This commit is contained in:
Your Name
@@ -5,6 +5,7 @@ namespace NS_Public
|
||||
|
||||
variable [InvKey]
|
||||
variable [Bad]
|
||||
variable [AgentKeys]
|
||||
open Msg
|
||||
open Event
|
||||
open Bad
|
||||
@@ -52,10 +53,10 @@ theorem Spy_see_priEK {h : ns_public evs} :
|
||||
(Key (priEK A) ∈ parts (spies evs)) ↔ A ∈ bad := by
|
||||
constructor
|
||||
· induction h with
|
||||
| Nil => simp [ priEK ]
|
||||
| Nil => simp [ priEK, initState ]
|
||||
| Fake _ h =>
|
||||
apply Fake_parts_sing at h
|
||||
intro h₁; simp at h₁; apply Fake_parts_sing_helper (h := h) at h₁
|
||||
intro h₁; simp at h₁
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := h)) at h₁
|
||||
simp_all
|
||||
| NS1 => simp_all
|
||||
| NS2 => simp_all
|
||||
@@ -76,12 +77,11 @@ theorem no_nonce_NS1_NS2 { evs: List Event} { h : ns_public evs } :
|
||||
Nonce NA ∈ analz (spies evs))) := by
|
||||
intro h₁ h₂
|
||||
induction h with
|
||||
| Nil => simp at h₂
|
||||
| Nil => simp [ initState ] at h₂
|
||||
| Fake _ h =>
|
||||
simp [*] at *
|
||||
apply Fake_parts_sing at h
|
||||
apply Fake_parts_sing_helper (h := h) at h₁
|
||||
apply Fake_parts_sing_helper (h := h) at h₂
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := h)) at h₁
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := h)) at h₂
|
||||
simp_all; grind
|
||||
| NS1 =>
|
||||
simp [*] at *
|
||||
@@ -102,13 +102,12 @@ theorem unique_NA { h : ns_public evs } :
|
||||
A = A' ∧ B = B'))) := by
|
||||
intro h₁ h₂ h₃
|
||||
induction h with
|
||||
| Nil => simp_all
|
||||
| Nil => simp_all [ initState ]
|
||||
| Fake _ a a_ih =>
|
||||
apply Fake_parts_sing at a;
|
||||
apply analz_spies_mono_neg at h₃;
|
||||
apply mt (h₁ := analz_spies_mono) at h₃;
|
||||
simp [*] at *
|
||||
apply Fake_parts_sing_helper (h := a) at h₁
|
||||
apply Fake_parts_sing_helper (h := a) at h₂
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₁
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₂
|
||||
simp_all
|
||||
| NS1 =>
|
||||
simp [*] at *; expand_parts_element at h₁; expand_parts_element at h₂; grind
|
||||
@@ -160,13 +159,11 @@ theorem A_trusts_NS2 {h : ns_public evs }
|
||||
| Nil => simp_all
|
||||
| Fake _ a =>
|
||||
have snsNA := h₁; apply Spy_not_see_NA at snsNA <;> try assumption
|
||||
apply analz_spies_mono_neg at snsNA
|
||||
apply mt (h₁ := analz_spies_mono) at snsNA;
|
||||
simp [*] at *
|
||||
cases h₁
|
||||
· simp_all
|
||||
· apply Fake_parts_sing at a;
|
||||
apply Fake_parts_sing_helper (h := a) at h₂; simp at h₂
|
||||
grind
|
||||
· apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₂; simp at h₂; grind
|
||||
· aapply ns_public.Fake
|
||||
| NS1 => simp [*] at *; expand_parts_element at h₂; grind
|
||||
| NS2 => simp [*] at *; grind
|
||||
@@ -180,14 +177,13 @@ lemma B_trusts_NS1 { h : ns_public evs} :
|
||||
:= by
|
||||
intro h₁ h₂
|
||||
induction h with
|
||||
| Nil => simp at h₁
|
||||
| Nil => simp [ initState ] at h₁
|
||||
| Fake _ a =>
|
||||
apply analz_spies_mono_neg at h₂
|
||||
simp at h₁; apply Fake_parts_sing at a;
|
||||
apply Fake_parts_sing_helper (h := a) at h₁; simp_all
|
||||
| NS1 => apply analz_spies_mono_neg at h₂; simp_all; grind
|
||||
| NS2 => apply analz_spies_mono_neg at h₂; simp_all;
|
||||
| NS3 => apply analz_spies_mono_neg at h₂; simp_all;
|
||||
apply mt (h₁ := analz_spies_mono) at h₂
|
||||
simp at h₁; apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₁; simp_all
|
||||
| NS1 => apply mt (h₁ := analz_spies_mono) at h₂; simp_all; grind
|
||||
| NS2 => apply mt (h₁ := analz_spies_mono) at h₂; simp_all;
|
||||
| NS3 => apply mt (h₁ := analz_spies_mono) at h₂; simp_all;
|
||||
|
||||
-- Authenticity Properties obtained from `NS2`
|
||||
|
||||
@@ -201,14 +197,15 @@ theorem unique_NB { h : ns_public evs } :
|
||||
-- Proof closely follows that of unique_NA
|
||||
intro h₁ h₂ h₃
|
||||
induction h with
|
||||
| Nil => aesop (add safe analz_insertI)
|
||||
| Nil => simp_all [ initState ]
|
||||
| Fake _ a =>
|
||||
apply Fake_parts_sing at a; simp [*] at *
|
||||
apply Fake_parts_sing_helper (h := a) at h₁;
|
||||
apply Fake_parts_sing_helper (h := a) at h₂; simp [*] at *
|
||||
apply analz_insert_mono_neg at h₃
|
||||
simp [*] at *
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₁;
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₂
|
||||
simp [*] at *
|
||||
apply mt (h₁ := analz_insert_mono) at h₃
|
||||
grind
|
||||
| NS1 => apply analz_spies_mono_neg at h₃; simp_all
|
||||
| NS1 => apply mt (h₁ := analz_spies_mono) at h₃; simp_all
|
||||
| NS2 =>
|
||||
simp [*] at *; expand_parts_element at h₁; expand_parts_element at h₂; grind
|
||||
| NS3 => simp_all; grind
|
||||
@@ -255,8 +252,7 @@ theorem B_trusts_NS3 { h : ns_public evs }
|
||||
| Nil => simp_all
|
||||
| Fake _ a =>
|
||||
simp [*] at *
|
||||
apply Fake_parts_sing at a
|
||||
apply Fake_parts_sing_helper (h := a) at h₂; simp at h₂
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₂; simp at h₂
|
||||
grind
|
||||
| NS1 => simp_all
|
||||
| NS2 => simp [*] at *; expand_parts_element at h₂; grind
|
||||
@@ -277,8 +273,8 @@ theorem B_trusts_protocol { h : ns_public evs }
|
||||
| Nil => simp_all
|
||||
| Fake _ a =>
|
||||
simp [*] at *
|
||||
apply Fake_parts_sing at a
|
||||
apply Fake_parts_sing_helper (h := a) at h₁; expand_parts_element at h₁
|
||||
apply Or.imp_left (f := Fake_parts_sing (h := a)) at h₁
|
||||
expand_parts_element at h₁
|
||||
grind
|
||||
| NS1 => simp_all
|
||||
| NS2 => simp [*] at *; expand_parts_element at h₁; grind
|
||||
|
||||
Reference in New Issue
Block a user