Further simplified proofs in NS_public
This commit is contained in:
Your Name
@@ -3,7 +3,6 @@ import Init.Data.Nat.Lemmas
|
||||
import Mathlib.Data.Nat.Basic
|
||||
import Mathlib.Data.Nat.Dist
|
||||
import Mathlib.Order.Defs.PartialOrder
|
||||
set_option diagnostics true
|
||||
|
||||
-- Theory of Public Keys (common to all public-key protocols)
|
||||
|
||||
@@ -35,15 +34,18 @@ noncomputable abbrev pubK (A : Agent) : Key := pubEK A
|
||||
noncomputable abbrev priK (A : Agent) : Key := invKey (pubEK A)
|
||||
|
||||
-- Axioms for private and public keys
|
||||
@[simp]
|
||||
axiom privateKey_neq_publicKey {b c : KeyMode} {A A' : Agent} :
|
||||
privateKey b A ≠ publicKey c A'
|
||||
|
||||
@[simp]
|
||||
lemma publicKey_neq_privateKey {b c : KeyMode} {A A' : Agent} :
|
||||
publicKey b A ≠ privateKey c A' := by
|
||||
exact privateKey_neq_publicKey.symm
|
||||
|
||||
-- Basic properties of pubK and priK
|
||||
omit [InvKey] in
|
||||
@[simp]
|
||||
lemma publicKey_inject {b c : KeyMode} {A A' : Agent} :
|
||||
(publicKey b A = publicKey c A') ↔ (b = c ∧ A = A') := by
|
||||
grind[injective_publicKey]
|
||||
@@ -59,7 +61,7 @@ by
|
||||
|
||||
lemma not_symKeys_priK {b : KeyMode} {A : Agent} :
|
||||
privateKey b A ∉ symKeys := by
|
||||
simp [symKeys, privateKey, invKey_eq]; grind[privateKey_neq_publicKey];
|
||||
simp [symKeys, privateKey, invKey_eq, privateKey_neq_publicKey]
|
||||
|
||||
lemma syKey_neq_priEK :
|
||||
K ∈ symKeys → K ≠ priEK A := by
|
||||
@@ -93,7 +95,7 @@ omit [InvKey] in
|
||||
@[simp]
|
||||
lemma publicKey_image_eq :
|
||||
(publicKey b x ∈ publicKey c '' AA) ↔ (b = c ∧ x ∈ AA) := by
|
||||
simp [Set.mem_image, publicKey_inject, And.comm, Eq.comm]
|
||||
simp [Set.mem_image, And.comm, Eq.comm]
|
||||
|
||||
@[simp]
|
||||
lemma privateKey_notin_image_publicKey :
|
||||
@@ -252,22 +254,16 @@ lemma MPair_used {P : Prop} :
|
||||
lemma keysFor_parts_initState {C : Agent} :
|
||||
keysFor (parts (initState C)) = ∅ := by
|
||||
cases C <;>
|
||||
simp[initState, keysFor] <;>
|
||||
repeat rw[Set.singleton_def, parts_insert_Key, parts_empty] <;>
|
||||
simp
|
||||
simp[initState, keysFor]
|
||||
|
||||
lemma Crypt_notin_initState {B : Agent} :
|
||||
Msg.Crypt K X ∉ parts ( initState B ) := by
|
||||
cases B <;> simp[initState, priEK, priSK, shrK] <;>
|
||||
apply And.intro <;> try apply And.intro
|
||||
all_goals repeat rw[Set.singleton_def, parts_insert_Key, parts_empty] <;>
|
||||
simp
|
||||
cases B <;> simp[initState, priEK, priSK]
|
||||
|
||||
@[simp]
|
||||
lemma Crypt_notin_used_empty :
|
||||
Msg.Crypt K X ∉ used [] := by
|
||||
simp[used]; intro A; cases A <;> simp <;> apply And.intro <;> try apply And.intro
|
||||
all_goals (rw[Set.singleton_def, parts_insert_Key, parts_empty] ; simp)
|
||||
simp[used]; intro A; cases A <;> simp
|
||||
|
||||
-- Basic properties of shrK
|
||||
|
||||
@@ -324,10 +320,7 @@ lemma priK_in_initState {b : KeyMode} {A : Agent} :
|
||||
Msg.Key (privateKey b A) ∈ initState A := by
|
||||
induction A <;>
|
||||
simp [HasInitState.initState, initState, privateKey, pubEK, pubSK] <;>
|
||||
cases b <;>
|
||||
try simp
|
||||
· left; left; right; exists Agent.Spy; apply And.intro; exact Spy_in_bad; rfl
|
||||
· left; left; left; exists Agent.Spy; apply And.intro; exact Spy_in_bad; rfl
|
||||
cases b <;> simp[Spy_in_bad]
|
||||
|
||||
@[simp]
|
||||
lemma publicKey_in_initState {b : KeyMode} {A : Agent} {B : Agent} :
|
||||
@@ -342,9 +335,7 @@ lemma publicKey_in_initState {b : KeyMode} {A : Agent} {B : Agent} :
|
||||
lemma spies_pubK : Msg.Key (publicKey b A) ∈ spies evs := by
|
||||
induction evs with
|
||||
| nil => simp [spies, knows]
|
||||
cases b
|
||||
· right; exists A
|
||||
· left; right; exists A
|
||||
cases b <;> tauto
|
||||
| cons e evs ih =>
|
||||
cases e <;> rw [spies] <;> apply knows_subset_knows_Cons <;> assumption
|
||||
|
||||
@@ -355,10 +346,7 @@ lemma analz_spies_pubK : Msg.Key (publicKey b A) ∈ analz (spies evs) := by
|
||||
-- Spy sees private keys of bad agents
|
||||
lemma Spy_spies_bad_privateKey { h : A ∈ bad } : Msg.Key (privateKey b A) ∈ spies evs := by
|
||||
induction evs with
|
||||
| nil => simp [spies, knows, pubSK, pubEK]; left; left
|
||||
cases b
|
||||
· right; exists A
|
||||
· left; exists A
|
||||
| nil => simp_all [spies, knows, pubSK, pubEK]; cases b <;> tauto
|
||||
| cons e evs ih =>
|
||||
cases e <;> rw[spies] <;> aapply knows_subset_knows_Cons
|
||||
|
||||
@@ -405,14 +393,11 @@ by simp[Crypt_synth_EK];
|
||||
@[simp]
|
||||
lemma Nonce_notin_initState {B : Agent} : Msg.Nonce N ∉ parts (initState B) := by
|
||||
cases B <;>
|
||||
simp [initState] <;> apply And.intro <;> try (apply And.intro)
|
||||
all_goals (rw[Set.singleton_def, parts_insert_Key, parts_empty]; simp)
|
||||
simp [initState]
|
||||
|
||||
@[simp]
|
||||
lemma Nonce_notin_used_empty : Msg.Nonce N ∉ used [] := by
|
||||
simp [used]; intro A; cases A <;> simp <;>
|
||||
apply And.intro <;> try (apply And.intro)
|
||||
all_goals (rw[Set.singleton_def, parts_insert_Key, parts_empty]; simp)
|
||||
simp [used]; intro A; cases A <;> simp
|
||||
|
||||
-- Supply fresh nonces for possibility theorems
|
||||
lemma Nonce_supply_lemma : ∃ N, ∀ n, N ≤ n → Msg.Nonce n ∉ used evs := by
|
||||
|
||||
Reference in New Issue
Block a user