Proof of Nuprl Lemma : cabal-theorem

Step * 1 1 of Lemma cabal-theorem

.....assertion.....
1. s : SES@i'
2. A : SecurityAxioms@i'
3. s2 : Top@i'
4. es : EO+(Info)@i'
5. C : Id List@i
6. (∀A@0∈C.Honest(A@0))
7. ns : Atom1 List@i
8. (∀a∈ns.(∃i∈C. ∃e:E
((loc(e) = i ∈ Id)
∧ (((↑e ∈_b New) ∧ (a = New(e) ∈ Atom1))

                    ∨ ((↑e ∈_b Encrypt) ∧ (a = cipherText(e) ∈ Atom1) ∧ (∃b∈ns. (¬(b = a ∈ Atom1)) ∧ (e has b))))))

   THEN (BLemma `ses-flow-induction` THEN Auto THEN RecUnfold `ses-flow` (-4) THEN SplitOrHyps THEN ExRepD)⋅

   ) }

1
1. s : SES@i'
2. A : SecurityAxioms@i'
3. s2 : Top@i'
4. es : EO+(Info)@i'
5. C : Id List@i
6. (∀A@0∈C.Honest(A@0))
7. ns : Atom1 List@i
8. ∀a:Atom1
     ((a ∈ ns)
     ⇒ ((∃i∈C. ∃e:E
                 ((loc(e) = i ∈ Id)
                 ∧ (((↑e ∈_b New) ∧ (a = New(e) ∈ Atom1))

                   ∨ ((↑e ∈_b Encrypt) ∧ (a = cipherText(e) ∈ Atom1) ∧ (∃b∈ns. (¬(b = a ∈ Atom1)) ∧ (e has b))))))

        ∧ (∀e:E(Send). ((loc(e) ∈ C) ⇒ (¬(e has a))))
        ∧ (∀e:E(Encrypt)
             ((loc(e) ∈ C)
             ⇒ (e has a)
             ⇒ ((∃A∈C. key(e) = PublicKey(A) ∈ Key)
                ∨ (∃k∈ns. key(e) = symmetric-key(k) ∈ Key)
                ∨ (cipherText(e) ∈ ns))))))
9. PropertyF
10. e : E@i
11. ∀e1:E. ((e1 < e) ⇒ (∃a∈ns. (e1 has a)) ⇒ (loc(e1) ∈ C))
12. a : Atom1
13. (a ∈ ns)
14. (e has a)
15. x : E@i
16. y : E@i
17. ∀x1,y1:E.
      (x c≤ x1
      ⇒ x1 c≤ y1
      ⇒ y1 c≤ y
      ⇒ ((x < x1) ∨ (y1 < y))
      ⇒ (∀a:Atom1. (ses-flow(s;es;a;x1;y1) ⇒ y1 c≤ e ⇒ (a ∈ ns) ⇒ (loc(x1) ∈ C) ⇒ (loc(y1) ∈ C))))@i
18. a1 : Atom1@i
19. (x has a1)@i
20. (y has a1)@i
21. x ≤loc y @i
22. y c≤ e@i
23. (a1 ∈ ns)@i
24. (loc(x) ∈ C)@i
⊢ (loc(y) ∈ C)

2
1. s : SES@i'
2. A : SecurityAxioms@i'
3. s2 : Top@i'
4. es : EO+(Info)@i'
5. C : Id List@i
6. (∀A@0∈C.Honest(A@0))
7. ns : Atom1 List@i
8. ∀a:Atom1
     ((a ∈ ns)
     ⇒ ((∃i∈C. ∃e:E
                 ((loc(e) = i ∈ Id)
                 ∧ (((↑e ∈_b New) ∧ (a = New(e) ∈ Atom1))

                   ∨ ((↑e ∈_b Encrypt) ∧ (a = cipherText(e) ∈ Atom1) ∧ (∃b∈ns. (¬(b = a ∈ Atom1)) ∧ (e has b))))))

        ∧ (∀e:E(Send). ((loc(e) ∈ C) ⇒ (¬(e has a))))
        ∧ (∀e:E(Encrypt)
             ((loc(e) ∈ C)
             ⇒ (e has a)
             ⇒ ((∃A∈C. key(e) = PublicKey(A) ∈ Key)
                ∨ (∃k∈ns. key(e) = symmetric-key(k) ∈ Key)
                ∨ (cipherText(e) ∈ ns))))))
9. PropertyF
10. e : E@i
11. ∀e1:E. ((e1 < e) ⇒ (∃a∈ns. (e1 has a)) ⇒ (loc(e1) ∈ C))
12. a : Atom1
13. (a ∈ ns)
14. (e has a)
15. x : E@i
16. y : E@i
17. ∀x1,y1:E.
      (x c≤ x1
      ⇒ x1 c≤ y1
      ⇒ y1 c≤ y
      ⇒ ((x < x1) ∨ (y1 < y))
      ⇒ (∀a:Atom1. (ses-flow(s;es;a;x1;y1) ⇒ y1 c≤ e ⇒ (a ∈ ns) ⇒ (loc(x1) ∈ C) ⇒ (loc(y1) ∈ C))))@i
18. a1 : Atom1@i
19. snd : E(Send)@i
20. rcv : E(Rcv)@i
21. x c≤ snd@i
22. rcv c≤ y@i
23. (snd < rcv)@i
24. Send(snd) = Rcv(rcv) ∈ SecurityData@i
25. ses-flow(s;es;a1;x;snd)@i
26. ses-flow(s;es;a1;rcv;y)@i
27. y c≤ e@i
28. (a1 ∈ ns)@i
29. (loc(x) ∈ C)@i
⊢ (loc(y) ∈ C)

3
1. s : SES@i'
2. A : SecurityAxioms@i'
3. s2 : Top@i'
4. es : EO+(Info)@i'
5. C : Id List@i
6. (∀A@0∈C.Honest(A@0))
7. ns : Atom1 List@i
8. ∀a:Atom1
     ((a ∈ ns)
     ⇒ ((∃i∈C. ∃e:E
                 ((loc(e) = i ∈ Id)
                 ∧ (((↑e ∈_b New) ∧ (a = New(e) ∈ Atom1))

                   ∨ ((↑e ∈_b Encrypt) ∧ (a = cipherText(e) ∈ Atom1) ∧ (∃b∈ns. (¬(b = a ∈ Atom1)) ∧ (e has b))))))

        ∧ (∀e:E(Send). ((loc(e) ∈ C) ⇒ (¬(e has a))))
        ∧ (∀e:E(Encrypt)
             ((loc(e) ∈ C)
             ⇒ (e has a)
             ⇒ ((∃A∈C. key(e) = PublicKey(A) ∈ Key)
                ∨ (∃k∈ns. key(e) = symmetric-key(k) ∈ Key)
                ∨ (cipherText(e) ∈ ns))))))
9. PropertyF
10. e : E@i
11. ∀e1:E. ((e1 < e) ⇒ (∃a∈ns. (e1 has a)) ⇒ (loc(e1) ∈ C))
12. a : Atom1
13. (a ∈ ns)
14. (e has a)
15. x : E@i
16. y : E@i
17. ∀x1,y1:E.
      (x c≤ x1
      ⇒ x1 c≤ y1
      ⇒ y1 c≤ y
      ⇒ ((x < x1) ∨ (y1 < y))
      ⇒ (∀a:Atom1. (ses-flow(s;es;a;x1;y1) ⇒ y1 c≤ e ⇒ (a ∈ ns) ⇒ (loc(x1) ∈ C) ⇒ (loc(y1) ∈ C))))@i
18. a1 : Atom1@i
19. encr : E(Encrypt)@i
20. decr : E(Decrypt)@i
21. (x <loc encr)@i
22. decr c≤ y@i
23. (encr < decr)@i
24. plainText(decr) = plainText(encr) ∈ SecurityData@i
25. cipherText(decr) = cipherText(encr) ∈ Atom1@i
26. MatchingKeys(key(decr);key(encr))@i
27. ¬(key(decr) = symmetric-key(a1) ∈ Key)@i
28. ses-flow(s;es;a1;x;encr)@i
29. ses-flow(s;es;cipherText(encr);encr;decr)@i
30. ses-flow(s;es;a1;decr;y)@i
31. y c≤ e@i
32. (a1 ∈ ns)@i
33. (loc(x) ∈ C)@i
⊢ (loc(y) ∈ C)

Latex:

Latex:
.....assertion..... 1. s : SES@i' 2. A : SecurityAxioms@i' 3. s2 : Top@i' 4. es : EO+(Info)@i' 5. C : Id List@i 6. (\mforall{}A@0\mmember{}C.Honest(A@0)) 7. ns : Atom1 List@i 8. (\mforall{}a\mmember{}ns.(\mexists{}i\mmember{}C. \mexists{}e:E ((loc(e) = i) \mwedge{} (((\muparrow{}e \mmember{}\msubb{} New) \mwedge{} (a = New(e))) \mvee{} ((\muparrow{}e \mmember{}\msubb{} Encrypt) \mwedge{} (a = cipherText(e)) \mwedge{} (\mexists{}b\mmember{}ns. (\mneg{}(b = a)) \mwedge{} (e has b)))))) \mwedge{} (\mforall{}e:E(Send). ((loc(e) \mmember{} C) {}\mRightarrow{} (\mneg{}(e has a)))) \mwedge{} (\mforall{}e:E(Encrypt) ((loc(e) \mmember{} C) {}\mRightarrow{} (e has a) {}\mRightarrow{} ((\mexists{}A\mmember{}C. key(e) = PublicKey(A)) \mvee{} (\mexists{}k\mmember{}ns. key(e) = symmetric-key(k)) \mvee{} (cipherText(e) \mmember{} ns)))))@i 9. PropertyF 10. e : E@i 11. \mforall{}e1:E. ((e1 < e) {}\mRightarrow{} (\mexists{}a\mmember{}ns. (e1 has a)) {}\mRightarrow{} (loc(e1) \mmember{} C)) 12. a : Atom1 13. (a \mmember{} ns) 14. (e has a) \mvdash{} \mforall{}x,y:E. \mforall{}a:Atom1. (ses-flow(s;es;a;x;y) {}\mRightarrow{} y c\mleq{} e {}\mRightarrow{} (a \mmember{} ns) {}\mRightarrow{} (loc(x) \mmember{} C) {}\mRightarrow{} (loc(y) \mmember{} C)) By Latex: ((RWO "l\_all\_iff" 8 THENA Auto) THEN (BLemma `ses-flow-induction` THEN Auto THEN RecUnfold `ses-flow` (-4) THEN SplitOrHyps THEN ExRepD)\mcdot{} ) Home Index