This commit is contained in:
Your Name
@@ -25,6 +25,9 @@ class InvKey where
|
||||
all_symmetric : Bool
|
||||
invKey_spec : ∀ K : Key, invKey (invKey K) = K
|
||||
invKey_symmetric : all_symmetric → invKey = id
|
||||
-- There are infinitely many keys of each type
|
||||
symKey_supply : ∀ N : Key, ∃ n > N, invKey n = n
|
||||
asymKey_supply : (¬all_symmetric) → (∀ N : Key, ∃ n > N, invKey n ≠ n)
|
||||
|
||||
open InvKey
|
||||
|
||||
@@ -132,6 +135,16 @@ lemma keysFor_union (H H' : Set Msg) [InvKey] : keysFor (H ∪ H') = keysFor H
|
||||
constructor
|
||||
· intro h; simp_all; grind
|
||||
· intro h; simp_all; grind
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_iunion [InvKey] {T : Type} {H : T → Set Msg} :
|
||||
keysFor (⋃ (x : T), H x) = ⋃ x, keysFor (H x)
|
||||
:= by
|
||||
ext
|
||||
simp[keysFor]
|
||||
constructor
|
||||
· intro h; obtain ⟨x, ⟨X, i, h⟩, _⟩ := h; exists i; exists x; simp [*]; exists X
|
||||
· intro h; obtain ⟨i, x, ⟨X, h⟩, _⟩ := h; exists x; simp [*]; exists X; exists i
|
||||
|
||||
-- Monotonicity
|
||||
lemma keysFor_mono [InvKey] : Monotone keysFor := by
|
||||
@@ -146,31 +159,61 @@ lemma keysFor_insert_Agent (A : Agent) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert (Agent A) H) = keysFor H := by
|
||||
simp[keysFor]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_Agent [InvKey] :
|
||||
keysFor {Agent agt} = ∅ := by
|
||||
rw[Set.singleton_def, keysFor_insert_Agent, keysFor_empty]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_insert_Nonce (N : Nat) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert (Nonce N) H) = keysFor H := by
|
||||
simp[keysFor]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_Nonce [InvKey] :
|
||||
keysFor {Nonce N} = ∅ := by
|
||||
rw[Set.singleton_def, keysFor_insert_Nonce, keysFor_empty]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_insert_Number (N : Nat) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert (Msg.Hash (Nonce N)) H) = keysFor H := by
|
||||
keysFor (insert (Number N) H) = keysFor H := by
|
||||
simp[keysFor]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_Number [InvKey] :
|
||||
keysFor {Number N} = ∅ := by
|
||||
rw[Set.singleton_def, keysFor_insert_Number, keysFor_empty]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_insert_Key (K : Key) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert (Key K) H) = keysFor H := by
|
||||
simp[keysFor]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_Key [InvKey] :
|
||||
keysFor {Key K} = ∅ := by
|
||||
rw[Set.singleton_def, keysFor_insert_Key, keysFor_empty]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_insert_Hash (X : Msg) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert (Hash X) H) = keysFor H := by
|
||||
simp[keysFor]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_Hash [InvKey] :
|
||||
keysFor {Hash H} = ∅ := by
|
||||
rw[Set.singleton_def, keysFor_insert_Hash, keysFor_empty]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_insert_MPair (X Y : Msg) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert ⦃X, Y⦄ H) = keysFor H := by
|
||||
simp[keysFor]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_MPair [InvKey] :
|
||||
keysFor {⦃X, Y⦄} = ∅ := by
|
||||
rw[Set.singleton_def, keysFor_insert_MPair, keysFor_empty]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_insert_Crypt (K : Key) (X : Msg) (H : Set Msg) [InvKey] :
|
||||
keysFor (insert (Crypt K X) H) = insert (invKey K) (keysFor H) := by
|
||||
@@ -178,6 +221,11 @@ lemma keysFor_insert_Crypt (K : Key) (X : Msg) (H : Set Msg) [InvKey] :
|
||||
ext
|
||||
grind
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_singleton_Crypt [InvKey] :
|
||||
keysFor {Crypt K X} = {invKey K} := by
|
||||
rw[Set.singleton_def, keysFor_insert_Crypt, keysFor_empty, ←Set.singleton_def]
|
||||
|
||||
@[simp]
|
||||
lemma keysFor_image_Key (E : Set Key) [InvKey] : keysFor (Key '' E) = ∅ := by
|
||||
simp[keysFor]
|
||||
@@ -585,6 +633,37 @@ by
|
||||
| Crypt K X ih => rcases ih with ⟨N, h⟩; exists N;
|
||||
have ins_crypt := parts_insert_Crypt (H := {}) (K := K) (X := X);
|
||||
simp_all;
|
||||
|
||||
lemma msg_Key_supply [InvKey] {msg : Msg} : ∃ N, ∀ n, N ≤ n →
|
||||
(Key n ∉ parts {msg} ∧ n ∉ keysFor (parts {msg})):=
|
||||
by
|
||||
induction msg with
|
||||
| Agent a => exists 0;
|
||||
have ins_agt := parts_insert_Agent (H := {}) (agt := a);
|
||||
simp_all
|
||||
| Number a => exists 0;
|
||||
have ins_number := parts_insert_Number (H := {}) (N := a);
|
||||
simp_all;
|
||||
| Nonce n => exists 0;
|
||||
have ins_nonce := parts_insert_Nonce (H := {}) (N := n);
|
||||
simp_all;
|
||||
| Key k => exists k.succ;
|
||||
intro _ _;
|
||||
have ins_key := parts_insert_Key (H := {}) (K := k);
|
||||
simp_all; grind;
|
||||
| Hash X ih => exists 0;
|
||||
have ins_hash := parts_insert_Hash (H := {}) (X := X);
|
||||
simp_all;
|
||||
| MPair X Y ihX ihY =>
|
||||
rcases ihX with ⟨wX, hH⟩;
|
||||
cases ihY with
|
||||
| intro wY hY => exists Nat.max wX wY; intro n h₁;
|
||||
have ins_mpair := parts_insert_MPair (H := {}) (X := X) (Y := Y);
|
||||
simp_all;
|
||||
| Crypt K X ih => rcases ih with ⟨N, h⟩; exists Nat.succ (Nat.max N (invKey K));
|
||||
intro _ _;
|
||||
have ins_crypt := parts_insert_Crypt (H := {}) (K := K) (X := X);
|
||||
simp_all; grind
|
||||
|
||||
-- Inductive relation "analz"
|
||||
inductive analz [InvKey] (H : Set Msg) : Set Msg
|
||||
@@ -610,16 +689,6 @@ lemma analz_insert_mono [InvKey] :
|
||||
:= by
|
||||
apply_rules [ analz_mono, Set.subset_insert]
|
||||
|
||||
lemma analz_mono_neg [InvKey] { h : A ⊆ B } :
|
||||
X ∉ analz B → X ∉ analz A
|
||||
:= by
|
||||
intro h₁ h₂; apply h₁; aapply analz_mono;
|
||||
|
||||
lemma analz_insert_mono_neg [InvKey] :
|
||||
X ∉ analz (insert Y H) → X ∉ analz H
|
||||
:= by
|
||||
apply_rules [ analz_mono_neg, Set.subset_insert ]
|
||||
|
||||
-- Making it safe speeds up proofs
|
||||
-- @[simp]
|
||||
lemma MPair_analz {H : Set Msg} {X Y : Msg} {P : Prop} [InvKey] :
|
||||
@@ -783,11 +852,10 @@ lemma analz_insert_Hash {H : Set Msg} {X : Msg} [InvKey] :
|
||||
· apply analz_insert
|
||||
|
||||
@[simp]
|
||||
lemma analz_insert_Key {H : Set Msg} {K : Key} [InvKey] :
|
||||
K ∉ keysFor (analz H) →
|
||||
lemma analz_insert_Key [InvKey] {H : Set Msg} {K : Key}
|
||||
{ hK : K ∉ keysFor (analz H) } :
|
||||
analz (insert (Key K) H) = insert (Key K) (analz H) :=
|
||||
by
|
||||
intro hK
|
||||
ext x
|
||||
constructor
|
||||
· intro h
|
||||
@@ -1614,24 +1682,12 @@ by
|
||||
cases h; contradiction; assumption
|
||||
· apply analz_mono; apply Set.subset_insert
|
||||
|
||||
|
||||
|
||||
-- Fake parts for single messages
|
||||
lemma Fake_parts_sing [InvKey] {H : Set Msg} {X : Msg} :
|
||||
X ∈ synth (analz H) → parts {X} ⊆ synth (analz H) ∪ parts H :=
|
||||
lemma Fake_parts_sing [InvKey] {H : Set Msg} {X : Msg}
|
||||
{h : X ∈ synth (analz H)} :
|
||||
(Y ∈ parts {X} → Y ∈ synth (analz H) ∪ parts H) :=
|
||||
by
|
||||
intro h
|
||||
rw[Set.singleton_def]
|
||||
apply subset_trans (b := parts (insert X H))
|
||||
· apply parts_mono; simp
|
||||
· aapply Fake_parts_insert
|
||||
|
||||
-- Often the result of Fake_parts_sing needs to be applied to a term in a
|
||||
-- disjunction
|
||||
lemma Fake_parts_sing_helper {A B : Set Msg}
|
||||
{ h : A ⊆ B } :
|
||||
X ∈ A ∨ h₁ → X ∈ B ∨ h₁
|
||||
:= by
|
||||
intro h; cases h <;> try simp_all
|
||||
left; aapply h
|
||||
|
||||
|
||||
Reference in New Issue
Block a user