{ [s:SES]
    [es:EO+(Info)]. [a,b:E(Sign)].
      Sign(a) = Sign(b) supposing signature(a) = signature(b) 
    supposing PropertyO }

{ Proof }


Definitions occuring in Statement :  ses-ordering: PropertyO ses-sig: signature(e) ses-sign: Sign ses-info: Info security-event-structure: SES sdata: SecurityData es-E-interface: E(X) eclass-val: X(e) event-ordering+: EO+(Info) Id: Id uimplies: b supposing a uall: [x:A]. B[x] product: x:A  B[x] equal: s = t atom: Atom$n
Definitions :  tactic: Error :tactic,  isect: x:A. B[x] uall: [x:A]. B[x] equal: s = t member: t  T function: x:A  B[x] all: x:A. B[x] ses-ordering: PropertyO security-event-structure: SES product: x:A  B[x] prop: uimplies: b supposing a event-ordering+: EO+(Info) ses-info: Info and: P  Q implies: P  Q or: P  Q union: left + right exists: x:A. B[x] es-le: e loc e'  es-locl: (e <loc e') es-causl: (e < e') event-has*: e has* a infix_ap: x f y record-select: r.x es-E-interface: E(X) ses-sign: Sign top: Top record+: record+ eq_atom: eq_atom$n(x;y) eq_atom: x =a y dep-isect: Error :dep-isect,  eclass: EClass(A[eo; e]) sdata: SecurityData Id: Id atom: Atom$n so_lambda: x y.t[x; y] subtype_rel: A r B es-E: E event_ordering: EO lambda: x.A[x] ifthenelse: if b then t else f fi  token: "$token" apply: f a atom: Atom universe: Type subtype: S  T void: Void assert: b set: {x:A| B[x]}  decide: case b of inl(x) =s[x] | inr(y) =t[y] limited-type: LimitedType ses-sig: signature(e) eclass-val: X(e) axiom: Ax uiff: uiff(P;Q) less_than: a < b not: A ge: i  j  le: A  B strong-subtype: strong-subtype(A;B) fpf: a:A fp-B[a] pair: <a, b> bool: RepeatFor: Error :RepeatFor,  CollapseTHENA: Error :CollapseTHENA,  D: Error :D,  Auto: Error :Auto,  CollapseTHEN: Error :CollapseTHEN,  MaAuto: Error :MaAuto,  strongwellfounded: SWellFounded(R[x; y]) guard: {T} nat: add: n + m int: rationals: real: false: False natural_number: $n grp_car: |g| subtract: n - m minus: -n l_member: (x  l) list: type List Knd: Knd locl: locl(a) append: as @ bs so_apply: x[s] IdLnk: IdLnk record: record(x.T[x]) ExRepD: Error :ExRepD,  ses-encrypt: Encrypt event-has: (e has a) ses-crypt: cipherText(e) encryption-key: Key ses-send: Send ses-new: New rel_star: R^* class-value-has: X(e) has a ses-rcv: Rcv ses-decrypt: Decrypt ses-verify: Verify RepUR: Error :RepUR,  free-from-atom: x:T||a in-eclass: e  X true: True sq_type: SQType(T) btrue: tt cand: A c B iff: P  Q rev_implies: P  Q tree: Tree(E) rec: rec(x.A[x]) Subst': Error :Subst',  sqequal: s ~ t ses-signed: signed(e) ses-signer: signer(e) AssertBY: Error :AssertBY,  es-causle: e c e' causal-predecessor: causal-predecessor(es;p) es-p-locl: e pe' es-p-le: e p e' so_lambda: x.t[x] squash: T so_apply: x[s1;s2] can-apply: can-apply(f;x) isl: isl(x)
Lemmas :  atom1_subtype_base atom2_subtype_base product_subtype_base sdata_subtype_base set_subtype_base squash_wf es-causle_weakening es-causl_transitivity2 es-causl_weakening es-causle_wf es-causle_weakening_locl atom1_sq atom_sq ses-signer_wf free-from-atom-pair-iff iff_weakening_uiff ses-signed_wf free-from-atom_wf1 assert_wf ifthenelse_wf true_wf subtype_base_sq bool_subtype_base bool_wf assert_elim in-eclass_wf ses-send_wf ses-decrypt_wf ses-verify_wf event-has_wf ses-new_wf ses-rcv_wf class-value-has_wf ses-encrypt_wf encryption-key_wf uiff_inversion es-causl_wf false_wf not_wf le_wf nat_ind_tp nat_wf guard_wf es-causl-swellfnd nat_properties ge_wf eclass-val_wf ses-sig_wf security-event-structure_wf ses-ordering_wf es-E-interface_wf eclass_wf member_wf es-interface-top es-interface-subtype_rel2 ses-sign_wf subtype_rel_self event-ordering+_inc event-ordering+_wf subtype_rel_wf sdata_wf Id_wf top_wf es-E_wf ses-info_wf
\mforall{}[s:SES]
    \mforall{}[es:EO+(Info)].  \mforall{}[a,b:E(Sign)].    Sign(a)  =  Sign(b)  supposing  signature(a)  =  signature(b) 
    supposing  PropertyO


Date html generated: 2011_08_17-PM-07_23_22
Last ObjectModification: 2011_06_18-PM-01_16_55

Home Index