{ 
s:SecurityTheory. bss:Basic1 List.
((Legal(bss) 
FreshSignatures(bss))
(A:Id
(Protocol1(bss) A)
...
supposing Honest(A))) }
{ Proof }
Definitions occuring in Statement :
sig-release-thread: sig-release-thread(s;es;A;thr),
fresh-sig-protocol1: FreshSignatures(bss),
ses-protocol1-legal: Legal(bss),
ses-protocol1: Protocol1(bss),
ses-protocol1-thread: (thr is one of bss at A),
ses-basic-sequence1: Basic1,
ses-thread-loc: loc(thr)= A,
ses-thread: Thread,
sth-es: sth-es(s),
security-theory: SecurityTheory,
ses-honest: Honest(A),
ses-info: Info,
event-ordering+: EO+(Info),
Id: Id,
uimplies: b supposing a,
all: x:A. B[x],
implies: P Q,
and: P Q,
apply: f a,
list: type List
Definitions :
es-interface-at: X@i,
intensional-universe: IType,
ses-verify: Verify,
ses-rcv: Rcv,
isl: isl(x),
can-apply: can-apply(f;x),
eclass-val: X(e),
es-p-le: e p
e',
es-causle: e c e',
es-p-locl: e p< e',
causal-predecessor: causal-predecessor(es;p),
class-value-has: X(e) has a,
bool: 
,
atom_eq: atomeqn def,
sq_type: SQType(T),
sqequal: s ~ t,
so_apply: x[s],
guard: {T},
limited-type: LimitedType,
fpf: a:A fp-> B[a],
record: record(x.T[x]),
rec: rec(x.A[x]),
tree: Tree(E),
ses-action: Action(e),
atom: Atom,
es-base-E: es-base-E(es),
token: "$token",
record-select: r.x,
lelt: i j < k,
so_lambda: 
x y.t[x; y],
eclass: EClass(A[eo; e]),
ses-fresh-thread: ses-fresh-thread(s;es;f;A;thr),
noncelike-signatures: noncelike-signatures(s;es;thr),
dep-isect: Error :dep-isect,
eq_atom: x =a y,
eq_atom: eq_atom$n(x;y),
record+: record+,
l_exists: (
x
L. P[x]),
pair: <a, b>,
subtract: n - m,
cand: A c B,
real: 
,
rationals: 
,
subtype: S 
T,
set: {x:A| B[x]} ,
axiom: Ax,
ses-thread-member: e thr,
ses-act: Act,
lambda: x.A[x],
infix_ap: x f y,
release-before: (a released before e),
ses-sig: signature(e),
es-loc: loc(e),
add: n + m,
select: l[i],
in-eclass: e 
X,
length: ||as||,
natural_number: $n,
ses-decrypt: Decrypt,
strong-subtype: strong-subtype(A;B),
l_member: (x l),
l_all: (xL.P[x]),
l_contains: A B,
ses-legal-thread: Legal(thr)@A,
rev_implies: P 
Q,
iff: P Q,
decide: case b of inl(x) => s[x] | inr(y) => t[y],
ifthenelse: if b then t else f fi ,
pi1: fst(t),
ses-key-rel: MatchingKeys(k1;k2),
ycomb: Y,
ses-flow: ses-flow(s;es;a;e1;e2),
void: Void,
false: False,
ses-new: New,
ses-sign: Sign,
ses-encrypt: Encrypt,
encryption-key: Key,
atom: Atom$n,
sdata: SecurityData,
ses-send: Send,
es-E-interface: E(X),
es-locl: (e <loc e'),
event-has*: e has* a,
es-le: e loc e' ,
union: left + right,
or: P 
Q,
ses-ordering: PropertyO,
sym: Sym(T;x,y.E[x; y]),
ses-K: PropertyK,
ses-S: PropertyS,
ses-D: PropertyD,
ses-R: PropertyR,
ses-V: PropertyV,
ses-flow-axiom: PropertyF,
ses-nonce-disjoint: NoncesCiphersAndKeysDisjoint,
le: A B,
ge: i 
j ,
less_than: a < b,
uiff: uiff(P;Q),
subtype_rel: A r B,
int: 
,
exists: x:A. B[x],
ses-disjoint: ActionsDisjoint,
universe: Type,
top: Top,
uall: [x:A]. B[x],
ses-axioms: SecurityAxioms,
security-event-structure: SES,
member: t T,
prop: 
,
security-theory: SecurityTheory,
ses-basic-sequence1: Basic1,
list: type List,
ses-protocol1-legal: Legal(bss),
fresh-sig-protocol1: FreshSignatures(bss),
product: x:A 
B[x],
and: P Q,
ses-honest: Honest(A),
ses-protocol1: Protocol1(bss),
apply: f a,
ses-info: Info,
ses-thread: Thread,
ses-protocol1-thread: (thr is one of bss at A),
ses-thread-loc: loc(thr)= A,
int_seg: {i..j
},
assert: 
b,
es-E: E,
Id: Id,
equal: s = t,
not: 
A,
sth-es: sth-es(s),
sig-release-thread: sig-release-thread(s;es;A;thr),
uimplies: b supposing a,
isect: 
x:A. B[x],
all: x:A. B[x],
implies: P Q,
function: x:A 
B[x],
es-causl: (e < e'),
event-ordering+: EO+(Info),
event_ordering: EO,
event-has: (e has a),
MaAuto: Error :MaAuto,
CollapseTHEN: Error :CollapseTHEN,
D: Error :D,
CollapseTHENA: Error :CollapseTHENA,
ParallelOp: Error :ParallelOp,
RepeatFor: Error :RepeatFor,
Auto: Error :Auto,
unique-sig-protocol: UniqueSignatures(bss),
AssertBY: Error :AssertBY,
Unfold: Error :Unfold,
true: True,
existse-before: e<e'.P[e],
existse-le: ee'.P[e],
alle-lt: e<e'.P[e],
alle-le: ee'.P[e],
alle-between1: e[e1,e2).P[e],
existse-between1: e[e1,e2).P[e],
alle-between2: e[e1,e2].P[e],
existse-between2: e[e1,e2].P[e],
existse-between3: e(e1,e2].P[e],
es-fset-loc: i locs(s),
es-r-immediate-pred: es-r-immediate-pred(es;R;e';e),
same-thread: same-thread(es;p;e;e'),
collect-event: collect-event(es;X;n;v.num[v];L.P[L];e),
cut-order: a (X;f) b,
path-goes-thru: x-f*-y thru i,
lg-edge: lg-edge(g;a;b),
ses-legal-sequence: Legal(pas) given prvt,
decidable: Dec(P),
uni_sat: a = !x:T. Q[x],
inv_funs: InvFuns(A;B;f;g),
inject: Inj(A;B;f),
eqfun_p: IsEqFun(T;eq),
refl: Refl(T;x,y.E[x; y]),
urefl: UniformlyRefl(T;x,y.E[x; y]),
usym: UniformlySym(T;x,y.E[x; y]),
trans: Trans(T;x,y.E[x; y]),
utrans: UniformlyTrans(T;x,y.E[x; y]),
anti_sym: AntiSym(T;x,y.R[x; y]),
uanti_sym: UniformlyAntiSym(T;x,y.R[x; y]),
connex: Connex(T;x,y.R[x; y]),
uconnex: uconnex(T; x,y.R[x; y]),
coprime: CoPrime(a,b),
ident: Ident(T;op;id),
assoc: Assoc(T;op),
comm: Comm(T;op),
inverse: Inverse(T;op;id;inv),
bilinear: BiLinear(T;pl;tm),
bilinear_p: IsBilinear(A;B;C;+a;+b;+c;f),
action_p: IsAction(A;x;e;S;f),
dist_1op_2op_lr: Dist1op2opLR(A;1op;2op),
fun_thru_1op: fun_thru_1op(A;B;opa;opb;f),
fun_thru_2op: FunThru2op(A;B;opa;opb;f),
cancel: Cancel(T;S;op),
monot: monot(T;x,y.R[x; y];f),
monoid_p: IsMonoid(T;op;id),
group_p: IsGroup(T;op;id;inv),
monoid_hom_p: IsMonHom{M1,M2}(f),
grp_leq: a b,
integ_dom_p: IsIntegDom(r),
prime_ideal_p: IsPrimeIdeal(R;P),
no_repeats: no_repeats(T;l),
value-type: value-type(T),
is_list_splitting: is_list_splitting(T;L;LL;L2;f),
is_accum_splitting: is_accum_splitting(T;A;L;LL;L2;f;g;x),
req: x = y,
squash: 
T,
fpf-sub: f g,
modulus-of-ccontinuity: modulus-of-ccontinuity(omega;I;f),
partitions: partitions(I;p),
i-member: r I,
rleq: x y,
sq_stable: SqStable(P),
rnonneg: rnonneg(r),
tactic: Error :tactic,
pi2: snd(t),
so_lambda: x.t[x],
it: 
,
es-init: es-init(es;e),
es-pred: pred(e),
rel_star: R^*,
p-outcome: Outcome,
null: null(as),
es-first: first(e),
lsrc: source(l),
ldst: destination(l),
btrue: tt,
ses-info-flow: ->>,
nil: []
Lemmas :
es-causl_transitivity1,
es-causle_weakening_locl,
ses-action_wf,
security-event-structure_wf,
rel_star_wf,
ses-info-flow_wf,
release-before_wf,
bool_wf,
bool_subtype_base,
assert_elim,
decidable__es-locl,
es-le-not-locl,
ifthenelse_wf,
set_subtype_base,
product_subtype_base,
sdata_subtype_base,
atom2_subtype_base,
atom1_subtype_base,
es-loc-pred,
all_functionality_wrt_iff,
es-locl-iff,
event_ordering_wf,
true_wf,
squash_wf,
es-first_wf,
decidable__es-le,
es-causle-le,
es-le-loc,
ses-flow-has*,
le_wf,
false_wf,
pi2_wf,
sq_stable_from_decidable,
decidable__es-causl,
assert_wf,
int_seg_wf,
not_wf,
es-E_wf,
Id_wf,
event-has_wf,
es-causl_wf,
ses-basic-sequence1_wf,
ses-protocol1-legal_wf,
fresh-sig-protocol1_wf,
ses-honest_wf,
ses-protocol1_wf,
event-ordering+_wf,
ses-info_wf,
ses-thread_wf,
ses-protocol1-thread_wf,
ses-thread-loc_wf,
signature-release-lemma,
security-theory_wf,
sth-es_wf,
fresh-sig-protocol1_property,
ses-disjoint_wf,
ses-ordering_wf,
es-le_wf,
event-has*_wf,
es-locl_wf,
ses-send_wf,
es-E-interface_wf,
encryption-key_wf,
sdata_wf,
ses-encrypt_wf,
ses-sign_wf,
ses-new_wf,
ses-S_wf,
ses-decrypt_wf,
ses-flow-axiom-ordering,
ses-flow-axiom_wf,
ses-flow_wf,
ses-act_wf,
ses-thread-member_wf,
length_wf1,
in-eclass_wf,
eclass_wf,
member_wf,
length_wf_nat,
es-interface-top,
es-interface-subtype_rel2,
es-base-E_wf,
subtype_rel_self,
event-ordering+_inc,
top_wf,
subtype_rel_wf,
select_wf,
int_seg_properties,
ses-sig_wf,
es-loc_wf,
not_functionality_wrt_uiff,
uiff_inversion,
assert-eq-id,
subtype_base_sq,
class-value-has_wf,
ses-rcv_wf,
ses-verify_wf,
intensional-universe_wf
\mforall{}s:SecurityTheory. \mforall{}bss:Basic1 List.
((Legal(bss) \mwedge{} FreshSignatures(bss))
{}\mRightarrow{} (\mforall{}A:Id
(Protocol1(bss) A)
{}\mRightarrow{} (\mforall{}es:EO+(Info). \mforall{}thr:Thread.
((thr is one of bss at A)
{}\mRightarrow{} sig-release-thread(sth-es(s);es;A;thr) supposing loc(thr)= A))
supposing Honest(A)))
Date html generated:
2011_08_17-PM-07_47_08
Last ObjectModification:
2011_06_18-PM-01_42_06
Home
Index