Nuprl Lemma : ses-legal-thread-has*-signature

∀s:SES
  (SecurityAxioms
  ⇒ (∀es:EO+(Info). ∀A:Id. ∀thr:Thread.
        ((Legal(thr)@A ∧ noncelike-signatures(s;es;thr))
        ⇒ (∀sg:E(Sign). ∀e:Act.
              (e ∈ thr
              ⇒ e has* signature(sg)
              ⇒

 (∃e':E. ((e' <loc e) ∧ Action(e') ∧ e' has* signature(sg) ∧ e' ∈ thr)) ∨ (e = sg ∈ E)

                 supposing ∀e':E
                             ((e' < e)
                             ⇒ Action(e')
                             ⇒ e' has* signature(sg)
                             ⇒ ((loc(e') = A ∈ Id) ∧ (¬↑e' ∈_b Send))))))))

Proof

Definitions occuring in Statement : noncelike-signatures: noncelike-signatures(s;es;thr), ses-legal-thread: Legal(thr)@A, ses-thread-member: e ∈ thr, ses-thread: Thread, ses-axioms: SecurityAxioms, event-has*: e has* a, ses-act: Act, ses-action: Action(e), ses-sig: signature(e), ses-sign: Sign, ses-send: Send, ses-info: Info, security-event-structure: SES, es-E-interface: E(X), in-eclass: e ∈_b X, event-ordering+: EO+(Info), es-locl: (e <loc e'), es-causl: (e < e'), es-loc: loc(e), es-E: E, Id: Id, assert: ↑b, uimplies: b supposing a, all: ∀x:A. B[x], exists: ∃x:A. B[x], not: ¬A, implies: P ⇒ Q, or: P ∨ Q, and: P ∧ Q, equal: s = t ∈ T
Definitions unfolded in proof : all: ∀x:A. B[x], implies: P ⇒ Q, ses-act: Act, uall: ∀[x:A]. B[x], member: t ∈ T, sq_stable: SqStable(P), squash: ↓T, and: P ∧ Q, uimplies: b supposing a, not: ¬A, false: False, subtype_rel: A ⊆r B, so_lambda: λ₂x y.t[x; y], so_apply: x[s1;s2], top: Top, prop: ℙ, so_lambda: λ₂x.t[x], so_apply: x[s], strongwellfounded: SWellFounded(R[x; y]), exists: ∃x:A. B[x], guard: {T}, int_seg: {i..j^-}, lelt: i ≤ j < k, satisfiable_int_formula: satisfiable_int_formula(fmla), decidable: Dec(P), or: P ∨ Q, le: A ≤ B, less_than': less_than'(a;b), nat: ℕ, ge: i ≥ j , less_than: a < b, es-E-interface: E(X), infix_ap: x f y, rel_exp: R^n, eq_int: (i =_z j), subtract: n - m, ifthenelse: if b then t else f fi , btrue: tt, ses-axioms: SecurityAxioms, cand: A c∧ B, iff: P ⇐⇒ Q, rev_implies: P ⇐ Q, noncelike-signatures: noncelike-signatures(s;es;thr), ses-R: PropertyR, ses-action: Action(e), ses-used-atoms: UsedAtoms(e), bool: 𝔹, unit: Unit, it: ⋅, uiff: uiff(P;Q), true: True, bfalse: ff, bnot: ¬_bb, sq_type: SQType(T), assert: ↑b, ses-D: PropertyD, ses-info-flow: ->>, event-has*: e has* a, rel_star: R^*, ses-nonce-disjoint: NoncesCiphersAndKeysDisjoint, event-has: (e has a), class-value-has: X(e) has a, ses-sig: signature(e), pi2: snd(t), same-action: same-action(x;y), nat_plus: ℕ⁺

Latex:
\mforall{}s:SES (SecurityAxioms {}\mRightarrow{} (\mforall{}es:EO+(Info). \mforall{}A:Id. \mforall{}thr:Thread. ((Legal(thr)@A \mwedge{} noncelike-signatures(s;es;thr)) {}\mRightarrow{} (\mforall{}sg:E(Sign). \mforall{}e:Act. (e \mmember{} thr {}\mRightarrow{} e has* signature(sg) {}\mRightarrow{} (\mexists{}e':E. ((e' <loc e) \mwedge{} Action(e') \mwedge{} e' has* signature(sg) \mwedge{} e' \mmember{} thr)) \mvee{} (e = sg) supposing \mforall{}e':E ((e' < e) {}\mRightarrow{} Action(e') {}\mRightarrow{} e' has* signature(sg) {}\mRightarrow{} ((loc(e') = A) \mwedge{} (\mneg{}\muparrow{}e' \mmember{}\msubb{} Send)))))))) Date html generated: 2016_05_17-PM-00_36_34 Last ObjectModification: 2016_01_18-AM-07_52_29 Theory : event-logic-applications Home Index