Nuprl Lemma : nonce-release-lemma2

{

[s:SecurityTheory].

[bss:Basic1 List].

[A:Id]
(

[es:EO+(Info)].

[thr:Thread].
(

[i:

||thr||].

[j:

i].
(

(New(thr[j]) released before thr[i])) supposing
((

k:{j + 1..i

}. (

thr[k]

Send)) and
(

thr[j]

New))) supposing
            (loc(thr)= A and
            (thr is one of bss at A))) supposing
         ((Protocol1(bss) A) and
         Honest(A))
    supposing Legal(bss) }

{ Proof }

Definitions occuring in Statement : ses-protocol1-legal: Legal(bss), ses-protocol1: Protocol1(bss), ses-protocol1-thread: (thr is one of bss at A), ses-basic-sequence1: Basic1, ses-thread-loc: loc(thr)= A, ses-thread: Thread, sth-es: sth-es(s), security-theory: SecurityTheory, release-before: (a released before e), ses-honest: Honest(A), ses-send: Send, ses-new: New, ses-info: Info, eclass-val: X(e), in-eclass: e

X, event-ordering+: EO+(Info), Id: Id, select: l[i], length: ||as||, assert:

b, int_seg: {i..j

}, uimplies: b supposing a, uall:

[x:A]. B[x], all:

x:A. B[x], not:

A, apply: f a, list: type List, add: n + m, natural_number: $n
Definitions : rec: rec(x.A[x]), tree: Tree(E), sdata: SecurityData, ses-action: Action(e), atom: Atom, es-base-E: es-base-E(es), token: "$token", record-select: r.x, es-E-interface: E(X), l_exists: (

x

L. P[x]), pair: <a, b>, es-locl: (e <loc e'), subtract: n - m, ses-send: Send, add: n + m, eclass-val: X(e), lambda:

x.A[x], release-before: (a released before e), void: Void, false: False, lelt: i

j < k, event_ordering: EO, es-E: E, select: l[i], so_lambda:

x y.t[x; y], ses-new: New, in-eclass: e

X, rationals:

, ses-act: Act, eclass: EClass(A[eo; e]), fpf: a:A fp-> B[a], strong-subtype: strong-subtype(A;B), eq_atom: x =a y, eq_atom: eq_atom$n(x;y), pi1: fst(t), l_member: (x

l), l_all: (

x

L.P[x]), l_contains: A

B, ses-legal-thread: Legal(thr)@A, exists:

x:A. B[x], dep-isect: Error :dep-isect, record+: record+, decide: case b of inl(x) => s[x] | inr(y) => t[y], ifthenelse: if b then t else f fi , assert:

b, atom: Atom$n, implies: P

Q, le: A

B, ge: i

j , not:

A, less_than: a < b, product: x:A

B[x], and: P

Q, uiff: uiff(P;Q), subtype_rel: A

r B, top: Top, set: {x:A| B[x]} , real:

, grp_car: |g|, subtype: S

T, int:

, nat:

, length: ||as||, natural_number: $n, int_seg: {i..j

}, ses-thread-loc: loc(thr)= A, ses-protocol1-thread: (thr is one of bss at A), ses-thread: Thread, ses-info: Info, event-ordering+: EO+(Info), ses-protocol1: Protocol1(bss), apply: f a, ses-honest: Honest(A), Id: Id, ses-protocol1-legal: Legal(bss), uimplies: b supposing a, security-theory: SecurityTheory, list: type List, ses-basic-sequence1: Basic1, all:

x:A. B[x], function: x:A

B[x], prop:

, universe: Type, sth-es: sth-es(s), uall:

[x:A]. B[x], isect:

x:A. B[x], equal: s = t, member: t

T, MaAuto: Error :MaAuto, CollapseTHENA: Error :CollapseTHENA, RepeatFor: Error :RepeatFor, CollapseTHEN: Error :CollapseTHEN, tactic: Error :tactic, security-event-structure: SES, ses-axioms: SecurityAxioms, Auto: Error :Auto, BHyp: Error :BHyp, THENM: Error :THENM, D: Error :D
Lemmas : nonce-release-lemma, in-eclass_wf, ses-info_wf, sth-es_wf, ses-new_wf, assert_wf, int_seg_wf, ses-act_wf, length_wf1, subtype_rel_wf, ses-thread_wf, top_wf, member_wf, nat_wf, length_wf_nat, ses-thread-loc_wf, ses-protocol1-thread_wf, event-ordering+_wf, ses-protocol1_wf, ses-honest_wf, Id_wf, ses-protocol1-legal_wf, ses-basic-sequence1_wf, security-theory_wf, eclass_wf, es-E_wf, select_wf, event-ordering+_inc, es-interface-top, release-before_wf, not_wf, eclass-val_wf, es-base-E_wf, subtype_rel_self, int_seg_properties, ses-send_wf, sdata_wf, es-interface-subtype_rel2

\mforall{}[s:SecurityTheory]. \mforall{}[bss:Basic1 List]. \mforall{}[A:Id] (\mforall{}[es:EO+(Info)]. \mforall{}[thr:Thread]. (\mforall{}[i:\mBbbN{}||thr||]. \mforall{}[j:\mBbbN{}i]. (\mneg{}(New(thr[j]) released before thr[i])) supposing ((\mforall{}k:\{j + 1..i\msupminus{}\}. (\mneg{}\muparrow{}thr[k] \mmember{}\msubb{} Send)) and (\muparrow{}thr[j] \mmember{}\msubb{} New))) supposing (loc(thr)= A and (thr is one of bss at A))) supposing ((Protocol1(bss) A) and Honest(A)) supposing Legal(bss) Date html generated: 2011_08_17-PM-07_46_24 Last ObjectModification: 2011_06_18-PM-01_41_29 Home Index