{ [s:SES]
    [es:EO+(Info)]. [a,b:E(Encrypt)].
      Encrypt(a) = Encrypt(b) supposing cipherText(a) = cipherText(b) 
    supposing PropertyO }

{ Proof }


Definitions occuring in Statement :  ses-ordering: PropertyO ses-crypt: cipherText(e) ses-encrypt: Encrypt ses-info: Info security-event-structure: SES encryption-key: Key sdata: SecurityData es-E-interface: E(X) eclass-val: X(e) event-ordering+: EO+(Info) uimplies: b supposing a uall: [x:A]. B[x] product: x:A  B[x] equal: s = t atom: Atom$n
Definitions :  tactic: Error :tactic,  isect: x:A. B[x] uall: [x:A]. B[x] equal: s = t member: t  T function: x:A  B[x] all: x:A. B[x] ses-ordering: PropertyO security-event-structure: SES product: x:A  B[x] prop: uimplies: b supposing a event-ordering+: EO+(Info) ses-info: Info and: P  Q implies: P  Q or: P  Q union: left + right exists: x:A. B[x] es-le: e loc e'  es-locl: (e <loc e') es-causl: (e < e') event-has*: e has* a infix_ap: x f y record-select: r.x es-E-interface: E(X) ses-encrypt: Encrypt top: Top record+: record+ eq_atom: eq_atom$n(x;y) eq_atom: x =a y dep-isect: Error :dep-isect,  eclass: EClass(A[eo; e]) sdata: SecurityData encryption-key: Key atom: Atom$n so_lambda: x y.t[x; y] subtype_rel: A r B es-E: E event_ordering: EO lambda: x.A[x] ifthenelse: if b then t else f fi  token: "$token" apply: f a atom: Atom universe: Type subtype: S  T void: Void assert: b set: {x:A| B[x]}  decide: case b of inl(x) =s[x] | inr(y) =t[y] limited-type: LimitedType ses-crypt: cipherText(e) eclass-val: X(e) axiom: Ax uiff: uiff(P;Q) less_than: a < b not: A ge: i  j  le: A  B strong-subtype: strong-subtype(A;B) fpf: a:A fp-B[a] pair: <a, b> bool: RepeatFor: Error :RepeatFor,  D: Error :D,  Auto: Error :Auto,  CollapseTHEN: Error :CollapseTHEN,  ExRepD: Error :ExRepD,  CollapseTHENA: Error :CollapseTHENA,  MaAuto: Error :MaAuto,  strongwellfounded: SWellFounded(R[x; y]) guard: {T} nat: add: n + m int: rationals: real: false: False natural_number: $n grp_car: |g| subtract: n - m minus: -n l_member: (x  l) list: type List Knd: Knd locl: locl(a) append: as @ bs so_apply: x[s] Id: Id IdLnk: IdLnk record: record(x.T[x]) event-has: (e has a) ses-send: Send ses-sign: Sign ses-sig: signature(e) ses-new: New rel_star: R^* class-value-has: X(e) has a ses-rcv: Rcv ses-decrypt: Decrypt ses-verify: Verify RepUR: Error :RepUR,  free-from-atom: x:T||a in-eclass: e  X true: True sq_type: SQType(T) btrue: tt cand: A c B iff: P  Q rev_implies: P  Q tree: Tree(E) rec: rec(x.A[x]) Subst': Error :Subst',  sqequal: s ~ t ses-encrypted: plainText(e) ses-encryption-key: key(e) es-causle: e c e' causal-predecessor: causal-predecessor(es;p) es-p-locl: e pe' es-p-le: e p e' so_lambda: x.t[x] squash: T so_apply: x[s1;s2] can-apply: can-apply(f;x) isl: isl(x)
Lemmas :  atom1_subtype_base union_subtype_base atom2_subtype_base product_subtype_base sdata_subtype_base set_subtype_base squash_wf es-causle_weakening es-causl_transitivity2 es-causl_weakening es-causle_wf es-causle_weakening_locl atom1_sq atom_sq ses-encryption-key_wf free-from-atom-pair-iff iff_weakening_uiff ses-encrypted_wf free-from-atom_wf1 assert_wf ifthenelse_wf true_wf subtype_base_sq bool_subtype_base bool_wf assert_elim in-eclass_wf ses-new_wf ses-verify_wf Id_wf ses-sign_wf ses-decrypt_wf ses-rcv_wf class-value-has_wf ses-send_wf event-has_wf uiff_inversion es-causl_wf false_wf not_wf le_wf nat_ind_tp nat_wf guard_wf es-causl-swellfnd nat_properties ge_wf eclass-val_wf ses-crypt_wf security-event-structure_wf ses-ordering_wf es-E-interface_wf eclass_wf member_wf es-interface-top es-interface-subtype_rel2 ses-encrypt_wf subtype_rel_self event-ordering+_inc event-ordering+_wf subtype_rel_wf sdata_wf encryption-key_wf top_wf es-E_wf ses-info_wf
\mforall{}[s:SES]
    \mforall{}[es:EO+(Info)].  \mforall{}[a,b:E(Encrypt)].
        Encrypt(a)  =  Encrypt(b)  supposing  cipherText(a)  =  cipherText(b) 
    supposing  PropertyO


Date html generated: 2011_08_17-PM-07_24_03
Last ObjectModification: 2011_06_18-PM-01_17_32

Home Index