∈ kparts {X} ⟶ Y ∈ guardK n Ks" by (erule guardK.induct, auto dest: kparts_parts parts_sub) lemma guardK_Crypt: "\ by (ind_cases "Crypt K Y \ lemma guardK_MPair [iff]: "(\ = (X ∈ guardK n Ks ∧ Y ∈ guardK n Ks)" by (auto, (ind_cases "\ lemma guardK_not_guardK [rule_format]: "X \ Crypt K Y ∈ kparts {X} ⟶ Key n ∈ kparts {Y} ⟶ Y ∉ guardK n Ks" by (erule guardK.induct, auto dest: guardK_kparts) lemma guardK_extand: "\ [K ∈ Ks'; K \ by (erule guardK.induct, auto) subsection‹guarded sets› definition GuardK :: "nat \ "GuardK n Ks H \ subsection‹basic facts about 🍋‹GuardK›› lemma GuardK_empty [iff]: "GuardK n Ks {}" by (simp add: GuardK_def) lemma Key_notin_kparts [simplified]: "GuardK n Ks H \ by (auto simp: GuardK_def dest: in_kparts Key_notin_kparts_msg) lemma GuardK_must_decrypt: "\ ∃K Y. Crypt K Y ∈ kparts H ∧ Key (invKey K) ∈ kparts H" apply (drule_tac P="\ by (drule must_decrypt, auto dest: Key_notin_kparts) lemma GuardK_kparts [intro]: "GuardK n Ks H \ by (auto simp: GuardK_def dest: in_kparts guardK_kparts) lemma GuardK_mono: "\ by (auto simp: GuardK_def) lemma GuardK_insert [iff]: "GuardK n Ks (insert X H) = (GuardK n Ks H ∧ X ∈ guardK n Ks)" by (auto simp: GuardK_def) lemma GuardK_Un [iff]: "GuardK n Ks (G Un H) = (GuardK n Ks G & GuardK n Ks H)" by (auto simp: GuardK_def) lemma GuardK_synth [intro]: "GuardK n Ks G \ by (auto simp: GuardK_def, erule synth.induct, auto) lemma GuardK_analz [intro]: "\ ==> GuardK n Ks (analz G)" apply (auto simp: GuardK_def) apply (erule analz.induct, auto) by (ind_cases "Crypt K Xa \ lemma in_GuardK [dest]: "\ by (auto simp: GuardK_def) lemma in_synth_GuardK: "\ by (drule GuardK_synth, auto) lemma in_analz_GuardK: "\ ∀K. K ∈ Ks ⟶ Key K ∉ analz G] ==> X ∈ guardK n Ks" by (drule GuardK_analz, auto) lemma GuardK_keyset [simp]: "\ by (simp only: GuardK_def, clarify, drule keyset_in, auto) lemma GuardK_Un_keyset: "\ ==> GuardK n Ks (G Un H)" by auto lemma in_GuardK_kparts: "\ by blast lemma in_GuardK_kparts_neq: "\ ==> n ≠ n'" by (blast dest: in_GuardK_kparts) lemma in_GuardK_kparts_Crypt: "\ Crypt K Y ∈ kparts {X}; Key n ∈ kparts {Y}] ==> invKey K ∈ Ks" apply (drule in_GuardK, simp) apply (frule guardK_not_guardK, simp+) apply (drule guardK_kparts, simp) by (ind_cases "Crypt K Y \ lemma GuardK_extand: "\ [K ∈ Ks'; K \ by (auto simp: GuardK_def dest: guardK_extand parts_sub) subsection‹set obtained by decrypting a message› abbreviation (input) decrypt :: "msg set \ "decrypt H K Y \ lemma analz_decrypt: "\ ==> Key n ∈ analz (decrypt H K Y)" apply (drule_tac P="\ apply assumption apply (simp only: analz_Crypt_if, simp) done lemma parts_decrypt: "\ by (erule parts.induct, auto intro: parts.Fst parts.Snd parts.Body) subsection‹number of Crypt's in a message\ fun crypt_nb :: "msg => nat" where "crypt_nb (Crypt K X) = Suc (crypt_nb X)" | "crypt_nb \ "crypt_nb X = 0" (* otherwise *) subsection‹basic facts about 🍋‹crypt_nb›› lemma non_empty_crypt_msg: "Crypt K Y \ by (induct X, simp_all, safe, simp_all) subsection‹number of Crypt's in a message list\ primrec cnb :: "msg list => nat" where "cnb [] = 0" | "cnb (X#l) = crypt_nb X + cnb l" subsection‹basic facts about 🍋‹cnb›› lemma cnb_app [simp]: "cnb (l @ l') = cnb l + cnb l'" by (induct l, auto) lemma mem_cnb_minus: "x \ by (induct l, auto) lemmas mem_cnb_minus_substI = mem_cnb_minus [THEN ssubst] lemma cnb_minus [simp]: "x \ apply (induct l, auto) by (erule_tac l=l and x=x in mem_cnb_minus_substI, simp) lemma parts_cnb: "Z \ cnb l = (cnb l - crypt_nb Z) + crypt_nb Z" by (erule parts.induct, auto simp: in_set_conv_decomp) lemma non_empty_crypt: "Crypt K Y \ by (induct l, auto dest: non_empty_crypt_msg parts_insert_substD) subsection‹list of kparts› lemma kparts_msg_set: "\ apply (induct X, simp_all) apply (rename_tac agent, rule_tac x="[Agent agent]" in exI, simp) apply (rename_tac nat, rule_tac x="[Number nat]" in exI, simp) apply (rename_tac nat, rule_tac x="[Nonce nat]" in exI, simp) apply (rename_tac nat, rule_tac x="[Key nat]" in exI, simp) apply (rule_tac x="[Hash X]" in exI, simp) apply (clarify, rule_tac x="l@la" in exI, simp) by (clarify, rename_tac nat X y, rule_tac x="[Crypt nat X]" in exI, simp) lemma kparts_set: "\ apply (induct l) apply (rule_tac x="[]" in exI, simp, clarsimp) apply (rename_tac a b l') apply (subgoal_tac "\ apply (rule_tac x="l''@l'" in exI, simp) apply (rule kparts_insert_substI, simp) by (rule kparts_msg_set) subsection‹list corresponding to "decrypt"› definition decrypt' :: "msg list => key => msg => msg list" where "decrypt' l K Y == Y # remove l (Crypt K Y)" declare decrypt'_def [simp] subsection‹basic facts about 🍋‹decrypt'\ lemma decrypt_minus: "decrypt (set l) K Y <= set (decrypt' l K Y)" by (induct l, auto) text‹if the analysis of a finite guarded set gives n then it must also give one of the keys of Ks› lemma GuardK_invKey_by_list [rule_format]: "\ ⟶ GuardK n Ks (set l) ⟶ Key n ∈ analz (set l) ⟶ (∃K. K ∈ Ks ∧ Key K ∈ analz (set l))" apply (induct p) (* case p=0 *) apply (clarify, drule GuardK_must_decrypt, simp, clarify) apply (drule kparts_parts, drule non_empty_crypt, simp) (* case p>0 *) apply (clarify, frule GuardK_must_decrypt, simp, clarify) apply (drule_tac P="\ apply (frule analz_decrypt, simp_all) apply (subgoal_tac "\ apply (drule_tac G="insert Y (set l' - {Crypt K Y})" and H="set (decrypt' l' K Y)" in analz_sub, rule decrypt_minus) apply (rule_tac analz_pparts_kparts_substI, simp) apply (case_tac "K \ (* K:invKey`Ks *) apply (clarsimp, blast) (* K ~:invKey`Ks *) apply (subgoal_tac "GuardK n Ks (set (decrypt' l' K Y))") apply (drule_tac x="decrypt' l' K Y" in spec, simp) apply (subgoal_tac "Crypt K Y \ apply (drule parts_cnb, rotate_tac -1, simp) apply (clarify, drule_tac X="Key Ka" and H="insert Y (set l')" in analz_sub) apply (rule insert_mono, rule set_remove) apply (simp add: analz_insertD, blast) (* Crypt K Y:parts (set l) *) apply (blast dest: kparts_parts) (* GuardK n Ks (set (decrypt' l' K Y)) *) apply (rule_tac H="insert Y (set l')" in GuardK_mono) apply (subgoal_tac "GuardK n Ks (set l')", simp) apply (rule_tac K=K in guardK_Crypt, simp add: GuardK_def, simp) apply (drule_tac t="set l'" in sym, simp) apply (rule GuardK_kparts, simp, simp) apply (rule_tac B="set l'" in subset_trans, rule set_remove, blast) by (rule kparts_set) lemma GuardK_invKey_finite: "\ ==> ∃K. K ∈ Ks ∧ Key K ∈ analz G" apply (drule finite_list, clarify) by (rule GuardK_invKey_by_list, auto) lemma GuardK_invKey: "\ ==> ∃K. K ∈ Ks ∧ Key K ∈ analz G" by (auto dest: analz_needs_only_finite GuardK_invKey_finite) text‹if the analyse of a finite guarded set and a (possibly infinite) set of keys gives n then it must also gives Ks› lemma GuardK_invKey_keyset: "\ keyset H; Key n ∉ H] ==> ∃K. K ∈ Ks ∧ Key K ∈ analz (G ∪ H)" apply (frule_tac P="\ apply (drule_tac G="G Un (H Int keysfor G)" in GuardK_invKey_finite) apply (auto simp: GuardK_def intro: analz_sub) by (drule keyset_in, auto) end
¤ Dauer der Verarbeitung: 0.8 Sekunden ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-04