Proof of Nuprl Lemma : ses-legal-thread-has*-signature

Step * 1 2 1 1 2 1 1 of Lemma ses-legal-thread-has*-signature

1. s : SES@i'
2. SecurityAxioms@i'
3. es : EO+(Info)@i'
4. A : Id@i
5. thr : Thread@i
6. Legal(thr)@A@i
7. noncelike-signatures(s;es;thr)@i
8. sg : E(Sign)@i
9. a : E@i
10. Action(a)
11. a ∈ thr@i
12. a has* signature(sg)@i
13. ∀e':E. ((e' < a) ⇒ Action(e') ⇒ e' has* signature(sg) ⇒ ((loc(e') = A ∈ Id) ∧ (¬↑e' ∈_b Send)))
14. e : E@i
15. ∀e1:E
      ((e1 < e)
      ⇒ Action(e1)
      ⇒ e1 ∈ thr
      ⇒ e1 ≤loc a
      ⇒ (∀m:ℕ. ∀e':E.
            ((e' ->>^m e1)
            ⇒ (e' has signature(sg))
            ⇒

 ((∃e':E. ((e' <loc e1) ∧ Action(e') ∧ e' has* signature(sg) ∧ e' ∈ thr)) ∨ (e1 = sg ∈ E)))))

16. Action(e)@i
17. e ∈ thr@i
18. e ≤loc a @i
19. m : ℤ@i
20. 0 < m@i
21. ∀e':E
      ((e' ->>^m - 1 e)
      ⇒ (e' has signature(sg))
      ⇒

 ((∃e':E. ((e' <loc e) ∧ Action(e') ∧ e' has* signature(sg) ∧ e' ∈ thr)) ∨ (e = sg ∈ E)))@i

22. e' : E@i
23. z : E
24. 0 < m
25. e' ->>^m - 1 z
26. ↑z ∈_b Encrypt
27. (e has cipherText(z))
28. (e' has signature(sg))@i
29. z has* signature(sg)
30. ↑e ∈_b Rcv
31. (cipherText(z) ∈ sdata-atoms(Rcv(e)))
32. ∀es:EO+(Info). ∀e:E(Rcv).  ∃e':E(Send). ((e' < e) ∧ (Rcv(e) = Send(e') ∈ SecurityData))
33. e1 : E(Send)
34. (e1 < e)
35. Rcv(e) = Send(e1) ∈ SecurityData
⊢ False
BY
{ (D -3
   THEN OnMaybeHyp 12 (\h. (InstHyp [⌈e1⌉] h⋅
                            THEN Auto
                            THEN Try ((Unfold `ses-action` 0 THEN Auto))
                            THEN (BLemma `event-has*-iff` THENM OrRight)
                            THEN Auto
                            THEN With ⌈z⌉ (D 0)⋅
                            THEN Auto))
   )⋅ }

1
1. s : SES@i'
2. SecurityAxioms@i'
3. es : EO+(Info)@i'
4. A : Id@i
5. thr : Thread@i
6. Legal(thr)@A@i
7. noncelike-signatures(s;es;thr)@i
8. sg : E(Sign)@i
9. a : E@i
10. Action(a)
11. a ∈ thr@i
12. a has* signature(sg)@i
13. ∀e':E. ((e' < a) ⇒ Action(e') ⇒ e' has* signature(sg) ⇒ ((loc(e') = A ∈ Id) ∧ (¬↑e' ∈_b Send)))
14. e : E@i
15. ∀e1:E
      ((e1 < e)
      ⇒ Action(e1)
      ⇒ e1 ∈ thr
      ⇒ e1 ≤loc a
      ⇒ (∀m:ℕ. ∀e':E.
            ((e' ->>^m e1)
            ⇒ (e' has signature(sg))
            ⇒

 ((∃e':E. ((e' <loc e1) ∧ Action(e') ∧ e' has* signature(sg) ∧ e' ∈ thr)) ∨ (e1 = sg ∈ E)))))

16. Action(e)@i
17. e ∈ thr@i
18. e ≤loc a @i
19. m : ℤ@i
20. 0 < m@i
21. ∀e':E
      ((e' ->>^m - 1 e)
      ⇒ (e' has signature(sg))
      ⇒

 ((∃e':E. ((e' <loc e) ∧ Action(e') ∧ e' has* signature(sg) ∧ e' ∈ thr)) ∨ (e = sg ∈ E)))@i

Latex:

Latex:
1. s : SES@i' 2. SecurityAxioms@i' 3. es : EO+(Info)@i' 4. A : Id@i 5. thr : Thread@i 6. Legal(thr)@A@i 7. noncelike-signatures(s;es;thr)@i 8. sg : E(Sign)@i 9. a : E@i 10. Action(a) 11. a \mmember{} thr@i 12. a has* signature(sg)@i 13. \mforall{}e':E. ((e' < a) {}\mRightarrow{} Action(e') {}\mRightarrow{} e' has* signature(sg) {}\mRightarrow{} ((loc(e') = A) \mwedge{} (\mneg{}\muparrow{}e' \mmember{}\msubb{} Send))) 14. e : E@i 15. \mforall{}e1:E ((e1 < e) {}\mRightarrow{} Action(e1) {}\mRightarrow{} e1 \mmember{} thr {}\mRightarrow{} e1 \mleq{}loc a {}\mRightarrow{} (\mforall{}m:\mBbbN{}. \mforall{}e':E. ((e' rel\_exp(E; ->> m) e1) {}\mRightarrow{} (e' has signature(sg)) {}\mRightarrow{} ((\mexists{}e':E. ((e' <loc e1) \mwedge{} Action(e') \mwedge{} e' has* signature(sg) \mwedge{} e' \mmember{} thr)) \mvee{} (e1 = sg))))) 16. Action(e)@i 17. e \mmember{} thr@i 18. e \mleq{}loc a @i 19. m : \mBbbZ{}@i 20. 0 < m@i 21. \mforall{}e':E ((e' rel\_exp(E; ->> m - 1) e) {}\mRightarrow{} (e' has signature(sg)) {}\mRightarrow{} ((\mexists{}e':E. ((e' <loc e) \mwedge{} Action(e') \mwedge{} e' has* signature(sg) \mwedge{} e' \mmember{} thr)) \mvee{} (e = sg)))@i 22. e' : E@i 23. z : E 24. 0 < m 25. e' rel\_exp(E; ->> m - 1) z 26. \muparrow{}z \mmember{}\msubb{} Encrypt 27. (e has cipherText(z)) 28. (e' has signature(sg))@i 29. z has* signature(sg) 30. \muparrow{}e \mmember{}\msubb{} Rcv 31. (cipherText(z) \mmember{} sdata-atoms(Rcv(e))) 32. \mforall{}es:EO+(Info). \mforall{}e:E(Rcv). \mexists{}e':E(Send). ((e' < e) \mwedge{} (Rcv(e) = Send(e'))) 33. e1 : E(Send) 34. (e1 < e) 35. Rcv(e) = Send(e1) \mvdash{} False By Latex: (D -3 THEN OnMaybeHyp 12 (\mbackslash{}h. (InstHyp [\mkleeneopen{}e1\mkleeneclose{}] h\mcdot{} THEN Auto THEN Try ((Unfold `ses-action` 0 THEN Auto)) THEN (BLemma `event-has*-iff` THENM OrRight) THEN Auto THEN With \mkleeneopen{}z\mkleeneclose{} (D 0)\mcdot{} THEN Auto)) )\mcdot{} Home Index